Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet browser only works in safe mode using vista


  • This topic is locked This topic is locked
12 replies to this topic

#1 monomo

monomo

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 05 November 2014 - 08:11 PM

coming from http://www.bleepingcomputer.com/forums/t/540686/wireless-internet-only-works-in-safe-mode-microsoft-security-center-wont-work/

and first read the original post of member.  I have a similar situation.  Have downloaded farbar and will post the results, thank you all.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by MAGGIE (administrator) on MAGGIE-PC on 05-11-2014 17:04:56
Running from C:\Users\MAGGIE\Downloads
Loaded Profile: MAGGIE (Available profiles: MAGGIE & Guest)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424 2009-04-09] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [224616 2009-02-06] (Microsoft Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-04-14] (Apple Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-09] (CyberLink)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\SMINST\Launcher.exe [54656 2009-03-03] (soft thinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3277918069-3277075093-3568412804-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\S-1-5-21-3277918069-3277075093-3568412804-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3277918069-3277075093-3568412804-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware)
HKU\S-1-5-21-3277918069-3277075093-3568412804-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3277918069-3277075093-3568412804-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3277918069-3277075093-3568412804-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\buShell.dll No File
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\buShell.dll No File
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\buShell.dll No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3277918069-3277075093-3568412804-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {2052DCC8-B257-4186-BECC-E2FF0D00B0E3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {9FE1854E-F8B1-4F62-87BC-C43259DF9735} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - {2052DCC8-B257-4186-BECC-E2FF0D00B0E3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {9FE1854E-F8B1-4F62-87BC-C43259DF9735} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-8398-26FADCF27386} -  No File
DPF: HKLM-x32 {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\MAGGIE\AppData\Roaming\Mozilla\Firefox\Profiles\793idu09.default
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn [2014-05-21]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF [2013-10-27]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
S2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon) [File not signed]
S2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-21] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1502000.026\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 1965AAFFAB07E3FB03C77F81BEBA3547
C:\Windows\system32\drivers\adp94xx.sys F14215E37CF124104575073F782111D2
C:\Windows\system32\drivers\adpahci.sys 7D05A75E3066861A6610F7EE04FF085C
C:\Windows\system32\drivers\adpu160m.sys 820A201FE08A0C345B3BEDBC30E1A77C
C:\Windows\system32\drivers\adpu320.sys 9B4AB6854559DC168FBB4C24FC52E794
C:\Windows\system32\drivers\afd.sys E58A17E945593544C707423F9772EEA0
C:\Windows\system32\drivers\agp440.sys F6F6793B7F17B550ECFDBD3B229173F7
C:\Windows\system32\drivers\djsvs.sys 222CB641B4B8A1D1126F8033F9FD6A00
C:\Windows\system32\drivers\aliide.sys 157D0898D4B73F075CE9FA26B482DF98
C:\Windows\system32\drivers\amdide.sys 970FA5059E61E30D25307B99903E991E
C:\Windows\system32\drivers\amdk8.sys CDC3632A3A5EA4DBB83E46076A3165A1
C:\Windows\system32\drivers\arc.sys BA8417D4765F3988FF921F30F630E303
C:\Windows\system32\drivers\arcsas.sys 9D41C435619733B34CC16A511E644B11
C:\Windows\System32\DRIVERS\asyncmac.sys 22D13FF3DAFEC2A80634752B1EAA2DE6
C:\Windows\System32\drivers\atapi.sys E68D9B3A3905619732F7FE039466A623
C:\Windows\system32\drivers\blbdrive.sys 79FEEB40056683F8F61398D81DDA65D2
C:\Windows\System32\DRIVERS\bowser.sys 2348447A80920B2493A9B582A23E81E1
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys F0F0BA4D815BE446AA6A4583CA3BCA9B
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys E0777B34E05F8A82A21856EFC900C29F
C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys 0510396A957E9FD7205BA62D3CAE4528
C:\Windows\System32\DRIVERS\cdfs.sys B4D787DB8D30793A4D4DF9FEED18F136
C:\Windows\System32\DRIVERS\cdrom.sys C025AA69BE3D0D25C7A2E746EF6F94FC
C:\Windows\system32\drivers\circlass.sys 02EA568D498BBDD4BA55BF3FCE34D456
C:\Windows\System32\CLFS.sys 3DCA9A18B204939CFB24BEA53E31EB48
C:\Windows\system32\drivers\cmdide.sys E5D5499A1C50A54B5161296B6AFE6192
C:\Windows\system32\drivers\compbatt.sys 7FB8AD01DB0EABE60C8A861531A8F431
C:\Windows\System32\drivers\crcdisk.sys A8585B6412253803CE8EFCBD6D6DC15C
C:\Windows\System32\Drivers\dfsc.sys 8B722BA35205C71E7951CDC4CDBADE19
C:\Windows\System32\drivers\disk.sys B0107E40ECDB5FA692EBF832F295D905
C:\Windows\System32\DRIVERS\Dot4.sys 74C02B1717740C3B8039539E23E4B53F
C:\Windows\System32\DRIVERS\Dot4Prt.sys 08321D1860235BF42CF2854234337AEA
C:\Windows\System32\DRIVERS\dot4usb.sys 4ADCCF0124F2B6911D3786A5D0E779E5
C:\Windows\System32\drivers\drmkaud.sys F1A78A98CFC2EE02144C6BEC945447E6
C:\Windows\System32\drivers\dxgkrnl.sys 362CCEF305F45829316D62D3410F2062
C:\Windows\System32\DRIVERS\E1G6032E.sys 264CEE7B031A9D6C827F3D0CB031F2FE
C:\Windows\System32\drivers\ecache.sys 5F94962BE5A62DB6E447FF6470C4F48A
C:\Windows\system32\drivers\elxstor.sys C4636D6E10469404AB5308D9FD45ED07
C:\Windows\system32\drivers\errdev.sys BC3A58E938BB277E46BF4B3003B01ABD
C:\Windows\System32\Drivers\exfat.sys 486844F47B6636044A42454614ED4523
C:\Windows\System32\Drivers\fastfat.sys 1E34B436811CCA4A2783C0BC7A0BEB2E
C:\Windows\System32\DRIVERS\fdc.sys 81B79B6DF71FA1D2C6D688D830616E39
C:\Windows\System32\drivers\fileinfo.sys 457B7D1D533E4BD62A99AED9C7BB4C59
C:\Windows\System32\drivers\filetrace.sys D421327FD6EFCCAF884A54C58E1B0D7F
C:\Windows\System32\DRIVERS\flpydisk.sys 230923EA2B80F79B0F88D90F87B87EBD
C:\Windows\System32\drivers\fltmgr.sys E3041BC26D6930D61F42AEDB79C91720
C:\Windows\System32\Drivers\Fs_Rec.sys 5779B86CD8B32519FBECB136394D946A
C:\Windows\system32\drivers\gagp30kx.sys C8E416668D3DC2BE3D4FE4C79224997F
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys AF4DEE5531395DEE72B35B36C9671FD0
C:\Windows\System32\DRIVERS\HDAudBus.sys F942C5820205F2FB453243EDFEC82A3D
C:\Windows\system32\drivers\hidbth.sys B4881C84A180E75B8C25DC1D726C375F
C:\Windows\system32\drivers\hidir.sys 4E77A77E2C986E8F88F996BB3E1AD829
C:\Windows\System32\DRIVERS\hidusb.sys 443BDD2D30BB4F00795C797E2CF99EDF
C:\Windows\system32\drivers\hpcisss.sys D7109A1E6BD2DFDBCBA72A6BC626A13B
C:\Windows\System32\drivers\HTTP.sys 098F1E4E5C9CB5B0063A959063631610
C:\Windows\system32\drivers\i2omp.sys DA94C854CEA5FAC549D4E1F6E88349E8
C:\Windows\System32\DRIVERS\i8042prt.sys CBB597659A2713CE0C9CC20C88C7591F
C:\Windows\system32\drivers\iastorv.sys 3E3BF3627D886736D0B4E90054F929F6
C:\Windows\System32\DRIVERS\igdkmd64.sys A124C87CD0B39C9E510E138534468383
C:\Windows\system32\drivers\iirsp.sys 8C3951AD2FE886EF76C7B5027C3125D3
C:\Windows\System32\drivers\RTKVHD64.sys 1EDAB7F9B9DE4424BECCDEF950CE2FF0
C:\Windows\System32\drivers\intelide.sys DF797A12176F11B2D301C5B234BB200E
C:\Windows\System32\DRIVERS\intelppm.sys BFD84AF32FA1BAD6231C4585CB469630
C:\Windows\System32\DRIVERS\ipfltdrv.sys D8AABC341311E4780D6FCE8C73C0AD81
C:\Windows\system32\drivers\ipmidrv.sys 9C2EE2E6E5A7203BFAE15C299475EC67
C:\Windows\System32\DRIVERS\ipnat.sys B7E6212F581EA5F6AB0C3A6CEEEB89BE
C:\Windows\System32\drivers\irenum.sys 8C42CA155343A2F11D29FECA67FAA88D
C:\Windows\system32\drivers\isapnp.sys 0672BFCEDC6FC468A2B0500D81437F4F
C:\Windows\System32\DRIVERS\msiscsi.sys E4FDF99599F27EC25D2CF6D754243520
C:\Windows\system32\drivers\iteatapi.sys 63C766CDC609FF8206CB447A65ABBA4A
C:\Windows\system32\drivers\iteraid.sys 1281FE73B17664631D12F643CBEA3F59
C:\Windows\System32\DRIVERS\kbdclass.sys 423696F3BA6472DD17699209B933BC26
C:\Windows\System32\DRIVERS\kbdhid.sys DBDF75D51464FBC47D0104EC3D572C05
C:\Windows\System32\Drivers\ksecdd.sys 88956AD9FA510848AD176777A6C6C1F5
C:\Windows\system32\drivers\ksthunk.sys 1D419CF43DB29396ECD7113D129D94EB
C:\Windows\System32\DRIVERS\lltdio.sys 96ECE2659B6654C10A0C310AE3A6D02C
C:\Windows\system32\drivers\lsi_fc.sys ACBE1AF32D3123E330A07BFBC5EC4A9B
C:\Windows\system32\drivers\lsi_sas.sys 799FFB2FC4729FA46D2157C0065B3525
C:\Windows\system32\drivers\lsi_scsi.sys F445FF1DAAD8A226366BFAF42551226B
C:\Windows\system32\drivers\luafv.sys 52F87B9CC8932C2A7375C3B2A9BE5E3E
C:\Windows\system32\drivers\mbam.sys 5C3669B71657F22E67A1D4BD49D2CBE7
C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3
C:\Windows\system32\drivers\mwac.sys 852C80EA88A9D8844EF1485143E79E48
C:\Windows\system32\drivers\megasas.sys 5C5CD6AACED32FB26C3FB34B3DCF972F
C:\Windows\system32\drivers\megasr.sys 859BC2436B076C77C159ED694ACFE8F8
C:\Windows\System32\drivers\modem.sys 59848D5CC74606F0EE7557983BB73C2E
C:\Windows\System32\DRIVERS\monitor.sys C247CC2A57E0A0C8C6DCCF7807B3E9E5
C:\Windows\System32\DRIVERS\mouclass.sys 9367304E5E412B120CF5F4EA14E4E4F1
C:\Windows\System32\DRIVERS\mouhid.sys C2C2BD5C5CE5AAF786DDD74B75D2AC69
C:\Windows\System32\drivers\mountmgr.sys 11BC9B1E8801B01F7F6ADB9EAD30019B
C:\Windows\system32\drivers\mpio.sys F8276EB8698142884498A528DFEA8478
C:\Windows\System32\drivers\mpsdrv.sys C92B9ABDB65A5991E00C28F13491DBA2
C:\Windows\system32\drivers\mraid35x.sys 3C200630A89EF2C0864D515B7A75802E
C:\Windows\system32\drivers\mrxdav.sys 7C1DE4AA96DC0C071611F9E7DE02A68D
C:\Windows\System32\DRIVERS\mrxsmb.sys 1485811B320FF8C7EDAD1CAEBB1C6C2B
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3B929A60C833FC615FD97FBA82BC7632
C:\Windows\System32\DRIVERS\mrxsmb20.sys C64AB3E1F53B4F5B5BB6D796B2D7BEC3
C:\Windows\system32\drivers\msahci.sys 1AC860612B85D8E85EE257D372E39F4D
C:\Windows\system32\drivers\msdsm.sys 264BBB4AAF312A485F0E44B65A6B7202
C:\Windows\System32\Drivers\Msfs.sys 704F59BFC4512D2BB0146AEC31B10A7C
C:\Windows\System32\drivers\msisadrv.sys 00EBC952961664780D43DCA157E79B27
C:\Windows\System32\drivers\MSKSSRV.sys 0EA73E498F53B96D83DBFCA074AD4CF8
C:\Windows\System32\drivers\MSPCLOCK.sys 52E59B7E992A58E740AA63F57EDBAE8B
C:\Windows\System32\drivers\MSPQM.sys 49084A75BAE043AE02D5B44D02991BB2
C:\Windows\System32\Drivers\MsRPC.sys DC6CCF440CDEDE4293DB41C37A5060A5
C:\Windows\System32\DRIVERS\mssmbios.sys 855796E59DF77EA93AF46F20155BF55B
C:\Windows\System32\drivers\MSTEE.sys 86D632D75D05D5B7C7C043FA3564AE86
C:\Windows\System32\Drivers\mup.sys 0CC49F78D8ACA0877D885F149084E543
C:\Windows\System32\DRIVERS\nwifi.sys 2007B826C4ACD94AE32232B41F0842B9
C:\Windows\System32\drivers\ndis.sys 65950E07329FCEE8E6516B17C8D0ABB6
C:\Windows\System32\DRIVERS\ndistapi.sys 64DF698A425478E321981431AC171334
C:\Windows\System32\DRIVERS\ndisuio.sys 8BAA43196D7B5BB972C9A6B2BBF61A19
C:\Windows\System32\DRIVERS\ndiswan.sys F8158771905260982CE724076419EF19
C:\Windows\System32\Drivers\NDProxy.sys 9CB77ED7CB72850253E973A2D6AFDF49
C:\Windows\System32\DRIVERS\netbios.sys A499294F5029A7862ADC115BDA7371CE
C:\Windows\System32\DRIVERS\netbt.sys FC2C792EBDDC8E28DF939D6A92C83D61
C:\Windows\system32\drivers\nfrd960.sys 4AC08BD6AF2DF42E0C3196D826C8AEA7
C:\Windows\System32\Drivers\Npfs.sys B298874F8E0EA93F06EC40AA8D146478
C:\Windows\System32\drivers\nsiproxy.sys 1523AF19EE8B030BA682F7A53537EAEB
C:\Windows\System32\Drivers\Ntfs.sys 2ACCAA3C3C55370A32F17B3595E1A217
C:\Windows\System32\Drivers\Null.sys DD5D684975352B85B52E3FD5347C20CB
C:\Windows\system32\drivers\nvraid.sys 2C040B7ADA5B06F6FACADAC8514AA034
C:\Windows\system32\drivers\nvstor.sys F7EA0FE82842D05EDA3EFDD376DBFDBA
C:\Windows\system32\drivers\nv_agp.sys 19067CA93075EF4823E3938A686F532F
C:\Windows\system32\drivers\ohci1394.sys 7B58953E2F263421FDBB09A192712A85
C:\Windows\system32\drivers\parport.sys AECD57F94C887F58919F307C35498EA0
C:\Windows\System32\drivers\partmgr.sys B43751085E2ABE389DA466BC62A4B987
C:\Windows\System32\drivers\pci.sys 47AB1E0FC9D0E12BB53BA246E3A0906D
C:\Windows\system32\drivers\pciide.sys 8D618C829034479985A9ED56106CC732
C:\Windows\system32\drivers\pcmcia.sys 037661F3D7C507C9993B7010CEEE6288
C:\Windows\System32\drivers\peauth.sys 58865916F53592A61549B04941BFD80D
C:\Windows\System32\DRIVERS\raspptp.sys 23386E9952025F5F21C368971E2E7301
C:\Windows\system32\drivers\processr.sys 5080E59ECEE0BC923F14018803AA7A01
C:\Windows\System32\DRIVERS\pacer.sys C5AB7F0809392D0DA027F4A2A81BFA31
C:\Windows\system32\drivers\ql2300.sys 0B83F4E681062F3839BE2EC1D98FD94A
C:\Windows\system32\drivers\ql40xx.sys E1C80F8D4D1E39EF9595809C1369BF2A
C:\Windows\system32\drivers\qwavedrv.sys E8D76EDAB77EC9C634C27B8EAC33ADC5
C:\Windows\System32\DRIVERS\rasacd.sys 1013B3B663A56D3DDD784F581C1BD005
C:\Windows\System32\DRIVERS\rasl2tp.sys AC7BC4D42A7E558718DFDEC599BBFC2C
C:\Windows\System32\DRIVERS\raspppoe.sys 4517FBF8B42524AFE4EDE1DE102AAE3E
C:\Windows\System32\DRIVERS\rassstp.sys C6A593B51F34C33E5474539544072527
C:\Windows\System32\DRIVERS\rdbss.sys 322DB5C6B55E8D8EE8D6F358B2AAABB1
C:\Windows\System32\DRIVERS\RDPCDD.sys 603900CC05F6BE65CCBF373800AF3716
C:\Windows\system32\drivers\rdpdr.sys C045D1FB111C28DF0D1BE8D4BDA22C06
C:\Windows\System32\drivers\rdpencdd.sys CAB9421DAF3D97B33D0D055858E2C3AB
C:\Windows\System32\Drivers\RDPWD.sys AE4BD9E1C33D351D8E607FC81F15160C
C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\Windows\System32\DRIVERS\rspndr.sys 22A9CB08B1A6707C1550C6BF099AAE73
C:\Windows\System32\DRIVERS\Rtlh64.sys C6701C5F6781D7DED9208A4D554AC37B
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys CD9C693589C60AD59BBBCFB0E524E01B
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys F71BFE7AC6C52273B7C82CBF1BB2A222
C:\Windows\system32\drivers\serial.sys E62FAC91EE288DB29A9696A9D279929C
C:\Windows\system32\drivers\sermouse.sys A842F04833684BCEEA7336211BE478DF
C:\Windows\system32\drivers\sffdisk.sys 14D4B4465193A87C127933978E8C4106
C:\Windows\system32\drivers\sffp_mmc.sys 7073AEE3F82F3D598E3825962AA98AB2
C:\Windows\system32\drivers\sffp_sd.sys 35E59EBE4A01A0532ED67975161C7B82
C:\Windows\system32\drivers\sfloppy.sys 6B7838C94135768BD455CBDC23E39E5F
C:\Windows\system32\drivers\sisraid2.sys 7A5DE502AEB719D4594C6471060A78B3
C:\Windows\system32\drivers\sisraid4.sys 3A2F769FAB9582BC720E11EA1DFB184D
C:\Windows\System32\DRIVERS\smb.sys 290B6F6A0EC4FCDFC90F5CB6D7020473
C:\Windows\System32\Drivers\spldr.sys 386C3C63F00A7040C7EC5E384217E89D
C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS F718A57D946EAC76EFCB351D74E269F4
C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS B18CE01B9C09C59422BA7C7064248B35
C:\Windows\System32\DRIVERS\srv.sys 880A57FCCB571EBD063D4DD50E93E46D
C:\Windows\System32\DRIVERS\srv2.sys A1AD14A6D7A37891FFFECA35EBBB0730
C:\Windows\System32\DRIVERS\srvnet.sys 4BED62F4FA4D8300973F1151F4C4D8A7
C:\Windows\System32\DRIVERS\swenum.sys 8A851CA908B8B974F89C50D2E18D4F0C
C:\Windows\system32\drivers\symc8xx.sys 2F26A2C6FC96B29BEFF5D8ED74E6625B
C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS 5C9EE2303CA7F267665D75237862B39C
C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS 9F31630D7FC2DD9D5DA1CE359AAD1F46
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 97E11C50CE52277B377396EA8838E539
C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS 48C2934683CBD06F662B088EEF49EF6A
C:\Windows\System32\Drivers\N360x64\1502000.026\SYMTDIV.SYS 018D1F8343C301B4AF9DD042D2FFBCC8
C:\Windows\system32\drivers\sym_hi.sys A909667976D3BCCD1DF813FED517D837
C:\Windows\system32\drivers\sym_u3.sys 36887B56EC2D98B9C362F6AE4DE5B7B0
C:\Windows\System32\drivers\tcpip.sys 00F77C4555FFABC21ADDB3160B2F574A
C:\Windows\System32\DRIVERS\tcpip.sys 00F77C4555FFABC21ADDB3160B2F574A
C:\Windows\System32\drivers\tcpipreg.sys C7E72A4071EE0200E3C075DACFB2B334
C:\Windows\System32\drivers\tdpipe.sys 1D8BF4AAA5FB7A2761475781DC1195BC
C:\Windows\System32\drivers\tdtcp.sys 7F7E00CDF609DF657F4CDA02DD1C9BB1
C:\Windows\System32\DRIVERS\tdx.sys 458919C8C42E398DC4802178D5FFEE27
C:\Windows\System32\DRIVERS\termdd.sys 8C19678D22649EC002EF2282EAE92F98
C:\Windows\System32\DRIVERS\tssecsrv.sys B2388462329ACD17AF50D8701E0C1B18
C:\Windows\System32\DRIVERS\tunmp.sys 89EC74A9E602D16A75A4170511029B3C
C:\Windows\System32\DRIVERS\tunnel.sys 30A9B3F45AD081BFFC3BCAA9C812B609
C:\Windows\system32\drivers\uagp35.sys FEC266EF401966311744BD0F359F7F56
C:\Windows\System32\DRIVERS\udfs.sys FAF2640A2A76ED03D449E443194C4C34
C:\Windows\system32\drivers\uliagpkx.sys 4EC9447AC3AB462647F60E547208CA00
C:\Windows\system32\drivers\uliahci.sys 697F0446134CDC8F99E69306184FBBB4
C:\Windows\system32\drivers\ulsata.sys 31707F09846056651EA2C37858F5DDB0
C:\Windows\system32\drivers\ulsata2.sys 85E5E43ED5B48C8376281BAB519271B7
C:\Windows\System32\DRIVERS\umbus.sys 46E9A994C4FED537DD951F60B86AD3F4
C:\Windows\System32\Drivers\usbaapl64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 858CC93477F9A9383E07861892600FF9
C:\Windows\system32\drivers\usbcir.sys 9247F7E0B65852C1F6631480984D6ED2
C:\Windows\System32\DRIVERS\usbehci.sys 82C3790E4E6F35087EF00994C7A72988
C:\Windows\System32\DRIVERS\usbhub.sys BE2EB33AF6EE2E5DA07EB987E0A321F5
C:\Windows\system32\drivers\usbohci.sys EBA14EF0C07CEC233F1529C698D0D154
C:\Windows\System32\DRIVERS\usbprint.sys 28B693B6D31E7B9332C1BDCEFEF228C1
C:\Windows\System32\DRIVERS\USBSTOR.SYS B854C1558FCA0C269A38663E8B59B581
C:\Windows\System32\DRIVERS\usbuhci.sys 308F6DDC052C970D679DA37D8A305279
C:\Windows\System32\DRIVERS\vgapnp.sys 916B94BCF1E09873FFF2D5FB11767BBC
C:\Windows\System32\drivers\vga.sys B83AB16B51FEDA65DD81B8C59D114D63
C:\Windows\system32\drivers\viaide.sys 8294B6C3FDB6C33F24E150DE647ECDAA
C:\Windows\System32\drivers\volmgr.sys 2B7E885ED951519A12C450D24535DFCA
C:\Windows\System32\drivers\volmgrx.sys CEC5AC15277D75D9E5DEC2E1C6EAF877
C:\Windows\System32\drivers\volsnap.sys 582F710097B46140F5A89A19A6573D4B
C:\Windows\system32\drivers\vsmraid.sys A68F455ED2673835209318DD61BFBB0E
C:\Windows\system32\drivers\wacompen.sys FEF8FE5923FEAD2CEE4DFABFCE3393A7
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\system32\drivers\wd.sys 0C17A0816F65B89E362E682AD5E7266E
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\system32\drivers\wmiacpi.sys E18AEBAAA5A773FE11AA2C70F65320F5
C:\Windows\system32\drivers\ws2ifsl.sys 8A900348370E359B6BFF6A550E4649E1
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 17:04 - 2014-11-05 17:05 - 00031975 _____ () C:\Users\MAGGIE\Downloads\FRST.txt
2014-11-05 17:04 - 2014-11-05 17:04 - 02114560 _____ (Farbar) C:\Users\MAGGIE\Downloads\FRST64.exe
2014-11-05 17:04 - 2014-11-05 17:04 - 00000000 ____D () C:\FRST
2014-11-05 16:26 - 2014-11-05 12:46 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20141105-162643.backup
2014-11-05 16:20 - 2014-11-05 16:20 - 00000000 ____D () C:\Users\MAGGIE\Documents\ProcAlyzer Dumps
2014-11-05 16:15 - 2014-11-05 16:15 - 00001192 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-05 16:15 - 2014-11-05 16:15 - 00001180 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-05 16:15 - 2014-11-05 16:15 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-11-05 16:15 - 2014-11-05 16:15 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-11-05 16:15 - 2014-11-05 16:15 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-11-05 16:15 - 2014-11-05 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-05 16:14 - 2014-11-05 16:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-05 16:14 - 2014-11-05 16:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-05 16:14 - 2014-11-05 16:14 - 00001655 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-11-05 16:14 - 2014-11-05 16:14 - 00000000 ____D () C:\Users\MAGGIE\AppData\Roaming\SUPERAntiSpyware.com
2014-11-05 16:14 - 2014-11-05 16:14 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-11-05 16:14 - 2014-11-05 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-11-05 16:14 - 2014-11-05 16:14 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-05 16:14 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-05 16:13 - 2014-11-05 16:13 - 00305664 _____ (Secure By Design Inc.) C:\Users\MAGGIE\Downloads\Ninite AdAware Spybot 2 Super Installer.exe
2014-11-05 16:00 - 2014-09-27 15:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-05 16:00 - 2014-09-16 22:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-05 16:00 - 2014-09-16 08:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-05 15:54 - 2014-06-15 14:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-05 15:54 - 2014-06-15 14:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-05 15:54 - 2014-06-13 10:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-05 15:54 - 2014-06-13 10:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-05 15:54 - 2014-06-13 09:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-05 15:54 - 2014-06-13 09:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-05 15:52 - 2014-09-04 15:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-11-05 15:12 - 2014-11-05 15:56 - 00000000 ____D () C:\Windows\pss
2014-11-05 15:02 - 2014-09-19 15:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-05 15:02 - 2014-09-19 15:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-05 15:02 - 2014-09-19 15:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-05 15:02 - 2014-09-19 15:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-05 15:02 - 2014-09-19 15:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-05 15:02 - 2014-09-19 15:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-05 15:02 - 2014-09-19 15:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-05 15:02 - 2014-09-19 15:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-05 15:02 - 2014-09-19 14:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-05 15:02 - 2014-09-19 14:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-05 15:02 - 2014-09-19 14:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-05 15:02 - 2014-09-19 14:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-05 15:02 - 2014-09-19 14:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-05 15:02 - 2014-09-19 14:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-05 15:02 - 2014-09-19 14:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-05 15:02 - 2014-09-19 14:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-05 15:02 - 2014-09-19 14:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-05 15:02 - 2014-09-19 14:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-05 15:01 - 2014-09-19 16:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-05 15:01 - 2014-09-19 15:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-05 15:01 - 2014-09-19 15:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-05 15:01 - 2014-09-19 15:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-05 15:01 - 2014-09-19 15:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-05 15:01 - 2014-09-19 15:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-05 15:01 - 2014-09-19 15:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-05 15:01 - 2014-09-19 15:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-05 15:01 - 2014-09-19 15:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-05 15:01 - 2014-09-19 15:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-05 15:01 - 2014-09-19 15:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-05 15:01 - 2014-09-19 15:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-05 15:01 - 2014-09-19 15:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-05 15:01 - 2014-09-19 14:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-05 15:01 - 2014-09-19 14:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-05 15:01 - 2014-09-19 14:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-05 15:01 - 2014-09-19 14:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-05 15:01 - 2014-09-19 14:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-05 15:01 - 2014-09-19 14:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-05 15:01 - 2014-09-19 14:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-05 15:01 - 2014-09-19 14:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-05 15:01 - 2014-09-19 14:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-05 15:01 - 2014-09-19 14:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-05 15:01 - 2014-09-19 14:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-05 14:59 - 2014-11-05 16:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-05 14:58 - 2014-11-05 14:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-05 14:57 - 2014-11-05 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-05 14:57 - 2014-11-05 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-05 14:57 - 2014-11-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-05 14:57 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-05 14:57 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-05 14:57 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-05 14:11 - 2014-11-05 14:17 - 00000000 ____D () C:\AdwCleaner
2014-11-05 14:10 - 2014-11-05 14:10 - 01375089 _____ () C:\Users\MAGGIE\Downloads\AdwCleaner.exe
2014-11-05 13:53 - 2014-11-05 13:53 - 00000732 _____ () C:\Users\MAGGIE\AppData\Local\d3d9caps64.dat
2014-11-05 13:29 - 2014-11-05 13:28 - 00305664 _____ (Secure By Design Inc.) C:\Users\MAGGIE\Desktop\Ninite AdAware Malwarebytes Installer.exe
2014-11-05 12:51 - 2014-11-05 12:51 - 00021271 _____ () C:\ComboFix.txt
2014-11-05 12:32 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-05 12:32 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-05 12:32 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-05 12:32 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-05 12:32 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-05 12:32 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-05 12:32 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-05 12:32 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-05 12:22 - 2014-11-05 12:22 - 00000000 ____D () C:\Users\MAGGIE\AppData\Local\VS Revo Group
2014-11-05 12:22 - 2014-11-05 12:22 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-11-05 12:22 - 2014-11-05 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-11-05 12:22 - 2014-11-05 12:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-05 12:22 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-11-05 12:20 - 2014-11-05 12:51 - 00000000 ____D () C:\Qoobox
2014-11-05 12:20 - 2014-11-05 12:50 - 00000000 ____D () C:\Windows\erdnt
2014-11-05 12:06 - 2014-11-05 12:06 - 00002081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-11-05 11:45 - 2014-11-05 11:45 - 00000000 ____D () C:\Users\MAGGIE\AppData\Local\Mozilla
2014-11-05 11:44 - 2014-11-05 11:44 - 00000902 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-05 11:44 - 2014-11-05 11:44 - 00000890 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-05 11:44 - 2014-11-05 11:44 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-05 11:44 - 2014-11-05 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-05 11:44 - 2014-11-05 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-05 09:16 - 2014-11-05 09:16 - 00001798 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirPort Utility.lnk
2014-11-05 09:16 - 2014-11-05 09:16 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-11-05 09:16 - 2014-11-05 09:16 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-11-05 09:16 - 2014-11-05 09:16 - 00000000 ____D () C:\Program Files (x86)\AirPort

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 17:00 - 2008-01-20 17:53 - 01896338 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 17:00 - 2006-11-02 07:42 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-05 17:00 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 16:59 - 2009-07-28 22:06 - 00003580 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-11-05 16:56 - 2009-07-28 22:17 - 00000000 ____D () C:\Program Files (x86)\SMINST
2014-11-05 16:56 - 2006-11-02 07:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 16:56 - 2006-11-02 07:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 16:14 - 2006-11-02 04:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 16:05 - 2006-11-02 07:21 - 00283072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-05 15:58 - 2009-07-28 21:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-05 15:52 - 2013-08-16 17:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-05 15:50 - 2006-11-02 04:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-05 15:39 - 2008-01-20 19:26 - 00371950 _____ () C:\Windows\PFRO.log
2014-11-05 15:34 - 2006-11-02 05:33 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-11-05 14:55 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-05 13:52 - 2010-03-26 12:55 - 00006000 _____ () C:\Users\MAGGIE\AppData\Local\d3d9caps.dat
2014-11-05 12:51 - 2006-11-02 05:33 - 00000000 __RHD () C:\Users\Default
2014-11-05 12:46 - 2006-11-02 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-05 12:44 - 2006-11-02 04:33 - 75497472 _____ () C:\Windows\system32\config\software.bak
2014-11-05 12:44 - 2006-11-02 04:33 - 60817408 _____ () C:\Windows\system32\config\components.bak
2014-11-05 12:44 - 2006-11-02 04:33 - 21757952 _____ () C:\Windows\system32\config\system.bak
2014-11-05 12:44 - 2006-11-02 04:33 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-11-05 12:44 - 2006-11-02 04:33 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-11-05 12:44 - 2006-11-02 04:33 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-11-05 12:43 - 2009-07-31 18:38 - 00000000 ____D () C:\Users\MAGGIE
2014-11-05 12:28 - 2010-11-11 20:10 - 00000000 ____D () C:\Users\MAGGIE\AppData\Local\CrashDumps
2014-11-05 12:28 - 2010-05-13 11:33 - 00000000 ____D () C:\Users\MAGGIE\Tracing
2014-11-05 12:19 - 2010-03-24 05:52 - 00011264 _____ () C:\Users\MAGGIE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-05 12:18 - 2006-11-02 07:27 - 00167078 _____ () C:\Windows\setupact.log
2014-11-05 12:11 - 2010-11-09 08:18 - 00000000 ____D () C:\Users\MAGGIE\AppData\Local\Windows Live
2014-11-05 12:10 - 2009-07-31 18:43 - 00067192 _____ () C:\Users\MAGGIE\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-05 12:06 - 2010-05-06 19:21 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-11-05 12:04 - 2006-11-02 05:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-05 12:03 - 2009-07-28 21:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-11-05 11:45 - 2010-03-23 18:42 - 00000000 ____D () C:\Users\MAGGIE\AppData\Roaming\Mozilla
2014-11-05 09:16 - 2011-02-20 10:56 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-11-05 09:16 - 2011-02-20 10:56 - 00000000 ____D () C:\Users\MAGGIE\AppData\Local\Apple
2014-11-05 09:07 - 2009-07-31 18:44 - 00000000 ____D () C:\Users\MAGGIE\AppData\Local\VirtualStore
2014-11-05 09:06 - 2009-07-28 22:08 - 00000000 ____D () C:\ProgramData\WildTangent
2014-11-05 08:43 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\rescache
2014-10-13 20:56 - 2012-03-01 18:05 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

Some content of TEMP:
====================
C:\Users\MAGGIE\AppData\Local\temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\MAGGIE\AppData\Local\temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\MAGGIE\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-us
inherit                 {globalsettings}
default                 {current}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No
customactions           0x1000085000001
                        0x54000001
custom:54000001         {863df33e-9817-11dc-b72e-001b24047e4e}

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-us
inherit                 {bootloadersettings}
recoverysequence        {572bcd55-ffa7-11d9-aae2-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {25ce0e04-7c00-11de-a31d-002421ad8421}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[D:]\sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path                    \windows\system32\boot\winload.exe
description             HP Recovery Manager
osdevice                ramdisk=[D:]\sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae2-0007e994107d}
device                  ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             HP Recovery Manager
osdevice                ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {863df33e-9817-11dc-b72e-001b24047e4e}
device                  ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             F11 Boot from BCD
osdevice                ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {25ce0e04-7c00-11de-a31d-002421ad8421}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
extendedinput           Yes

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description             Ramdisk Device Options
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi

Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             RAM Disk Settings
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi



LastRegBack: 2014-11-05 16:15

==================== End Of Log ============================


Edited by monomo, 05 November 2014 - 08:12 PM.


BC AdBot (Login to Remove)

 


#2 monomo

monomo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 05 November 2014 - 08:31 PM

Here is the tdsskiller log:

 

17:19:36.0724 0x037c  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
17:19:39.0922 0x037c  ============================================================
17:19:39.0922 0x037c  Current date / time: 2014/11/05 17:19:39.0922
17:19:39.0922 0x037c  SystemInfo:
17:19:39.0922 0x037c  
17:19:39.0922 0x037c  OS Version: 6.0.6002 ServicePack: 2.0
17:19:39.0922 0x037c  Product type: Workstation
17:19:39.0922 0x037c  ComputerName: MAGGIE-PC
17:19:39.0922 0x037c  UserName: MAGGIE
17:19:39.0922 0x037c  Windows directory: C:\Windows
17:19:39.0922 0x037c  System windows directory: C:\Windows
17:19:39.0922 0x037c  Running under WOW64
17:19:39.0922 0x037c  Processor architecture: Intel x64
17:19:39.0922 0x037c  Number of processors: 2
17:19:39.0922 0x037c  Page size: 0x1000
17:19:39.0922 0x037c  Boot type: Safe boot with network
17:19:39.0922 0x037c  ============================================================
17:19:39.0922 0x037c  BG loaded
17:19:40.0250 0x037c  System UUID: {B3ABFF97-6103-DD51-B359-99229128733C}
17:19:40.0811 0x037c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
17:19:40.0827 0x037c  ============================================================
17:19:40.0827 0x037c  \Device\Harddisk0\DR0:
17:19:40.0827 0x037c  MBR partitions:
17:19:40.0827 0x037c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x388A00C1
17:19:40.0827 0x037c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x388A0100, BlocksNum 0x1AE4790
17:19:40.0827 0x037c  ============================================================
17:19:40.0843 0x037c  C: <-> \Device\Harddisk0\DR0\Partition1
17:19:40.0905 0x037c  D: <-> \Device\Harddisk0\DR0\Partition2
17:19:40.0905 0x037c  ============================================================
17:19:40.0905 0x037c  Initialize success
17:19:40.0905 0x037c  ============================================================
17:20:23.0119 0x0444  ============================================================
17:20:23.0119 0x0444  Scan started
17:20:23.0119 0x0444  Mode: Manual; SigCheck; TDLFS;
17:20:23.0119 0x0444  ============================================================
17:20:23.0119 0x0444  KSN ping started
17:20:36.0987 0x0444  KSN ping finished: true
17:20:39.0311 0x0444  ================ Scan system memory ========================
17:20:39.0311 0x0444  System memory - ok
17:20:39.0327 0x0444  ================ Scan services =============================
17:20:39.0405 0x0444  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:20:39.0670 0x0444  !SASCORE - ok
17:20:39.0779 0x0444  [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:20:39.0811 0x0444  ACPI - ok
17:20:39.0889 0x0444  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:20:39.0904 0x0444  AdobeARMservice - ok
17:20:39.0967 0x0444  [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:20:40.0013 0x0444  adp94xx - ok
17:20:40.0029 0x0444  [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:20:40.0045 0x0444  adpahci - ok
17:20:40.0091 0x0444  [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:20:40.0091 0x0444  adpu160m - ok
17:20:40.0107 0x0444  [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:20:40.0123 0x0444  adpu320 - ok
17:20:40.0154 0x0444  [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:20:40.0310 0x0444  AeLookupSvc - ok
17:20:40.0341 0x0444  [ E58A17E945593544C707423F9772EEA0, FC17AFF979354EB89DCA307BF07C52B84629AF540D4C6A32DD537695CA654205 ] AFD             C:\Windows\system32\drivers\afd.sys
17:20:40.0419 0x0444  AFD - ok
17:20:40.0450 0x0444  [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:20:40.0466 0x0444  agp440 - ok
17:20:40.0497 0x0444  [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:20:40.0513 0x0444  aic78xx - ok
17:20:40.0513 0x0444  [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG             C:\Windows\System32\alg.exe
17:20:40.0637 0x0444  ALG - ok
17:20:40.0669 0x0444  [ 157D0898D4B73F075CE9FA26B482DF98, 84C3E163D7393FD306842F155C88A50B7D8AE88B59586F9014DB76B749CC33D5 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:20:40.0669 0x0444  aliide - ok
17:20:40.0684 0x0444  [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:20:40.0684 0x0444  amdide - ok
17:20:40.0747 0x0444  [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:20:40.0793 0x0444  AmdK8 - ok
17:20:40.0825 0x0444  [ 7C8ECAAD76EA1D076A450C8303D9BD98, 90904B2BE380A51BDCEDADA530214CE5321C06456E10F5985B40E3282902BEF6 ] Appinfo         C:\Windows\System32\appinfo.dll
17:20:40.0856 0x0444  Appinfo - ok
17:20:40.0934 0x0444  [ 20F6F19FE9E753F2780DC2FA083AD597, 5106F0F9BA8A7DE49260A9B13BF8EC45ACA6A166FA8B10B4F69C3BB54F6840A1 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:20:40.0949 0x0444  Apple Mobile Device - ok
17:20:40.0965 0x0444  [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc             C:\Windows\system32\drivers\arc.sys
17:20:40.0981 0x0444  arc - ok
17:20:41.0012 0x0444  [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:20:41.0027 0x0444  arcsas - ok
17:20:41.0105 0x0444  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:20:41.0152 0x0444  aspnet_state - ok
17:20:41.0183 0x0444  [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:20:41.0230 0x0444  AsyncMac - ok
17:20:41.0277 0x0444  [ E68D9B3A3905619732F7FE039466A623, 74C0B29E54EF064660B9C756E03D5A7EB78F261EFF768EB6E74D261FBD34340D ] atapi           C:\Windows\system32\drivers\atapi.sys
17:20:41.0277 0x0444  atapi - ok
17:20:41.0308 0x0444  [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:20:41.0371 0x0444  AudioEndpointBuilder - ok
17:20:41.0386 0x0444  [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:20:41.0417 0x0444  AudioSrv - ok
17:20:41.0449 0x0444  Beep - ok
17:20:41.0480 0x0444  [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE             C:\Windows\System32\bfe.dll
17:20:41.0511 0x0444  BFE - ok
17:20:41.0589 0x0444  [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS            C:\Windows\system32\qmgr.dll
17:20:41.0714 0x0444  BITS - ok
17:20:41.0761 0x0444  [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:20:41.0807 0x0444  blbdrive - ok
17:20:41.0885 0x0444  [ F2060A34C8A75BC24A9222EB4F8C07BD, 14EE16BF7E55716C1ADC3F133582A03339844088CF01E929B5A8FB8FA515F714 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
17:20:41.0901 0x0444  Bonjour Service - ok
17:20:41.0948 0x0444  [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:20:41.0995 0x0444  bowser - ok
17:20:42.0026 0x0444  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:20:42.0073 0x0444  BrFiltLo - ok
17:20:42.0104 0x0444  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:20:42.0151 0x0444  BrFiltUp - ok
17:20:42.0182 0x0444  [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser         C:\Windows\System32\browser.dll
17:20:42.0244 0x0444  Browser - ok
17:20:42.0260 0x0444  [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid         C:\Windows\system32\drivers\brserid.sys
17:20:42.0400 0x0444  Brserid - ok
17:20:42.0416 0x0444  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:20:42.0463 0x0444  BrSerWdm - ok
17:20:42.0463 0x0444  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:20:42.0525 0x0444  BrUsbMdm - ok
17:20:42.0556 0x0444  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:20:42.0619 0x0444  BrUsbSer - ok
17:20:42.0650 0x0444  [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:20:42.0712 0x0444  BTHMODEM - ok
17:20:42.0743 0x0444  catchme - ok
17:20:42.0806 0x0444  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_N360      C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys
17:20:42.0853 0x0444  ccSet_N360 - ok
17:20:42.0868 0x0444  [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:20:42.0915 0x0444  cdfs - ok
17:20:42.0946 0x0444  [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:20:42.0993 0x0444  cdrom - ok
17:20:43.0040 0x0444  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:20:43.0055 0x0444  CertPropSvc - ok
17:20:43.0071 0x0444  [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:20:43.0133 0x0444  circlass - ok
17:20:43.0180 0x0444  [ 3DCA9A18B204939CFB24BEA53E31EB48, 73CEDE020A6C8269EE8847A4E43071FD231179DA9430DE2983263B8345AD92B7 ] CLFS            C:\Windows\system32\CLFS.sys
17:20:43.0196 0x0444  CLFS - ok
17:20:43.0258 0x0444  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:20:43.0274 0x0444  clr_optimization_v2.0.50727_32 - ok
17:20:43.0305 0x0444  [ 753049933D5326D835F4FCACDF4AD5E3, 715BEE09C19BCBCAD2A93E4725DB3A1FDD8E2FEFFF6E0C3D2F98FC607FED5D3A ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:20:43.0321 0x0444  clr_optimization_v2.0.50727_64 - ok
17:20:43.0367 0x0444  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:20:43.0461 0x0444  clr_optimization_v4.0.30319_32 - ok
17:20:43.0477 0x0444  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:20:43.0523 0x0444  clr_optimization_v4.0.30319_64 - ok
17:20:43.0555 0x0444  [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:20:43.0555 0x0444  cmdide - ok
17:20:43.0570 0x0444  [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:20:43.0570 0x0444  Compbatt - ok
17:20:43.0586 0x0444  COMSysApp - ok
17:20:43.0601 0x0444  [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:20:43.0601 0x0444  crcdisk - ok
17:20:43.0633 0x0444  [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:20:43.0679 0x0444  CryptSvc - ok
17:20:43.0726 0x0444  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:20:43.0804 0x0444  DcomLaunch - ok
17:20:43.0835 0x0444  [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:20:43.0898 0x0444  DfsC - ok
17:20:44.0023 0x0444  [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR            C:\Windows\system32\DFSR.exe
17:20:44.0366 0x0444  DFSR - ok
17:20:44.0428 0x0444  [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:20:44.0475 0x0444  Dhcp - ok
17:20:44.0537 0x0444  [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk            C:\Windows\system32\drivers\disk.sys
17:20:44.0553 0x0444  disk - ok
17:20:44.0584 0x0444  [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:20:44.0631 0x0444  Dnscache - ok
17:20:44.0662 0x0444  [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc         C:\Windows\System32\dot3svc.dll
17:20:44.0709 0x0444  dot3svc - ok
17:20:44.0756 0x0444  [ 74C02B1717740C3B8039539E23E4B53F, FF17BC1DAAE92C99D17EAE5C43FCFCC4B76E390D05EE2C603E5579C78A5536F0 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
17:20:44.0818 0x0444  Dot4 - ok
17:20:44.0834 0x0444  [ 08321D1860235BF42CF2854234337AEA, 39BD593B373A43C34FDDE283BA17F8127558036E8B5604D7C7091BC99CA9D739 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:20:44.0881 0x0444  Dot4Print - ok
17:20:44.0912 0x0444  [ 4ADCCF0124F2B6911D3786A5D0E779E5, 950B6FA2B9ABF353036A64133ED441EF58EEE36DC4BF5D5C4FFB71796438B5AA ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
17:20:44.0974 0x0444  dot4usb - ok
17:20:45.0005 0x0444  [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS             C:\Windows\system32\dps.dll
17:20:45.0068 0x0444  DPS - ok
17:20:45.0115 0x0444  [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:20:45.0161 0x0444  drmkaud - ok
17:20:45.0208 0x0444  [ 362CCEF305F45829316D62D3410F2062, 35033749E9B6B5AFC9C8C305F4AA1597E9776D465E7BBC24A20E836B7BEF0D73 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:20:45.0255 0x0444  DXGKrnl - ok
17:20:45.0317 0x0444  [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
17:20:45.0349 0x0444  E1G60 - ok
17:20:45.0380 0x0444  [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost         C:\Windows\System32\eapsvc.dll
17:20:45.0411 0x0444  EapHost - ok
17:20:45.0458 0x0444  [ 5F94962BE5A62DB6E447FF6470C4F48A, D00F9B3315DE8610BBE93FFD3CA3E2CF5B10697C518FC25FA4274CC6894D022B ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:20:45.0473 0x0444  Ecache - ok
17:20:45.0505 0x0444  [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:20:45.0551 0x0444  ehRecvr - ok
17:20:45.0583 0x0444  [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] ehSched         C:\Windows\ehome\ehsched.exe
17:20:45.0614 0x0444  ehSched - ok
17:20:45.0645 0x0444  [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] ehstart         C:\Windows\ehome\ehstart.dll
17:20:45.0661 0x0444  ehstart - ok
17:20:45.0676 0x0444  [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:20:45.0739 0x0444  elxstor - ok
17:20:45.0770 0x0444  [ A9B18B63A4FD6BAAB83326706D857FAB, 7721CC67C0F8CE3060D0EB35A10E4ADC1E3CB470C0797B17D606060C270F96D7 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
17:20:45.0848 0x0444  EMDMgmt - ok
17:20:45.0848 0x0444  [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:20:45.0879 0x0444  ErrDev - ok
17:20:45.0926 0x0444  [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem     C:\Windows\system32\es.dll
17:20:45.0988 0x0444  EventSystem - ok
17:20:46.0082 0x0444  [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat           C:\Windows\system32\drivers\exfat.sys
17:20:46.0129 0x0444  exfat - ok
17:20:46.0129 0x0444  ezSharedSvc - ok
17:20:46.0175 0x0444  [ 1E34B436811CCA4A2783C0BC7A0BEB2E, 7C9496100DEA53FBADDA8B1EFF9F943FD13E75601A039632887A35F190C1F799 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:20:46.0207 0x0444  fastfat - ok
17:20:46.0238 0x0444  [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:20:46.0300 0x0444  fdc - ok
17:20:46.0331 0x0444  [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:20:46.0378 0x0444  fdPHost - ok
17:20:46.0394 0x0444  [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:20:46.0441 0x0444  FDResPub - ok
17:20:46.0456 0x0444  [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:20:46.0472 0x0444  FileInfo - ok
17:20:46.0503 0x0444  [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:20:46.0534 0x0444  Filetrace - ok
17:20:46.0565 0x0444  [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:20:46.0612 0x0444  flpydisk - ok
17:20:46.0659 0x0444  [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:20:46.0675 0x0444  FltMgr - ok
17:20:46.0737 0x0444  [ F937F278E44138C0386FA1DE69B1F72B, 49180522CCCB5377B5B3A7EF8B9697FBE19A1E5D84BC282D24C39B3D52698851 ] FontCache       C:\Windows\system32\FntCache.dll
17:20:46.0815 0x0444  FontCache - ok
17:20:46.0862 0x0444  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:20:46.0862 0x0444  FontCache3.0.0.0 - ok
17:20:46.0877 0x0444  [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:20:46.0909 0x0444  Fs_Rec - ok
17:20:46.0924 0x0444  [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:20:46.0940 0x0444  gagp30kx - ok
17:20:47.0018 0x0444  [ DB3D8979064CE299927CC1DA57E9A659, 75B60E18BF3E8090D4A71411D69F1DF66C273A813D8A8FF3550B7F254DF01935 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
17:20:47.0018 0x0444  GameConsoleService - ok
17:20:47.0065 0x0444  [ AF4DEE5531395DEE72B35B36C9671FD0, 73427DEDB185BCF927C3C5B091B95ADE84A33EC198643C71E673FE3967E291EE ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:20:47.0065 0x0444  GEARAspiWDM - ok
17:20:47.0111 0x0444  [ A0E1B575BA8F504968CD40C0FAEB2384, F64A24A5A93F4E757882E97C65DA612F07A87F4DDD2E10C1AB0250AFA03BCEF1 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:20:47.0158 0x0444  gpsvc - ok
17:20:47.0221 0x0444  [ F942C5820205F2FB453243EDFEC82A3D, 17A6A3DCF884FB524C93F2477D97E9F2B8E547709F8F2AEA93BEEA322B62E914 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:20:47.0314 0x0444  HDAudBus - ok
17:20:47.0361 0x0444  [ B4881C84A180E75B8C25DC1D726C375F, C0BEDBF43EFB0DD442A1D7985EA4A7493671648954B7D1840E30FB2FC46589A4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:20:47.0408 0x0444  HidBth - ok
17:20:47.0408 0x0444  [ 4E77A77E2C986E8F88F996BB3E1AD829, 1748676EB038A145405080B829DF4156C2596691BE5C67FD8269BE8D9351B400 ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:20:47.0486 0x0444  HidIr - ok
17:20:47.0517 0x0444  [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] hidserv         C:\Windows\System32\hidserv.dll
17:20:47.0564 0x0444  hidserv - ok
17:20:47.0611 0x0444  [ 443BDD2D30BB4F00795C797E2CF99EDF, BCE1A241AE5CCE3E1C65CCF07ECB4305C7106F2EFFD51F2C519EB00026B474C4 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:20:47.0626 0x0444  HidUsb - ok
17:20:47.0642 0x0444  [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:20:47.0689 0x0444  hkmsvc - ok
17:20:47.0782 0x0444  [ AA9EF0B395097F24D289F64445B2FD2E, D7B38E16A0EC9572A5F474E9463592AAC42E35F54009DA8CDA986F86FD38354E ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
17:20:47.0798 0x0444  HP Health Check Service - detected UnsignedFile.Multi.Generic ( 1 )
17:20:50.0528 0x0444  Detect skipped due to KSN trusted
17:20:50.0528 0x0444  HP Health Check Service - ok
17:20:50.0575 0x0444  [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
17:20:50.0590 0x0444  HpCISSs - ok
17:20:50.0653 0x0444  [ FCB563B0A23643E5F80B6FF1E60F610F, C1FCECF406E154065BF3FD93C4853ED96F5300E0E218FF0AA20B34D614710735 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:20:50.0684 0x0444  hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
17:20:53.0913 0x0444  Detect skipped due to KSN trusted
17:20:53.0913 0x0444  hpqcxs08 - ok
17:20:53.0944 0x0444  [ 25E443E27165C652723A92D9BDFD4649, 58528E888176D236C683F5135BE0B35F43F9F521022ED0E66D5B688F3BAF7D0F ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:20:53.0975 0x0444  hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
17:20:56.0503 0x0444  Detect skipped due to KSN trusted
17:20:56.0503 0x0444  hpqddsvc - ok
17:20:56.0549 0x0444  [ 098F1E4E5C9CB5B0063A959063631610, 36B02A738413E4745978E3E90D9CE8ABC08376BEE411008A4312A752CB4A2E13 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:20:56.0612 0x0444  HTTP - ok
17:20:56.0643 0x0444  [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
17:20:56.0659 0x0444  i2omp - ok
17:20:56.0674 0x0444  [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:20:56.0721 0x0444  i8042prt - ok
17:20:56.0768 0x0444  [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
17:20:56.0783 0x0444  iaStorV - ok
17:20:56.0846 0x0444  [ A9AA69F749AC1D318151E77372CC83DB, 2A50A4D6ED22F5F6CB5DC56A639D904AD71E511DC744A6F6C3D1D4D39756AF31 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:20:56.0924 0x0444  idsvc - ok
17:20:57.0236 0x0444  [ A124C87CD0B39C9E510E138534468383, B5711A0CECE4ED2B20FFF7F84027F4150FC6569CEDD40945EB3BFCE97D832A96 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:20:58.0250 0x0444  igfx - ok
17:20:58.0328 0x0444  [ E026158F3FC752D99E5ACF6B24BAAAC3, 27BEEB20A8EF59D987B0478C1BA805063ADC266AB5BA0993700E4A89F0B6561E ] IHA_MessageCenter C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
17:20:58.0375 0x0444  IHA_MessageCenter - detected UnsignedFile.Multi.Generic ( 1 )
17:21:01.0105 0x0444  Detect skipped due to KSN trusted
17:21:01.0105 0x0444  IHA_MessageCenter - ok
17:21:01.0136 0x0444  [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:21:01.0151 0x0444  iirsp - ok
17:21:01.0183 0x0444  [ 0401A380C88754B2399F8043AC9B2BF9, BFF3B53FAFAE6622AA9F74BAA4A3D522C06E2D732B88916766603B9FE8D0D77F ] IKEEXT          C:\Windows\System32\ikeext.dll
17:21:01.0229 0x0444  IKEEXT - ok
17:21:01.0323 0x0444  [ 1EDAB7F9B9DE4424BECCDEF950CE2FF0, 8099C0FC143EA9EFAC54C31FD1A059D7AFAC1C90446CD5BAE0862F5CBCCEDFDF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:21:01.0463 0x0444  IntcAzAudAddService - ok
17:21:01.0495 0x0444  [ DF797A12176F11B2D301C5B234BB200E, 384343636B21CA7EDF28EFD1B6728EAB1508CA49CE48FF3DC0D91DB843C0C73E ] intelide        C:\Windows\system32\drivers\intelide.sys
17:21:01.0495 0x0444  intelide - ok
17:21:01.0510 0x0444  [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:21:01.0557 0x0444  intelppm - ok
17:21:01.0619 0x0444  [ 5624BC1BC5EEB49C0AB76A8114F05EA3, BD5AA534D8A923AF4D205EEC6DA55A3DC5F915E5F3223BF23F24C09824FA90B6 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:21:01.0666 0x0444  IPBusEnum - ok
17:21:01.0713 0x0444  [ D8AABC341311E4780D6FCE8C73C0AD81, 141E8032A934777567E6DAC35FB1C77C40D9B6EE477F17F872F35833A8F57F72 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:21:01.0760 0x0444  IpFilterDriver - ok
17:21:01.0791 0x0444  [ BF0DBFA9792C5C14FA00F61C75116C1B, 24C14DCAF57013F1C238E3C123279737420A714EB29CB69239C9838C9A269A59 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:21:01.0838 0x0444  iphlpsvc - ok
17:21:01.0853 0x0444  IpInIp - ok
17:21:01.0885 0x0444  [ 9C2EE2E6E5A7203BFAE15C299475EC67, E51628ECAB9CCCBCE02801C5E71406487A280765FEE318D14B0C227141B87658 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
17:21:01.0931 0x0444  IPMIDRV - ok
17:21:01.0963 0x0444  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
17:21:02.0009 0x0444  IPNAT - ok
17:21:02.0072 0x0444  [ A3BDA1A8A016B5E5A525BCF684894EBE, DE4F7D8A586DED8C07D1A7483F78A48E3AA99091F488551DF75BCDDD76F93EFD ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:21:02.0150 0x0444  iPod Service - ok
17:21:02.0181 0x0444  [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:21:02.0243 0x0444  IRENUM - ok
17:21:02.0290 0x0444  [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:21:02.0306 0x0444  isapnp - ok
17:21:02.0337 0x0444  [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:21:02.0353 0x0444  iScsiPrt - ok
17:21:02.0353 0x0444  [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:21:02.0368 0x0444  iteatapi - ok
17:21:02.0384 0x0444  [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
17:21:02.0399 0x0444  iteraid - ok
17:21:02.0415 0x0444  [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:21:02.0431 0x0444  kbdclass - ok
17:21:02.0446 0x0444  [ DBDF75D51464FBC47D0104EC3D572C05, E392EE961E734620245874C7700D56621A1A990C45DF5CE0B7D270BA708F255E ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:21:02.0477 0x0444  kbdhid - ok
17:21:02.0493 0x0444  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] KeyIso          C:\Windows\system32\lsass.exe
17:21:02.0524 0x0444  KeyIso - ok
17:21:02.0571 0x0444  [ 88956AD9FA510848AD176777A6C6C1F5, 8F2FBF7E70F836C2C11EE5ABCAFE3E51DC26E953DDFBEE3C1B4AA8E58EBDCF5E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:21:02.0602 0x0444  KSecDD - ok
17:21:02.0602 0x0444  [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:21:02.0665 0x0444  ksthunk - ok
17:21:02.0727 0x0444  [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:21:02.0789 0x0444  KtmRm - ok
17:21:02.0836 0x0444  [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] LanmanServer    C:\Windows\System32\srvsvc.dll
17:21:02.0867 0x0444  LanmanServer - ok
17:21:02.0899 0x0444  [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:21:02.0930 0x0444  LanmanWorkstation - ok
17:21:02.0992 0x0444  [ DFEFF67508D3A9AEB1A85D7B0F513B24, 34A02E6BEAFB22B1527C72E0E2D65FA1DBCFB022672116BFF4A903FBBEA8419D ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:21:03.0023 0x0444  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
17:21:05.0551 0x0444  Detect skipped due to KSN trusted
17:21:05.0551 0x0444  LightScribeService - ok
17:21:05.0582 0x0444  [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:21:05.0629 0x0444  lltdio - ok
17:21:05.0660 0x0444  [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:21:05.0707 0x0444  lltdsvc - ok
17:21:05.0738 0x0444  [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:21:05.0785 0x0444  lmhosts - ok
17:21:05.0816 0x0444  [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:21:05.0831 0x0444  LSI_FC - ok
17:21:05.0847 0x0444  [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:21:05.0863 0x0444  LSI_SAS - ok
17:21:05.0863 0x0444  [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:21:05.0878 0x0444  LSI_SCSI - ok
17:21:05.0894 0x0444  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:21:05.0956 0x0444  luafv - ok
17:21:06.0003 0x0444  [ 5C3669B71657F22E67A1D4BD49D2CBE7, 7CAE59AA6CA9CBBD70BBD707A155FB169BF3F71096275BF7C0F415B6A092C671 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:21:06.0019 0x0444  MBAMProtector - ok
17:21:06.0097 0x0444  [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
17:21:06.0175 0x0444  MBAMScheduler - ok
17:21:06.0221 0x0444  [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
17:21:06.0284 0x0444  MBAMService - ok
17:21:06.0346 0x0444  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
17:21:06.0362 0x0444  MBAMSwissArmy - ok
17:21:06.0393 0x0444  [ 852C80EA88A9D8844EF1485143E79E48, DF98492DBFCF047E677691C627037F685B92E831C72EAE116BD4EA0284A54B9C ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
17:21:06.0393 0x0444  MBAMWebAccessControl - ok
17:21:06.0440 0x0444  [ 76A58DF02BD4EA29F189B82D0BEF17F8, B3A96AABE050BB332ECD9AF7C35D08B468AC459D30FF4D49B609BA3F95ECEEDA ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:21:06.0471 0x0444  Mcx2Svc - ok
17:21:06.0533 0x0444  [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:21:06.0533 0x0444  megasas - ok
17:21:06.0565 0x0444  [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
17:21:06.0596 0x0444  MegaSR - ok
17:21:06.0611 0x0444  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS           C:\Windows\system32\mmcss.dll
17:21:06.0658 0x0444  MMCSS - ok
17:21:06.0705 0x0444  [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem           C:\Windows\system32\drivers\modem.sys
17:21:06.0767 0x0444  Modem - ok
17:21:06.0814 0x0444  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:21:06.0861 0x0444  monitor - ok
17:21:06.0892 0x0444  [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:21:06.0908 0x0444  mouclass - ok
17:21:06.0908 0x0444  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:21:06.0939 0x0444  mouhid - ok
17:21:06.0955 0x0444  [ 11BC9B1E8801B01F7F6ADB9EAD30019B, 1BAF820C0AB1B70A114E767B2155A58BF86CD0D9CF582813C1635A86BE3A7A05 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:21:06.0955 0x0444  MountMgr - ok
17:21:06.0986 0x0444  [ A5F6ADC56FA516594E99C328A7E7FD54, 6FB011B00B8AB085F3083E967B89BBFCA1AC7677407E9E72AD582CCC8212D136 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:21:07.0001 0x0444  MozillaMaintenance - ok
17:21:07.0017 0x0444  [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio            C:\Windows\system32\drivers\mpio.sys
17:21:07.0033 0x0444  mpio - ok
17:21:07.0064 0x0444  [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:21:07.0095 0x0444  mpsdrv - ok
17:21:07.0142 0x0444  [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:21:07.0220 0x0444  MpsSvc - ok
17:21:07.0251 0x0444  [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:21:07.0251 0x0444  Mraid35x - ok
17:21:07.0267 0x0444  [ 7C1DE4AA96DC0C071611F9E7DE02A68D, 8B248A82324FB23C64D41FA91BCC22093DE44C48D688E5995C484A7072A6EC08 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:21:07.0313 0x0444  MRxDAV - ok
17:21:07.0329 0x0444  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B, 9F157AAA1A793EF7E52817E4126B774C17FFA0036DADCF10A024FDC068F94F67 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:21:07.0391 0x0444  mrxsmb - ok
17:21:07.0423 0x0444  [ 3B929A60C833FC615FD97FBA82BC7632, 40EEBEB43F42A1A37FAA529E0C21984426F90C1EEFE1EF9BB2F696164595F91D ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:21:07.0454 0x0444  mrxsmb10 - ok
17:21:07.0454 0x0444  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3, 197F70E24D2BBDEC35C2D5BC442267ACC4C5AE3FD5BB30A0928976BE9758C942 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:21:07.0469 0x0444  mrxsmb20 - ok
17:21:07.0501 0x0444  [ 1AC860612B85D8E85EE257D372E39F4D, 74682CCE44BCEE31BCA286D4F4E53B64CAAE244155F2B4C8FEB6AE7C391CA89D ] msahci          C:\Windows\system32\drivers\msahci.sys
17:21:07.0516 0x0444  msahci - ok
17:21:07.0532 0x0444  [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:21:07.0547 0x0444  msdsm - ok
17:21:07.0563 0x0444  [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC           C:\Windows\System32\msdtc.exe
17:21:07.0610 0x0444  MSDTC - ok
17:21:07.0641 0x0444  [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:21:07.0688 0x0444  Msfs - ok
17:21:07.0719 0x0444  [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:21:07.0735 0x0444  msisadrv - ok
17:21:07.0766 0x0444  [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:21:07.0797 0x0444  MSiSCSI - ok
17:21:07.0813 0x0444  msiserver - ok
17:21:07.0844 0x0444  [ 0EA73E498F53B96D83DBFCA074AD4CF8, E3DDE34FCFF272E06CD8DA836F8D79E2515885715D4A7CD7BF8D97D7A4E0E781 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:21:07.0875 0x0444  MSKSSRV - ok
17:21:07.0891 0x0444  [ 52E59B7E992A58E740AA63F57EDBAE8B, A89F607B330BA1F42CA9FF01EF289BBD088350CF376568E58CB9865F1DA6CD72 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:21:07.0906 0x0444  MSPCLOCK - ok
17:21:07.0922 0x0444  [ 49084A75BAE043AE02D5B44D02991BB2, 4CD2692D191035CE9D18F4D21F054FF8C3F9CF2734464EA33EAB480A28AD447F ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:21:07.0969 0x0444  MSPQM - ok
17:21:08.0015 0x0444  [ DC6CCF440CDEDE4293DB41C37A5060A5, 768D08A67508E1CE69B67642A5E5A639C0DD1E93C956C56ECC5A56B0E502C953 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:21:08.0031 0x0444  MsRPC - ok
17:21:08.0047 0x0444  [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:21:08.0062 0x0444  mssmbios - ok
17:21:08.0078 0x0444  [ 86D632D75D05D5B7C7C043FA3564AE86, 96911FBC106B91E76598EE110B5147D4C55E42C9194E857F866B6B395E78D2CB ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:21:08.0125 0x0444  MSTEE - ok
17:21:08.0156 0x0444  [ 0CC49F78D8ACA0877D885F149084E543, 984DDCB52F0DFC1B26C6504FE500E8D9C2CA7F79ED34608AE9866A0915B8BA67 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:21:08.0171 0x0444  Mup - ok
17:21:08.0203 0x0444  [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] napagent        C:\Windows\system32\qagentRT.dll
17:21:08.0249 0x0444  napagent - ok
17:21:08.0296 0x0444  [ 2007B826C4ACD94AE32232B41F0842B9, 6267D165C3C8C5F83194890A6DBF71226D4B891AECD1D06F7AEB5D738C3DC9CA ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:21:08.0343 0x0444  NativeWifiP - ok
17:21:08.0390 0x0444  [ 65950E07329FCEE8E6516B17C8D0ABB6, 4429D9FF9B6E376D28D8FA4906B7554DF566EC23E455E3166C496B579622F204 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:21:08.0452 0x0444  NDIS - ok
17:21:08.0499 0x0444  [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:21:08.0530 0x0444  NdisTapi - ok
17:21:08.0546 0x0444  [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:21:08.0593 0x0444  Ndisuio - ok
17:21:08.0639 0x0444  [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:21:08.0686 0x0444  NdisWan - ok
17:21:08.0702 0x0444  [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:21:08.0717 0x0444  NDProxy - ok
17:21:08.0764 0x0444  [ 59267D2F0328599AA3B5408C2E06126F, 54D59079F04F9F08F980C1F1A8F8973ACF9C344218818A15A762287EE6F22F02 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:21:08.0795 0x0444  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
17:21:11.0354 0x0444  Detect skipped due to KSN trusted
17:21:11.0354 0x0444  Net Driver HPZ12 - ok
17:21:11.0369 0x0444  [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:21:11.0416 0x0444  NetBIOS - ok
17:21:11.0463 0x0444  [ FC2C792EBDDC8E28DF939D6A92C83D61, 9EDF8B56E2B47C31457074DA371B604E5F7EB2B3B5CD4688CBEEDD5B266D119B ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
17:21:11.0510 0x0444  netbt - ok
17:21:11.0541 0x0444  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] Netlogon        C:\Windows\system32\lsass.exe
17:21:11.0557 0x0444  Netlogon - ok
17:21:11.0588 0x0444  [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman          C:\Windows\System32\netman.dll
17:21:11.0666 0x0444  Netman - ok
17:21:11.0759 0x0444  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:21:11.0806 0x0444  NetMsmqActivator - ok
17:21:11.0806 0x0444  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:21:11.0822 0x0444  NetPipeActivator - ok
17:21:11.0869 0x0444  [ 7846D0136CC2B264926A73047BA7688A, 6F56CC1B17095C378D98B58A92F9EDA2D009529DDB6F60E815D85C7606C8EDC0 ] netprofm        C:\Windows\System32\netprofm.dll
17:21:11.0931 0x0444  netprofm - ok
17:21:11.0947 0x0444  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:21:11.0962 0x0444  NetTcpActivator - ok
17:21:11.0978 0x0444  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:21:11.0993 0x0444  NetTcpPortSharing - ok
17:21:12.0009 0x0444  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:21:12.0025 0x0444  nfrd960 - ok
17:21:12.0040 0x0444  [ F145BF4C4668E7E312069F81EF847CFC, C4926EFB41FE2813E90D83456C6CB8F3157D835391B443C7E26168F4E1D67DC7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:21:12.0103 0x0444  NlaSvc - ok
17:21:12.0118 0x0444  [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:21:12.0165 0x0444  Npfs - ok
17:21:12.0196 0x0444  [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi             C:\Windows\system32\nsisvc.dll
17:21:12.0243 0x0444  nsi - ok
17:21:12.0274 0x0444  [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:21:12.0321 0x0444  nsiproxy - ok
17:21:12.0399 0x0444  [ 2ACCAA3C3C55370A32F17B3595E1A217, 8539A293A5E1EBA2CC0FA9E999099D3B6B035D41069398AE17D737BBE4D9FEA8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:21:12.0461 0x0444  Ntfs - ok
17:21:12.0493 0x0444  [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null            C:\Windows\system32\drivers\Null.sys
17:21:12.0539 0x0444  Null - ok
17:21:12.0555 0x0444  [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:21:12.0571 0x0444  nvraid - ok
17:21:12.0586 0x0444  [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:21:12.0602 0x0444  nvstor - ok
17:21:12.0617 0x0444  [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:21:12.0633 0x0444  nv_agp - ok
17:21:12.0633 0x0444  NwlnkFlt - ok
17:21:12.0649 0x0444  NwlnkFwd - ok
17:21:12.0711 0x0444  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:21:12.0727 0x0444  odserv - ok
17:21:12.0789 0x0444  [ 7B58953E2F263421FDBB09A192712A85, 50F2E667BDD477514BC5B9513E3E8837F4964CFE96ADE849ED6DBE1D7BEA4928 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:21:12.0836 0x0444  ohci1394 - ok
17:21:12.0898 0x0444  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:21:12.0914 0x0444  ose - ok
17:21:12.0961 0x0444  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:21:13.0039 0x0444  p2pimsvc - ok
17:21:13.0070 0x0444  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:21:13.0117 0x0444  p2psvc - ok
17:21:13.0148 0x0444  [ AECD57F94C887F58919F307C35498EA0, CD8E8B54A445EF0DC485D5F221588875C98328596F64EE03B2D8BD0B860504FB ] Parport         C:\Windows\system32\drivers\parport.sys
17:21:13.0195 0x0444  Parport - ok
17:21:13.0226 0x0444  [ B43751085E2ABE389DA466BC62A4B987, 167CB6B18B6B7B74A229A976833E1FBE6D51C9C0EB8A23C92FC2465B692DF383 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:21:13.0226 0x0444  partmgr - ok
17:21:13.0304 0x0444  [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:21:13.0335 0x0444  PcaSvc - ok
17:21:13.0429 0x0444  [ 51209FBDB13A46E05C1B0077A9310264, 2EB5E29476A07B9E114F36DEFFAF71B3C6A4F2371E09AFDF12B37D5EA9890972 ] PCDSRVC{F36B3A4C-F95654BD-06000000}_0 c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
17:21:13.0616 0x0444  PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
17:21:13.0647 0x0444  [ 47AB1E0FC9D0E12BB53BA246E3A0906D, 82B452D614B535FAD3AFEEA06DFBBF8F7C5031563A2558CFA04F9B94C76E45DF ] pci             C:\Windows\system32\drivers\pci.sys
17:21:13.0663 0x0444  pci - ok
17:21:13.0694 0x0444  [ 8D618C829034479985A9ED56106CC732, 9F3773A5184064092920FA2C88CCF5BFE44C63573B443E67230C4F596B7884C2 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:21:13.0694 0x0444  pciide - ok
17:21:13.0709 0x0444  [ 037661F3D7C507C9993B7010CEEE6288, A7B415675B14FD755D0167BBA458A902AA9ABFC4343A1B887289D31DE8A55285 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:21:13.0725 0x0444  pcmcia - ok
17:21:13.0756 0x0444  [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:21:13.0850 0x0444  PEAUTH - ok
17:21:13.0912 0x0444  [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:21:13.0975 0x0444  PerfHost - ok
17:21:14.0068 0x0444  [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla             C:\Windows\system32\pla.dll
17:21:14.0177 0x0444  pla - ok
17:21:14.0224 0x0444  [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:21:14.0255 0x0444  PlugPlay - ok
17:21:14.0302 0x0444  [ 5261A2FD55183AC6993145AB6662CDDF, 996358C80674B1310B3C42BB45254AFC7FF90F12176FE76EF3C930D6D3C647FE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:21:14.0318 0x0444  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
17:21:17.0313 0x0444  Detect skipped due to KSN trusted
17:21:17.0313 0x0444  Pml Driver HPZ12 - ok
17:21:17.0344 0x0444  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
17:21:17.0422 0x0444  PNRPAutoReg - ok
17:21:17.0453 0x0444  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
17:21:17.0500 0x0444  PNRPsvc - ok
17:21:17.0563 0x0444  [ 89A5560671C2D8B4A4B51F3E1AA069D8, 07DEE5D73DDE09F954E2E13BB5603F0033829B6199C81A7C1709D94AB92B351E ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:21:17.0641 0x0444  PolicyAgent - ok
17:21:17.0703 0x0444  [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:21:17.0750 0x0444  PptpMiniport - ok
17:21:17.0765 0x0444  [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor       C:\Windows\system32\drivers\processr.sys
17:21:17.0812 0x0444  Processor - ok
17:21:17.0843 0x0444  [ E058CE4FC2449D8BFA14739C83B7FF2A, 6ACA086D5E0EF3C3EAEBD78010E50739BBA7CA05E937FFF3A4F2AD22FD57B54A ] ProfSvc         C:\Windows\system32\profsvc.dll
17:21:17.0890 0x0444  ProfSvc - ok
17:21:17.0921 0x0444  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:21:17.0921 0x0444  ProtectedStorage - ok
17:21:17.0937 0x0444  [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:21:17.0953 0x0444  PSched - ok
17:21:18.0015 0x0444  [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:21:18.0109 0x0444  ql2300 - ok
17:21:18.0140 0x0444  [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:21:18.0155 0x0444  ql40xx - ok
17:21:18.0202 0x0444  [ 90574842C3DA781E279061A3EFF91F07, F87DE7355DAA4FACF2126A0427C08BAAD9E647E0B02EE5447746BE969B28DA8D ] QWAVE           C:\Windows\system32\qwave.dll
17:21:18.0233 0x0444  QWAVE - ok
17:21:18.0296 0x0444  [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:21:18.0343 0x0444  QWAVEdrv - ok
17:21:18.0358 0x0444  [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:21:18.0405 0x0444  RasAcd - ok
17:21:18.0436 0x0444  [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto         C:\Windows\System32\rasauto.dll
17:21:18.0499 0x0444  RasAuto - ok
17:21:18.0530 0x0444  [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:21:18.0577 0x0444  Rasl2tp - ok
17:21:18.0592 0x0444  [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] RasMan          C:\Windows\System32\rasmans.dll
17:21:18.0655 0x0444  RasMan - ok
17:21:18.0686 0x0444  [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:21:18.0701 0x0444  RasPppoe - ok
17:21:18.0717 0x0444  [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:21:18.0733 0x0444  RasSstp - ok
17:21:18.0764 0x0444  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:21:18.0795 0x0444  rdbss - ok
17:21:18.0811 0x0444  [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:21:18.0842 0x0444  RDPCDD - ok
17:21:18.0873 0x0444  [ C045D1FB111C28DF0D1BE8D4BDA22C06, 572986C93B982387EE94797A1EDE1C6C444B0F1078AC8201099452BFA021458F ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
17:21:18.0920 0x0444  rdpdr - ok
17:21:18.0935 0x0444  [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:21:18.0967 0x0444  RDPENCDD - ok
17:21:19.0013 0x0444  [ AE4BD9E1C33D351D8E607FC81F15160C, AD785CA72B7C6EB9F94B2E797C758C0F804DB26EE056DDC6D4F85BB562A02EA4 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:21:19.0045 0x0444  RDPWD - ok
17:21:19.0091 0x0444  [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:21:19.0123 0x0444  RemoteAccess - ok
17:21:19.0138 0x0444  [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:21:19.0201 0x0444  RemoteRegistry - ok
17:21:19.0232 0x0444  [ 9C3AC71A9934B884FAC567A8807E9C4D, 0B6B2970098E3C21E1E54A25785544903E8CD415B527FCEF86ABC7B33BEC83E7 ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
17:21:19.0232 0x0444  Revoflt - ok
17:21:19.0247 0x0444  [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator      C:\Windows\system32\locator.exe
17:21:19.0279 0x0444  RpcLocator - ok
17:21:19.0341 0x0444  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] RpcSs           C:\Windows\system32\rpcss.dll
17:21:19.0372 0x0444  RpcSs - ok
17:21:19.0435 0x0444  [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:21:19.0481 0x0444  rspndr - ok
17:21:19.0528 0x0444  [ C6701C5F6781D7DED9208A4D554AC37B, 051C4A30AE914DEA95BE1399C5F40B7414C60104B6E0D54DE9F70F6D5F2ACF8C ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
17:21:19.0591 0x0444  RTL8169 - ok
17:21:19.0606 0x0444  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] SamSs           C:\Windows\system32\lsass.exe
17:21:19.0622 0x0444  SamSs - ok
17:21:19.0669 0x0444  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:21:19.0684 0x0444  SASDIFSV - ok
17:21:19.0700 0x0444  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:21:19.0715 0x0444  SASKUTIL - ok
17:21:19.0715 0x0444  [ CD9C693589C60AD59BBBCFB0E524E01B, F9EBD4FF4C712A563B1120D123012E41105D31402BE45D6F8C8DA71155D64ECB ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:21:19.0731 0x0444  sbp2port - ok
17:21:19.0778 0x0444  [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:21:19.0809 0x0444  SCardSvr - ok
17:21:19.0871 0x0444  [ 0F838C811AD295D2A4489B9993096C63, 3DF2F973359249735810CB5AD52E05126A93A1C7D9F6274ACB018A0A125846BD ] Schedule        C:\Windows\system32\schedsvc.dll
17:21:19.0965 0x0444  Schedule - ok
17:21:19.0996 0x0444  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:21:20.0027 0x0444  SCPolicySvc - ok
17:21:20.0043 0x0444  [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:21:20.0090 0x0444  SDRSVC - ok
17:21:20.0277 0x0444  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
17:21:20.0402 0x0444  SDScannerService - ok
17:21:20.0605 0x0444  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
17:21:20.0698 0x0444  SDUpdateService - ok
17:21:20.0729 0x0444  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
17:21:20.0745 0x0444  SDWSCService - ok
17:21:20.0776 0x0444  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:21:20.0839 0x0444  secdrv - ok
17:21:20.0870 0x0444  [ 5ACDCBC67FCF894A1815B9F96D704490, FE0247A8BEDB860EBD46A9D49C641D0B9AA24EE34132CDDADC9F5A605238FDA7 ] seclogon        C:\Windows\system32\seclogon.dll
17:21:20.0917 0x0444  seclogon - ok
17:21:20.0948 0x0444  [ 90973A64B96CD647FF81C79443618EED, 1D3CB7F724B7EADA6443DF07B258EE7FB7FEC92C2A7A9D3C57F6A220EF0DDDC4 ] SENS            C:\Windows\system32\sens.dll
17:21:21.0010 0x0444  SENS - ok
17:21:21.0026 0x0444  [ F71BFE7AC6C52273B7C82CBF1BB2A222, 8C7F0E426B266DBBFE4BBE3333A33C338209BD8BE0E434A98D0D2CFD78D3F758 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:21:21.0104 0x0444  Serenum - ok
17:21:21.0135 0x0444  [ E62FAC91EE288DB29A9696A9D279929C, 9B6A420556532F7F8D55FB6580A592A43BEA579A068B970C741A23DB079ECAD1 ] Serial          C:\Windows\system32\drivers\serial.sys
17:21:21.0197 0x0444  Serial - ok
17:21:21.0213 0x0444  [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:21:21.0244 0x0444  sermouse - ok
17:21:21.0275 0x0444  [ A8E4A4407A09F35DCCC3771AF590B0C4, F56ECE42CE81098FCCBCDFBBF006C3FB9EDD29C62F03C4EAE012EE690669481B ] SessionEnv      C:\Windows\system32\sessenv.dll
17:21:21.0307 0x0444  SessionEnv - ok
17:21:21.0307 0x0444  [ 14D4B4465193A87C127933978E8C4106, A5C3F2F09E9A0715529B05AC1020EF0F432121E129447795257087E0D6A812FC ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:21:21.0353 0x0444  sffdisk - ok
17:21:21.0369 0x0444  [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:21:21.0416 0x0444  sffp_mmc - ok
17:21:21.0447 0x0444  [ 35E59EBE4A01A0532ED67975161C7B82, 4F4296B8903FCD06439CC8BF93C703852E523834F09CF9121FDA729A988AF11B ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:21:21.0494 0x0444  sffp_sd - ok
17:21:21.0494 0x0444  [ 6B7838C94135768BD455CBDC23E39E5F, 868E054ED546479DEAD7C2834C7AB080820522C16F5B4BEF0F3B279A33ABA9C8 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:21:21.0556 0x0444  sfloppy - ok
17:21:21.0587 0x0444  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:21:21.0634 0x0444  SharedAccess - ok
17:21:21.0681 0x0444  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:21:21.0697 0x0444  ShellHWDetection - ok
17:21:21.0712 0x0444  [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:21:21.0728 0x0444  SiSRaid2 - ok
17:21:21.0728 0x0444  [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:21:21.0743 0x0444  SiSRaid4 - ok
17:21:21.0837 0x0444  [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] slsvc           C:\Windows\system32\SLsvc.exe
17:21:21.0931 0x0444  slsvc - ok
17:21:21.0977 0x0444  [ FD74B4B7C2088E390A30C85A896FC3AF, 897F1F89A4DDB356CF6E59EFBC32A2081C0CADE283793DB6879D263F7B2E313F ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:21:22.0024 0x0444  SLUINotify - ok
17:21:22.0055 0x0444  [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:21:22.0102 0x0444  Smb - ok
17:21:22.0133 0x0444  [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:21:22.0165 0x0444  SNMPTRAP - ok
17:21:22.0196 0x0444  [ 386C3C63F00A7040C7EC5E384217E89D, DD8766BCBD77EC6F67979A8B37B943A3A0E5478CE3FB129BF8FCA29B66529721 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:21:22.0211 0x0444  spldr - ok
17:21:22.0243 0x0444  [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] Spooler         C:\Windows\System32\spoolsv.exe
17:21:22.0289 0x0444  Spooler - ok
17:21:22.0383 0x0444  [ F718A57D946EAC76EFCB351D74E269F4, 473AE48BACEE64A9582814951B731BDDDEB48D2E9D407ACEAA3F0850B536DABA ] SRTSP           C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS
17:21:22.0430 0x0444  SRTSP - ok
17:21:22.0461 0x0444  [ B18CE01B9C09C59422BA7C7064248B35, B355EE2FBB37C4B0EFFE4DC5E0788A26579266828E7988EDC497B0AE7375F8AB ] SRTSPX          C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS
17:21:22.0477 0x0444  SRTSPX - ok
17:21:22.0508 0x0444  [ 880A57FCCB571EBD063D4DD50E93E46D, D46BA584D1C33F17C4156127742FA470AA044C4BCE9E6A209E5B1F3A44C73350 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:21:22.0586 0x0444  srv - ok
17:21:22.0601 0x0444  [ A1AD14A6D7A37891FFFECA35EBBB0730, AE00950D330EE4C05F5AA9BC7E63E974766D8E93B607CB3E683C727E8A65049D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:21:22.0648 0x0444  srv2 - ok
17:21:22.0648 0x0444  [ 4BED62F4FA4D8300973F1151F4C4D8A7, 1835895B3E837F8862F7F669DFBDF5EAB627E5656377624474C17E92CF440D2A ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:21:22.0679 0x0444  srvnet - ok
17:21:22.0711 0x0444  [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:21:22.0757 0x0444  SSDPSRV - ok
17:21:22.0804 0x0444  [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:21:22.0835 0x0444  SstpSvc - ok
17:21:22.0898 0x0444  [ 15825C1FBFB8779992CB65087F316AF5, E9431C016D209A7322C0586F11EEF0AB461AB5822960287BB1D0FBC30183614D ] stisvc          C:\Windows\System32\wiaservc.dll
17:21:22.0945 0x0444  stisvc - ok
17:21:22.0991 0x0444  [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:21:22.0991 0x0444  swenum - ok
17:21:23.0038 0x0444  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] swprv           C:\Windows\System32\swprv.dll
17:21:23.0085 0x0444  swprv - ok
17:21:23.0101 0x0444  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
17:21:23.0116 0x0444  Symc8xx - ok
17:21:23.0147 0x0444  [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS           C:\Windows\system32\drivers\N360x64\1502000.026\SYMDS64.SYS
17:21:23.0179 0x0444  SymDS - ok
17:21:23.0210 0x0444  [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA          C:\Windows\system32\drivers\N360x64\1502000.026\SYMEFA64.SYS
17:21:23.0303 0x0444  SymEFA - ok
17:21:23.0381 0x0444  [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:21:23.0381 0x0444  SymEvent - ok
17:21:23.0413 0x0444  [ 48C2934683CBD06F662B088EEF49EF6A, 2212A3588C28F33EFCB1D34618B3054EBBAC6731D177A581D21D1F969FE040C0 ] SymIRON         C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS
17:21:23.0428 0x0444  SymIRON - ok
17:21:23.0459 0x0444  [ 018D1F8343C301B4AF9DD042D2FFBCC8, 5DE8FADCBFA91B018DFA1E9B55CC84F70539791E1EDABB06301569EE92AFD970 ] SYMTDIv         C:\Windows\System32\Drivers\N360x64\1502000.026\SYMTDIV.SYS
17:21:23.0475 0x0444  SYMTDIv - ok
17:21:23.0522 0x0444  [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:21:23.0522 0x0444  Sym_hi - ok
17:21:23.0537 0x0444  [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:21:23.0553 0x0444  Sym_u3 - ok
17:21:23.0600 0x0444  [ 92D7A8B0F87B036F17D25885937897A6, 6759BAB11E5FBB143BE13DF1611AE5D41D379DF423D881E92E910DF6A37CBA85 ] SysMain         C:\Windows\system32\sysmain.dll
17:21:23.0678 0x0444  SysMain - ok
17:21:23.0725 0x0444  [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] TabletInputService C:\Windows\System32\TabSvc.dll
17:21:23.0756 0x0444  TabletInputService - ok
17:21:23.0803 0x0444  [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:21:23.0849 0x0444  TapiSrv - ok
17:21:23.0881 0x0444  [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS             C:\Windows\System32\tbssvc.dll
17:21:23.0943 0x0444  TBS - ok
17:21:24.0005 0x0444  [ 00F77C4555FFABC21ADDB3160B2F574A, 292D3D9FC923283A25717831C5F1EA3046CB09F4F1B342BB93A506E68B9D4090 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:21:24.0068 0x0444  Tcpip - ok
17:21:24.0146 0x0444  [ 00F77C4555FFABC21ADDB3160B2F574A, 292D3D9FC923283A25717831C5F1EA3046CB09F4F1B342BB93A506E68B9D4090 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:21:24.0239 0x0444  Tcpip6 - ok
17:21:24.0286 0x0444  [ C7E72A4071EE0200E3C075DACFB2B334, 925A68FD021C7957792F31E9D69A31C180BEB878CD93D2C3E2BE463F58011A6C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:21:24.0317 0x0444  tcpipreg - ok
17:21:24.0349 0x0444  [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:21:24.0395 0x0444  TDPIPE - ok
17:21:24.0427 0x0444  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:21:24.0473 0x0444  TDTCP - ok
17:21:24.0520 0x0444  [ 458919C8C42E398DC4802178D5FFEE27, E38828411DCE0AE2E2BF0D270FD80E47B46EDE4B44DAFD1DF11F54D427EACEB5 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:21:24.0567 0x0444  tdx - ok
17:21:24.0614 0x0444  [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:21:24.0614 0x0444  TermDD - ok
17:21:24.0661 0x0444  [ 5CDD30BC217082DAC71A9878D9BFD566, 260D40973F9EEAE9A1890B813D8DCC01A9434D17DCE5DA1D16B72A57DCF59194 ] TermService     C:\Windows\System32\termsrv.dll
17:21:24.0739 0x0444  TermService - ok
17:21:24.0785 0x0444  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] Themes          C:\Windows\system32\shsvcs.dll
17:21:24.0801 0x0444  Themes - ok
17:21:24.0863 0x0444  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER     C:\Windows\system32\mmcss.dll
17:21:24.0895 0x0444  THREADORDER - ok
17:21:24.0941 0x0444  [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks          C:\Windows\System32\trkwks.dll
17:21:25.0004 0x0444  TrkWks - ok
17:21:25.0051 0x0444  [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:21:25.0082 0x0444  TrustedInstaller - ok
17:21:25.0129 0x0444  [ B2388462329ACD17AF50D8701E0C1B18, 959D7B7CCB526367645BAA11C56C88C9AD741EE338BAD6513C54FC7ED43F3AC0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:21:25.0160 0x0444  tssecsrv - ok
17:21:25.0191 0x0444  [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
17:21:25.0222 0x0444  tunmp - ok
17:21:25.0269 0x0444  [ 30A9B3F45AD081BFFC3BCAA9C812B609, 57204F1F72FEFA086FF1D8A14487D56F4DEDD3C50FBB6903E0C4AC749EA720DE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:21:25.0300 0x0444  tunnel - ok
17:21:25.0316 0x0444  [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:21:25.0331 0x0444  uagp35 - ok
17:21:25.0363 0x0444  [ FAF2640A2A76ED03D449E443194C4C34, CC2517DCFE6962EB2EDEB93E44CB53B113974C9C69A050E3F36385C8D78E810B ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:21:25.0394 0x0444  udfs - ok
17:21:25.0409 0x0444  [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:21:25.0472 0x0444  UI0Detect - ok
17:21:25.0503 0x0444  [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:21:25.0519 0x0444  uliagpkx - ok
17:21:25.0550 0x0444  [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci         C:\Windows\system32\drivers\uliahci.sys
17:21:25.0565 0x0444  uliahci - ok
17:21:25.0597 0x0444  [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:21:25.0597 0x0444  UlSata - ok
17:21:25.0628 0x0444  [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
17:21:25.0628 0x0444  ulsata2 - ok
17:21:25.0643 0x0444  [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:21:25.0706 0x0444  umbus - ok
17:21:25.0737 0x0444  [ 7093799FF80E9DECA0680D2E3535BE60, 1CBFCCA84CB9212176BF5A1D32334BD54E58A2668A4746252738800468AD4AD4 ] upnphost        C:\Windows\System32\upnphost.dll
17:21:25.0768 0x0444  upnphost - ok
17:21:25.0831 0x0444  [ 54D4B48D443E7228BF64CF7CDC3118AC, 4C953166EAECFD217218E386B411A4BDDA86AE65DCF352D271DF8E3D7DECC85F ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
17:21:25.0862 0x0444  USBAAPL64 - ok
17:21:25.0893 0x0444  [ 858CC93477F9A9383E07861892600FF9, C72B25E7F6AF46AC22F8D2A1FA0345B290AAE642442C8A388EA75944334BB289 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:21:25.0909 0x0444  usbccgp - ok
17:21:25.0924 0x0444  [ 9247F7E0B65852C1F6631480984D6ED2, E3360A0EE891B8BADEF5FF53F796C79D6AD218961087F866E451F3B6F278672A ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:21:25.0987 0x0444  usbcir - ok
17:21:26.0033 0x0444  [ 82C3790E4E6F35087EF00994C7A72988, 95FA022BDAC65DCD2DA52C8FCC1F2C186B321F4599F40CB90262E24FD10AE16C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:21:26.0065 0x0444  usbehci - ok
17:21:26.0096 0x0444  [ BE2EB33AF6EE2E5DA07EB987E0A321F5, 0FCFABA080C553451AE4FAFB54DFE57639251D97DA204C07EC66F469826F3B46 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:21:26.0143 0x0444  usbhub - ok
17:21:26.0158 0x0444  [ EBA14EF0C07CEC233F1529C698D0D154, FBA35D53A90FD6C3F91DA5ECE10EF29858CB4CB512AA20548225F83E9FE0A23D ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:21:26.0221 0x0444  usbohci - ok
17:21:26.0267 0x0444  [ 28B693B6D31E7B9332C1BDCEFEF228C1, 6B756E6D7459F755C76BC3F497643F6818F107304B789952B233C6585434F3A8 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:21:26.0299 0x0444  usbprint - ok
17:21:26.0314 0x0444  [ B854C1558FCA0C269A38663E8B59B581, 08CC36B33FA2281FC88671BE051863AA8CA911446D24596049DB77FB4CB09EA6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:21:26.0345 0x0444  USBSTOR - ok
17:21:26.0361 0x0444  [ 308F6DDC052C970D679DA37D8A305279, E0F4C3C8F27E21C186289B115ECAB771777BC7E848F29D683C53C9F936F30848 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:21:26.0377 0x0444  usbuhci - ok
17:21:26.0392 0x0444  [ D76E231E4850BB3F88A3D9A78DF191E3, 98CAD31C41AD155EA853DF850D94FA29543C3A7D26262D1B6881281D033CEBAF ] UxSms           C:\Windows\System32\uxsms.dll
17:21:26.0439 0x0444  UxSms - ok
17:21:26.0486 0x0444  [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] vds             C:\Windows\System32\vds.exe
17:21:26.0517 0x0444  vds - ok
17:21:26.0548 0x0444  [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:21:26.0595 0x0444  vga - ok
17:21:26.0626 0x0444  [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:21:26.0673 0x0444  VgaSave - ok
17:21:26.0689 0x0444  [ 8294B6C3FDB6C33F24E150DE647ECDAA, FEBD9536EF61F700DFD5D9CB815808C8415D5B23590B3CE17B12D84F4670EA4D ] viaide          C:\Windows\system32\drivers\viaide.sys
17:21:26.0704 0x0444  viaide - ok
17:21:26.0735 0x0444  [ 2B7E885ED951519A12C450D24535DFCA, 249009EBC1D306D51FDFA4A89588462AA2D8B6DF0A20BE250B60DD73200CB7F3 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:21:26.0735 0x0444  volmgr - ok
17:21:26.0782 0x0444  [ CEC5AC15277D75D9E5DEC2E1C6EAF877, EA989E257C4409F9AF3B35C4D7ED9134D930FE3733B077C4F3AA5497796F2CB0 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:21:26.0813 0x0444  volmgrx - ok
17:21:26.0876 0x0444  [ 582F710097B46140F5A89A19A6573D4B, 6F695B17BF476D027D3012352F3D4DFD0E0815823DA51A136767ECEF6D64A1CA ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:21:26.0891 0x0444  volsnap - ok
17:21:26.0907 0x0444  [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:21:26.0923 0x0444  vsmraid - ok
17:21:26.0985 0x0444  [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] VSS             C:\Windows\system32\vssvc.exe
17:21:27.0094 0x0444  VSS - ok
17:21:27.0157 0x0444  [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] W32Time         C:\Windows\system32\w32time.dll
17:21:27.0203 0x0444  W32Time - ok
17:21:27.0203 0x0444  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7, D682FBF78CF987609AF35A019E7C90CBE02800D7DFC272FFDD71D82AA362FA7A ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:21:27.0250 0x0444  WacomPen - ok
17:21:27.0297 0x0444  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:21:27.0328 0x0444  Wanarp - ok
17:21:27.0344 0x0444  [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:21:27.0375 0x0444  Wanarpv6 - ok
17:21:27.0406 0x0444  [ B4E4C37D0AA6100090A53213EE2BF1C1, 67107F542F3C937FA5D9B28BA2EBFE994FFE287F16C0BFCF79AD20B95C13F78B ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:21:27.0453 0x0444  wcncsvc - ok
17:21:27.0500 0x0444  [ EA4B369560E986F19D93F45A881484AC, B61411D64901C9CB8C80402CD1E8808F5A0FACA38206C8D584C7C1019F5ADF5A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:21:27.0531 0x0444  WcsPlugInService - ok
17:21:27.0562 0x0444  [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd              C:\Windows\system32\drivers\wd.sys
17:21:27.0578 0x0444  Wd - ok
17:21:27.0625 0x0444  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:21:27.0656 0x0444  Wdf01000 - ok
17:21:27.0671 0x0444  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:21:27.0734 0x0444  WdiServiceHost - ok
17:21:27.0734 0x0444  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:21:27.0765 0x0444  WdiSystemHost - ok
17:21:27.0796 0x0444  [ 3E6D05381CF35F75EBB055544A8ED9AC, BEC43932BD6C34406B8850E28178B937BFD9512E49FD9F8C54DA7EE272B478A9 ] WebClient       C:\Windows\System32\webclnt.dll
17:21:27.0843 0x0444  WebClient - ok
17:21:27.0874 0x0444  [ 8D40BC587993F876658BF9FB0F7D3462, 23748E11F5CCE3D4978D748780283FA5A1154F53FF70D924CB2128FF8A4705F7 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:21:27.0890 0x0444  Wecsvc - ok
17:21:27.0905 0x0444  [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:21:27.0937 0x0444  wercplsupport - ok
17:21:27.0952 0x0444  [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:21:27.0999 0x0444  WerSvc - ok
17:21:28.0015 0x0444  WinDefend - ok
17:21:28.0046 0x0444  WinHttpAutoProxySvc - ok
17:21:28.0093 0x0444  [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:21:28.0124 0x0444  Winmgmt - ok
17:21:28.0202 0x0444  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869, 22D53818F4A4ACE441E121151CFD7CB1EDF5E8303DF9E113C9BB304B418A96EF ] WinRM           C:\Windows\system32\WsmSvc.dll
17:21:28.0280 0x0444  WinRM - ok
17:21:28.0373 0x0444  [ EC339C8115E91BAED835957E9A677F16, 3BBE6D4F1731198E8F0CFEE67C4CCA5C31E6968F8E02EF9E029C1847A26F513B ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:21:28.0420 0x0444  Wlansvc - ok
17:21:28.0592 0x0444  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:21:28.0717 0x0444  wlidsvc - ok
17:21:28.0763 0x0444  [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:21:28.0763 0x0444  WmiAcpi - ok
17:21:28.0810 0x0444  [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:21:28.0826 0x0444  wmiApSrv - ok
17:21:28.0841 0x0444  WMPNetworkSvc - ok
17:21:28.0873 0x0444  [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:21:28.0919 0x0444  WPCSvc - ok
17:21:28.0966 0x0444  [ 490A18B4E4D53DC10879DEAA8E8B70D9, D069D8C22CF78A0970E85C0B9879E08FF19458FAA75AE447BCF9236731F64252 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:21:29.0013 0x0444  WPDBusEnum - ok
17:21:29.0122 0x0444  [ A2BFEDF5D926CBED9C5F7BC46169A99C, 4F336C0D1DFBCDF9583F528331300FD377AE6565E0C70D58CD9E6ACE95B7273F ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:21:29.0169 0x0444  WPFFontCache_v0400 - ok
17:21:29.0185 0x0444  [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:21:29.0231 0x0444  ws2ifsl - ok
17:21:29.0263 0x0444  [ 9EA3E6D0EF7A5C2B9181961052A4B01A, F39BAF1FC7DD1600C0052C2A6AA3BCBC8CA3DA96D1AC7B42B0F2810D051EE1B0 ] wscsvc          C:\Windows\system32\wscsvc.dll
17:21:29.0309 0x0444  wscsvc - ok
17:21:29.0309 0x0444  WSearch - ok
17:21:29.0403 0x0444  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:21:29.0481 0x0444  wuauserv - ok
17:21:29.0512 0x0444  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:21:29.0543 0x0444  WudfPf - ok
17:21:29.0590 0x0444  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:21:29.0637 0x0444  WUDFRd - ok
17:21:29.0637 0x0444  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:21:29.0668 0x0444  wudfsvc - ok
17:21:29.0684 0x0444  ================ Scan global ===============================
17:21:29.0715 0x0444  [ 060DC3A7A9A2626031EB23D90151428D, 4AADA06E83603E9D4894D6CFC8DADB018307B384F438C809D4BC8E22BD937C3B ] C:\Windows\system32\basesrv.dll
17:21:29.0746 0x0444  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
17:21:29.0777 0x0444  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
17:21:29.0809 0x0444  [ 934E0B7D77FF78C18D9F8891221B6DE3, BB1ACD3CD6482D8B7C5931E8733B8094D2CE59C4FBC4012BD0799C8DC367FB74 ] C:\Windows\system32\services.exe
17:21:29.0809 0x0444  [ Global ] - ok
17:21:29.0824 0x0444  ================ Scan MBR ==================================
17:21:29.0824 0x0444  [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
17:21:30.0183 0x0444  \Device\Harddisk0\DR0 - ok
17:21:30.0199 0x0444  ================ Scan VBR ==================================
17:21:30.0199 0x0444  [ FD8C4F83F957B4988BE76E614075E44F ] \Device\Harddisk0\DR0\Partition1
17:21:30.0230 0x0444  \Device\Harddisk0\DR0\Partition1 - ok
17:21:30.0230 0x0444  [ 7AF1C5D6D405DBE2678BF4E6F5F95148 ] \Device\Harddisk0\DR0\Partition2
17:21:30.0261 0x0444  \Device\Harddisk0\DR0\Partition2 - ok
17:21:30.0261 0x0444  ================ Scan active images ========================
17:21:30.0261 0x0444  [ 4F4E1093ADFBAE48544DA6E7CCF09FE4, DBD6D1B1EA8603D16CB26F6C5AB30899BEE642DA8FEC4FE1509ADFD355339353 ] C:\Windows\System32\drivers\crashdmp.sys
17:21:30.0261 0x0444  C:\Windows\System32\drivers\crashdmp.sys - ok
17:21:30.0261 0x0444  [ 7E7270D67964C9EDDE6BFDAAC07B7999, B35D239C57290CC1428C59DBAD20767DC06C3E37D8A73D3FAD5CC7F462EAF8F6 ] C:\Windows\System32\drivers\Dumpata.sys
17:21:30.0261 0x0444  C:\Windows\System32\drivers\Dumpata.sys - ok
17:21:30.0277 0x0444  [ E68D9B3A3905619732F7FE039466A623, 74C0B29E54EF064660B9C756E03D5A7EB78F261EFF768EB6E74D261FBD34340D ] C:\Windows\System32\drivers\atapi.sys
17:21:30.0277 0x0444  C:\Windows\System32\drivers\atapi.sys - ok
17:21:30.0277 0x0444  [ 30A9B3F45AD081BFFC3BCAA9C812B609, 57204F1F72FEFA086FF1D8A14487D56F4DEDD3C50FBB6903E0C4AC749EA720DE ] C:\Windows\System32\drivers\tunnel.sys
17:21:30.0277 0x0444  C:\Windows\System32\drivers\tunnel.sys - ok
17:21:30.0277 0x0444  [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] C:\Windows\System32\drivers\TUNMP.SYS
17:21:30.0277 0x0444  C:\Windows\System32\drivers\TUNMP.SYS - ok
17:21:30.0292 0x0444  [ F942C5820205F2FB453243EDFEC82A3D, 17A6A3DCF884FB524C93F2477D97E9F2B8E547709F8F2AEA93BEEA322B62E914 ] C:\Windows\System32\drivers\hdaudbus.sys
17:21:30.0292 0x0444  C:\Windows\System32\drivers\hdaudbus.sys - ok
17:21:30.0292 0x0444  [ C6701C5F6781D7DED9208A4D554AC37B, 051C4A30AE914DEA95BE1399C5F40B7414C60104B6E0D54DE9F70F6D5F2ACF8C ] C:\Windows\System32\drivers\Rtlh64.sys
17:21:30.0292 0x0444  C:\Windows\System32\drivers\Rtlh64.sys - ok
17:21:30.0292 0x0444  [ 6ABF41B83C9691DB492BD209C6967116, 353BD8DB29DCD1B62B1CFFEB4B0A9D4278764AFC0C7F66F919572070DE7455EF ] C:\Windows\System32\drivers\usbport.sys
17:21:30.0292 0x0444  C:\Windows\System32\drivers\usbport.sys - ok
17:21:30.0308 0x0444  [ 308F6DDC052C970D679DA37D8A305279, E0F4C3C8F27E21C186289B115ECAB771777BC7E848F29D683C53C9F936F30848 ] C:\Windows\System32\drivers\usbuhci.sys
17:21:30.0308 0x0444  C:\Windows\System32\drivers\usbuhci.sys - ok
17:21:30.0308 0x0444  [ 82C3790E4E6F35087EF00994C7A72988, 95FA022BDAC65DCD2DA52C8FCC1F2C186B321F4599F40CB90262E24FD10AE16C ] C:\Windows\System32\drivers\usbehci.sys
17:21:30.0308 0x0444  C:\Windows\System32\drivers\usbehci.sys - ok
17:21:30.0308 0x0444  [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] C:\Windows\System32\drivers\cdrom.sys
17:21:30.0308 0x0444  C:\Windows\System32\drivers\cdrom.sys - ok
17:21:30.0323 0x0444  [ AF4DEE5531395DEE72B35B36C9671FD0, 73427DEDB185BCF927C3C5B091B95ADE84A33EC198643C71E673FE3967E291EE ] C:\Windows\System32\drivers\GEARAspiWDM.sys
17:21:30.0323 0x0444  C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
17:21:30.0323 0x0444  [ F78A39ED87D918058A14F36159DE5BDA, 7E00A54F8C7F3284F52C79D1F53B96F46B17E0773DE654B039A9AAC3F86C1744 ] C:\Windows\System32\drivers\Storport.sys
17:21:30.0323 0x0444  C:\Windows\System32\drivers\Storport.sys - ok
17:21:30.0323 0x0444  [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] C:\Windows\System32\drivers\msiscsi.sys
17:21:30.0323 0x0444  C:\Windows\System32\drivers\msiscsi.sys - ok
17:21:30.0339 0x0444  [ C39A90534C5B1E28B8BC8B38A3900AFF, C820F2E80C833827FF38B3A31F62CA775A8DAB0B45AF176D065C22BF3150570A ] C:\Windows\System32\drivers\tdi.sys
17:21:30.0339 0x0444  C:\Windows\System32\drivers\tdi.sys - ok
17:21:30.0339 0x0444  [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] C:\Windows\System32\drivers\rasl2tp.sys
17:21:30.0339 0x0444  C:\Windows\System32\drivers\rasl2tp.sys - ok
17:21:30.0355 0x0444  [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] C:\Windows\System32\drivers\ndistapi.sys
17:21:30.0355 0x0444  C:\Windows\System32\drivers\ndistapi.sys - ok
17:21:30.0355 0x0444  [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] C:\Windows\System32\drivers\ndiswan.sys
17:21:30.0355 0x0444  C:\Windows\System32\drivers\ndiswan.sys - ok
17:21:30.0355 0x0444  [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] C:\Windows\System32\drivers\raspppoe.sys
17:21:30.0355 0x0444  C:\Windows\System32\drivers\raspppoe.sys - ok
17:21:30.0370 0x0444  [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] C:\Windows\System32\drivers\raspptp.sys
17:21:30.0370 0x0444  C:\Windows\System32\drivers\raspptp.sys - ok
17:21:30.0370 0x0444  [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] C:\Windows\System32\drivers\rassstp.sys
17:21:30.0370 0x0444  C:\Windows\System32\drivers\rassstp.sys - ok
17:21:30.0370 0x0444  [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] C:\Windows\System32\drivers\termdd.sys
17:21:30.0370 0x0444  C:\Windows\System32\drivers\termdd.sys - ok
17:21:30.0386 0x0444  [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] C:\Windows\System32\drivers\kbdclass.sys
17:21:30.0386 0x0444  C:\Windows\System32\drivers\kbdclass.sys - ok
17:21:30.0386 0x0444  [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] C:\Windows\System32\drivers\mouclass.sys
17:21:30.0386 0x0444  C:\Windows\System32\drivers\mouclass.sys - ok
17:21:30.0386 0x0444  [ 6DF6A6E5642D97B07214B1FBED4A15B3, 97DE476F5A9ED3C31B01918FDFF7275895B4F7F8AB0B28DE59E9E9DA2F262747 ] C:\Windows\System32\drivers\ks.sys
17:21:30.0386 0x0444  C:\Windows\System32\drivers\ks.sys - ok
17:21:30.0401 0x0444  [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] C:\Windows\System32\drivers\swenum.sys
17:21:30.0401 0x0444  C:\Windows\System32\drivers\swenum.sys - ok
17:21:30.0401 0x0444  [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] C:\Windows\System32\drivers\mssmbios.sys
17:21:30.0401 0x0444  C:\Windows\System32\drivers\mssmbios.sys - ok
17:21:30.0401 0x0444  [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] C:\Windows\System32\drivers\umbus.sys
17:21:30.0401 0x0444  C:\Windows\System32\drivers\umbus.sys - ok
17:21:30.0417 0x0444  [ BE2EB33AF6EE2E5DA07EB987E0A321F5, 0FCFABA080C553451AE4FAFB54DFE57639251D97DA204C07EC66F469826F3B46 ] C:\Windows\System32\drivers\usbhub.sys
17:21:30.0417 0x0444  C:\Windows\System32\drivers\usbhub.sys - ok
17:21:30.0417 0x0444  [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] C:\Windows\System32\drivers\ndproxy.sys
17:21:30.0417 0x0444  C:\Windows\System32\drivers\ndproxy.sys - ok
17:21:30.0417 0x0444  [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] C:\Windows\System32\drivers\fs_rec.sys
17:21:30.0417 0x0444  C:\Windows\System32\drivers\fs_rec.sys - ok
17:21:30.0433 0x0444  [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] C:\Windows\System32\drivers\null.sys
17:21:30.0433 0x0444  C:\Windows\System32\drivers\null.sys - ok
17:21:30.0433 0x0444  [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] C:\Windows\System32\drivers\vga.sys
17:21:30.0433 0x0444  C:\Windows\System32\drivers\vga.sys - ok
17:21:30.0433 0x0444  [ 84F9479F8BD5EF517E98CBBD8D3300F7, 57C726A81BEB3B114850B16B0D6645D8A800E1DA4263C7310F6646AE0889F321 ] C:\Windows\System32\drivers\videoprt.sys
17:21:30.0433 0x0444  C:\Windows\System32\drivers\videoprt.sys - ok
17:21:30.0448 0x0444  [ 2F956EA22FCCE4C9F15C64175C891A1E, 02D5B295220897CBE7A44DEE75CB01556DE827CBEA632E82104EFFBD0AF1793E ] C:\Windows\System32\drivers\watchdog.sys
17:21:30.0448 0x0444  C:\Windows\System32\drivers\watchdog.sys - ok
17:21:30.0448 0x0444  [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] C:\Windows\System32\drivers\RDPENCDD.sys
17:21:30.0448 0x0444  C:\Windows\System32\drivers\RDPENCDD.sys - ok
17:21:30.0448 0x0444  [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] C:\Windows\System32\drivers\msfs.sys
17:21:30.0448 0x0444  C:\Windows\System32\drivers\msfs.sys - ok
17:21:30.0464 0x0444  [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] C:\Windows\System32\drivers\npfs.sys
17:21:30.0464 0x0444  C:\Windows\System32\drivers\npfs.sys - ok
17:21:30.0464 0x0444  [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] C:\Windows\System32\drivers\rasacd.sys
17:21:30.0464 0x0444  C:\Windows\System32\drivers\rasacd.sys - ok
17:21:30.0479 0x0444  [ 458919C8C42E398DC4802178D5FFEE27, E38828411DCE0AE2E2BF0D270FD80E47B46EDE4B44DAFD1DF11F54D427EACEB5 ] C:\Windows\System32\drivers\tdx.sys
17:21:30.0479 0x0444  C:\Windows\System32\drivers\tdx.sys - ok
17:21:30.0479 0x0444  [ 018D1F8343C301B4AF9DD042D2FFBCC8, 5DE8FADCBFA91B018DFA1E9B55CC84F70539791E1EDABB06301569EE92AFD970 ] C:\Windows\System32\drivers\N360x64\1502000.026\symtdiv.sys
17:21:30.0479 0x0444  C:\Windows\System32\drivers\N360x64\1502000.026\symtdiv.sys - ok
17:21:30.0479 0x0444  [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] C:\Windows\System32\drivers\smb.sys
17:21:30.0479 0x0444  C:\Windows\System32\drivers\smb.sys - ok
17:21:30.0479 0x0444  [ E58A17E945593544C707423F9772EEA0, FC17AFF979354EB89DCA307BF07C52B84629AF540D4C6A32DD537695CA654205 ] C:\Windows\System32\drivers\afd.sys
17:21:30.0479 0x0444  C:\Windows\System32\drivers\afd.sys - ok
17:21:30.0495 0x0444  [ 70B7902B8DDD3C4B88AC3FC278A9B987, AEB3851BE5187D5E83B41C8B306F022511060A112FAA5A52CEA7A6AC653E3DCC ] C:\Windows\System32\drivers\hidclass.sys
17:21:30.0495 0x0444  C:\Windows\System32\drivers\hidclass.sys - ok
17:21:30.0495 0x0444  [ 603F4C5E89B67331DDACECAA6C231CB1, F618931995D4118C323E547F8838B15B05F4D13E6F6365CB5E2B18AB3BE72533 ] C:\Windows\System32\drivers\hidparse.sys
17:21:30.0495 0x0444  C:\Windows\System32\drivers\hidparse.sys - ok
17:21:30.0495 0x0444  [ 443BDD2D30BB4F00795C797E2CF99EDF, BCE1A241AE5CCE3E1C65CCF07ECB4305C7106F2EFFD51F2C519EB00026B474C4 ] C:\Windows\System32\drivers\hidusb.sys
17:21:30.0495 0x0444  C:\Windows\System32\drivers\hidusb.sys - ok
17:21:30.0511 0x0444  [ 7BCE39EE2B61BC3A17E80BC0583F6797, 4FC84BA8C4BA655A9D12E7C09A05C3A77E5519EE8C83A6B53C1C761A3FD23819 ] C:\Windows\System32\drivers\usbd.sys
17:21:30.0511 0x0444  C:\Windows\System32\drivers\usbd.sys - ok
17:21:30.0511 0x0444  [ FC2C792EBDDC8E28DF939D6A92C83D61, 9EDF8B56E2B47C31457074DA371B604E5F7EB2B3B5CD4688CBEEDD5B266D119B ] C:\Windows\System32\drivers\netbt.sys
17:21:30.0511 0x0444  C:\Windows\System32\drivers\netbt.sys - ok
17:21:30.0511 0x0444  [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] C:\Windows\System32\drivers\ws2ifsl.sys
17:21:30.0511 0x0444  C:\Windows\System32\drivers\ws2ifsl.sys - ok
17:21:30.0526 0x0444  [ DBDF75D51464FBC47D0104EC3D572C05, E392EE961E734620245874C7700D56621A1A990C45DF5CE0B7D270BA708F255E ] C:\Windows\System32\drivers\kbdhid.sys
17:21:30.0526 0x0444  C:\Windows\System32\drivers\kbdhid.sys - ok
17:21:30.0526 0x0444  [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] C:\Windows\System32\drivers\pacer.sys
17:21:30.0526 0x0444  C:\Windows\System32\drivers\pacer.sys - ok
17:21:30.0542 0x0444  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] C:\Windows\System32\drivers\mouhid.sys
17:21:30.0542 0x0444  C:\Windows\System32\drivers\mouhid.sys - ok
17:21:30.0542 0x0444  [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] C:\Windows\System32\drivers\netbios.sys
17:21:30.0542 0x0444  C:\Windows\System32\drivers\netbios.sys - ok
17:21:30.0542 0x0444  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] C:\Windows\System32\drivers\rdbss.sys
17:21:30.0542 0x0444  C:\Windows\System32\drivers\rdbss.sys - ok
17:21:30.0557 0x0444  [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] C:\Windows\System32\drivers\nsiproxy.sys
17:21:30.0557 0x0444  C:\Windows\System32\drivers\nsiproxy.sys - ok
17:21:30.0557 0x0444  [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] C:\Windows\System32\drivers\dfsc.sys
17:21:30.0557 0x0444  C:\Windows\System32\drivers\dfsc.sys - ok
17:21:30.0557 0x0444  [ F792A2D43A2C35FBA756093BE73B5130, 328CF7304A65A099D995C49B0809CDB8BCC57CBF6B8C9B81D56878F1FC86FB66 ] C:\Windows\System32\ntdll.dll
17:21:30.0557 0x0444  C:\Windows\System32\ntdll.dll - ok
17:21:30.0573 0x0444  [ 34B7B826716B166778ED454B7628EF5E, 80F3CF626334E185BA17912EC902BB4986E8B28CC95247ABC4CFD738EEED9EB8 ] C:\Windows\System32\smss.exe
17:21:30.0573 0x0444  C:\Windows\System32\smss.exe - ok
17:21:30.0573 0x0444  [ E24D4475713CB382A720D003BDDA9628, EF94B0B2359F6A62EE1C631920F9A087BDF3256D76FC91272C6472F9CF55F3DD ] C:\Windows\System32\autochk.exe
17:21:30.0573 0x0444  C:\Windows\System32\autochk.exe - ok
17:21:30.0573 0x0444  [ 82446D358A9FB51CB9DA32A5C901D7A0, AC91F2B52C0ADB39CF9AE1D2B3FFA5AB310F3AEE6677421315D23549F5093A55 ] C:\Windows\System32\sdnclean64.exe
17:21:30.0573 0x0444  C:\Windows\System32\sdnclean64.exe - ok
17:21:30.0589 0x0444  [ 7CAF51D586DFE475147DFB158BEBB3F8, 337FC1EA2D0867D21F97904BCD9C9882E3BA1B6216202C06C85996202E1BE4B1 ] C:\Windows\System32\nsi.dll
17:21:30.0589 0x0444  C:\Windows\System32\nsi.dll - ok
17:21:30.0589 0x0444  [ 62C15795629FA290656C6A7E5CD25F52, AB2D0DDC145DD8380DC1EF66A18C936FB5F5BECC852EC348952D465DC19B432D ] C:\Windows\System32\imm32.dll
17:21:30.0589 0x0444  C:\Windows\System32\imm32.dll - ok
17:21:30.0589 0x0444  [ F3F5549E69AE8509342E67E4F972CA1C, 31E7D1EEA26FDD9AD66E4A2D2D52A78743F367C5C43CC9CA9F61C2300A87F8BC ] C:\Windows\System32\user32.dll
17:21:30.0589 0x0444  C:\Windows\System32\user32.dll - ok
17:21:30.0604 0x0444  [ 2364DF9C2CAB1E44A3CF6C6B6E363BF1, 238450AE0C90BFF4530A6764106BB3B7253768DF3AE640B2198E941BEADC5350 ] C:\Windows\System32\rpcrt4.dll
17:21:30.0604 0x0444  C:\Windows\System32\rpcrt4.dll - ok
17:21:30.0604 0x0444  [ BAB10B35E2D5EE0DC3DE05A177C52C50, EB33A519C124973F00979F44A8BC717C291F8F57B029F3E2EAF7879F5D23344C ] C:\Windows\System32\ws2_32.dll
17:21:30.0604 0x0444  C:\Windows\System32\ws2_32.dll - ok
17:21:30.0604 0x0444  [ A2E24197853DF27F5799BDA2F6D5A904, 6AE4DEFEA9ADD2F3ACF7D424DDBB90DD256FC3A20240BDD8310D1979FCE806DD ] C:\Windows\System32\wininet.dll
17:21:30.0604 0x0444  C:\Windows\System32\wininet.dll - ok
17:21:30.0620 0x0444  [ 87CB61DF57FEC0948A26F9E671ADD81A, 1CFA117F2813202435AFCD989F46D6C81E6CA3E88FA6E216BB39C99F39E7B9BE ] C:\Windows\System32\msctf.dll
17:21:30.0620 0x0444  C:\Windows\System32\msctf.dll - ok
17:21:30.0620 0x0444  [ 00150B5D58D552CC0A9D8C7C5BFE0129, A9AB103D291162FA4788286D550E124759C4BB7CEE30C47ACD8F112C7DCD8B9E ] C:\Windows\System32\usp10.dll
17:21:30.0620 0x0444  C:\Windows\System32\usp10.dll - ok
17:21:30.0620 0x0444  [ AA09B70F619CBF499EFC22E7A63E3CE6, 07821B699ED97C03863F2E5CC101D960E7C108097A8F128C10968F246EAEDBAB ] C:\Windows\System32\comdlg32.dll
17:21:30.0620 0x0444  C:\Windows\System32\comdlg32.dll - ok
17:21:30.0635 0x0444  [ DB310BF331A32FD208CADA64ABA2903A, 23A9634F34A8DEA444A217225E0DAAAD5D9C351850182A860802921FBCA7AAB3 ] C:\Windows\System32\clbcatq.dll
17:21:30.0635 0x0444  C:\Windows\System32\clbcatq.dll - ok
17:21:30.0635 0x0444  [ 229631F3DCB4B4664641AF676E5ABDD3, E4427D93092FC85BA97C8A2C99B9094444538570B5E2FFBF21CF9D62D6151161 ] C:\Windows\System32\imagehlp.dll
17:21:30.0635 0x0444  C:\Windows\System32\imagehlp.dll - ok
17:21:30.0635 0x0444  [ 533B3BA63E5DB49FC59A842A1DE3121F, 302F7C8C42EB503C874EADA45E7F87A26FA895DDEFA8A98EA9090F74E93DD161 ] C:\Windows\System32\normaliz.dll
17:21:30.0635 0x0444  C:\Windows\System32\normaliz.dll - ok
17:21:30.0651 0x0444  [ 3B2671CBC989F1B2084290D787DE8499, 6A4D06C9FF8F5022BDF9080945432C1E976379FB38902CD662AECD8F9B47A23F ] C:\Windows\System32\oleaut32.dll
17:21:30.0651 0x0444  C:\Windows\System32\oleaut32.dll - ok
17:21:30.0651 0x0444  [ 98D647ECA1FDFC39D183900FB49AE5B7, EADAA2C66F5F4DD2B4D8419D7C12638CC06453AA7FF2444040A88D475B25AD68 ] C:\Windows\System32\urlmon.dll
17:21:30.0651 0x0444  C:\Windows\System32\urlmon.dll - ok
17:21:30.0667 0x0444  [ 0CB93E3F36C4F4122E7CBBAA731F67D1, 2DDF6AB37553EC8CEB4C69AC25A0A2574512B397CAC8F3EB1B4A7344181946C0 ] C:\Windows\System32\ole32.dll
17:21:30.0667 0x0444  C:\Windows\System32\ole32.dll - ok
17:21:30.0667 0x0444  [ 618E42727445536E883EC33F9D1D718F, 1F4FC0914DA6EF80CF5639CEFB1895E1577D117E8BA8D163F999E40A98148C78 ] C:\Windows\System32\iertutil.dll
17:21:30.0667 0x0444  C:\Windows\System32\iertutil.dll - ok
17:21:30.0667 0x0444  [ 2C74308C8A20F3F3A2226DFE36914CBF, 40C3D44F4C288C676A29026492A6FE556E8A14E7CA527D19AD98B447EB6EB527 ] C:\Windows\System32\msvcrt.dll
17:21:30.0667 0x0444  C:\Windows\System32\msvcrt.dll - ok
17:21:30.0667 0x0444  [ 578D38BD26B6B226E9F9A941B21515F1, 2F505D2B2FB57800BC3E01371C0D46A5E5E1EC83A91E393B752023F8FE54478D ] C:\Windows\System32\shell32.dll
17:21:30.0667 0x0444  C:\Windows\System32\shell32.dll - ok
17:21:30.0682 0x0444  [ BE2E23B3DD533B33338D9B3D826574DA, 6A48A5F2DD56252D9EB31697F976BD8D2A33A61021D71676545077B13BA7726A ] C:\Windows\System32\setupapi.dll
17:21:30.0682 0x0444  C:\Windows\System32\setupapi.dll - ok
17:21:30.0682 0x0444  [ 891E1D0DCDE747C8F1EE71E61EA193F5, 0C993EB29E0F3AE0C789A86D9EC3BEDAFF75A34AE22D72046E20F6D1345BFA19 ] C:\Windows\System32\lpk.dll
17:21:30.0682 0x0444  C:\Windows\System32\lpk.dll - ok
17:21:30.0682 0x0444  [ 474DAC0FB53BA3742ABB4CB9DC7B4BC2, AFC19151A95A693E1CA9C0FFD474535C66660AFC67B5951D1067060D745655C5 ] C:\Windows\System32\gdi32.dll
17:21:30.0682 0x0444  C:\Windows\System32\gdi32.dll - ok
17:21:30.0698 0x0444  [ BB8C4784AA400BDC3D51B6ACAA077E96, 86A597C2D9D28BE2032C9A622B28B4D44CC7C3B34FD3B32D19541108803A68EB ] C:\Windows\System32\advapi32.dll
17:21:30.0698 0x0444  C:\Windows\System32\advapi32.dll - ok
17:21:30.0698 0x0444  [ 604384D4459F4A68FF88E7C212C43F61, 8A28BCC7633543EAEF7E9926EF55B2922EE611DD33D8F58C955FABFAD2C46764 ] C:\Windows\System32\shlwapi.dll
17:21:30.0698 0x0444  C:\Windows\System32\shlwapi.dll - ok
17:21:30.0698 0x0444  [ ADC1964755BB12485A15070A4D4F2697, 35D93675BA2623BFEC98F52F0926B2853399CBBA3A28AA28070C9D51137B0586 ] C:\Windows\System32\Wldap32.dll
17:21:30.0698 0x0444  C:\Windows\System32\Wldap32.dll - ok
17:21:30.0713 0x0444  [ 3D2BC46317D0FB5854F5C86686D593DB, 6D594DDD1E7AD5D643E29B421E39CE4D407D9921847A990C6076655087856EC9 ] C:\Windows\System32\kernel32.dll
17:21:30.0713 0x0444  C:\Windows\System32\kernel32.dll - ok
17:21:30.0713 0x0444  [ AEF2D8B0B518A5623FC5F9832F622677, F615DD650B3ADE5B9CBAB06466F723267A963EBFA58D5E2E4EE13F1C03673B2B ] C:\Windows\System32\psapi.dll
17:21:30.0713 0x0444  C:\Windows\System32\psapi.dll - ok
17:21:30.0729 0x0444  [ 2E2B796F36C4DA7BDDA70DF95E3D217A, 0D34D2D0D0D9C2C397094F3D0124241AA1ABC692F3293886D81EBCA79DB4AE12 ] C:\Windows\System32\comctl32.dll
17:21:30.0729 0x0444  C:\Windows\System32\comctl32.dll - ok
17:21:30.0729 0x0444  [ 6F29236AB5926100972924BD29D9D225, E8B517FC36F25C4AE07021473B0BCDCDDD4B6E3FE004E6B0AD449C030267674C ] C:\Windows\SysWOW64\normaliz.dll
17:21:30.0729 0x0444  C:\Windows\SysWOW64\normaliz.dll - ok
17:21:30.0729 0x0444  [ 4C2DC63036D452FDB636D58D8EA7BC90, 41A2653433A76DCEC8F483EF1B8D62261425F1F20E9200490EF3A524743326C4 ] C:\Windows\System32\drivers\dxapi.sys
17:21:30.0729 0x0444  C:\Windows\System32\drivers\dxapi.sys - ok
17:21:30.0729 0x0444  [ DB74B249035729EECD26DE3614D79631, 7F766AF74000CA078E19DAAFDD989DF200BB194931CEE7A6B5A0342F30C4A9A8 ] C:\Windows\System32\win32k.sys
17:21:30.0729 0x0444  C:\Windows\System32\win32k.sys - ok
17:21:30.0745 0x0444  [ B4ABE68596B173FF2AB2076BC7C35EB4, 9F16B5BEE0800AC3EF1343E1C4333AC444E3A927375682DEDEEAB29D1F975255 ] C:\Windows\System32\csrss.exe
17:21:30.0745 0x0444  C:\Windows\System32\csrss.exe - ok
17:21:30.0745 0x0444  [ 38CE04857A9A2AE83A4673C691E68D10, 5131F1194B2CC194B8CFC7A55FB323CA9F221489DB34D8481B5469A5C530FA77 ] C:\Windows\System32\csrsrv.dll
17:21:30.0745 0x0444  C:\Windows\System32\csrsrv.dll - ok
17:21:30.0745 0x0444  [ 060DC3A7A9A2626031EB23D90151428D, 4AADA06E83603E9D4894D6CFC8DADB018307B384F438C809D4BC8E22BD937C3B ] C:\Windows\System32\basesrv.dll
17:21:30.0745 0x0444  C:\Windows\System32\basesrv.dll - ok
17:21:30.0760 0x0444  [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\System32\winsrv.dll
17:21:30.0760 0x0444  C:\Windows\System32\winsrv.dll - ok
17:21:30.0760 0x0444  [ 59E9264A96CA82C5CCFBE14523934104, F4A6565F0BFEBEB291F8F97603C3C9564F5E52DDD713C2172A9DD4DFFDC4B348 ] C:\Windows\System32\drivers\dxg.sys
17:21:30.0760 0x0444  C:\Windows\System32\drivers\dxg.sys - ok
17:21:30.0760 0x0444  [ 86173B7125321C93E355DF3837039244, 114416C20C888D5FBDF3DD7D3E19DE6BC70D1FE915C58451BA45639AF056A0AB ] C:\Windows\System32\tsddd.dll
17:21:30.0760 0x0444  C:\Windows\System32\tsddd.dll - ok
17:21:30.0776 0x0444  [ 117EA87DF785CA1B9D821F6F213DCE07, B9C1B9DA26015B8D5A356DA81E263CD6EEDE172FDE09F46064F91F943CB1561A ] C:\Windows\System32\wininit.exe
17:21:30.0776 0x0444  C:\Windows\System32\wininit.exe - ok
17:21:30.0776 0x0444  [ 95E848589698D6CF716ECF1403925DFC, 02F0232265A92310635BBA01046C53BB1844A796265EE6189C5CDE8C8457198B ] C:\Windows\System32\userenv.dll
17:21:30.0776 0x0444  C:\Windows\System32\userenv.dll - ok
17:21:30.0791 0x0444  [ FEA83138B1C1D6EB55046C4612905888, 38C7922589D0052FAC3E453D74FC84FC00C861D5C8051CF974EF062A820F87A9 ] C:\Windows\System32\secur32.dll
17:21:30.0791 0x0444  C:\Windows\System32\secur32.dll - ok
17:21:30.0791 0x0444  [ 89A722B06A83706797E283016181BEAB, 19BB0F76A28F9EC4327B779C0031EF1A6C1D94C8473C6C85A6C50398211A538D ] C:\Windows\System32\KBDUS.DLL
17:21:30.0791 0x0444  C:\Windows\System32\KBDUS.DLL - ok
17:21:30.0791 0x0444  [ 07FA442C161607E4FE6CE936846EF807, 6223173E88774AF78A220605883D6C80C67A105ACEFFA8AF9C6E4093E46276C4 ] C:\Windows\System32\vga.dll
17:21:30.0791 0x0444  C:\Windows\System32\vga.dll - ok
17:21:30.0791 0x0444  [ 1AE29DD0E96D10F52383A8C6396E3A1D, 7A312F4CDC9EA46FD22A7EA355A2233C151B915B7345671105315273DD9E0067 ] C:\Windows\System32\framebuf.dll
17:21:30.0791 0x0444  C:\Windows\System32\framebuf.dll - ok
17:21:30.0807 0x0444  [ 6D0773A3A65D28B663F334C90441D01A, 9FD92A56AB1610460D14E4730A75E82302119D617C05384AB1A7213959948C59 ] C:\Windows\System32\winlogon.exe
17:21:30.0807 0x0444  C:\Windows\System32\winlogon.exe - ok
17:21:30.0807 0x0444  [ 1671EF15434501ABBE9E7BE905EF998B, 9B52DFBDC4D21C476C0B39024CD7E09D3ACAFFD86605D15D3F7E1DD74D24AEF7 ] C:\Windows\System32\winsta.dll
17:21:30.0807 0x0444  C:\Windows\System32\winsta.dll - ok
17:21:30.0807 0x0444  [ D1BDCF6DE24D16E16FC57AEE4A1BE9AE, BDA58E227E62F99E486F75A23BE75BBCA302CCE55E14992B7080A82842BDE9C4 ] C:\Windows\System32\WlS0WndH.dll

CONT.


CONT.

17:21:30.0807 0x0444  C:\Windows\System32\WlS0WndH.dll - ok
17:21:30.0823 0x0444  [ 16687F0351E513BF2019073ABF02B585, 5679C60484898DD1C9B771DF6AE0D053E3074E06F90A1952C081CF18455C1CC8 ] C:\Windows\System32\sxs.dll
17:21:30.0823 0x0444  C:\Windows\System32\sxs.dll - ok
17:21:30.0823 0x0444  [ 934E0B7D77FF78C18D9F8891221B6DE3, BB1ACD3CD6482D8B7C5931E8733B8094D2CE59C4FBC4012BD0799C8DC367FB74 ] C:\Windows\System32\services.exe
17:21:30.0823 0x0444  C:\Windows\System32\services.exe - ok
17:21:30.0823 0x0444  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] C:\Windows\System32\lsass.exe
17:21:30.0823 0x0444  C:\Windows\System32\lsass.exe - ok
17:21:30.0838 0x0444  [ 902F14A1FDF1B4A543326A35CB21EB1F, 3CA770F26D06F37DC7D097BEBCC6DB9BDE60C2B4712AD34D7430E7660236A137 ] C:\Windows\System32\lsasrv.dll
17:21:30.0838 0x0444  C:\Windows\System32\lsasrv.dll - ok
17:21:30.0838 0x0444  [ 54D814DC2FA54AA847D240D4EA0E6586, 620707BDD0D14FFE8424575B3E5CB4ADC4B4CCCF220AA0FCF39B7A83CBD7F716 ] C:\Windows\System32\lsm.exe
17:21:30.0838 0x0444  C:\Windows\System32\lsm.exe - ok
17:21:30.0854 0x0444  [ 495EB57ACF30983AA441B70A8DE2B7ED, A136EBA780EB958572900EA5EC2641855B9D478C6CCCDC59116BC0A18A5E4F0F ] C:\Windows\System32\scesrv.dll
17:21:30.0854 0x0444  C:\Windows\System32\scesrv.dll - ok
17:21:30.0854 0x0444  [ 5EF9205E045643A5A75A82B116395B25, 63E0A153BDA7E688FA44EFC585723BF857ED96D978052F02D47E2D408FC94AAC ] C:\Windows\System32\authz.dll
17:21:30.0854 0x0444  C:\Windows\System32\authz.dll - ok
17:21:30.0854 0x0444  [ 009456399B31D69C67654F6C3618D9A8, F0F672666A3BC64ED618E7879A32C85A18756C9316FBD1048ED7970F806F05AC ] C:\Windows\System32\sysntfy.dll
17:21:30.0854 0x0444  C:\Windows\System32\sysntfy.dll - ok
17:21:30.0869 0x0444  [ F3E5C76AA1175D29F6459BDB7DF345EC, 5E63D5E21B0B8756395239BB895D57E4C14748CDC6DBC24B4602F1D718E5465E ] C:\Windows\System32\netapi32.dll
17:21:30.0869 0x0444  C:\Windows\System32\netapi32.dll - ok
17:21:30.0869 0x0444  [ 0C2E0A8562FE4B33D00E175A97E05793, 79291DE9BAEAF69B6260CD58CFD75F1FC67D9FE3BFD0C2D1EB83249A5E16BAA0 ] C:\Windows\System32\wmsgapi.dll
17:21:30.0869 0x0444  C:\Windows\System32\wmsgapi.dll - ok
17:21:30.0869 0x0444  [ FA19D9DE54B122316274703D50F34130, FF0CD940AF1CC1EF96AE0EBC69CE63214EDF8B683CAAC538573E1CB942B13C9B ] C:\Windows\System32\ncobjapi.dll
17:21:30.0869 0x0444  C:\Windows\System32\ncobjapi.dll - ok
17:21:30.0869 0x0444  [ 60EEC5440C2D05E5FDA04900E45FF717, CE2ED2BB71564D3059C79A437997C01712B3F732E54952C4E15C86BF5B35AF04 ] C:\Windows\System32\samsrv.dll
17:21:30.0869 0x0444  C:\Windows\System32\samsrv.dll - ok
17:21:30.0885 0x0444  [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] C:\Windows\System32\aelupsvc.dll
17:21:30.0885 0x0444  C:\Windows\System32\aelupsvc.dll - ok
17:21:30.0885 0x0444  [ 419CE835359938213BD32A7AA327F2B9, 9ECD233A2B76F6C2F9B1E895EB0FA00D819B2ADE91A5D4CDCF839955D80FD242 ] C:\Windows\System32\cryptdll.dll
17:21:30.0885 0x0444  C:\Windows\System32\cryptdll.dll - ok
17:21:30.0885 0x0444  [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] C:\Windows\System32\alg.exe
17:21:30.0885 0x0444  C:\Windows\System32\alg.exe - ok
17:21:30.0901 0x0444  [ E4C283A98F118CEC9E087EAC4E9EFB6A, 24460926E840D497080CEC50F02795A3E0DD94F701AAD051430C39AFD5A3FFC0 ] C:\Windows\System32\dnsapi.dll
17:21:30.0901 0x0444  C:\Windows\System32\dnsapi.dll - ok
17:21:30.0901 0x0444  [ 7C8ECAAD76EA1D076A450C8303D9BD98, 90904B2BE380A51BDCEDADA530214CE5321C06456E10F5985B40E3282902BEF6 ] C:\Windows\System32\appinfo.dll
17:21:30.0901 0x0444  C:\Windows\System32\appinfo.dll - ok
17:21:30.0916 0x0444  [ 5279672A8BDAF3CFB0A4C6E0591987AC, CC24FD9BAAD0834161BBE4CE723C1DF168185D03E82B5068CBFE22F44FA4A10A ] C:\Windows\System32\samlib.dll
17:21:30.0916 0x0444  C:\Windows\System32\samlib.dll - ok
17:21:30.0916 0x0444  [ 301D19A870E40C12540BE46034BD6B20, FA3033A9E95BDF6B5C6A61B6882F0CEB4CA4757EBFBC47410D7FD543BC4DD5CF ] C:\Windows\System32\msasn1.dll
17:21:30.0916 0x0444  C:\Windows\System32\msasn1.dll - ok
17:21:30.0916 0x0444  [ 15C815573011719585EB836614ED1DF1, 1EA80157DD32056089491B84B920A0A749534F8DFE1479DB0735C6FFC61FCBC6 ] C:\Windows\System32\rascfg.dll
17:21:30.0916 0x0444  C:\Windows\System32\rascfg.dll - ok
17:21:30.0932 0x0444  [ 33741BA808457C9AF07055C0FBEFE973, 87384E0D7D842310F3E6BA1CDC1BD73E5CEC71B3985895CCFAFFBE7410D8F809 ] C:\Windows\System32\ntdsapi.dll
17:21:30.0932 0x0444  C:\Windows\System32\ntdsapi.dll - ok
17:21:30.0932 0x0444  [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] C:\Windows\System32\audiosrv.dll
17:21:30.0932 0x0444  C:\Windows\System32\audiosrv.dll - ok
17:21:30.0932 0x0444  [ D7924B0F3AB5574BF59CA2892BE8961A, 79EDF0649C66A1A8D588CCBCCBC5D7FE6ED7B40AAF426FDE8AD0D6C1490C0ACE ] C:\Windows\System32\feclient.dll
17:21:30.0932 0x0444  C:\Windows\System32\feclient.dll - ok
17:21:30.0947 0x0444  [ B3EBBD687BDFCBBBBCB6115B682D1845, 8AD3B72CF5414F96E9F610FF0436A2A8DC67C3C8CB1A3A400DFED33AE2B060D7 ] C:\Windows\System32\mpr.dll
17:21:30.0947 0x0444  C:\Windows\System32\mpr.dll - ok
17:21:30.0947 0x0444  [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] C:\Windows\System32\BFE.DLL
17:21:30.0947 0x0444  C:\Windows\System32\BFE.DLL - ok
17:21:30.0947 0x0444  [ 3B748E0A5FAA10E4DD2165A6E859C59C, 3323C624E7DFDC129CF95C60B36A45A00DBEF6D6E0BCEAD825EB6097A088C4D9 ] C:\Windows\System32\crypt32.dll
17:21:30.0947 0x0444  C:\Windows\System32\crypt32.dll - ok
17:21:30.0947 0x0444  [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] C:\Windows\System32\qmgr.dll
17:21:30.0947 0x0444  C:\Windows\System32\qmgr.dll - ok
17:21:30.0963 0x0444  [ EE11F2630840479C4AA784AF3770F8E2, FEEF4075489AA9213A580ADB89A76F51D0F00EE6D171E2EE19490C55365ED490 ] C:\Windows\System32\SLC.dll
17:21:30.0963 0x0444  C:\Windows\System32\SLC.dll - ok
17:21:30.0963 0x0444  [ 45B4004F43B48E4A3F12B85891F81221, 2161B0DFAA21DA66E4287CB3CF73B10113D5A21907D5FAD5D7B8962554B20053 ] C:\Windows\System32\wevtapi.dll
17:21:30.0963 0x0444  C:\Windows\System32\wevtapi.dll - ok
17:21:30.0979 0x0444  [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] C:\Windows\System32\browser.dll
17:21:30.0979 0x0444  C:\Windows\System32\browser.dll - ok
17:21:30.0979 0x0444  [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] C:\Windows\System32\certprop.dll
17:21:30.0979 0x0444  C:\Windows\System32\certprop.dll - ok
17:21:30.0979 0x0444  [ A9D70295BA8F31D5EA118B0A6B74183E, 63A57D864664DE940A22A499B9851FD170CFAE20DC90D98BF343FA88E51B4245 ] C:\Windows\System32\IPHLPAPI.DLL
17:21:30.0979 0x0444  C:\Windows\System32\IPHLPAPI.DLL - ok
17:21:30.0994 0x0444  [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] C:\Windows\System32\dhcpcsvc.dll
17:21:30.0994 0x0444  C:\Windows\System32\dhcpcsvc.dll - ok
17:21:30.0994 0x0444  [ DDEE5FE5C3C3141CE02DE6B7B2BF686B, 346FD885E1A5448D966829B2BF6B265E3FEAF16FFD6A9FCA757827E29A1AF802 ] C:\Windows\System32\comres.dll
17:21:30.0994 0x0444  C:\Windows\System32\comres.dll - ok
17:21:30.0994 0x0444  [ 58AAAEA100F45F4F44297D6DE9ACF8ED, B283F5FAD055DEB70D15D3960C14FBC6628CD14DACB77F1443703481EA729DBD ] C:\Windows\System32\winnsi.dll
17:21:30.0994 0x0444  C:\Windows\System32\winnsi.dll - ok
17:21:31.0010 0x0444  [ 956148910C7EB6A8C095D9B4E6F94E62, F1A146E17FDE20C2A669A7C56FE3E2CC0914C84EDAD3A00471E00E4C8B4DCDDD ] C:\Windows\System32\dhcpcsvc6.dll
17:21:31.0010 0x0444  C:\Windows\System32\dhcpcsvc6.dll - ok
17:21:31.0010 0x0444  [ 21322B1A2AD337C579F4A65EA0D25193, 4225422FF8D7B3DA1389B6B666BD16879F82844447D9E2D24D1572F2148EC343 ] C:\Windows\System32\cngaudit.dll
17:21:31.0010 0x0444  C:\Windows\System32\cngaudit.dll - ok
17:21:31.0010 0x0444  [ FD51DED28EEC823940432D05BACE2490, F371B031E43909FE3A6977A1982B421DBDA6E71FEE4D93026616FF51955D4141 ] C:\Windows\System32\ncrypt.dll
17:21:31.0010 0x0444  C:\Windows\System32\ncrypt.dll - ok
17:21:31.0025 0x0444  [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] C:\Windows\System32\cryptsvc.dll
17:21:31.0025 0x0444  C:\Windows\System32\cryptsvc.dll - ok
17:21:31.0025 0x0444  [ 02EE316487BCC8F4F6017CAD538365CC, 872F48D84C5DCCA8802B8ECDE9DA30390548E6FB856B0E674A5BA4942E3BE0F8 ] C:\Windows\System32\bcrypt.dll
17:21:31.0025 0x0444  C:\Windows\System32\bcrypt.dll - ok
17:21:31.0041 0x0444  [ CE7183F26642FAFE46C8374AE70A66DB, A0F419A55C423ED0F0021964FC02C549A7EC6F60BBC8716B3BA230C59FB248C9 ] C:\Windows\System32\oleres.dll
17:21:31.0041 0x0444  C:\Windows\System32\oleres.dll - ok
17:21:31.0041 0x0444  [ 2E4733239CB09A2212C44FCD1C1B4CC9, 8D89AF4615F9685B613C0FE20154A4EBCD44408063D45F31ABDC61355D0727CD ] C:\Windows\System32\dfsrres.dll
17:21:31.0041 0x0444  C:\Windows\System32\dfsrres.dll - ok
17:21:31.0041 0x0444  [ B7CCDC4B877DC3CC665DE8F322F2BD9E, ABB7210D40B69E4757D5279A45345B12873BD0BB3792E70CCD8AFDC892D7B1DE ] C:\Windows\System32\credssp.dll
17:21:31.0041 0x0444  C:\Windows\System32\credssp.dll - ok
17:21:31.0057 0x0444  [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] C:\Windows\System32\dot3svc.dll
17:21:31.0057 0x0444  C:\Windows\System32\dot3svc.dll - ok
17:21:31.0057 0x0444  [ F7097878AE102618656A04F03951C339, 1917EB58C4CF0419D34DE165A834208DF73052C0C4763B46B38E11F098B955FE ] C:\Windows\System32\msprivs.dll
17:21:31.0057 0x0444  C:\Windows\System32\msprivs.dll - ok
17:21:31.0057 0x0444  [ CD6D49EA9DBBD3EA9E449FD84C51C731, 265F2D675F3DC895BFF6D7D3E1AD61770368A2D0A74A07FDD19B3ADA48970468 ] C:\Windows\System32\kerberos.dll
17:21:31.0057 0x0444  C:\Windows\System32\kerberos.dll - ok
17:21:31.0072 0x0444  [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] C:\Windows\System32\dps.dll
17:21:31.0072 0x0444  C:\Windows\System32\dps.dll - ok
17:21:31.0072 0x0444  [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] C:\Windows\System32\eapsvc.dll
17:21:31.0072 0x0444  C:\Windows\System32\eapsvc.dll - ok
17:21:31.0072 0x0444  [ 2C305F6445662EFF9A08B1BA41784CC0, CD42DE681A29CDA799B5ED5DB9DC8DF22DE1889D0AA91EA538DF41F74A79C3A8 ] C:\Windows\System32\wship6.dll
17:21:31.0072 0x0444  C:\Windows\System32\wship6.dll - ok
17:21:31.0088 0x0444  [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] C:\Windows\ehome\ehrecvr.exe
17:21:31.0088 0x0444  C:\Windows\ehome\ehrecvr.exe - ok
17:21:31.0088 0x0444  [ 253607D6C54A1604436F08E67CCED044, 6EBEFB7D6E43F51C2146F7C76C702D18E145BD7A08503BCCDC3FF62854DB0390 ] C:\Windows\System32\WSHTCPIP.DLL
17:21:31.0088 0x0444  C:\Windows\System32\WSHTCPIP.DLL - ok
17:21:31.0088 0x0444  [ 599DA6EB260D9601D2D67AE177F95568, 5C9D3EE34AF000194C52146200F6CA5A275B7BF1F6ABB5B5C8EA4713581D2692 ] C:\Windows\System32\wshqos.dll
17:21:31.0088 0x0444  C:\Windows\System32\wshqos.dll - ok
17:21:31.0103 0x0444  [ F145BF4C4668E7E312069F81EF847CFC, C4926EFB41FE2813E90D83456C6CB8F3157D835391B443C7E26168F4E1D67DC7 ] C:\Windows\System32\nlasvc.dll
17:21:31.0103 0x0444  C:\Windows\System32\nlasvc.dll - ok
17:21:31.0103 0x0444  [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] C:\Windows\ehome\ehsched.exe
17:21:31.0103 0x0444  C:\Windows\ehome\ehsched.exe - ok
17:21:31.0103 0x0444  [ 062972C53BDC6819CE0BAAAA5382F758, 43DB3028B1F35131F6AE21598B1D1E1150613B249F8AD2A9C21FE9346C258CEB ] C:\Windows\System32\NapiNSP.dll
17:21:31.0103 0x0444  C:\Windows\System32\NapiNSP.dll - ok
17:21:31.0119 0x0444  [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] C:\Windows\ehome\ehstart.dll
17:21:31.0119 0x0444  C:\Windows\ehome\ehstart.dll - ok
17:21:31.0119 0x0444  [ A9B18B63A4FD6BAAB83326706D857FAB, 7721CC67C0F8CE3060D0EB35A10E4ADC1E3CB470C0797B17D606060C270F96D7 ] C:\Windows\System32\emdmgmt.dll
17:21:31.0119 0x0444  C:\Windows\System32\emdmgmt.dll - ok
17:21:31.0119 0x0444  [ E1BAEEE7949ED5019259E69393367400, B8449D9EBE699C16A36D0D355BA179E3528EF4539AE4AE80D6B7DABD3F95B74F ] C:\Windows\System32\pnrpnsp.dll
17:21:31.0119 0x0444  C:\Windows\System32\pnrpnsp.dll - ok
17:21:31.0135 0x0444  [ BB08D93011B82883EC33C7707A9627BE, E4EFF4D73437A20336ABDCDC94874D8E5C80DC9AFDB04D6354F0D9DF576B273F ] C:\Windows\System32\mswsock.dll
17:21:31.0135 0x0444  C:\Windows\System32\mswsock.dll - ok
17:21:31.0135 0x0444  [ B3564B747D0B059D99E888F8369E56BC, A63D86E0D13F928F200F0D5E38F9F26AF817A520221B2278294DEBF4EC5C6E5A ] C:\Windows\System32\wevtsvc.dll
17:21:31.0135 0x0444  C:\Windows\System32\wevtsvc.dll - ok
17:21:31.0135 0x0444  [ 434B2B82B237FC2F4F8F6844A8FF1909, FE76BECF179DCADB89A92D9CD93DB275200E2135750B10BEA97298711D4A9ACD ] C:\Windows\System32\msv1_0.dll
17:21:31.0135 0x0444  C:\Windows\System32\msv1_0.dll - ok
17:21:31.0150 0x0444  [ A3F1B171702CA04744EE514243B45BFB, 738A9901FBF23A5AC12D7047C32358D6EA72F835C2CDF54304CAD9D53B5C75C0 ] C:\Windows\System32\netlogon.dll
17:21:31.0150 0x0444  C:\Windows\System32\netlogon.dll - ok
17:21:31.0150 0x0444  [ CA307C0BD127FA7ADE5E6FEE8750F046, 91618DBEDABC7137C5AEEF6BC2DC03A8E56858A0102612D08667990802AE4E15 ] C:\Windows\System32\winbrand.dll
17:21:31.0150 0x0444  C:\Windows\System32\winbrand.dll - ok
17:21:31.0150 0x0444  [ 8B6C37B3ACB143429B01B643B9FBB879, 3C4436256CC3B4DA2AC7C2680DADADD8BAECEFF5CADF73781D414B7743CD97DC ] C:\Windows\System32\atmfd.dll
17:21:31.0150 0x0444  C:\Windows\System32\atmfd.dll - ok
17:21:31.0166 0x0444  [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] C:\Windows\System32\fdPHost.dll
17:21:31.0166 0x0444  C:\Windows\System32\fdPHost.dll - ok
17:21:31.0166 0x0444  [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] C:\Windows\System32\FDResPub.dll
17:21:31.0166 0x0444  C:\Windows\System32\FDResPub.dll - ok
17:21:31.0166 0x0444  [ F937F278E44138C0386FA1DE69B1F72B, 49180522CCCB5377B5B3A7EF8B9697FBE19A1E5D84BC282D24C39B3D52698851 ] C:\Windows\System32\FntCache.dll
17:21:31.0166 0x0444  C:\Windows\System32\FntCache.dll - ok
17:21:31.0181 0x0444  [ 4C7F1DA7E2BF41EB19208540DD5574C8, 94D24073C0EB31650BBB159448A2498B478409A3231C7176271796CFFC45E9EE ] C:\Windows\System32\schannel.dll
17:21:31.0181 0x0444  C:\Windows\System32\schannel.dll - ok
17:21:31.0181 0x0444  [ B4A04D5AA66E8F77DE19E0EB89C52D2B, 331D79C0760809B23C452DD136CEAA171FBB3C8D1E3659A8C9847349323732AA ] C:\Windows\System32\wdigest.dll
17:21:31.0181 0x0444  C:\Windows\System32\wdigest.dll - ok
17:21:31.0181 0x0444  [ E60BB0CDC5EA153F6D24C51AAD4A73FD, 4B728AE968AD216EC3CD23B04D9518C7E1DEEB0F5054D6A33787D771AF5C4070 ] C:\Windows\System32\PresentationHost.exe
17:21:31.0181 0x0444  C:\Windows\System32\PresentationHost.exe - ok
17:21:31.0197 0x0444  [ 4D27759CC69F69E4B3228A970FF55F88, 3296E5063B321AFACE96A50E81ECDEADF222B0A93798FA57212FEB8DDFB958E3 ] C:\Windows\System32\rsaenh.dll
17:21:31.0197 0x0444  C:\Windows\System32\rsaenh.dll - ok
17:21:31.0197 0x0444  [ 899F834C330A96A80EC36DAEDA2FF018, CF15BAE99F68045B2D19328ED28C492B42B6CA99421DA1BA4B54A996921518C6 ] C:\Windows\System32\gpapi.dll
17:21:31.0197 0x0444  C:\Windows\System32\gpapi.dll - ok
17:21:31.0197 0x0444  [ BC69DA355B62C898DFEA93851335EAF0, 2E9C6F7E6B7BB05C08110DFD8F3E65C02756F97216447CC0FAE333B5A4F4F2C6 ] C:\Windows\System32\TSpkg.dll
17:21:31.0197 0x0444  C:\Windows\System32\TSpkg.dll - ok
17:21:31.0213 0x0444  [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] C:\Windows\System32\hidserv.dll
17:21:31.0213 0x0444  C:\Windows\System32\hidserv.dll - ok
17:21:31.0213 0x0444  [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] C:\Windows\System32\KMSVC.DLL
17:21:31.0213 0x0444  C:\Windows\System32\KMSVC.DLL - ok
17:21:31.0228 0x0444  [ 0B48386CB405DB71A50B4ACBADAA225E, B0F0092B68BE5B01451BADD9CC307D179728A68FAD48D5B485D9927DDD2518A5 ] C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
17:21:31.0228 0x0444  C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
17:21:31.0228 0x0444  [ 0401A380C88754B2399F8043AC9B2BF9, BFF3B53FAFAE6622AA9F74BAA4A3D522C06E2D732B88916766603B9FE8D0D77F ] C:\Windows\System32\IKEEXT.DLL
17:21:31.0228 0x0444  C:\Windows\System32\IKEEXT.DLL - ok
17:21:31.0228 0x0444  [ 5624BC1BC5EEB49C0AB76A8114F05EA3, BD5AA534D8A923AF4D205EEC6DA55A3DC5F915E5F3223BF23F24C09824FA90B6 ] C:\Windows\System32\IPBusEnum.dll
17:21:31.0228 0x0444  C:\Windows\System32\IPBusEnum.dll - ok
17:21:31.0228 0x0444  [ BF0DBFA9792C5C14FA00F61C75116C1B, 24C14DCAF57013F1C238E3C123279737420A714EB29CB69239C9838C9A269A59 ] C:\Windows\System32\iphlpsvc.dll
17:21:31.0228 0x0444  C:\Windows\System32\iphlpsvc.dll - ok
17:21:31.0244 0x0444  [ C6336D1625515CC5F70E5630CFF14182, 48473D7367CC6CE91CD2B36ECF150D7C2FB173758455AD7224B1A7B217C0FE7B ] C:\Windows\System32\keyiso.dll
17:21:31.0244 0x0444  C:\Windows\System32\keyiso.dll - ok
17:21:31.0244 0x0444  [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] C:\Windows\System32\srvsvc.dll
17:21:31.0244 0x0444  C:\Windows\System32\srvsvc.dll - ok
17:21:31.0244 0x0444  [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] C:\Windows\System32\wkssvc.dll
17:21:31.0244 0x0444  C:\Windows\System32\wkssvc.dll - ok
17:21:31.0259 0x0444  [ 4B8C95B49C58D7A41BF3FE38AA64DC6C, 5A10094111ED30E25A72D2D9B32CB36494352902994E0B6F47A5DEA3D761FE61 ] C:\Windows\System32\lltdres.dll
17:21:31.0259 0x0444  C:\Windows\System32\lltdres.dll - ok
17:21:31.0259 0x0444  [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] C:\Windows\System32\lmhsvc.dll
17:21:31.0259 0x0444  C:\Windows\System32\lmhsvc.dll - ok
17:21:31.0259 0x0444  [ 4698036AE905F88E02C3F69BA77981FB, CED5E67D20F38E4220D33B98E4B60055C0CEAD55D785FFF9133D78F1ADEDA5EF ] C:\Windows\ehome\ehres.dll
17:21:31.0259 0x0444  C:\Windows\ehome\ehres.dll - ok
17:21:31.0275 0x0444  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] C:\Windows\System32\mmcss.dll
17:21:31.0275 0x0444  C:\Windows\System32\mmcss.dll - ok
17:21:31.0275 0x0444  [ FFA2B274A5CC6C9A03CBDCF5B8F0239A, 32EAFC03DC37512F64EB298A58B2D8F725E5E0596E32AEC7FD5D5973BD5BAA50 ] C:\Windows\System32\FirewallAPI.dll
17:21:31.0275 0x0444  C:\Windows\System32\FirewallAPI.dll - ok
17:21:31.0275 0x0444  [ 1371FA9D8B1E567AE852E0F74D41D040, B968E2D8CE1E894C319F91FFEDF919A5E6BA5D2CE66B3254EDD32A37BA84F110 ] C:\Windows\System32\iscsidsc.dll
17:21:31.0275 0x0444  C:\Windows\System32\iscsidsc.dll - ok
17:21:31.0291 0x0444  [ FCD84867883C365A24C61E50AF8A6DB9, 30AEF1BA5FE73BABA00B6DE9C9C71F89D32EED369555D02911B9AED8FEC1DFAF ] C:\Windows\System32\msimsg.dll
17:21:31.0291 0x0444  C:\Windows\System32\msimsg.dll - ok
17:21:31.0291 0x0444  [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] C:\Windows\System32\QAGENTRT.DLL
17:21:31.0291 0x0444  C:\Windows\System32\QAGENTRT.DLL - ok
17:21:31.0291 0x0444  [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] C:\Windows\System32\netman.dll
17:21:31.0291 0x0444  C:\Windows\System32\netman.dll - ok
17:21:31.0306 0x0444  [ 82C136E9E2FA0B1CFBA49BC7A18F72FD, 6A02C31F74C212C14E11B053B1B8A8F464AC3BAA8C0CDDA3A242879E296035EF ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll
17:21:31.0306 0x0444  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll - ok
17:21:31.0306 0x0444  [ 0341CB05512AA87BB64A834DE6264C34, 07A7A12F274D96E7E14581C888F33C03ACEE54A52B56C5B4AAC5582F24807C4A ] C:\Windows\System32\netprof.dll
17:21:31.0306 0x0444  C:\Windows\System32\netprof.dll - ok
17:21:31.0306 0x0444  [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] C:\Windows\System32\nsisvc.dll
17:21:31.0306 0x0444  C:\Windows\System32\nsisvc.dll - ok
17:21:31.0322 0x0444  [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] C:\Windows\System32\p2psvc.dll
17:21:31.0322 0x0444  C:\Windows\System32\p2psvc.dll - ok
17:21:31.0322 0x0444  [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] C:\Windows\System32\pcasvc.dll
17:21:31.0322 0x0444  C:\Windows\System32\pcasvc.dll - ok
17:21:31.0322 0x0444  [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] C:\Windows\System32\pla.dll
17:21:31.0322 0x0444  C:\Windows\System32\pla.dll - ok
17:21:31.0337 0x0444  [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] C:\Windows\System32\umpnpmgr.dll
17:21:31.0337 0x0444  C:\Windows\System32\umpnpmgr.dll - ok
17:21:31.0337 0x0444  [ F7BEA2085635CA9B2B991D8EDC426D3A, AE313241C31757F4A048B39E29889DED9AADEC49B50EE933D06057510B2790E8 ] C:\Windows\System32\polstore.dll
17:21:31.0337 0x0444  C:\Windows\System32\polstore.dll - ok
17:21:31.0353 0x0444  [ E058CE4FC2449D8BFA14739C83B7FF2A, 6ACA086D5E0EF3C3EAEBD78010E50739BBA7CA05E937FFF3A4F2AD22FD57B54A ] C:\Windows\System32\profsvc.dll
17:21:31.0353 0x0444  C:\Windows\System32\profsvc.dll - ok
17:21:31.0353 0x0444  [ 43A4F5B4EAC81FA11DAC3143ADC77CBA, 323530989F5B5DCE5E99DF7E711497E7018C333BE2A15BAA75E8DBA0262CA9D1 ] C:\Windows\System32\psbase.dll
17:21:31.0353 0x0444  C:\Windows\System32\psbase.dll - ok
17:21:31.0353 0x0444  [ 90574842C3DA781E279061A3EFF91F07, F87DE7355DAA4FACF2126A0427C08BAAD9E647E0B02EE5447746BE969B28DA8D ] C:\Windows\System32\qwave.dll
17:21:31.0353 0x0444  C:\Windows\System32\qwave.dll - ok
17:21:31.0353 0x0444  [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] C:\Windows\System32\drivers\qwavedrv.sys
17:21:31.0353 0x0444  C:\Windows\System32\drivers\qwavedrv.sys - ok
17:21:31.0369 0x0444  [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] C:\Windows\System32\rasauto.dll
17:21:31.0369 0x0444  C:\Windows\System32\rasauto.dll - ok
17:21:31.0369 0x0444  [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] C:\Windows\System32\rasmans.dll
17:21:31.0369 0x0444  C:\Windows\System32\rasmans.dll - ok
17:21:31.0369 0x0444  [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] C:\Windows\System32\sstpsvc.dll
17:21:31.0369 0x0444  C:\Windows\System32\sstpsvc.dll - ok
17:21:31.0384 0x0444  [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] C:\Windows\System32\mprdim.dll
17:21:31.0384 0x0444  C:\Windows\System32\mprdim.dll - ok
17:21:31.0384 0x0444  [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] C:\Windows\System32\regsvc.dll
17:21:31.0384 0x0444  C:\Windows\System32\regsvc.dll - ok
17:21:31.0384 0x0444  [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] C:\Windows\System32\Locator.exe
17:21:31.0384 0x0444  C:\Windows\System32\Locator.exe - ok
17:21:31.0400 0x0444  [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] C:\Windows\System32\SCardSvr.dll
17:21:31.0400 0x0444  C:\Windows\System32\SCardSvr.dll - ok
17:21:31.0400 0x0444  [ 0F838C811AD295D2A4489B9993096C63, 3DF2F973359249735810CB5AD52E05126A93A1C7D9F6274ACB018A0A125846BD ] C:\Windows\System32\schedsvc.dll
17:21:31.0400 0x0444  C:\Windows\System32\schedsvc.dll - ok
17:21:31.0415 0x0444  [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] C:\Windows\System32\sdrsvc.dll
17:21:31.0415 0x0444  C:\Windows\System32\sdrsvc.dll - ok
17:21:31.0415 0x0444  [ 5ACDCBC67FCF894A1815B9F96D704490, FE0247A8BEDB860EBD46A9D49C641D0B9AA24EE34132CDDADC9F5A605238FDA7 ] C:\Windows\System32\seclogon.dll
17:21:31.0415 0x0444  C:\Windows\System32\seclogon.dll - ok
17:21:31.0415 0x0444  [ 90973A64B96CD647FF81C79443618EED, 1D3CB7F724B7EADA6443DF07B258EE7FB7FEC92C2A7A9D3C57F6A220EF0DDDC4 ] C:\Windows\System32\Sens.dll
17:21:31.0415 0x0444  C:\Windows\System32\Sens.dll - ok
17:21:31.0431 0x0444  [ A8E4A4407A09F35DCCC3771AF590B0C4, F56ECE42CE81098FCCBCDFBBF006C3FB9EDD29C62F03C4EAE012EE690669481B ] C:\Windows\System32\SessEnv.dll
17:21:31.0431 0x0444  C:\Windows\System32\SessEnv.dll - ok
17:21:31.0431 0x0444  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] C:\Windows\System32\ipnathlp.dll
17:21:31.0431 0x0444  C:\Windows\System32\ipnathlp.dll - ok
17:21:31.0431 0x0444  [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] C:\Windows\System32\shsvcs.dll
17:21:31.0431 0x0444  C:\Windows\System32\shsvcs.dll - ok
17:21:31.0431 0x0444  [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] C:\Windows\System32\SLsvc.exe
17:21:31.0431 0x0444  C:\Windows\System32\SLsvc.exe - ok
17:21:31.0447 0x0444  [ FD74B4B7C2088E390A30C85A896FC3AF, 897F1F89A4DDB356CF6E59EFBC32A2081C0CADE283793DB6879D263F7B2E313F ] C:\Windows\System32\SLUINotify.dll
17:21:31.0447 0x0444  C:\Windows\System32\SLUINotify.dll - ok
17:21:31.0447 0x0444  [ F8F08779E7D997913607B0146710CC04, 25E60795D1831502460BA037F3FC9C6045A68E370DBCC19637443D5C0FDDF0BA ] C:\Windows\System32\tcpipcfg.dll
17:21:31.0447 0x0444  C:\Windows\System32\tcpipcfg.dll - ok
17:21:31.0447 0x0444  [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] C:\Windows\System32\snmptrap.exe
17:21:31.0447 0x0444  C:\Windows\System32\snmptrap.exe - ok
17:21:31.0462 0x0444  [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] C:\Windows\System32\spoolsv.exe
17:21:31.0462 0x0444  C:\Windows\System32\spoolsv.exe - ok
17:21:31.0462 0x0444  [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] C:\Windows\System32\ssdpsrv.dll
17:21:31.0462 0x0444  C:\Windows\System32\ssdpsrv.dll - ok
17:21:31.0478 0x0444  [ 15825C1FBFB8779992CB65087F316AF5, E9431C016D209A7322C0586F11EEF0AB461AB5822960287BB1D0FBC30183614D ] C:\Windows\System32\wiaservc.dll
17:21:31.0478 0x0444  C:\Windows\System32\wiaservc.dll - ok
17:21:31.0478 0x0444  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] C:\Windows\System32\swprv.dll
17:21:31.0478 0x0444  C:\Windows\System32\swprv.dll - ok
17:21:31.0478 0x0444  [ 92D7A8B0F87B036F17D25885937897A6, 6759BAB11E5FBB143BE13DF1611AE5D41D379DF423D881E92E910DF6A37CBA85 ] C:\Windows\System32\sysmain.dll
17:21:31.0478 0x0444  C:\Windows\System32\sysmain.dll - ok
17:21:31.0493 0x0444  [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] C:\Windows\System32\TabSvc.dll
17:21:31.0493 0x0444  C:\Windows\System32\TabSvc.dll - ok
17:21:31.0493 0x0444  [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] C:\Windows\System32\tapisrv.dll
17:21:31.0493 0x0444  C:\Windows\System32\tapisrv.dll - ok
17:21:31.0493 0x0444  [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] C:\Windows\System32\tbssvc.dll
17:21:31.0493 0x0444  C:\Windows\System32\tbssvc.dll - ok
17:21:31.0509 0x0444  [ 5CDD30BC217082DAC71A9878D9BFD566, 260D40973F9EEAE9A1890B813D8DCC01A9434D17DCE5DA1D16B72A57DCF59194 ] C:\Windows\System32\termsrv.dll
17:21:31.0509 0x0444  C:\Windows\System32\termsrv.dll - ok
17:21:31.0509 0x0444  [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] C:\Windows\System32\trkwks.dll
17:21:31.0509 0x0444  C:\Windows\System32\trkwks.dll - ok
17:21:31.0509 0x0444  [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] C:\Windows\servicing\TrustedInstaller.exe
17:21:31.0509 0x0444  C:\Windows\servicing\TrustedInstaller.exe - ok
17:21:31.0509 0x0444  [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] C:\Windows\System32\UI0Detect.exe
17:21:31.0525 0x0444  C:\Windows\System32\UI0Detect.exe - ok
17:21:31.0525 0x0444  [ 7093799FF80E9DECA0680D2E3535BE60, 1CBFCCA84CB9212176BF5A1D32334BD54E58A2668A4746252738800468AD4AD4 ] C:\Windows\System32\upnphost.dll
17:21:31.0525 0x0444  C:\Windows\System32\upnphost.dll - ok
17:21:31.0525 0x0444  [ 449F5AB17863698F12F0BC8E99079AA6, C60901949B91D3B129FF8550F934970CB0F6758C135AB41F81A8524CBC1299AB ] C:\Windows\System32\dwm.exe
17:21:31.0525 0x0444  C:\Windows\System32\dwm.exe - ok
17:21:31.0540 0x0444  [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] C:\Windows\System32\vds.exe
17:21:31.0540 0x0444  C:\Windows\System32\vds.exe - ok
17:21:31.0540 0x0444  [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] C:\Windows\System32\VSSVC.exe
17:21:31.0540 0x0444  C:\Windows\System32\VSSVC.exe - ok
17:21:31.0540 0x0444  [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] C:\Windows\System32\w32time.dll
17:21:31.0540 0x0444  C:\Windows\System32\w32time.dll - ok
17:21:31.0556 0x0444  [ B4E4C37D0AA6100090A53213EE2BF1C1, 67107F542F3C937FA5D9B28BA2EBFE994FFE287F16C0BFCF79AD20B95C13F78B ] C:\Windows\System32\wcncsvc.dll
17:21:31.0556 0x0444  C:\Windows\System32\wcncsvc.dll - ok
17:21:31.0556 0x0444  [ EA4B369560E986F19D93F45A881484AC, B61411D64901C9CB8C80402CD1E8808F5A0FACA38206C8D584C7C1019F5ADF5A ] C:\Windows\System32\WcsPlugInService.dll
17:21:31.0556 0x0444  C:\Windows\System32\WcsPlugInService.dll - ok
17:21:31.0556 0x0444  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] C:\Windows\System32\drivers\Wdf01000.sys
17:21:31.0556 0x0444  C:\Windows\System32\drivers\Wdf01000.sys - ok
17:21:31.0571 0x0444  [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] C:\Windows\System32\wdi.dll
17:21:31.0571 0x0444  C:\Windows\System32\wdi.dll - ok
17:21:31.0571 0x0444  [ 3E6D05381CF35F75EBB055544A8ED9AC, BEC43932BD6C34406B8850E28178B937BFD9512E49FD9F8C54DA7EE272B478A9 ] C:\Windows\System32\WebClnt.dll
17:21:31.0571 0x0444  C:\Windows\System32\WebClnt.dll - ok
17:21:31.0571 0x0444  [ 8D40BC587993F876658BF9FB0F7D3462, 23748E11F5CCE3D4978D748780283FA5A1154F53FF70D924CB2128FF8A4705F7 ] C:\Windows\System32\wecsvc.dll
17:21:31.0571 0x0444  C:\Windows\System32\wecsvc.dll - ok
17:21:31.0587 0x0444  [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] C:\Windows\System32\wercplsupport.dll
17:21:31.0587 0x0444  C:\Windows\System32\wercplsupport.dll - ok
17:21:31.0587 0x0444  [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] C:\Windows\System32\wersvc.dll
17:21:31.0587 0x0444  C:\Windows\System32\wersvc.dll - ok
17:21:31.0587 0x0444  [ A2D043408A2DC9CDE48CFF88FCD74662, FDA016669FC2F9E64BA691E41FD304F43CE7C5FFA9BAADCE6A8CD65A23340EF9 ] C:\Windows\System32\winhttp.dll
17:21:31.0587 0x0444  C:\Windows\System32\winhttp.dll - ok
17:21:31.0603 0x0444  [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] C:\Windows\System32\wbem\WMIsvc.dll
17:21:31.0603 0x0444  C:\Windows\System32\wbem\WMIsvc.dll - ok
17:21:31.0603 0x0444  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869, 22D53818F4A4ACE441E121151CFD7CB1EDF5E8303DF9E113C9BB304B418A96EF ] C:\Windows\System32\WsmSvc.dll
17:21:31.0603 0x0444  C:\Windows\System32\WsmSvc.dll - ok
17:21:31.0603 0x0444  [ EC339C8115E91BAED835957E9A677F16, 3BBE6D4F1731198E8F0CFEE67C4CCA5C31E6968F8E02EF9E029C1847A26F513B ] C:\Windows\System32\wlansvc.dll
17:21:31.0603 0x0444  C:\Windows\System32\wlansvc.dll - ok
17:21:31.0618 0x0444  [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] C:\Windows\System32\wbem\WmiApSrv.exe
17:21:31.0618 0x0444  C:\Windows\System32\wbem\WmiApSrv.exe - ok
17:21:31.0618 0x0444  [ 56382A5EB85A25446745E3BD6D50A3A5, 94ABCA1238150B74271CC47F0BDE5CCE2CB2D734AEE8E4B04074ECE396482624 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
17:21:31.0618 0x0444  C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
17:21:31.0618 0x0444  [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] C:\Windows\System32\wpcsvc.dll
17:21:31.0618 0x0444  C:\Windows\System32\wpcsvc.dll - ok
17:21:31.0634 0x0444  [ 490A18B4E4D53DC10879DEAA8E8B70D9, D069D8C22CF78A0970E85C0B9879E08FF19458FAA75AE447BCF9236731F64252 ] C:\Windows\System32\wpdbusenum.dll
17:21:31.0634 0x0444  C:\Windows\System32\wpdbusenum.dll - ok
17:21:31.0634 0x0444  [ A2BFEDF5D926CBED9C5F7BC46169A99C, 4F336C0D1DFBCDF9583F528331300FD377AE6565E0C70D58CD9E6ACE95B7273F ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:21:31.0634 0x0444  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe - ok
17:21:31.0634 0x0444  [ 9EA3E6D0EF7A5C2B9181961052A4B01A, F39BAF1FC7DD1600C0052C2A6AA3BCBC8CA3DA96D1AC7B42B0F2810D051EE1B0 ] C:\Windows\System32\wscsvc.dll
17:21:31.0634 0x0444  C:\Windows\System32\wscsvc.dll - ok
17:21:31.0649 0x0444  [ A2AC37A1EEF83BD9E912B0EFCBEA06BD, F51F38E789DE23A53AEC58B505C7AD9ABB3988F08F54A73DADE52E5A5F7F613E ] C:\Windows\System32\SearchIndexer.exe
17:21:31.0649 0x0444  C:\Windows\System32\SearchIndexer.exe - ok
17:21:31.0649 0x0444  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] C:\Windows\System32\wuaueng.dll
17:21:31.0649 0x0444  C:\Windows\System32\wuaueng.dll - ok
17:21:31.0665 0x0444  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] C:\Windows\System32\drivers\WUDFPf.sys
17:21:31.0665 0x0444  C:\Windows\System32\drivers\WUDFPf.sys - ok
17:21:31.0665 0x0444  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] C:\Windows\System32\WUDFSvc.dll
17:21:31.0665 0x0444  C:\Windows\System32\WUDFSvc.dll - ok
17:21:31.0665 0x0444  [ 9922ADB6DCA8F0F5EA038BEFF339C08B, DA74D1019544519AB1D138FDEE9D4BCB25F71DCA155751D1F931067273B32BE7 ] C:\Windows\System32\scecli.dll
17:21:31.0665 0x0444  C:\Windows\System32\scecli.dll - ok
17:21:31.0665 0x0444  [ EE3718BCF5CEF1C457C10A745E410959, F79AA33B471991575E7A7B5BB33588792E4B321DF8706B58E284625FC3BCF110 ] C:\Windows\System32\ntmarta.dll
17:21:31.0665 0x0444  C:\Windows\System32\ntmarta.dll - ok
17:21:31.0681 0x0444  [ CDA9F1373805AF88F6FA4F2064BBA24D, B26AAFFF9A4721A168FEC6DBEFF785121FDD3010BE46BC89815E2C8C4C40B303 ] C:\Windows\System32\svchost.exe
17:21:31.0681 0x0444  C:\Windows\System32\svchost.exe - ok
17:21:31.0681 0x0444  [ 7823A58BF0FE3CAAA555C12B5CF91290, 873435FBE8FAB30A6A50E0924C0D9AB24F0F03938E1F1959D68CB00192559766 ] C:\Windows\System32\powrprof.dll
17:21:31.0681 0x0444  C:\Windows\System32\powrprof.dll - ok
17:21:31.0681 0x0444  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] C:\Windows\System32\rpcss.dll
17:21:31.0681 0x0444  C:\Windows\System32\rpcss.dll - ok
17:21:31.0696 0x0444  [ EA3D2B63BA304EB6EDABBAFA21599B47, 01F6951D53721C62C94B4A3F6A0F6A2429B8805E1FCF61C2DA4B5C8368A0AD3A ] C:\Windows\System32\version.dll
17:21:31.0696 0x0444  C:\Windows\System32\version.dll - ok
17:21:31.0696 0x0444  [ BAD79FECE1387CDD8388A3314645757F, A0E5DAE8BD6B29F7F22F28C644E3CCD7C08E9DBBBC2A54CC3C0E542B6F20EFA3 ] C:\Windows\System32\LogonUI.exe
17:21:31.0696 0x0444  C:\Windows\System32\LogonUI.exe - ok
17:21:31.0696 0x0444  [ D2B5BFBA352139FA5CD92DD07C9E0D17, B629DDB5755CA03DAE3502E7883C7A92DF66E7FA01979D1DF66276FE9CF1D984 ] C:\Windows\System32\authui.dll
17:21:31.0696 0x0444  C:\Windows\System32\authui.dll - ok
17:21:31.0712 0x0444  [ C5EDECA7546B009484B23FAD0E9724C1, 8F71B8B5F644C38BD4E5FD41AE27C898FCD94FCC4DEE068D32592BF8099FBE89 ] C:\Windows\System32\nlaapi.dll
17:21:31.0712 0x0444  C:\Windows\System32\nlaapi.dll - ok
17:21:31.0712 0x0444  [ 7FC9AFDD2A2ACFCB52FB05D57FE8C2F4, 9DB8D42BBFB0222DB270EC249FCAD8AE02840AE5AF939EC01BC7F58F3BD68DA6 ] C:\Windows\System32\atl.dll
17:21:31.0712 0x0444  C:\Windows\System32\atl.dll - ok
17:21:31.0727 0x0444  [ 99AA51A6AE40DED4A74776E6E1C066C1, 7D6DC515863A36E37C0984651560E061747D06D7CC5F8CE7B2B485A91A1CE5C1 ] C:\Windows\System32\adtschema.dll
17:21:31.0727 0x0444  C:\Windows\System32\adtschema.dll - ok
17:21:31.0727 0x0444  [ 56697D33950E5E83A4049F477BE7C320, 9272DEFD5B3D0FF201EFB4ADDA1F5C0119B181D70B29AC95A42B581E28D81DD5 ] C:\Windows\System32\hid.dll
17:21:31.0727 0x0444  C:\Windows\System32\hid.dll - ok
17:21:31.0727 0x0444  [ 46662CD685A6341AB4AED86D134D80E9, 7AAEFBFAA824F24A1F9FC7009FBE6355789E0AC80F0C26EE1030A01A0922C90B ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd\comctl32.dll
17:21:31.0727 0x0444  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd\comctl32.dll - ok
17:21:31.0743 0x0444  [ 6C2D2558DECB89C83873F80160D19F2C, 88366ABDA198978773150F35FA558C73F19BC261A65D73B66B2C43B89BE25831 ] C:\Windows\System32\wtsapi32.dll
17:21:31.0743 0x0444  C:\Windows\System32\wtsapi32.dll - ok
17:21:31.0743 0x0444  [ B1DF2D87DC8BF6072699AC8301B37796, D5A6FD1EDB627324DFA1A0555F1777A3313EF29DDE29982C3CE59DAF1ED0D105 ] C:\Windows\System32\WUDFPlatform.dll
17:21:31.0743 0x0444  C:\Windows\System32\WUDFPlatform.dll - ok
17:21:31.0743 0x0444  [ 887337641E72861178B1DA84867298ED, ACC245A9440A2ED882DDD1A03638E27F2DC6AC12D5BA4217D5741C76FFAEC976 ] C:\Windows\System32\wintrust.dll
17:21:31.0743 0x0444  C:\Windows\System32\wintrust.dll - ok
17:21:31.0759 0x0444  [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] C:\Windows\System32\dnsrslvr.dll
17:21:31.0759 0x0444  C:\Windows\System32\dnsrslvr.dll - ok
17:21:31.0759 0x0444  [ 6B58266234B36ABCDD43C797B0D1932E, 37A9BB603DEE09FD7BE8C25F489F434EC999791FFCA69E7CC1B46A53F7CA68EA ] C:\Windows\System32\msimg32.dll
17:21:31.0759 0x0444  C:\Windows\System32\msimg32.dll - ok
17:21:31.0759 0x0444  [ 88DBC757681093478BC80211C21695E5, BB3401574E83135DB8B855795040F57D1309C9FE2F4DD38CFF9F100A45FC3B2E ] C:\Windows\System32\uxtheme.dll
17:21:31.0759 0x0444  C:\Windows\System32\uxtheme.dll - ok
17:21:31.0759 0x0444  [ F947921ABCF504A7CA03F28709324F9D, C68D262F340F4DADE4F003CA8376D588C9B59584C8A824EA0EDDCE1BA44C1E7E ] C:\Windows\System32\FWPUCLNT.DLL
17:21:31.0759 0x0444  C:\Windows\System32\FWPUCLNT.DLL - ok
17:21:31.0774 0x0444  [ 78AC0946A2843C60994958E70FF19E6F, 09109D28C1F7852DD24C062B8458EDFBA7A32A8364CDB6790182D162224B677E ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_56ac6a77b5937fd8\GdiPlus.dll
17:21:31.0774 0x0444  C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.19096_none_56ac6a77b5937fd8\GdiPlus.dll - ok
17:21:31.0774 0x0444  [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] C:\Windows\System32\drivers\bowser.sys
17:21:31.0774 0x0444  C:\Windows\System32\drivers\bowser.sys - ok
17:21:31.0790 0x0444  [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] C:\Windows\System32\drivers\mpsdrv.sys
17:21:31.0790 0x0444  C:\Windows\System32\drivers\mpsdrv.sys - ok
17:21:31.0790 0x0444  [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] C:\Windows\System32\MPSSVC.dll
17:21:31.0790 0x0444  C:\Windows\System32\MPSSVC.dll - ok
17:21:31.0790 0x0444  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B, 9F157AAA1A793EF7E52817E4126B774C17FFA0036DADCF10A024FDC068F94F67 ] C:\Windows\System32\drivers\mrxsmb.sys
17:21:31.0790 0x0444  C:\Windows\System32\drivers\mrxsmb.sys - ok
17:21:31.0805 0x0444  [ 3B929A60C833FC615FD97FBA82BC7632, 40EEBEB43F42A1A37FAA529E0C21984426F90C1EEFE1EF9BB2F696164595F91D ] C:\Windows\System32\drivers\mrxsmb10.sys
17:21:31.0805 0x0444  C:\Windows\System32\drivers\mrxsmb10.sys - ok
17:21:31.0805 0x0444  [ 16881B42E07390FAA8C7331E9B8316A7, CF68AD56E7880DD899AB5E7C36B92ABAAEC4D521F17DC42022554FD3C98571E5 ] C:\Windows\System32\duser.dll
17:21:31.0805 0x0444  C:\Windows\System32\duser.dll - ok
17:21:31.0805 0x0444  [ D1E792408F710173E4E4FB6BFB248DB3, AF52BE3ADF14B55CE1D8D77FB31216EDFF904B1099086353C9C9B69A1E480290 ] C:\Windows\System32\wfapigp.dll
17:21:31.0805 0x0444  C:\Windows\System32\wfapigp.dll - ok
17:21:31.0805 0x0444  [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] C:\Windows\System32\drivers\fltMgr.sys
17:21:31.0821 0x0444  C:\Windows\System32\drivers\fltMgr.sys - ok
17:21:31.0821 0x0444  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3, 197F70E24D2BBDEC35C2D5BC442267ACC4C5AE3FD5BB30A0928976BE9758C942 ] C:\Windows\System32\drivers\mrxsmb20.sys
17:21:31.0821 0x0444  C:\Windows\System32\drivers\mrxsmb20.sys - ok
17:21:31.0821 0x0444  [ 87B1E9B5DBFADA04D9FFDC52D16CB000, B80983383868E935A97CA391FE22BDA61894A4BB76C39D9E2D06778870BD5792 ] C:\Windows\System32\mscms.dll
17:21:31.0821 0x0444  C:\Windows\System32\mscms.dll - ok
17:21:31.0821 0x0444  [ 9E693C6146932B5369DFFA584E805EF6, 4B3647ACA543884168C8F3A32DE95E5FF6F05C866A89F51D413C341334E237E4 ] C:\Windows\System32\PSHED.DLL
17:21:31.0821 0x0444  C:\Windows\System32\PSHED.DLL - ok
17:21:31.0837 0x0444  [ 1E68A512FB6010B600CBC3577147AC50, 2A897C54FA3106D77260BCAAE832273142C78B29B379245C94AE0D1E5A719BA7 ] C:\Windows\System32\plasrv.exe
17:21:31.0837 0x0444  C:\Windows\System32\plasrv.exe - ok
17:21:31.0837 0x0444  [ 656CF740A2FDB99664A91C439D05C0ED, C6F3D698AE412E3918844EA2AA14EE241F981506C74F14E3783A67FE1E6A24A1 ] C:\Windows\System32\xmllite.dll
17:21:31.0837 0x0444  C:\Windows\System32\xmllite.dll - ok
17:21:31.0852 0x0444  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] C:\Program Files\SUPERAntiSpyware\SASCore64.exe
17:21:31.0852 0x0444  C:\Program Files\SUPERAntiSpyware\SASCore64.exe - ok
17:21:31.0852 0x0444  [ C501852F1CA40FFC55363ACC0D2DF5BA, 00B0E33941DA5409DFBA95984F167CE8188C89C9090DCD8CD3C2D4CC5C8F6E35 ] C:\Windows\System32\SmartcardCredentialProvider.dll
17:21:31.0852 0x0444  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
17:21:31.0852 0x0444  [ 2E10EB73ED1E094E9A113D0798058B88, D0AB6B3A42868462054D979072E90E4DDC79E227B052FC1394CE723DC969F1AA ] C:\Windows\System32\vssapi.dll
17:21:31.0852 0x0444  C:\Windows\System32\vssapi.dll - ok
17:21:31.0868 0x0444  [ 89A5560671C2D8B4A4B51F3E1AA069D8, 07DEE5D73DDE09F954E2E13BB5603F0033829B6199C81A7C1709D94AB92B351E ] C:\Windows\System32\IPSECSVC.DLL
17:21:31.0868 0x0444  C:\Windows\System32\IPSECSVC.DLL - ok
17:21:31.0868 0x0444  [ A4F3F34A7146D8633FA8D346535A9CAA, 2D01094210C0C8F611CCF1D3A6D136107C6E73ABF7CC801F404B352BEDBB3205 ] C:\Windows\System32\rasapi32.dll
17:21:31.0868 0x0444  C:\Windows\System32\rasapi32.dll - ok
17:21:31.0868 0x0444  [ E9DBC876EC1C78A74A55D8D121016344, 73E36BE2687BC9A88B5D839EF64DBA8CA82DC19C35BBF5F6DE80B87CC5ABEBB8 ] C:\Windows\System32\wbemcomn.dll
17:21:31.0868 0x0444  C:\Windows\System32\wbemcomn.dll - ok
17:21:31.0883 0x0444  [ 00C7DAFAD08FAD59E51EB9A1F90925DE, 39FEBD2CD67CEB6E348135AF46B6AEF8E89811DAD2D830478D4312BF27A61E25 ] C:\Windows\System32\shgina.dll
17:21:31.0883 0x0444  C:\Windows\System32\shgina.dll - ok
17:21:31.0883 0x0444  [ 4CEA4255CAE84BF21FCA9A2827E16CBB, 2B46053E200FCB4A11E010E1F5C8C49253768009F81068BB800298F7A5DAF3DA ] C:\Windows\System32\shacct.dll
17:21:31.0883 0x0444  C:\Windows\System32\shacct.dll - ok
17:21:31.0883 0x0444  [ C30BD20F185A47DCD4FD05F5AE1BC077, CAE1C60B826AC7A07E09D2A94E815F2938069D22EA08808C7F11CA22E0837039 ] C:\Windows\System32\rasman.dll
17:21:31.0883 0x0444  C:\Windows\System32\rasman.dll - ok
17:21:31.0899 0x0444  [ 14DC30962660BA05F1F54EB11AA5A2B4, 23DD3D9E1D7F7CCB1A9AD2106CF39F072B689623854C36BDF27C0050DD28AA8E ] C:\Windows\System32\FwRemoteSvr.dll
17:21:31.0899 0x0444  C:\Windows\System32\FwRemoteSvr.dll - ok
17:21:31.0899 0x0444  [ FE13271EF661F8BE83A1A0D3366164D0, 084D858A21EC8A22C0880D4C70D042ACAB3982E998054CFE3525D2725D7454E2 ] C:\Windows\System32\propsys.dll
17:21:31.0899 0x0444  C:\Windows\System32\propsys.dll - ok
17:21:31.0899 0x0444  [ F0884FA3E83C79775BF89C74DD28B616, 773BFB326428B9733083F8DE978067FBAA7EF2906BD5DF60EC3550473E2759D1 ] C:\Windows\System32\tapi32.dll
17:21:31.0899 0x0444  C:\Windows\System32\tapi32.dll - ok
17:21:31.0915 0x0444  [ F1D25FB6A8BF8FBAE49717B684670393, 56991FE3ED90311630FD60772876ADACCEB7DC9E761D4BFEC6A96E18C6C4F54B ] C:\Windows\System32\rtutils.dll
17:21:31.0915 0x0444  C:\Windows\System32\rtutils.dll - ok
17:21:31.0915 0x0444  [ B25321F9C037BA9AE1DD68B36913ACAC, 444B6F261CE49C1D46A55E0AC32DC659EA2525C0355A43C0568EA56E3ABDA781 ] C:\Windows\System32\wbem\WinMgmtR.dll
17:21:31.0915 0x0444  C:\Windows\System32\wbem\WinMgmtR.dll - ok
17:21:31.0915 0x0444  [ 7500278FEF4A66B0D76D8438F0295F4E, AF7F6BE7D670187541F97636AD96782F38D8DCF472351098BAF2939B04A6CAFF ] C:\Windows\System32\winmm.dll
17:21:31.0915 0x0444  C:\Windows\System32\winmm.dll - ok
17:21:31.0930 0x0444  [ D58A65112AE355CADFABEEFC8D329A8F, 8A78FC9A46201CF264F27A4B66D9880D468501E4937E1E660EF75AAF09098D32 ] C:\Windows\System32\oleacc.dll
17:21:31.0930 0x0444  C:\Windows\System32\oleacc.dll - ok
17:21:31.0930 0x0444  [ E8AECB69B2057EB308BE15A77AF2489E, 970E3C5B03B6179FB503228A932ABAEC542A34A87A4CE0F5ADA82EB5FA436E4E ] C:\Windows\System32\vsstrace.dll
17:21:31.0930 0x0444  C:\Windows\System32\vsstrace.dll - ok
17:21:31.0930 0x0444  [ 25754CBC9CAAF51184C9E70F3A0A349E, F42954F59842B4D12608D16114DD130C5C5CD2244252EDF0DC29C6B736B65822 ] C:\Windows\System32\cryptnet.dll
17:21:31.0930 0x0444  C:\Windows\System32\cryptnet.dll - ok
17:21:31.0946 0x0444  [ 0842A765D31D6E4AE50D6DF7DED61748, E64BE7D909220442D9479EFF28CE0086461EC718CA662F728B3549B3681DEED2 ] C:\Windows\System32\SensApi.dll
17:21:31.0946 0x0444  C:\Windows\System32\SensApi.dll - ok
17:21:31.0946 0x0444  [ 5E1D96076745F73C56B1307FEE6BEDFE, E1C69F35AEC9C11F570BFFB89934165A8FEAFB62B62080C9E38A965DEBBBB87A ] C:\Windows\System32\ncsi.dll
17:21:31.0946 0x0444  C:\Windows\System32\ncsi.dll - ok
17:21:31.0946 0x0444  [ 0C063350E73B443666B17F225BB9FEC7, 7C948305B2D62FAD01124E558C64168C88E9B663D0B9E967318DC21F1E62F2A3 ] C:\Windows\System32\cfgmgr32.dll
17:21:31.0946 0x0444  C:\Windows\System32\cfgmgr32.dll - ok
17:21:31.0961 0x0444  [ 467FBA22AD764B6AB85BE58C25EEF15D, B762EA05317FD849DB51662CA48579004328905F2A5B9F33E7603F80C15F3AE7 ] C:\Windows\System32\ssdpapi.dll
17:21:31.0961 0x0444  C:\Windows\System32\ssdpapi.dll - ok
17:21:31.0961 0x0444  [ 7846D0136CC2B264926A73047BA7688A, 6F56CC1B17095C378D98B58A92F9EDA2D009529DDB6F60E815D85C7606C8EDC0 ] C:\Windows\System32\netprofm.dll
17:21:31.0961 0x0444  C:\Windows\System32\netprofm.dll - ok
17:21:31.0977 0x0444  [ A5D8AD128FBB763F147F29F3D6A1C084, 12ADA49BDE8E83D74CB476E4874D96D3B8F28E8C4741A40C5285E6B21A18B6D2 ] C:\Windows\System32\npmproxy.dll
17:21:31.0977 0x0444  C:\Windows\System32\npmproxy.dll - ok
17:21:31.0977 0x0444  [ 514A07C903607458B6B5A430B09BF794, 9A79E172E28A0B2A34121E74FEE29401A5AF9AA4E238F3E3F2DD8F94FEC4F2AE ] C:\Windows\System32\avrt.dll
17:21:31.0977 0x0444  C:\Windows\System32\avrt.dll - ok
17:21:31.0977 0x0444  [ BED93F434CD291DEC110901F7343E000, E47365043F44B0FB62C9552C24C18725AE60797D1A80230D26D52EEDC7E5E42E ] C:\Windows\System32\dllhost.exe
17:21:31.0977 0x0444  C:\Windows\System32\dllhost.exe - ok
17:21:31.0977 0x0444  [ 04BE188624096B6D2F8C760940B2D100, B0C79F7F53639AB228D6B1A8AAC3A40E969A1A9FBBA897C1D2EEC8C970C1945B ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18879_none_414ad6405542c1e6\comctl32.dll
17:21:31.0977 0x0444  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18879_none_414ad6405542c1e6\comctl32.dll - ok
17:21:31.0993 0x0444  [ ED4EC7C21A3607A4CB7D36E9C5B90AB2, 13580D9FFB388427105408D5F1883CF85A3BE7EBC7F6519327EB4F9193A17C6C ] C:\Windows\System32\AtBroker.exe
17:21:31.0993 0x0444  C:\Windows\System32\AtBroker.exe - ok
17:21:31.0993 0x0444  [ A0AB2BB9A92293D9CE66E252719AB5FE, A1323F79124F3D9A214BAF82AE085F4299075F0EC308736B9E8F14351FAAE1E4 ] C:\Windows\System32\userinit.exe
17:21:31.0993 0x0444  C:\Windows\System32\userinit.exe - ok
17:21:31.0993 0x0444  [ 1AD703C14E705F69D4ADF79154054173, DD6E692CC06E05244E6595C4C908D96C4F64957B6788B271C3A4F423B8945FFE ] C:\Windows\System32\dwmapi.dll
17:21:31.0993 0x0444  C:\Windows\System32\dwmapi.dll - ok
17:21:32.0008 0x0444  [ 6B08E54A451B3F95E4109DBA7E594270, 0419E4100C3B4AD1831FBF9249173CF32C8209C71B7101674B239A0A47C30E42 ] C:\Windows\explorer.exe
17:21:32.0008 0x0444  C:\Windows\explorer.exe - ok
17:21:32.0008 0x0444  [ 9DCAA0F7D8EC0C07BBBE724041DB7AC5, F129900011B92AB7F74B11CBE4A214E5C21F7A3B3D05D5E1E1CB5C0FAE89A81C ] C:\Windows\System32\shdocvw.dll
17:21:32.0008 0x0444  C:\Windows\System32\shdocvw.dll - ok
17:21:32.0024 0x0444  [ EE9040473EB1339E75E79A75FA47A825, E2ABCC82EC1699EC841C64AA11AB610C12AACC9272F5E73F7207E594DF4E581B ] C:\Windows\System32\browseui.dll
17:21:32.0024 0x0444  C:\Windows\System32\browseui.dll - ok
17:21:32.0024 0x0444  [ 8A777C49978A4E03C4F1442E8FDC5CC2, DB423BE18155C96214AB826DCBFF920ED7EFAC9C526193F74A3D991BD887351C ] C:\Windows\System32\osk.exe
17:21:32.0024 0x0444  C:\Windows\System32\osk.exe - ok
17:21:32.0039 0x0444  [ 48FEF0CD6C0D4CA428DE7024F297E1CD, 489026352868DD70F843B637FAD0F7E2D9A71429C8ECBD96A9FA54FFA32C8F7C ] C:\Windows\System32\WindowsCodecs.dll
17:21:32.0039 0x0444  C:\Windows\System32\WindowsCodecs.dll - ok
17:21:32.0039 0x0444  [ 370FD97C02202536F1140E3AD5D7F1B5, A3CD4EF765825F38B5D2062ADF8B8090EAF92081BAA8FA5972695A775B275D83 ] C:\Windows\System32\msswch.dll
17:21:32.0039 0x0444  C:\Windows\System32\msswch.dll - ok
17:21:32.0039 0x0444  [ F33E804A031F160D128AB78990DE7C91, 243B01A3FC09D0BE0FDEC26E5D83F31A54384CA58BC768AF235C271ED4067FE1 ] C:\Windows\System32\apphelp.dll
17:21:32.0039 0x0444  C:\Windows\System32\apphelp.dll - ok
17:21:32.0055 0x0444  [ B2E32F41E1D6500F62CAEF5EF2B17196, AFE3EF10D2CA41AF9DF3F9EE1A96DC03793425A08EDD79B12920DB9F9CF6E804 ] C:\Windows\System32\EhStorShell.dll
17:21:32.0055 0x0444  C:\Windows\System32\EhStorShell.dll - ok
17:21:32.0055 0x0444  [ EDC41901878A99EA11765F5536CCAE67, A9DD9415620B5381E22A540D5942492689A2EB38405C6EDD4BB0260490C5E4D1 ] C:\Windows\System32\imageres.dll
17:21:32.0055 0x0444  C:\Windows\System32\imageres.dll - ok
17:21:32.0055 0x0444  [ A45D8543AE13502984366767D7A4B4CD, 69B2A7653EB8234D2F50B01B4E51C7E6106907875E18CFCA092B1E30DC6D2AA7 ] C:\Windows\System32\IconCodecService.dll
17:21:32.0055 0x0444  C:\Windows\System32\IconCodecService.dll - ok
17:21:32.0055 0x0444  [ 5398BD3BA9735ECF658487A2826C0885, 7D7098552FBE7EC8767CD28AF2EF2B135584068DF302168DE730DDFD69F0FB09 ] C:\Windows\System32\runonce.exe
17:21:32.0055 0x0444  C:\Windows\System32\runonce.exe - ok
17:21:32.0071 0x0444  [ 9A6A653ADF28D9D69670B48F535E6B90, 72351645184693A879CFF7FD171A182F24B7F72EA313E8D42F2744D0421FE188 ] C:\Windows\SysWOW64\runonce.exe
17:21:32.0071 0x0444  C:\Windows\SysWOW64\runonce.exe - ok
17:21:32.0071 0x0444  [ EF9DAF0E43C0CBBE75228E6FCDF74D21, DB9B71CF6C9A3BBEE9C8933B9A0C33FD7EA91D93D15B6BC3FDF6E71AC0D7F1D4 ] C:\Windows\SysWOW64\ntdll.dll
17:21:32.0071 0x0444  C:\Windows\SysWOW64\ntdll.dll - ok
17:21:32.0071 0x0444  [ 9A55A910B56F416B1F9F17D554D49275, 2997D6FCB2242E7B49EF3A9AD8865359457619C3399EEAC71A076FC845309B9F ] C:\Windows\System32\wow64.dll
17:21:32.0071 0x0444  C:\Windows\System32\wow64.dll - ok
17:21:32.0086 0x0444  [ 8FE910915F14C9C6A9561D8032B603D3, 4A340DC5E51D892AA34A2111612344604ACB757FE40EDE3DBB4D45E162B04A2E ] C:\Windows\System32\wow64win.dll
17:21:32.0086 0x0444  C:\Windows\System32\wow64win.dll - ok
17:21:32.0086 0x0444  [ CA9EECC6092B9C2CE86D95C04B51BA20, 577388F163A3A899CD372B226F4837DF516E2C338EF497280D58184031BC26C6 ] C:\Windows\System32\wow64cpu.dll
17:21:32.0086 0x0444  C:\Windows\System32\wow64cpu.dll - ok
17:21:32.0102 0x0444  [ F55CB10F43802526018AD72604420878, 784C451F030FC3813F0398F68E77BD0AA637F4BC54DC65496D44A36E0EB365DA ] C:\Windows\SysWOW64\kernel32.dll
17:21:32.0102 0x0444  C:\Windows\SysWOW64\kernel32.dll - ok
17:21:32.0102 0x0444  [ 50CAA7072C171B9887215C83D52069E4, AA1961787F24A6AFF9DD5D0A6110686EA654595D2EB941F5DA702498A662880D ] C:\Windows\SysWOW64\advapi32.dll
17:21:32.0102 0x0444  C:\Windows\SysWOW64\advapi32.dll - ok
17:21:32.0102 0x0444  [ DD477C478902C2E0E7F55F565BD44A44, 06F27D7A20D5402E00AA4AEC6957AC41873F9E8EFB28F9ED25F1F3DD9CE718CC ] C:\Windows\SysWOW64\rpcrt4.dll
17:21:32.0102 0x0444  C:\Windows\SysWOW64\rpcrt4.dll - ok
17:21:32.0117 0x0444  [ 3D4DD2D3D59ABE3BA902778C57D2E004, 8263058DD8064C3DFB8176FE31E0459A6240051A2EB3E513E2D80A64F9ECFAEF ] C:\Windows\SysWOW64\secur32.dll
17:21:32.0117 0x0444  C:\Windows\SysWOW64\secur32.dll - ok
17:21:32.0117 0x0444  [ 25B9C743CA4C90F4D9BE42C1F31038EB, 5885A7553E100C775588EFCE7170EF9A5359748414C3A57C11FE3D2C14A222FF ] C:\Windows\SysWOW64\gdi32.dll
17:21:32.0117 0x0444  C:\Windows\SysWOW64\gdi32.dll - ok
17:21:32.0117 0x0444  [ D29FDB5DEDBDC1BD882164DC6DC4DD53, F77F7E553ABBAC128AF63802994FC473CC355EEB417C9DD5CE5D14F5678F2F69 ] C:\Windows\SysWOW64\user32.dll
17:21:32.0117 0x0444  C:\Windows\SysWOW64\user32.dll - ok
17:21:32.0117 0x0444  [ 17AF64D727545F2804F6E6D998327E3F, CAD50C5321BF522CA6CA74662D032A98705ADD04A8BE38576B8EF0B8CE6DBA8A ] C:\Windows\SysWOW64\msvcrt.dll
17:21:32.0117 0x0444  C:\Windows\SysWOW64\msvcrt.dll - ok
17:21:32.0133 0x0444  [ 420B075CD71AB9E58D15DD258958FBA3, EDD96EDD4D3F1C05E34C769F9C4A1D966DA9B51A3B01CF25E9C5E30281E01AE2 ] C:\Windows\SysWOW64\shlwapi.dll
17:21:32.0133 0x0444  C:\Windows\SysWOW64\shlwapi.dll - ok
17:21:32.0133 0x0444  [ BE3C082837866C4C291ADAF163C10EA6, 9C65ABFE6E11B05C9309B86A87ADDD3557C043D4582E1A29530EBC36D470B13D ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
17:21:32.0133 0x0444  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - ok
17:21:32.0133 0x0444  [ 8C4836F71F2DB629A99CF5A774594C66, 4045FB24E7F90EEA07D011AF73B2A309A908795362AE85114276650F78AA607C ] C:\Windows\SysWOW64\shell32.dll
17:21:32.0133 0x0444  C:\Windows\SysWOW64\shell32.dll - ok
17:21:32.0149 0x0444  [ 9586E7CB2255A8B097A7E4538202585E, 7A65B6268940279D77CE08D695306150A8F8DD9A6878D2A322799AC576960C6B ] C:\Windows\SysWOW64\ole32.dll
17:21:32.0149 0x0444  C:\Windows\SysWOW64\ole32.dll - ok
17:21:32.0149 0x0444  [ B8FBE5F40B09F5D20E1E5CCFEF893D62, 9C635152172C491CE16C0AB7ED423F5483A9B642F4996FDB51657F30AEEA1B97 ] C:\Windows\SysWOW64\imm32.dll
17:21:32.0149 0x0444  C:\Windows\SysWOW64\imm32.dll - ok
17:21:32.0164 0x0444  [ E3C3BD69701CE6B7B17101E4F7740534, 9D6A308A961A1942D7BF8ABEABE6CA87EB13F7710D40F2F767CE4545C18864C6 ] C:\Windows\SysWOW64\msctf.dll
17:21:32.0164 0x0444  C:\Windows\SysWOW64\msctf.dll - ok
17:21:32.0164 0x0444  [ DF37346EA13082E3E1B423B54014E641, 33970BEED71465A3C672A237F836C764C2B78063B315004ABA3BF13A664927F1 ] C:\Windows\SysWOW64\lpk.dll
17:21:32.0164 0x0444  C:\Windows\SysWOW64\lpk.dll - ok
17:21:32.0164 0x0444  [ FB3E5FD7F74BFC301AD3FB7DE670EDCB, 286EB6EA24FC2A29FE8ABBE84DDEDB1B1061ACA2C6CE2D3975CD55C477CD6944 ] C:\Windows\SysWOW64\usp10.dll
17:21:32.0164 0x0444  C:\Windows\SysWOW64\usp10.dll - ok
17:21:32.0180 0x0444  [ DBBB05E1AD745B842BA790A3835637C8, D3EE396F81155506881BDABCD18D07F1159FBF246A4083BDC8D75511822ED2E0 ] C:\Windows\System32\timedate.cpl
17:21:32.0180 0x0444  C:\Windows\System32\timedate.cpl - ok
17:21:32.0180 0x0444  [ 5C45623C1A5EC70BCCB3090DB21BF075, 9869D412B1E788B9A5E1326582575CC3B651645E0A47C1C90166577A581564EF ] C:\Windows\System32\msshsq.dll
17:21:32.0180 0x0444  C:\Windows\System32\msshsq.dll - ok
17:21:32.0180 0x0444  [ 1E642FBD902FB74778F57A76F8D620F5, FB03AC38A844AB5354BBFF211D880D2DCF6D26F3534347A5BADD2CCF29ADD5C9 ] C:\Windows\System32\NaturalLanguage6.dll
17:21:32.0180 0x0444  C:\Windows\System32\NaturalLanguage6.dll - ok
17:21:32.0195 0x0444  [ 90FABA79E004399E5FC69BBBD016CAF9, 7ABF85A942954912BEB62179664CD5D0554AD90538BAC4DC50D4194F6F6B7782 ] C:\Windows\System32\NlsData0009.dll
17:21:32.0195 0x0444  C:\Windows\System32\NlsData0009.dll - ok
17:21:32.0195 0x0444  [ C8E7E069468BC0DEAFE69375421FE839, A3746F7CB8E4E2FE754433F3A1514E432159EB53CC41377FC356A424D1B07C2B ] C:\Windows\System32\NlsLexicons0009.dll
17:21:32.0195 0x0444  C:\Windows\System32\NlsLexicons0009.dll - ok
17:21:32.0195 0x0444  [ 419DC76DA915F8E4B5B418B707BF67D7, 5802BC576F9633DCCF1902DC95DB7E9F9DFEFE1AE0742481625D2783DD24A236 ] C:\Windows\System32\ieframe.dll
17:21:32.0195 0x0444  C:\Windows\System32\ieframe.dll - ok
17:21:32.0211 0x0444  [ E572915DB4DAD7F062D99334D9F10BFF, A20FB2F353A75A902CD9C3A06B40D18EA61C4A7AF3BF75D5827773089539C935 ] C:\Windows\System32\networkexplorer.dll
17:21:32.0211 0x0444  C:\Windows\System32\networkexplorer.dll - ok
17:21:32.0211 0x0444  [ 98B6F9204610EC0B7D2ADFF3E6F058A8, 3D39A14BA5A37042D692189C8F0A593900A58BA162CECD683BCF8E5F93BE53E6 ] C:\PROGRA~2\WI1F86~1\MESSEN~1\msgslang.dll
17:21:32.0211 0x0444  C:\PROGRA~2\WI1F86~1\MESSEN~1\msgslang.dll - ok
17:21:32.0211 0x0444  [ 8BDE3074EE7BB92030448419E33635C7, F76FC025E299FBD5A39079D730DA382C3B2D210CFAD46E3FD5C19F8BCE825C9B ] C:\Windows\System32\linkinfo.dll
17:21:32.0211 0x0444  C:\Windows\System32\linkinfo.dll - ok
17:21:32.0227 0x0444  [ 35FBB6F5993C9EE70CDB72CC8AAB5D38, 9891D0B550E5A42B41B0587E9F71344A6DBD085494BCB4CD1CBA0CDB6A1CAE09 ] C:\Windows\System32\wdmaud.drv
17:21:32.0227 0x0444  C:\Windows\System32\wdmaud.drv - ok
17:21:32.0227 0x0444  [ 17BF3BF5296936B153FDDDA189B60E07, AF13EAE258E3705F8613246DE1ABCEAD5267492210B15449B16482EDD1A57D16 ] C:\Windows\System32\ksuser.dll
17:21:32.0227 0x0444  C:\Windows\System32\ksuser.dll - ok
17:21:32.0227 0x0444  [ 303C4EB5C2FB40F194E2B24CAD7148EF, 72DFD0B7C7611859EA80D466E9EA735CE63BD4AF2F2570766D16211E7A65C579 ] C:\Windows\System32\MMDevAPI.dll
17:21:32.0227 0x0444  C:\Windows\System32\MMDevAPI.dll - ok
17:21:32.0242 0x0444  [ 61C090AFC693640742904A4FA2409BBC, C89DF4C3C6C1F4D3B71E03AF5A8AC0C2CEFAB0676D5FF358E687DAE2319C0305 ] C:\Windows\System32\ExplorerFrame.dll
17:21:32.0242 0x0444  C:\Windows\System32\ExplorerFrame.dll - ok
17:21:32.0242 0x0444  [ 82955BAF6EE545110F7CE768AECA4144, 55535CA714D73512CA4230AF8A059340D15A3D745249439B18334168C8D9F946 ] C:\Windows\System32\thumbcache.dll
17:21:32.0242 0x0444  C:\Windows\System32\thumbcache.dll - ok
17:21:32.0242 0x0444  [ 079C4723655133D5F74A93E232A2E8A8, 2049AEE2D2102087739EAEFC2076355710426AD6A5A360F85DB2460615253504 ] C:\Windows\System32\ntshrui.dll
17:21:32.0242 0x0444  C:\Windows\System32\ntshrui.dll - ok
17:21:32.0258 0x0444  [ 75C34D22D3E7D1D0238B62C55F604BFC, FE2CC757B1BDF057835E4E950D683FD47325EA9AD7B880E1A4746D08212CE768 ] C:\Windows\System32\cscapi.dll
17:21:32.0258 0x0444  C:\Windows\System32\cscapi.dll - ok
17:21:32.0258 0x0444  [ 314C76642049DD4E9B964BC333A620B1, 313AE7FD4F3885623A5582F1E67C4EC4E22B9A4EAB1C1D9C94BA7C0734FAAC32 ] C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
17:21:32.0258 0x0444  C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe - ok
17:21:32.0258 0x0444  [ AB8A460FCEF1AFBFF25F35069795E521, 3F4F97FE5DAD758E58262C431498BEB136AA85929F2BEA9F47C56D805E1CC45F ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
17:21:32.0258 0x0444  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - ok
17:21:32.0273 0x0444  [ 106A5163D2A23CC82C4C94FE7AEF5841, 7795CAF4E6590727D6B81C98400A94DD6A563DA11252B9AE437EE3424E2C9A08 ] C:\Windows\System32\Utilman.exe
17:21:32.0273 0x0444  C:\Windows\System32\Utilman.exe - ok
17:21:32.0273 0x0444  [ 0058E2924F2B6483591FAA7C2A6595A7, 02B56386E7C384E9AE4576C4440038E367D3F636E7B7F00F2CF73E33F7BC1719 ] C:\Windows\System32\msiltcfg.dll
17:21:32.0273 0x0444  C:\Windows\System32\msiltcfg.dll - ok
17:21:32.0289 0x0444  [ 0638E6106FC4E6CC0F93894B7B75DCB2, BA18C33F2BA270ADE73937A4F67537A547481DC125C66D780DF468C1DEDF1E4F ] C:\Windows\System32\msi.dll
17:21:32.0289 0x0444  C:\Windows\System32\msi.dll - ok
17:21:32.0289 0x0444  [ 484ACF6AF85A29AC52F3CF054DFDE9D3, D36A5FFF5BD5DF538457ED4DCF084BCD6E2820A6266B31405EADEED03076946D ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
17:21:32.0289 0x0444  C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe - ok
17:21:32.0289 0x0444  [ 814B65E22070E087479A275AAE1931AC, 5406DBEC5A4083E2C9E061DA585E4CCD6C945BBBBC174882E9B6B12B7BCB2347 ] C:\Windows\System32\control.exe
17:21:32.0289 0x0444  C:\Windows\System32\control.exe - ok
17:21:32.0289 0x0444  [ 21EF4BB2A6FF4116FD83FAEE52D4A416, 9CEC8B999C21DB95624F29C529FB6ADA3F01A24CA7A90452F3BEF0EB92A01A5F ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
17:21:32.0289 0x0444  C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe - ok
17:21:32.0305 0x0444  [ 6BB4C02A220BC1944B1C08A40874541E, B674ADA4A422FAF2590B578DEE82A87E9FCB275DC6F26CDA3AEC79361F66F0E7 ] C:\Program Files\Internet Explorer\iexplore.exe
17:21:32.0305 0x0444  C:\Program Files\Internet Explorer\iexplore.exe - ok
17:21:32.0305 0x0444  [ 729BC4EDE2BAAB91344E00CA1D52E96A, 293C9DE02A8656D1A62499CF3AAA4DB550B753EA98F0AC7DFD519EFCB7DB234A ] C:\Windows\Installer\{16DDB3D1-5C27-4599-9C63-E583287191CC}\iTunesIco.exe
17:21:32.0305 0x0444  C:\Windows\Installer\{16DDB3D1-5C27-4599-9C63-E583287191CC}\iTunesIco.exe - ok
17:21:32.0305 0x0444  [ B51A921F2CA7A068F5025D6EF3C5C8DD, D4917DFEA3CB7989E4847FBE0C676CAFBD23E291A40898AF7B4550DB098FCCBF ] C:\Program Files\Windows Mail\WinMail.exe
17:21:32.0305 0x0444  C:\Program Files\Windows Mail\WinMail.exe - ok
17:21:32.0320 0x0444  [ 32BFF048169F9A57B9BBAF2DC90EAC1B, BD7913A2CDE1AAFD8F1594E742C5C6FEA8C7E3DC62804B0CCAEC507E8CE13608 ] C:\Windows\System32\stobject.dll
17:21:32.0320 0x0444  C:\Windows\System32\stobject.dll - ok
17:21:32.0320 0x0444  [ 72A73B43C20902760022FBC91B3EC948, 4624359D20A235C004FDD0EEB36A14FE35291A1EE8D198149995F64327A7A361 ] C:\Windows\System32\cmd.exe
17:21:32.0320 0x0444  C:\Windows\System32\cmd.exe - ok
17:21:32.0320 0x0444  [ 93E888DA525F3DA1D8A94C174DDCC7C0, 03D5B3B5F019EF23AE0BAB7589ED470F68AD554D399ADA727EBEA18953E23ACC ] C:\Windows\System32\batmeter.dll
17:21:32.0320 0x0444  C:\Windows\System32\batmeter.dll - ok
17:21:32.0336 0x0444  [ F50B03EB7C150E44DF2843F2138D4F70, 9644E42FE83219D31E63D08EAC3DC0A2A2106DA81391ABEDFE69066B9895A516 ] C:\Windows\System32\mlang.dll
17:21:32.0336 0x0444  C:\Windows\System32\mlang.dll - ok
17:21:32.0336 0x0444  [ CA281A77593AF5B620482F60AB45119C, 31B603791C7005B1F40148EBA123F3ADA4695AA9B466738B1A7D01780A2F7445 ] C:\Windows\System32\url.dll
17:21:32.0336 0x0444  C:\Windows\System32\url.dll - ok
17:21:32.0351 0x0444  [ 27336F3CC6B3B53043D0666AC0CA4A7F, BD637D8A01A623255517EF7225973B8B8F824869E60C529034C2B659B29B7C5A ] C:\Windows\System32\notepad.exe
17:21:32.0351 0x0444  C:\Windows\System32\notepad.exe - ok
17:21:32.0351 0x0444  [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] C:\Windows\System32\es.dll
17:21:32.0351 0x0444  C:\Windows\System32\es.dll - ok
17:21:32.0351 0x0444  [ 5C8C51B679B947F3DF948533C0926240, 4F9A986A589AD82F72C6EF7D3AC086D8B4F740EBCE181BA6E86C0C79BDC5EB7E ] C:\Windows\System32\SndVolSSO.dll
17:21:32.0351 0x0444  C:\Windows\System32\SndVolSSO.dll - ok
17:21:32.0351 0x0444  [ FF253B202C460492B9A35C457066CCC0, 1EA884F4DEBE561520A6B8CFCF660864B72A79352FD646EC63E1C842525718A9 ] C:\Windows\ehome\ehSSO.dll
17:21:32.0351 0x0444  C:\Windows\ehome\ehSSO.dll - ok
17:21:32.0367 0x0444  [ F3AF3A7F82CE01D5FFAAA5B60154AFCD, 3E4F937B7F766A16ED98BC52BA32F5CA47B06E05338970B082666F2F4E83A992 ] C:\Windows\System32\HelpPaneProxy.dll
17:21:32.0367 0x0444  C:\Windows\System32\HelpPaneProxy.dll - ok
17:21:32.0367 0x0444  [ 9E341BB55760A87268862E40DBA1CEF0, 002B5C9FC123ED09F55A39C11009E59E09A7D77F051FF51DD05051D02155273A ] C:\Windows\System32\accessibilitycpl.dll
17:21:32.0367 0x0444  C:\Windows\System32\accessibilitycpl.dll - ok
17:21:32.0367 0x0444  [ 829ACD708A96E5BECBA27B8448198E5E, 5885CA8031A2D119B08565504933B8D7AD83848D7CC8AAE6AEF7DE69ABB90106 ] C:\Windows\HelpPane.exe
17:21:32.0367 0x0444  C:\Windows\HelpPane.exe - ok
17:21:32.0383 0x0444  [ 9E3244FE8BA484E98461B8619C86F0D5, 610670629C67940705978189AE16C155B67F175073EE82EFC1032A74A5CBCD35 ] C:\Program Files\Windows Calendar\WinCal.exe
17:21:32.0383 0x0444  C:\Program Files\Windows Calendar\WinCal.exe - ok
17:21:32.0383 0x0444  [ F90ED5EE26169B69A3F915CFD014BA60, 5EFEF448CF695DBEBC278A80D0164AF92E8AE808BAACDAE6519E9C02A2E1E7E8 ] C:\Windows\System32\apds.dll
17:21:32.0383 0x0444  C:\Windows\System32\apds.dll - ok
17:21:32.0383 0x0444  [ AA6FAA30D3D0D4424DBA3D74D1CA1E14, 757F0D5A8C6C28AA5D52AE34E294259D96CD9FB58DA569527A495DAB9CC52DB0 ] C:\Windows\System32\netshell.dll
17:21:32.0383 0x0444  C:\Windows\System32\netshell.dll - ok
17:21:32.0398 0x0444  [ 14CA4D25AB708AC0183459270A6A9C42, D188B0AE14113A904FA6A10FD591DF03A8D682170819ECAD0F5696EF140FBBEE ] C:\Windows\System32\msxml3.dll
17:21:32.0398 0x0444  C:\Windows\System32\msxml3.dll - ok
17:21:32.0398 0x0444  [ DFFB91500638FACA4CDEA50E4E1F02F9, 89D2AF5EDB08478547E33A9D7A3ABBC37B6519428A2E26AC5C12061384AEC161 ] C:\Windows\System32\Magnify.exe
17:21:32.0398 0x0444  C:\Windows\System32\Magnify.exe - ok
17:21:32.0414 0x0444  [ DE95622B09554A70DB4F035D197330BF, F24F87402989B3F3A3328EAB6AD76A38161EC98AFD4EE8E7D5C7B7F0EEE8D3DD ] C:\Windows\System32\pnidui.dll
17:21:32.0414 0x0444  C:\Windows\System32\pnidui.dll - ok
17:21:32.0414 0x0444  [ EEB1D09E04E1ECDEE3D5C09F834093BD, 14D828B0AEAFD978E2A60C884E034DEE7D97C1A59A2B7C6AC7C15A77AD5127AD ] C:\Windows\System32\mshtml.dll
17:21:32.0414 0x0444  C:\Windows\System32\mshtml.dll - ok
17:21:32.0414 0x0444  [ ED99B5F4B9DFE4BECA711F3B0340F931, 7C748861B87C866FBD571A0DF486DAA8C5FCF6F7ABC178332D5F8AF74D208910 ] C:\Windows\System32\QUTIL.DLL
17:21:32.0414 0x0444  C:\Windows\System32\QUTIL.DLL - ok
17:21:32.0429 0x0444  [ 4DD86EDDA09715DC235E41C1F698F041, 63B839F5AA9278C428C4402EE142F71A3F2DAE97FCF8EB199B01E4BA2AA7D3C4 ] C:\Windows\System32\wlanutil.dll
17:21:32.0429 0x0444  C:\Windows\System32\wlanutil.dll - ok
17:21:32.0429 0x0444  [ 7F80E2C493079E9D42CCECC715790E10, 7FF59FA88AC1BB7D80348758DE8E3052A7DFBC0443171B6C062DD1B2FC8E7977 ] C:\Windows\System32\fundisc.dll
17:21:32.0429 0x0444  C:\Windows\System32\fundisc.dll - ok
17:21:32.0429 0x0444  [ 9DD626CC4FB7CAAC19B2F4C33CD6A2A3, 356A67C149434864734BC369376C1B9282FAA812CA69B56C0675775297079363 ] C:\Windows\System32\fdProxy.dll
17:21:32.0429 0x0444  C:\Windows\System32\fdProxy.dll - ok
17:21:32.0429 0x0444  [ 39872A309B2DB96738AF44402F7BD43C, 28313207C1D9C17CA447B58DCA2CF89A4F7120A03DEB253DD00301732FF7A7B6 ] C:\Windows\System32\rasdlg.dll
17:21:32.0429 0x0444  C:\Windows\System32\rasdlg.dll - ok
17:21:32.0445 0x0444  [ FF0729002E081668620A681182D63FE6, F98D5B48CABB8F112BFEA4F7F7652E246B811F78B7AEE4014F8C4354AC5E2203 ] C:\Windows\System32\wuapp.exe
17:21:32.0445 0x0444  C:\Windows\System32\wuapp.exe - ok
17:21:32.0445 0x0444  [ 48DD40677817CE1053C2315F5A87E0D3, 27E6D67E0C62543A5B0BB14814A17240481CEED227A4A58E3E3BEF122039024F ] C:\Program Files\Windows Defender\MSASCui.exe
17:21:32.0445 0x0444  C:\Program Files\Windows Defender\MSASCui.exe - ok
17:21:32.0445 0x0444  [ F77B49A32331FA80F11C86877A6700DB, 1303F3EBE9FC149074E2ADB26C48882C8CC127838ABF9A921C38EE5EE9CE4D15 ] C:\Windows\System32\mprapi.dll
17:21:32.0445 0x0444  C:\Windows\System32\mprapi.dll - ok
17:21:32.0461 0x0444  [ 45C5EAB112D3481A25485B0CF7E3597D, CD02C769E42FA6773D3FC61AF8E402851ED6C76DD654693B7F5CF094376AB435 ] C:\Windows\System32\activeds.dll
17:21:32.0461 0x0444  C:\Windows\System32\activeds.dll - ok
17:21:32.0461 0x0444  [ 80B8B7FF3AADD2156EE969C048644CAF, 4EC1DBE4F21C91DF2BAFDF6E2CFA03348B4A2988202616BECB999C3FE1C5CF3E ] C:\Windows\System32\adsldpc.dll
17:21:32.0461 0x0444  C:\Windows\System32\adsldpc.dll - ok
17:21:32.0476 0x0444  [ 50EBD31C3527366FAFA468BD609F7352, FA53917F73C33F97C4074D7F02BEF7ED8B3C0D418C5B7BB4E0D722A430AB1595 ] C:\Windows\System32\wucltux.dll
17:21:32.0476 0x0444  C:\Windows\System32\wucltux.dll - ok
17:21:32.0476 0x0444  [ 77C276A0E431203EE56E52600A2575EA, 48FCD3B4A3F3DDB034C9B9C968CF7BC31E9C8FA2B0D91275E00215A0144BD613 ] C:\Windows\System32\credui.dll
17:21:32.0476 0x0444  C:\Windows\System32\credui.dll - ok
17:21:32.0476 0x0444  [ 13E47C975E14031E7DC611191B70FD35, E44F4CE3848222084EA889C8D0F7CA1D4BAD86F54DF8F58A7CEBF0814035CA1A ] C:\Program Files\Movie Maker\DVDMaker.exe
17:21:32.0476 0x0444  C:\Program Files\Movie Maker\DVDMaker.exe - ok
17:21:32.0492 0x0444  [ 483E6FE556B3146D5A634B8552FDD15C, B06668814BD0137E3C731C6AA9E8C46ED93DF3CD616E81887F09A687722D083D ] C:\Windows\System32\wlanapi.dll
17:21:32.0492 0x0444  C:\Windows\System32\wlanapi.dll - ok
17:21:32.0492 0x0444  [ BF2DD8B1253FB01CADB9C7C152984C89, 9CECDE12AA3668963AEEB226B064B586FD0D67909D2893E0479433A2DC7975CB ] C:\Windows\ehome\ehshell.exe
17:21:32.0492 0x0444  C:\Windows\ehome\ehshell.exe - ok
17:21:32.0492 0x0444  [ DED15764B578A26BE9E45E7692820549, 9F5448CF3721305D9173251AC5184C6D813FFEA7D5E7BB6AFA145F9980A4176A ] C:\Windows\System32\onex.dll
17:21:32.0492 0x0444  C:\Windows\System32\onex.dll - ok
17:21:32.0507 0x0444  [ B50D0BF177657752B826697259341858, 26F7EA437E9D94D01E839E2DD71222D101862EB27C901F5405D3566420A90A3E ] C:\Windows\System32\eappprxy.dll
17:21:32.0507 0x0444  C:\Windows\System32\eappprxy.dll - ok
17:21:32.0507 0x0444  [ 03FDED7449428CE493432EE35FE5A2FB, 97645AE40FACC5F5D75DA582E19CE5278977C798809E7E87F594DECBEED5AE11 ] C:\Windows\System32\eappcfg.dll
17:21:32.0507 0x0444  C:\Windows\System32\eappcfg.dll - ok
17:21:32.0507 0x0444  [ 8F50FB284B7C97C241F6F53E4C88453B, C40DD2358DDCC10CD85EDC4700C596742BC016139CA3B7FB07E2D2B91119B660 ] C:\Program Files\Windows Collaboration\WinCollab.exe
17:21:32.0507 0x0444  C:\Program Files\Windows Collaboration\WinCollab.exe - ok
17:21:32.0507 0x0444  [ FDAC777249FC4A5ED75FF3F563817FA1, BEC8A33AB3D3605CB712D57F9883497ED651C3C914731BD7320852769CA12D51 ] C:\Windows\System32\AltTab.dll
17:21:32.0507 0x0444  C:\Windows\System32\AltTab.dll - ok
17:21:32.0523 0x0444  [ 6B28D35E4C2C9D9ABA083EE4F9FD51CC, 85E9359335209F0B06F23DCB367A44EF4C52AF839989A6FD8BD9FE041F597C52 ] C:\Windows\System32\WPDShServiceObj.dll
17:21:32.0523 0x0444  C:\Windows\System32\WPDShServiceObj.dll - ok
17:21:32.0523 0x0444  [ A0A92B5F2926C52A3FF415E928BC9301, BAB574578F74AF0D0EA3ADD36E0051DDEA8C5916D30E74EE919D552313D34857 ] C:\Windows\System32\PortableDeviceTypes.dll
17:21:32.0523 0x0444  C:\Windows\System32\PortableDeviceTypes.dll - ok
17:21:32.0539 0x0444  [ 898804F8043BA721AC2E9F45AA55558B, A1DF291473BD8880C3D2E436CD7764C3264D314B05C75005BE5A468E30FE22F1 ] C:\Windows\System32\PortableDeviceApi.dll
17:21:32.0539 0x0444  C:\Windows\System32\PortableDeviceApi.dll - ok
17:21:32.0539 0x0444  [ 5DD36EC36334E0ED4275AA3A55F5D22C, AB532C41032B72C04075B5BC7999763AF1125F543D4A5E16AC5C543B3B18201C ] C:\Program Files\Movie Maker\MOVIEMK.exe
17:21:32.0539 0x0444  C:\Program Files\Movie Maker\MOVIEMK.exe - ok
17:21:32.0539 0x0444  [ 290A15C136531024982698A124F299FB, A61D1DFAF1C99DFCF457EFF6CD6E9802B65E46B0DB4A70F0D16DE44181BAEA56 ] C:\Windows\System32\taskschd.dll
17:21:32.0539 0x0444  C:\Windows\System32\taskschd.dll - ok
17:21:32.0554 0x0444  [ F54D10EA2FE5EC846603A4CABDD6F235, 41D14ABD7FF0DAEEE520191BBEFA0E20F0F6027AD7D4BA86FE2BFB2821691626 ] C:\Windows\System32\mstask.dll
17:21:32.0554 0x0444  C:\Windows\System32\mstask.dll - ok
17:21:32.0554 0x0444  [ 7FB82497FBBF96ACC9E143E7F183BFA7, 18FEA868351AE6CA67E9FF650437F9412CC0DC1AC239C9F921392FD53735D4DB ] C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
17:21:32.0554 0x0444  C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe - ok
17:21:32.0554 0x0444  [ 84F9BAD395DADAFA8E46BE7946B18ECD, 58C15430DA82424F7869367D29744D1F7F1FC6F9F9BEC249FB631990289A73B5 ] C:\Windows\System32\msimtf.dll
17:21:32.0554 0x0444  C:\Windows\System32\msimtf.dll - ok
17:21:32.0570 0x0444  [ 89AEB5FBBE4A5411484C0A211CD44B53, B10F03EC27D902106E84C71E9D9BC7A7DAA2AAA7F338ECEAE416F41D12D14E90 ] C:\Windows\System32\apss.dll
17:21:32.0570 0x0444  C:\Windows\System32\apss.dll - ok
17:21:32.0570 0x0444  [ 7FCAB194F01E3403C300EB034E480B36, 907EBC0ACF0FD4A047DBD20A5FE71F36142162CA5A7A1A6498D5DB5B2AFC70DB ] C:\Windows\System32\msls31.dll
17:21:32.0570 0x0444  C:\Windows\System32\msls31.dll - ok
17:21:32.0570 0x0444  [ B6D5917CF9FDA3B434AD908559EBD2B3, 2F45154B36A4ACEFFC59E6188715FB8ECBEE638F897E0BA8E797E6FD069535B8 ] C:\Windows\System32\srchadmin.dll
17:21:32.0570 0x0444  C:\Windows\System32\srchadmin.dll - ok
17:21:32.0585 0x0444  [ C72A515E6835CB775A01BA4F42B1A730, 6ACA0B2294EA3A605384ED8ACB0F7366F4A445B41C194052E9D4C1CF1A3F2BDF ] C:\Windows\System32\calc.exe
17:21:32.0585 0x0444  C:\Windows\System32\calc.exe - ok
17:21:32.0585 0x0444  [ 378B7C94B5B069B369B936019B184063, 7C66F1A3006A70DC0AFE97ADF351C3AEE6BBE27623F19A16A42C6196E2B3B841 ] C:\Windows\System32\d2d1.dll
17:21:32.0585 0x0444  C:\Windows\System32\d2d1.dll - ok
17:21:32.0585 0x0444  [ D7CEAEDD5F75D2C8A2E80887D7C114CE, 44D7D7BBF8643D4168A3B0369AB88C83A156943FB6295FAF8E131C55F080ED19 ] C:\Windows\System32\webcheck.dll
17:21:32.0585 0x0444  C:\Windows\System32\webcheck.dll - ok
17:21:32.0601 0x0444  [ DB4A027E320B226D33F68C71D85103F6, C20D759ECE3AE87CADF6085A569FFC5D86A649FF9203F4DE8DBB436FEB138B17 ] C:\Windows\System32\mblctr.exe
17:21:32.0601 0x0444  C:\Windows\System32\mblctr.exe - ok
17:21:32.0601 0x0444  [ 819010F7F440CD6ECABB85E372EE6C07, 3F5D3736C8D67BA9EF8A2F7E6CDE32B358D4897E0E3A46BDA0356CDE0A0776C6 ] C:\Windows\System32\DWrite.dll
17:21:32.0601 0x0444  C:\Windows\System32\DWrite.dll - ok
17:21:32.0601 0x0444  [ E55DE59CD89138BD973602F9F202E84D, 716F147B37F994F13463D02F9AB1CD2A7682FCFACC765678B91A5D61480F9866 ] C:\Windows\System32\SyncCenter.dll
17:21:32.0601 0x0444  C:\Windows\System32\SyncCenter.dll - ok
17:21:32.0617 0x0444  [ 63BD471712132D597431407527A57628, 86B762C64AAADFDCEE0136C4578314A9324115E41BA3AD6F268ED797AEAA00E8 ] C:\Windows\System32\dxgi.dll
17:21:32.0617 0x0444  C:\Windows\System32\dxgi.dll - ok
17:21:32.0617 0x0444  [ 48B306A0F08606FEB6C6DD9BDF6E4E0F, D8F3C4E0563F8B6213174D9B73607580CEDA4BB5C563F73A2FC1101090CD3F94 ] C:\Windows\System32\NetProj.exe
17:21:32.0617 0x0444  C:\Windows\System32\NetProj.exe - ok
17:21:32.0617 0x0444  [ 24CE04634824CBCD053A44E58C562C55, CFE8779DE3085FCBE6892CE068052CEF5AE41B87924303956A55BA6D71228BE8 ] C:\Windows\System32\d3d10_1.dll
17:21:32.0617 0x0444  C:\Windows\System32\d3d10_1.dll - ok
17:21:32.0632 0x0444  [ 5C728097E53A5DCCA36518F3A16A10A2, E5897AFD8874C2B674E4BA07AC8989774C9C0FF2587E24386321431D8A50378E ] C:\Windows\System32\d3d10_1core.dll
17:21:32.0632 0x0444  C:\Windows\System32\d3d10_1core.dll - ok
17:21:32.0632 0x0444  [ 61D4DBC6D1C1C98DC935888295A89D01, 8D40D069074E115997A791AE670178D08CEC9EC06A3D8735974A27B73CD9EDE0 ] C:\Windows\System32\NetProjW.dll
17:21:32.0632 0x0444  C:\Windows\System32\NetProjW.dll - ok
17:21:32.0632 0x0444  [ EA47D4DCCA30B0E465293E70456452AA, DA9319722DA9B7D7A81A23C7B2AF09C15538F8EA438D4D78DAD437C351AAE5B6 ] C:\Windows\System32\d3d10warp.dll
17:21:32.0632 0x0444  C:\Windows\System32\d3d10warp.dll - ok
17:21:32.0632 0x0444  [ 70DD82E202BD8022452DC8D2B73231AA, C15338FA59489E1B38C0B5FCEEF8308100A1D765877254CFD5F30B2D150D2916 ] C:\Windows\System32\wscntfy.dll
17:21:32.0648 0x0444  C:\Windows\System32\wscntfy.dll - ok
17:21:32.0648 0x0444  [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] C:\Windows\System32\drivers\cdfs.sys
17:21:32.0648 0x0444  C:\Windows\System32\drivers\cdfs.sys - ok
17:21:32.0648 0x0444  [ EC0A7FB35A11EEF77C76781E122BAF0C, 5340861AECDEDB1544C11AB6131042242E77D7C13C543C149F798F0D5591EB05 ] C:\Windows\System32\mspaint.exe
17:21:32.0648 0x0444  C:\Windows\System32\mspaint.exe - ok
17:21:32.0663 0x0444  [ 2CAB7B034B867AAB48D298F93D04BD3E, 7F7EA5537B64B79F2605A98DF551B4D86B90EAAB422D4153A1BD36A96F89DA44 ] C:\Windows\System32\wscapi.dll
17:21:32.0663 0x0444  C:\Windows\System32\wscapi.dll - ok
17:21:32.0663 0x0444  [ 27CEEAA8E6149FC6F2F9EE5E0BDAC5A5, F916E63D253F9D5EAEAD603382CEF8322C923DBA72AE8FF52736178BA6A95E08 ] C:\Windows\System32\actxprxy.dll
17:21:32.0663 0x0444  C:\Windows\System32\actxprxy.dll - ok
17:21:32.0663 0x0444  [ ED10D55B28FCD8A6DEA09AE3FE20EC3A, B23D98E52367EADB455CACCB4F0776A4F9F73485FA0E7DC0BE90CA54482BA697 ] C:\Windows\System32\imapi2.dll
17:21:32.0663 0x0444  C:\Windows\System32\imapi2.dll - ok
17:21:32.0679 0x0444  [ 30485EC6C84241DDB0BD7B8A2EB6BB3C, 55F55DF2B6E5008665D8CB54B0E470899A4C25899D9497EFF10432DF39040764 ] C:\Windows\System32\mstsc.exe
17:21:32.0679 0x0444  C:\Windows\System32\mstsc.exe - ok
17:21:32.0679 0x0444  [ A77267CDDE66443FB779CEE39CEE2141, 8AF7CB2343156A185F07AF1D08C3407B4366E62CEA1352EA29FF35F46EF2F10D ] C:\Windows\System32\QAGENT.DLL
17:21:32.0679 0x0444  C:\Windows\System32\QAGENT.DLL - ok
17:21:32.0679 0x0444  [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe
17:21:32.0679 0x0444  C:\Program Files\Windows Sidebar\sidebar.exe - ok
17:21:32.0695 0x0444  [ 21F36392598072A73C7576CD8AFD6E70, 9A678206ADAD4F96FD5C0F3DDA51A39B3FAF7908B519586FD03353C36C3E5E50 ] C:\Windows\System32\wbem\wbemprox.dll
17:21:32.0695 0x0444  C:\Windows\System32\wbem\wbemprox.dll - ok
17:21:32.0695 0x0444  [ 0B40AAC953EE451373FB8E26A73ADC94, 4C7AC828B3A1444CF9FCF6E05519F3D7A79C06BA5CD2A2FAB48F58AE0E83CD2C ] C:\Windows\System32\SnippingTool.exe
17:21:32.0695 0x0444  C:\Windows\System32\SnippingTool.exe - ok
17:21:32.0695 0x0444  [ D642A49B5E19B3F5B0B4647FAE27817E, C2351C39BDD2E17723505E4CE214B9FFF83833E5E67741972A9420A84EB7BBEC ] C:\Windows\System32\wbem\wbemcore.dll
17:21:32.0695 0x0444  C:\Windows\System32\wbem\wbemcore.dll - ok
17:21:32.0710 0x0444  [ ECBAA8694660229262B781BEB7DDD625, 608A50E3F88773A5FB0A32272659C619EB3B030EC3E63BC87417FFE8B15B990B ] C:\Windows\System32\SoundRecorder.exe
17:21:32.0710 0x0444  C:\Windows\System32\SoundRecorder.exe - ok
17:21:32.0710 0x0444  [ A41D6AFF8AFD743507887FD7747B35D3, 8CE0B28E4D71723BA021C950B4AEEB7227B7CD89D6597594CDC826336FD051B2 ] C:\Windows\System32\mobsync.exe
17:21:32.0710 0x0444  C:\Windows\System32\mobsync.exe - ok
17:21:32.0710 0x0444  [ 8E29B921BC400F51276F781C4CFB87F6, BAEA7F3F0B412DE9F0F3A7E27DF451796728DE55476831C2AC8B5B1993AD5934 ] C:\Windows\System32\oobefldr.dll
17:21:32.0710 0x0444  C:\Windows\System32\oobefldr.dll - ok
17:21:32.0726 0x0444  [ 37B697901FE364144D634128369098FF, D16F5387D219C6580D61FC407527DF37882C595B72F9C293363D0B9E413223EC ] C:\Windows\System32\wbem\esscli.dll
17:21:32.0726 0x0444  C:\Windows\System32\wbem\esscli.dll - ok
17:21:32.0726 0x0444  [ 11F705A35F4CB2B4D6FA51606A9B8C54, C7F95DEADD310229836A26307C36EBAD51C18B939D0AF2138ABD9F1737BD3E25 ] C:\Windows\System32\wbem\fastprox.dll
17:21:32.0726 0x0444  C:\Windows\System32\wbem\fastprox.dll - ok
17:21:32.0726 0x0444  [ 8F8380E73A04BCB85340B1A3653FB8A5, 0A70536DDF372AA85AD85E106A69AF1AB2BD7D8D72B648C2B817E0C04FFB9CCC ] C:\Windows\System32\wbem\wbemsvc.dll
17:21:32.0726 0x0444  C:\Windows\System32\wbem\wbemsvc.dll - ok
17:21:32.0741 0x0444  [ FAFD25FE1BE024AE20605DCD01F1C435, A723AC1999DD0BF7B05CDDE6957AF06B48CC4896F8BC91F715BAE525C7530DBC ] C:\Program Files\Windows NT\Accessories\wordpad.exe
17:21:32.0741 0x0444  C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
17:21:32.0741 0x0444  [ 1AE49D81622BE6364194F70045F07194, EE85363E15E3C882AB6998EF581AAB6D6F82B012EDDCE0D9071B785B25D639CB ] C:\Windows\System32\wbem\wmiutils.dll
17:21:32.0741 0x0444  C:\Windows\System32\wbem\wmiutils.dll - ok
17:21:32.0741 0x0444  [ 5103B1E343F2D5FBDFA8D0318ABC59C4, 0D4ED9E7D91A0D3F25E593F2499509E663D12E9AF2D24245F7A35F47F4AF6031 ] C:\Windows\System32\wbem\repdrvfs.dll
17:21:32.0741 0x0444  C:\Windows\System32\wbem\repdrvfs.dll - ok
17:21:32.0757 0x0444  [ CE881FB400AAFE32D3DC0A7561B547C2, A7A07EE152F9ED6BE6B2E32D58674E5915BB0CDFBECD3C66A18A16CE0F19A8C2 ] C:\Windows\Speech\Common\sapisvr.exe
17:21:32.0757 0x0444  C:\Windows\Speech\Common\sapisvr.exe - ok
17:21:32.0757 0x0444  [ 4FDF6B8B9449D4AF1D98A0705CB6747D, 9712BDD2B1525DE442BAA4A38EDF9E60A7C1DFE46F8DB04786C44AA9AC62229A ] C:\Windows\System32\Speech\SpeechUX\sapi.cpl
17:21:32.0757 0x0444  C:\Windows\System32\Speech\SpeechUX\sapi.cpl - ok
17:21:32.0757 0x0444  [ C1303E3D550F2934BA825A80D335D18A, 068DB5642862B42D8EE4E51E9FF67E001C4E519AB6DD64BD55753572BC33ABE2 ] C:\Windows\System32\sdclt.exe
17:21:32.0757 0x0444  C:\Windows\System32\sdclt.exe - ok
17:21:32.0773 0x0444  [ 38D057FA41217FB904B3A0BC34B8D367, 86B73785A27C4A2B2691BCAE37B59DC2ADF7CEB85D1ABFA616EA8D0D7565B386 ] C:\Windows\System32\charmap.exe
17:21:32.0773 0x0444  C:\Windows\System32\charmap.exe - ok
17:21:32.0773 0x0444  [ E1748B86DC11BACA3400B92BB21913CE, 49C5917AA52877D416B55CD1E2283043F99A16CC4C7A5FA2A5156E68BF5B44D1 ] C:\Windows\System32\dfrgui.exe
17:21:32.0773 0x0444  C:\Windows\System32\dfrgui.exe - ok
17:21:32.0788 0x0444  [ 10DEAF6B32EB834F5C534EB942111FA8, 6DCC7A661B969A8B9B1E0F9AC1903386B1558B4DC855F5A3E4E59BB6CA255C84 ] C:\Windows\System32\migwiz\migwiz.exe
17:21:32.0788 0x0444  C:\Windows\System32\migwiz\migwiz.exe - ok
17:21:32.0788 0x0444  [ A4AF702E6BB80D014C56EDE22C6BC423, 77B143DD444BA8C6D4615F6D3E92206EB5A5F643C51CC1CB4120DA1A2E95AD1B ] C:\Windows\System32\msinfo32.exe
17:21:32.0788 0x0444  C:\Windows\System32\msinfo32.exe - ok
17:21:32.0788 0x0444  [ E946553F786521C073AABC7CD0714807, 27D87DB89DF24E1C340A1466C9DA18CEF0552D5668C14387AA80E84AA96D2463 ] C:\Windows\System32\wbem\WmiPrvSD.dll
17:21:32.0788 0x0444  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
17:21:32.0804 0x0444  [ 8DBF26D220D8EE44D7A6286BE2F2C767, C56C8DFA98ADA2C065A2440317E5A452F3E12B417CD9882B489F402FC3C273E3 ] C:\Windows\System32\rstrui.exe
17:21:32.0804 0x0444  C:\Windows\System32\rstrui.exe - ok
17:21:32.0804 0x0444  [ 8D94313E7A7786997B4C362B7CCB5D29, D2EA4847717BAE0D409DF1A08FEE5C44232BCDA6FD21D6062E2A5CA0718C27B5 ] C:\Windows\System32\wbem\wbemess.dll
17:21:32.0804 0x0444  C:\Windows\System32\wbem\wbemess.dll - ok
17:21:32.0804 0x0444  [ DB83DA870C2C9A612A07A635444BA846, 7EE35F5647BC0A8A037EC25AC825853638C16139A7E6845B24A3EA3EA7ACA713 ] C:\Windows\System32\miguiresource.dll
17:21:32.0804 0x0444  C:\Windows\System32\miguiresource.dll - ok
17:21:32.0819 0x0444  [ 549D573FE2B83C3ECF7553E8996DFA17, CCB06A0EA980B5C07CC2E4BC924B74D1C553E5F608E3713097B7F3CCFFE3626E ] C:\Windows\System32\StikyNot.exe
17:21:32.0819 0x0444  C:\Windows\System32\StikyNot.exe - ok
17:21:32.0819 0x0444  [ 7D2CB10042CAC091DE7BC04AFF27CF9E, DDFFD0BE0386796FD1D2E1BF2B1EF5289E50C3D1CE8F5AF51DB9D93287F7F2E5 ] C:\Windows\System32\wbem\unsecapp.exe
17:21:32.0819 0x0444  C:\Windows\System32\wbem\unsecapp.exe - ok
17:21:32.0819 0x0444  [ A4E789205FB6C1FC0FB2FD3898455F57, 920F8F7C9AC0008F4682410D2569EAB49CFB9BA7F9BDB221391AF808B30C0569 ] C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
17:21:32.0819 0x0444  C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe - ok
17:21:32.0835 0x0444  [ 4F69B3864A6FA36744E275BABD731B74, A3EA83C0AF7337C778E52519A314EB902C6CCE48322C164B1F48FC7720841870 ] C:\Program Files\Windows Journal\Journal.exe
17:21:32.0835 0x0444  C:\Program Files\Windows Journal\Journal.exe - ok
17:21:32.0835 0x0444  [ E97B6931B5629D7E9F6EE29A68FD6123, B629CE14E3C762C92A94E600819EBB626C244006EFFD4B926E006911F9601D8D ] C:\Windows\System32\wbem\WmiPrvSE.exe
17:21:32.0835 0x0444  C:\Windows\System32\wbem\WmiPrvSE.exe - ok
17:21:32.0835 0x0444  [ 11D415DB881C617288D3CB81BB1FE51D, A39662615A7322EACBE22ADE7332287846DDD220D9A551B902D5078222D8FEAE ] C:\Windows\System32\wbem\NCProv.dll
17:21:32.0835 0x0444  C:\Windows\System32\wbem\NCProv.dll - ok
17:21:32.0851 0x0444  [ F347FD7DD03B3408691049CDE0ABB6B6, 2D3C9F77D09B9C52F4B815F3C929DF7220F1C579BF80F538EC710F8D389FBB6F ] C:\Windows\System32\wbem\wmiprov.dll
17:21:32.0851 0x0444  C:\Windows\System32\wbem\wmiprov.dll - ok
17:21:32.0851 0x0444  [ BADF546E20F3B6A8630EA80EB9E657C3, C1AF005D11720BB26191B23D6215091FE96211B16525DA2438EC2A7D51A38EFA ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
17:21:32.0851 0x0444  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - ok
17:21:32.0851 0x0444  [ 98C42F36A13C25E099F1E081EB4EC59D, E25CCC5088763896A740E812554E20B60A1DB47B315C1CB7E66DE151E27FA5A4 ] C:\Windows\System32\wmi.dll
17:21:32.0851 0x0444  C:\Windows\System32\wmi.dll - ok
17:21:32.0866 0x0444  [ 06FDEA0167BAD4CDE26210F92F33FDBA, 700E491D8A0EF666A3D9753A5A4271484E91BB5C776211E44521811A79646541 ] C:\Windows\System32\wbem\wbemcons.dll
17:21:32.0866 0x0444  C:\Windows\System32\wbem\wbemcons.dll - ok
17:21:32.0866 0x0444  [ 590D8BF1D514FC519CEFE9C1815FE41D, 9C4FC9FBDD5AF27383A8F06D0F87C04EC5BC0E0112DF4B8219B7D52409F75F9E ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
17:21:32.0866 0x0444  C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe - ok
17:21:32.0866 0x0444  [ 8AA015739AA5D31E19E853FD1554C769, 834C91365756469E28B8B7950D90C7A5BAD3E05239206AB5B8B53E448D79C891 ] C:\Windows\System32\mycomput.dll
17:21:32.0866 0x0444  C:\Windows\System32\mycomput.dll - ok
17:21:32.0882 0x0444  [ F91D87E625D94F74477525861F7B38D7, 1A76858AB718F86504977D77D1E2DFD400F655CD91B6C5829CBF78899258EDC9 ] C:\Windows\System32\odbcad32.exe
17:21:32.0882 0x0444  C:\Windows\System32\odbcad32.exe - ok
17:21:32.0882 0x0444  [ 53E401AE1E8CEF522E00576650CC11EB, 0885036F9021018C1FB4D0A6D55463770C20A5FAC10F14197F857FD235225961 ] C:\Windows\System32\odbcint.dll
17:21:32.0882 0x0444  C:\Windows\System32\odbcint.dll - ok
17:21:32.0882 0x0444  [ 688844EFB733D426D90A56499B5DC6CD, 30D9D41798B9F5E3F2C6AA0B0377084A852540DF9057FED406072643CD87F5D3 ] C:\Windows\System32\iscsicpl.exe
17:21:32.0882 0x0444  C:\Windows\System32\iscsicpl.exe - ok
17:21:32.0882 0x0444  [ 8BAFE3351162FB7CD8E392BA93B25EB4, 0762F778A6CEB85DEA2D7B83D9B528226C8D3AB373565B01A67C0F3607D68C11 ] C:\Windows\System32\iscsicpl.dll
17:21:32.0882 0x0444  C:\Windows\System32\iscsicpl.dll - ok
17:21:32.0897 0x0444  [ BEEBCBC84D58FC34B3C9DD3A24BB8F24, 15F9404625454B19D3DFAD6C8CBB467AC4E86B90E9BEAC1959B017F2D2589E38 ] C:\Windows\System32\MdSched.exe
17:21:32.0897 0x0444  C:\Windows\System32\MdSched.exe - ok
17:21:32.0897 0x0444  [ DBC0B012A13C7738871D569005DEB5D1, 0A8EAC95732D1F966DC869B977B8D730F3271AB3D4A24BE628CBB5C4A83E63D4 ] C:\Windows\System32\bthprops.cpl
17:21:32.0897 0x0444  C:\Windows\System32\bthprops.cpl - ok
17:21:32.0913 0x0444  [ 832726DEFA39BBA2D34C9E20CEA471C0, C4BCD79E6B6DCB1464C3344050CC0F95A3EB0A75F52D8B0AE52931879B5842CE ] C:\Windows\System32\wdc.dll
17:21:32.0913 0x0444  C:\Windows\System32\wdc.dll - ok
17:21:32.0913 0x0444  [ 256AD83B5C6B3F36247AFCF3A95EFCF9, 23105ECCDBED8D4462C50A1D93D7D46F6A4B2F8B4FA3BDC78DA123077E71C774 ] C:\Windows\System32\filemgmt.dll
17:21:32.0913 0x0444  C:\Windows\System32\filemgmt.dll - ok
17:21:32.0913 0x0444  [ 70071E1657823DA231713D74A9CC8ECA, C1CCCDA359ADA38F2D3FD8C2A00002DC11000F2145047D67E30B0977DE6EF646 ] C:\Windows\System32\rasadhlp.dll
17:21:32.0913 0x0444  C:\Windows\System32\rasadhlp.dll - ok
17:21:32.0929 0x0444  [ 8449D81B9FB1CCADEC3E64F30E1076C7, B63EBD8A1718393A89AFB912CAD552B552ED2F230D3524F106DA4D04905B6B8C ] C:\Windows\System32\winrnr.dll
17:21:32.0929 0x0444  C:\Windows\System32\winrnr.dll - ok
17:21:32.0929 0x0444  [ F1F799F596CA296EE9725EFEA01A63D7, 003C49BA5B5F2D864C48F633D9B42E2A00194ADEB65AEB861CFCEA4D00F071F4 ] C:\Windows\System32\msconfig.exe
17:21:32.0929 0x0444  C:\Windows\System32\msconfig.exe - ok
17:21:32.0929 0x0444  [ E849BBF4D8045C3E6BF7A23FA91E36AB, 29E5B33F64ECCA6D85C40AFEDDE33A3659E1D9F3E581670452C6D3376FE3E0FB ] C:\Program Files\Bonjour\mdnsNSP.dll
17:21:32.0929 0x0444  C:\Program Files\Bonjour\mdnsNSP.dll - ok
17:21:32.0944 0x0444  [ 03C1410DBD7B35D105B732424FEB7516, FA0DA34211E7C6F868F24D748A854EB9A60435FC22C825D585ABEA0C86930EF0 ] C:\Windows\System32\AuthFWGP.dll
17:21:32.0944 0x0444  C:\Windows\System32\AuthFWGP.dll - ok
17:21:32.0944 0x0444  [ E4D4500B9F619DF2F1765FE259B12A4F, 3AD36AE911C791000B0BF7AC3800CCC57F4F06432BC7FF3C5DD318758438F4F1 ] C:\Windows\System32\WindowsAnytimeUpgrade.exe
17:21:32.0944 0x0444  C:\Windows\System32\WindowsAnytimeUpgrade.exe - ok
17:21:32.0944 0x0444  [ 23E4E5A6876082BADECA7B80DD7B21C0, 3980F04666A89D1E0C5F9703872A430F2529E965BCAA9A53499E46D6B6C4669B ] C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
17:21:32.0944 0x0444  C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll - ok
17:21:32.0960 0x0444  [ DF4F9708003752B4C475300BEC1F042B, 0AF84CAC16B2E28732D829D42AEDBE367B8891E97222B2FF64495580346C0725 ] C:\Program Files\Microsoft Games\Chess\Chess.exe
17:21:32.0960 0x0444  C:\Program Files\Microsoft Games\Chess\Chess.exe - ok
17:21:32.0960 0x0444  [ CD2B49ACFAD057AD5577AA26040CC052, 2DADA82A1B1E111048DF041D8D43FB64F36941FA671D18BAA826487D3FF85982 ] C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
17:21:32.0960 0x0444  C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe - ok
17:21:32.0960 0x0444  [ F2DB8923DBF9491BC7D387E305505CF5, 5932E56E9AE00D9439DCF891E175D4C29E511D1C331146E01A5BB110DB51005B ] C:\Windows\System32\gameux.dll
17:21:32.0960 0x0444  C:\Windows\System32\gameux.dll - ok
17:21:32.0975 0x0444  [ 69C0460E837047E172A3B92858ED7AB3, C605723F4D53A01D0964183930F40F7D8F357DC7D3F89EA385C04E7526B8B0AE ] C:\Program Files\Microsoft Games\Hearts\Hearts.exe
17:21:32.0975 0x0444  C:\Program Files\Microsoft Games\Hearts\Hearts.exe - ok
17:21:32.0975 0x0444  [ B4761127BA6B6353566FF735EC22F4A4, FD91FC32AD137E0115FCAA881CFD3A87BBF56C6C8D1ECE9719DEEF6197CB484A ] C:\Program Files\Microsoft Games\inkball\inkball.exe
17:21:32.0975 0x0444  C:\Program Files\Microsoft Games\inkball\inkball.exe - ok
17:21:32.0975 0x0444  [ A0CB916FDBB52C039F5D482701645E86, BFFFC902F207852887F0F1BF4916ECF4821F36362AB63B4FC78E930AD59C40A8 ] C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
17:21:32.0975 0x0444  C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe - ok
17:21:32.0991 0x0444  [ 45EEA3DBE0182FBCFCF9B1F286178BB9, 22D2FC8BDBA82FECAF20B0B658DA4A1618BE20F5BB77CE1315186D6CD4830604 ] C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
17:21:32.0991 0x0444  C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe - ok
17:21:32.0991 0x0444  [ C4E6DF4D491A82DFF4EA56BD4C3A6633, F108AE5329F2AA4975C1BF4D9201E0AE737F5499BC4CA9F0928B231A95BF285E ] C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
17:21:32.0991 0x0444  C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe - ok
17:21:32.0991 0x0444  [ 4EF7F56C5D3D3FC63E7296F2A3D283D5, A334DD6921B540A491A6711FF54A00FCC77A4501E1929B35B5ABBA768FCF16AE ] C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
17:21:32.0991 0x0444  C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe - ok
17:21:33.0007 0x0444  [ EF4C006CC67119A5E3EA534EC85BEA23, 6DB78D3FDFBABF44FE51F2763BE8F80DADF9D3BF08B431ADC3CE10CD4C6CC218 ] C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
17:21:33.0007 0x0444  C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe - ok
17:21:33.0007 0x0444  [ 87A8A8CD2263546A3BECA12C0AB21039, 3BF2F3560A4F34C63354ECA1D32824204BA71E45CAE681E146DA8AC7BFC4794B ] C:\Program Files (x86)\HP\Digital Imaging\{0411A7A4-23D4-47ad-B109-3CBE7E8093F1}\setup\hpzscr40.exe
17:21:33.0007 0x0444  C:\Program Files (x86)\HP\Digital Imaging\{0411A7A4-23D4-47ad-B109-3CBE7E8093F1}\setup\hpzscr40.exe - ok
17:21:33.0007 0x0444  [ E21FFFE678FF09BAA6BF5F76BD8805C6, 2C712CE19EB3BD51CDB3097C04FE38E6B5683277437EE39289806089F5A67481 ] C:\Windows\System32\esent.dll
17:21:33.0007 0x0444  C:\Windows\System32\esent.dll - ok
17:21:33.0022 0x0444  [ EF6D2BC5AF87B6DDFB52245FF77046B7, FB33FBB21A4B1503CED8FDD79D4E1E2EC96E3F81CB5811887BC3F1786F9E9627 ] C:\Windows\System32\brcpl.dll
17:21:33.0022 0x0444  C:\Windows\System32\brcpl.dll - ok
17:21:33.0022 0x0444  [ 406121C827A2901E72DAB2197DAE180E, 6D760B5546DA1353ED7E794709212DF3BC6031EFD782757AE71B17672FE9B0E9 ] C:\Windows\System32\wercon.exe
17:21:33.0022 0x0444  C:\Windows\System32\wercon.exe - ok
17:21:33.0038 0x0444  [ 5767ED421A03FA524B5F18A2C28C1143, 72AD4D6B329DE43468649CE5E674DBF23BFACC3D55FD23250CDED818F4718D1E ] C:\Windows\System32\msra.exe
17:21:33.0038 0x0444  C:\Windows\System32\msra.exe - ok
17:21:33.0038 0x0444  [ FEE042C44E3A138F870D33C7FDDD977B, 1AC43DA7F521821406E6E6B21AE7A46944DE5C5C938D2E858618D55125BB6E4F ] C:\Windows\System32\msxml6.dll
17:21:33.0038 0x0444  C:\Windows\System32\msxml6.dll - ok
17:21:33.0038 0x0444  [ 7E2CF680C69680064D43F4FFE5831DD1, 3FD37F06F33A04FCB402FDDB1CA521BAAF67D4644336AA27ECA877CEEF18588D ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
17:21:33.0038 0x0444  C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe - ok
17:21:33.0053 0x0444  [ C0F4A57BA5E09A28AE3D2F67ED219EEA, F2069979F2EA7BCC37E894A0FE1EB3A0D554878696C97827D62A13D9B0A84076 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
17:21:33.0053 0x0444  C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe - ok
17:21:33.0053 0x0444  [ FF6669F7A1782D54E338F5C6EC806E1E, E12665302D63645A192DF9AD7AA40A21057D2E5FBCE66014C5EB423D70AD5EA8 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
17:21:33.0053 0x0444  C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe - ok
17:21:33.0053 0x0444  [ E1AB2AC4A4D50B479DF1B1CEA4A7409B, D6F5BAAEC7ADED682C8681F4A76238AE7AF0FBD537FCCA91B76559A7DFC7CB14 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
17:21:33.0053 0x0444  C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe - ok
17:21:33.0069 0x0444  [ 3E5AA6A816FA331E64C38A45C6FF5637, 094A4038FBB1677C1AA5AB8377BC15CB5CF809C7012265A19FACB8A47E4848E2 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
17:21:33.0069 0x0444  C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe - ok
17:21:33.0069 0x0444  [ 086BF9F68879020F08E62F33807F5842, A9063AAE016353CBB8AD9BF82A4A4B24D1449810569777BA56100114C8742A60 ] C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIconDll
17:21:33.0069 0x0444  C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIconDll - ok
17:21:33.0069 0x0444  [ 8B84B3ECFB9D6B50B989D6DB8143F365, 68D29E545621B7DFAB904B200546E1AEB1B7A8A574DC03C4BE000AD9FF54FAE9 ] C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
17:21:33.0069 0x0444  C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe - ok
17:21:33.0085 0x0444  [ 5D9117D799DE1FCDD8D10A32D3CA50CD, 3E7E0723F8D2DCB73829095C4EA146A8FA25B8165CFD48F911775D32DE9F58E8 ] C:\Windows\System32\d3d10.dll
17:21:33.0085 0x0444  C:\Windows\System32\d3d10.dll - ok
17:21:33.0085 0x0444  [ 0568B66320C9D4796576EDA97823B8AE, C950D603B68F1FAF955D8447CF73330E27F959BFFB3BFB297503A453C69C8527 ] C:\Windows\System32\d3d10core.dll
17:21:33.0085 0x0444  C:\Windows\System32\d3d10core.dll - ok
17:21:33.0100 0x0444  [ 40201F5E19D6186356FBF5D5C96D3E2E, 552309FD2002AE9B82F9667E32342CF2C29BD6F0C4184B53B08638329A53D614 ] C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
17:21:33.0100 0x0444  C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe - ok
17:21:33.0100 0x0444  [ 95B9E747FB0AA28F97F8EAAD9711F5E5, EC6BE3D9E52913DD7C1A888D4D875F5A1B2D2ADFB016C09E8711A50F5A1A0C01 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
17:21:33.0100 0x0444  C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
17:21:33.0100 0x0444  [ 75EB974222F293159427F9A77A5F3C6A, CE554F76E595F327A88D2A785F7CF7DC14B32BC2079E3A7263E31FA4AC8D4B92 ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
17:21:33.0100 0x0444  C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll - ok
17:21:33.0116 0x0444  [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7, 690F12C490BEE2BF17AB7B6804E6E9B96F51C304350CCDE80FE5C7EEFA89720E ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
17:21:33.0116 0x0444  C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
17:21:33.0116 0x0444  [ 32373D1783A9425F8C1FB5A86FD9CDE6, 3C3908B5B1509335A62646BD668CFF691D9AECF9BF96E9AF01B0C64A2AAFC213 ] C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
17:21:33.0116 0x0444  C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll - ok
17:21:33.0116 0x0444  [ 6533D4E37325E51C4305CBC49498BCAB, 9A92493668D313771DB011C6FD2BF7B894B97281BC5E3C3DEE5C104372A33DCA ] C:\Users\MAGGIE\Downloads\FRST64.exe
17:21:33.0116 0x0444  C:\Users\MAGGIE\Downloads\FRST64.exe - ok
17:21:33.0131 0x0444  [ B16C31FDD41C2265785F31A53AD85AB2, 57AE812C2B35902873B1F912D6080B639E8D30FDBD2F5EF7C103C0737A8AA51A ] C:\Windows\System32\PhotoMetadataHandler.dll
17:21:33.0131 0x0444  C:\Windows\System32\PhotoMetadataHandler.dll - ok
17:21:33.0131 0x0444  [ 2AD9820E4B17E78110A6AA06BF5C1CE2, 330A62FC255D24FCF7904B11CD533A9A06C1EBDBD90491A11960317759E7F4D0 ] C:\Users\MAGGIE\Downloads\tdsskiller.exe
17:21:33.0131 0x0444  C:\Users\MAGGIE\Downloads\tdsskiller.exe - ok
17:21:33.0131 0x0444  [ 0317420D419E1885894B3ED9D375D245, 17F4C64CA4FE560F09DA4C1D13D62B525B5C7B6FDD44B846C6953D595D83CF3D ] C:\Windows\SysWOW64\crypt32.dll
17:21:33.0131 0x0444  C:\Windows\SysWOW64\crypt32.dll - ok
17:21:33.0131 0x0444  [ EE2FF9A3FC4404234BE3B7C6AA383AF8, 51BF3C48BE9BF81A800EF5B247E03C78980B3FFFF37688C42C0F253351EEF4C1 ] C:\Windows\SysWOW64\msasn1.dll
17:21:33.0131 0x0444  C:\Windows\SysWOW64\msasn1.dll - ok
17:21:33.0147 0x0444  [ B218342214D9BBA0F54EA12BA2E9278C, 0B68D881F3B60068C250A97492B81DB8463FFB4FDADC26CD14E2255472A6A2A0 ] C:\Windows\SysWOW64\oleaut32.dll
17:21:33.0147 0x0444  C:\Windows\SysWOW64\oleaut32.dll - ok
17:21:33.0147 0x0444  [ 665417528489096BBCB8AEA46D3DA924, BB0D895B481EFA6ED024C979238F5F482DF0A53912575A47EB4E9C643919112A ] C:\Windows\SysWOW64\userenv.dll
17:21:33.0147 0x0444  C:\Windows\SysWOW64\userenv.dll - ok
17:21:33.0163 0x0444  [ 551F51B66E5EA87A38D8197EB3BDB57A, 2006D0418848EAA2361C26D18246D0BAA646B6F25F2C0035BDC82967E9BD73F1 ] C:\Windows\SysWOW64\setupapi.dll
17:21:33.0163 0x0444  C:\Windows\SysWOW64\setupapi.dll - ok
17:21:33.0163 0x0444  [ 69827805A221C21450BA22F4326A2EE3, 2580CEB58BE4AEF7DEB134F3AD251188CAED05BC992B4FA977CCD11BD583BE5E ] C:\Windows\SysWOW64\version.dll
17:21:33.0163 0x0444  C:\Windows\SysWOW64\version.dll - ok
17:21:33.0163 0x0444  [ DBD02E3E6F061EBBBF9B99A9D7CBA30B, 2C65C129BD1D4279B78E7EDF83F6FB398B705A56A99942F4CA61C9E52D21D25A ] C:\Windows\SysWOW64\winhttp.dll
17:21:33.0163 0x0444  C:\Windows\SysWOW64\winhttp.dll - ok
17:21:33.0178 0x0444  [ 09EA40F4DAD2EDB3587E5E0BAA9C3E15, 45EDA279BD838BD65702762E4EFEDA8F4178F9478E21678B8C75D1AA4015906E ] C:\Windows\SysWOW64\imagehlp.dll
17:21:33.0178 0x0444  C:\Windows\SysWOW64\imagehlp.dll - ok
17:21:33.0178 0x0444  [ D16A740186870C32941C0E61DF4F1298, 070E994DC851F9E397CCABCB2227D3E4E096463E89BF34E3C09896BF9A08C91E ] C:\Windows\SysWOW64\wintrust.dll
17:21:33.0178 0x0444  C:\Windows\SysWOW64\wintrust.dll - ok
17:21:33.0178 0x0444  [ 88B630F6AEB5A11F6AD064930B38C2C0, 176B0A652D36D4C144838013D402DF9CFCF1F8FE9F378651BF52B58DA33DBF15 ] C:\Windows\SysWOW64\uxtheme.dll
17:21:33.0178 0x0444  C:\Windows\SysWOW64\uxtheme.dll - ok
17:21:33.0194 0x0444  [ B304D47D5744BA20FCB99FB8B2C07B0B, 16AAD9264CAB5B5489E2CF8F118132EA46FE9066B4C4320C0259BE88EBD111C8 ] C:\Windows\SysWOW64\ws2_32.dll
17:21:33.0194 0x0444  C:\Windows\SysWOW64\ws2_32.dll - ok
17:21:33.0194 0x0444  [ A64AEBC6C78B4CFD7F41A7277879DF8F, 2283E1D5D5ACF66B6C71A7755577F0A03DB5FC213E5D7DB067C9B7B6E805C202 ] C:\Windows\SysWOW64\nsi.dll
17:21:33.0194 0x0444  C:\Windows\SysWOW64\nsi.dll - ok
17:21:33.0194 0x0444  [ 8617350C9B590B63E620881092751BCB, 4D16A2197F9ED9062CFD93061294FB8E1068071D03E72B6CF3C7256F1B454A9B ] C:\Windows\SysWOW64\mswsock.dll
17:21:33.0194 0x0444  C:\Windows\SysWOW64\mswsock.dll - ok
17:21:33.0209 0x0444  [ 9E80FF0752E365F97FD2D1D68C2AFDA1, 07924F0966A05A992130D29BBF634214D0DFE4081851ED18B1E334437DD008D0 ] C:\Windows\SysWOW64\wship6.dll
17:21:33.0209 0x0444  C:\Windows\SysWOW64\wship6.dll - ok
17:21:33.0209 0x0444  [ 22CFAEB9172F5F198048401485CD0571, 94E0B8590268BD21B035297F5B0C01A4E8958A1DB39A5AA654EA1805BD30CEC2 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
17:21:33.0209 0x0444  C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
17:21:33.0209 0x0444  [ D1A84F7D4CAFCFE2A32149FF418056E5, 1BF29E5E1C541F36DEDCD0DDCCCA0F35D19E94D2655055EE2477439940BAAFF1 ] C:\Windows\SysWOW64\nlaapi.dll
17:21:33.0209 0x0444  C:\Windows\SysWOW64\nlaapi.dll - ok
17:21:33.0225 0x0444  [ 4FE8425F21B3F0F8C4B4726351D43EAA, F45C1429BD60EEAB7BE8C2114B9C819CED7583249CEE1AB234A8A05A484528A9 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
17:21:33.0225 0x0444  C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
17:21:33.0225 0x0444  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] C:\Windows\SysWOW64\dhcpcsvc.dll
17:21:33.0225 0x0444  C:\Windows\SysWOW64\dhcpcsvc.dll - ok
17:21:33.0225 0x0444  [ 85E861D0B88DB2B54ACB0839654C09F7, 751E4F1F282C3798712AFF551D1525D5D65B5E8229689862AAB0BBDCC35A5925 ] C:\Windows\SysWOW64\dnsapi.dll
17:21:33.0225 0x0444  C:\Windows\SysWOW64\dnsapi.dll - ok
17:21:33.0241 0x0444  [ 6B09105742C75DF80CEF21700F20F55A, D781C5F22BEBB5C51B7792EBB4421C170F2CC5FE28E9245E9D6B9D22E33423AB ] C:\Windows\SysWOW64\winnsi.dll
17:21:33.0241 0x0444  C:\Windows\SysWOW64\winnsi.dll - ok
17:21:33.0241 0x0444  [ DFB6B71CDABA9DFB49C9D2B318B97A1A, F380B9A28D56DEC902154A0251B58BD3576355EDE2CD13CF47D7F4DBE3D61C97 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
17:21:33.0241 0x0444  C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
17:21:33.0241 0x0444  [ FC62A635063B762E1C3C60EA77279378, 9C7ADE37C9F2F9CC5A79D75260736C3791C7A73FB84BE6B7E575CA31A4B99667 ] C:\Windows\SysWOW64\NapiNSP.dll
17:21:33.0241 0x0444  C:\Windows\SysWOW64\NapiNSP.dll - ok
17:21:33.0256 0x0444  [ 690D41DF1D555F96D4898A0F54EBA065, 3A8C9304D49657765DF0FCCEAE2A529982025D8677CCA5930824921F77B8F404 ] C:\Windows\SysWOW64\pnrpnsp.dll
17:21:33.0256 0x0444  C:\Windows\SysWOW64\pnrpnsp.dll - ok
17:21:33.0256 0x0444  [ C411C80F90D6732380352B98B37BBD53, FC5A45F208072249CAA1CA9A602FEBAD24A87166628275AC15FE37B7EEF00A40 ] C:\Windows\SysWOW64\winrnr.dll
17:21:33.0256 0x0444  C:\Windows\SysWOW64\winrnr.dll - ok
17:21:33.0256 0x0444  [ B8A609FB5EFB4E44FC1355B1C01C64BC, BB84036F8F16C6E2069FD8B18078A7E6CC98B513285FB1A8DC727B395C9E3A12 ] C:\Windows\SysWOW64\Wldap32.dll
17:21:33.0256 0x0444  C:\Windows\SysWOW64\Wldap32.dll - ok
17:21:33.0272 0x0444  [ 93A1732F7F997E36A5C3893539E2FF02, 40B6F7A67F90E5D9948385418BD22BBD29DE86A151B35D1001081A61CA5FC612 ] C:\Windows\SysWOW64\psapi.dll
17:21:33.0272 0x0444  C:\Windows\SysWOW64\psapi.dll - ok
17:21:33.0272 0x0444  [ 37BC9E0E4B3657B54037777135569D1E, CD7B8973426807F604C9AFC130F55A1F8090F3B9A2060B0522A8A3F9281991C2 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
17:21:33.0272 0x0444  C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
17:21:33.0287 0x0444  [ A7D525E5C0D91C8C1D84C6BCD25AD77D, BD3D51E302587E33901E5995367B6227743D2385F1420E12C712A62063150318 ] C:\Windows\SysWOW64\rasadhlp.dll
17:21:33.0287 0x0444  C:\Windows\SysWOW64\rasadhlp.dll - ok
17:21:33.0287 0x0444  [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D, 15A579FDE0288BC732DF0C092A8269159D4D7B8AAC13E78B1D444899EE1CE478 ] C:\Windows\SysWOW64\riched20.dll
17:21:33.0287 0x0444  C:\Windows\SysWOW64\riched20.dll - ok
17:21:33.0287 0x0444  [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{A13FAE9B-061C-4068-859C-44FB8C86E87C}.tmp
17:21:33.0287 0x0444  C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{A13FAE9B-061C-4068-859C-44FB8C86E87C}.tmp - ok
17:21:33.0303 0x0444  [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{8D9054B7-669F-4C01-8C5A-DF5574655652}.tmp
17:21:33.0303 0x0444  C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{8D9054B7-669F-4C01-8C5A-DF5574655652}.tmp - ok
17:21:33.0303 0x0444  [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{DF7F17B4-D89B-47EC-93FE-19EDEBB4A46E}.tmp
17:21:33.0303 0x0444  C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{DF7F17B4-D89B-47EC-93FE-19EDEBB4A46E}.tmp - ok
17:21:33.0303 0x0444  [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{9A38DC75-F55A-439A-942A-9042C68862A0}.tmp
17:21:33.0303 0x0444  C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{9A38DC75-F55A-439A-942A-9042C68862A0}.tmp - ok
17:21:33.0319 0x0444  [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{865D4D83-4A2E-4829-9EA9-994B5F789956}.tmp
17:21:33.0319 0x0444  C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{865D4D83-4A2E-4829-9EA9-994B5F789956}.tmp - ok
17:21:33.0319 0x0444  [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{E5236E73-EDBC-42EF-A27D-670CDB57DDA2}.tmp
17:21:33.0319 0x0444  C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{E5236E73-EDBC-42EF-A27D-670CDB57DDA2}.tmp - ok
17:21:33.0319 0x0444  [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{F4D486B1-F258-4E71-A13C-E0FD9E49EDC3}.tmp
17:21:33.0319 0x0444  C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{F4D486B1-F258-4E71-A13C-E0FD9E49EDC3}.tmp - ok
17:21:33.0334 0x0444  [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{5857914D-F0F6-480D-A3F7-61676EFF2D26}.tmp
17:21:33.0334 0x0444  C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{5857914D-F0F6-480D-A3F7-61676EFF2D26}.tmp - ok
17:21:33.0334 0x0444  [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{BDB5E500-5F16-48EB-BF20-17E1B882CCFF}.tmp
17:21:33.0334 0x0444  C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{BDB5E500-5F16-48EB-BF20-17E1B882CCFF}.tmp - ok
17:21:33.0350 0x0444  [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{DE32ABFD-0A53-4859-8764-AEB93C452B80}.tmp
17:21:33.0350 0x0444  C:\Users\MAGGIE\AppData\Local\temp\{8885C33F-40B6-4348-939F-6278D0F63088}\{DE32ABFD-0A53-4859-8764-AEB93C452B80}.tmp - ok
17:21:33.0350 0x0444  [ 98B656EAF128CD06F625B09C84D959E1, 3E6502E629F15E697A813FC56A9B1F13F5A6F3D0C20550AB3459B2507F868156 ] C:\Windows\SysWOW64\netapi32.dll
17:21:33.0350 0x0444  C:\Windows\SysWOW64\netapi32.dll - ok
17:21:33.0350 0x0444  [ 11CFE871D27B4C3485E84BE9E48FFF5E, E6B87FA200AB571056B961794D8EF280C357C740AFC733511EFFF3EECA9E2C78 ] C:\Windows\SysWOW64\msi.dll
17:21:33.0350 0x0444  C:\Windows\SysWOW64\msi.dll - ok
17:21:33.0350 0x0444  [ C394079EB162E812D682C73FA96AF6E4, 639F482DBC82E1E8E7254A5F6FF0F60661EA4BE44D86CA13238913DABFA522F8 ] C:\Windows\SysWOW64\clbcatq.dll
17:21:33.0350 0x0444  C:\Windows\SysWOW64\clbcatq.dll - ok
17:21:33.0365 0x0444  [ 167AC31450C0C53A01FA1491E94D7678, 951744503EF72C6D6DC49720C4E6E65DC1DBB9C8252C89FEE18B396E2ED67EA5 ] C:\Windows\SysWOW64\shdocvw.dll
17:21:33.0365 0x0444  C:\Windows\SysWOW64\shdocvw.dll - ok
17:21:33.0365 0x0444  [ 7DC262AEEA66CCD6ED86DAAB16C4CDFF, 12870A4EF3DA8D632B128C6EB6175E427AB7A4E97BD9470F68BD64665C636CFC ] C:\Windows\System32\ntlanman.dll
17:21:33.0365 0x0444  C:\Windows\System32\ntlanman.dll - ok
17:21:33.0365 0x0444  [ 2790F04DFDDA00B7B6DE6719399A8739, AE5E5BFCD9D18820591FF3CEB57B5ED57196B488B64888A6BA31DD00C2601AD1 ] C:\Windows\System32\drprov.dll
17:21:33.0365 0x0444  C:\Windows\System32\drprov.dll - ok
17:21:33.0381 0x0444  [ AAC4DFF79689736D8B316FC05A3E25EC, 30848CC0E8936F0E5E605DA39E0DBCF00D73F42556B20E6DED7436A457D80872 ] C:\Windows\System32\davclnt.dll
17:21:33.0381 0x0444  C:\Windows\System32\davclnt.dll - ok
17:21:33.0381 0x0444  ================ Scan generic autorun ======================
17:21:33.0412 0x0444  [ 64951155A608D063CC57716EB6918279, 9384A1F5E087AFD16D6AA5DAC7695FD1C03AD8F9958D25BFB474FAF12418ED93 ] C:\Windows\system32\WpcUmi.exe
17:21:33.0428 0x0444  WPCUMI - ok
17:21:33.0443 0x0444  SmartMenu - ok
17:21:33.0475 0x0444  [ D370F852A987CFF65220AC490D9FD3E8, 6943BEE2EF5AAF7B1CF086EDF555CBF6EF08586D72025CA5E4A93FA8B31CBC7E ] C:\Windows\system32\igfxpers.exe
17:21:33.0490 0x0444  Persistence - ok
17:21:33.0506 0x0444  [ 57B9A0F4D37727D38E5F32276C1C80DC, 13B49865EAB30D809C45D50AA4C7490B5735497045791CEB0DCA3BBD8EE37348 ] C:\Windows\system32\igfxtray.exe
17:21:33.0506 0x0444  IgfxTray - ok
17:21:33.0537 0x0444  [ B5C8C8E5D9B803BD3FA5A3BB048DAB9E, F6E6DBF488F0E675CFEFF9966B19A38144BFB9336EA6FC4D04EDBBD5858CC8AD ] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
17:21:33.0568 0x0444  HP Remote Software - detected UnsignedFile.Multi.Generic ( 1 )
17:21:36.0345 0x0444  Detect skipped due to KSN trusted
17:21:36.0345 0x0444  HP Remote Software - ok
17:21:36.0376 0x0444  [ F4F3736B2B27EFAFE2EA7BF5F042645F, 838AA55A0C4CC4FE204AFF9A3E750F99CC8878F6DB05D5B31C6FC0447080058A ] C:\Windows\system32\hkcmd.exe
17:21:36.0392 0x0444  HotKeysCmds - ok
17:21:36.0439 0x0444  [ 82A3031F7FAA61CB5E040B0D98A104AF, 5EB990BACE18112658208F517EE2E635DBD00A06380DD9DAB253556C980DEA99 ] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
17:21:36.0454 0x0444  UpdatePSTShortCut - ok
17:21:36.0485 0x0444  [ 9ACFD9D5E12D849B28C78FED6D620EB3, 203D1EECFB44BA7D3936AAA2280B1D88207BA7655AB735C17BF9F3AAF3D8A803 ] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
17:21:36.0501 0x0444  UpdatePDIRShortCut - ok
17:21:36.0532 0x0444  [ 9ACFD9D5E12D849B28C78FED6D620EB3, 203D1EECFB44BA7D3936AAA2280B1D88207BA7655AB735C17BF9F3AAF3D8A803 ] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
17:21:36.0548 0x0444  UpdateP2GoShortCut - ok
17:21:36.0595 0x0444  [ 9ACFD9D5E12D849B28C78FED6D620EB3, 203D1EECFB44BA7D3936AAA2280B1D88207BA7655AB735C17BF9F3AAF3D8A803 ] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
17:21:36.0595 0x0444  UpdateLBPShortCut - ok
17:21:36.0673 0x0444  [ CD441BF2F5CFD46B5105891DDFFDFBA2, 2D43730B046DC3BC46676FEB815A0D284191EFAE35959084F1FD1088AB4C4E86 ] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
17:21:36.0735 0x0444  TSMAgent - ok
17:21:36.0797 0x0444  [ E0D6538B62C79FCBF0B27F95FAF3208B, 0FA65F63194743B9ADD34D55555D524015E780A12C8F4AA83EF57D8139A4DCFD ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
17:21:36.0813 0x0444  SunJavaUpdateSched - ok
17:21:36.0844 0x0444  [ 0AEE5668EB59912F32FF245BFA72465F, 653978E365B0E72D34E8B3ED1BFCF0237B70B41396BD70EBBBEDB31AFD77857B ] C:\Program Files (x86)\QuickTime\QTTask.exe
17:21:36.0875 0x0444  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
17:21:46.0953 0x0444  QuickTime Task ( UnsignedFile.Multi.Generic ) - warning
17:21:46.0953 0x0444  Force sending object to P2P due to detect: C:\Program Files (x86)\QuickTime\QTTask.exe
17:21:50.0837 0x0444  Object send P2P result: true
17:21:53.0443 0x0444  [ DA41104DBAAE7C2508601A4B15B475E5, CC7E224AA702D0F150C2B3C2283027E12C5454FCD9BC40288F3A17DE88A8A72B ] c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
17:21:53.0458 0x0444  Microsoft Default Manager - ok
17:21:53.0521 0x0444  [ 638C728F21CCC7EC4F8517A212C34353, 891EEC8FA33BA1B02A7D060F453B5987C417CDB1FB4FE1113C932B479A0886E6 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
17:21:53.0536 0x0444  iTunesHelper - ok
17:21:53.0552 0x0444  [ 554A50B5310E702029D3A675459108FF, 4757D5FFFAC7E73D4A3D931DB1399DDFDBD5811639BDA4517F886C21CC7F2574 ] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
17:21:53.0567 0x0444  hpsysdrv - ok
17:21:53.0630 0x0444  [ B93C4070F24E46B0097648C276B5039E, 5113AAB400D456A5C11EF47E40755755F227BB4A7134C0E2C81F6199C896BD98 ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
17:21:53.0630 0x0444  HP Software Update - detected UnsignedFile.Multi.Generic ( 1 )
17:21:56.0500 0x0444  Detect skipped due to KSN trusted
17:21:56.0500 0x0444  HP Software Update - ok
17:21:56.0531 0x0444  [ 0C8A70BC3BAAF7BF69DCA495C1E1AB79, 02AA7EC4E5AEC4B9C7FE9C32B9FAF0EF3A89FCE3E0C2534F74A4130559201B07 ] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
17:21:56.0547 0x0444  HP Health Check Scheduler - ok
17:21:56.0594 0x0444  [ F0E2D55BB5C7E106E92DF972C1B277A6, FF2FFBE91349DE4FD866F0F8DF6FF50D93BA47731F12A52BEA4447DA3C7097E7 ] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
17:21:56.0641 0x0444  DVDAgent - ok
17:21:56.0750 0x0444  [ 017335C7AEFA8ED76750DB95A78D6BFA, 9B94AD5DE4D05C3497D9640C46001A6577AEF39A1CE74AFBDCD829A3F14A6874 ] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
17:21:56.0765 0x0444  CLMLServer for HP TouchSmart - ok
17:21:56.0812 0x0444  [ 1C86D0C84FF3870A3E13808B853C040A, 129B757C9ED918EAA821F77D70C8DDAABC33E7E2929CF48ECD6AEB370D1F43CF ] C:\Program Files (x86)\AirPort\APAgent.exe
17:21:56.0843 0x0444  AirPort Base Station Agent - ok
17:21:56.0937 0x0444  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
17:21:57.0015 0x0444  Adobe ARM - ok
17:21:57.0187 0x0444  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
17:21:57.0343 0x0444  SDTray - ok
17:21:57.0405 0x0444  [ 185F08BAD9B09D47D76C0A7CA3709796, ED7359A0612151172CAA2FE4DC615A864292B1A53F39E9F1E7D9483389637EC7 ] C:\Program Files (x86)\SMINST\Launcher.exe
17:21:57.0421 0x0444  Launcher - ok
17:21:57.0421 0x0444  {AB835877-B639-45C1-A226-D91C60C47F2C} - ok
17:21:57.0499 0x0444  [ 596C3DD487001E237CCE431EAE6F3EA0, 9EAF0C370DA065AC19B073BE2CC77A3B2FF951177AD204471C3E290A109AB522 ] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
17:21:57.0623 0x0444  HPADVISOR - ok
17:21:57.0686 0x0444  [ 65437DAD4F238EA9549408A783002222, 756C846C2DD8209E9161C2DD701E46DF73E1C757F2B66CAE7A579ADF8EF7E000 ] C:\Windows\ehome\ehTray.exe
17:21:57.0701 0x0444  ehTray.exe - ok
17:21:57.0951 0x0444  [ AB8A460FCEF1AFBFF25F35069795E521, 3F4F97FE5DAD758E58262C431498BEB136AA85929F2BEA9F47C56D805E1CC45F ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
17:21:58.0169 0x0444  SUPERAntiSpyware - ok
17:21:58.0357 0x0444  [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
17:21:58.0559 0x0444  Spybot-S&D Cleaning - ok
17:21:58.0653 0x0444  [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe
17:21:58.0747 0x0444  Sidebar - ok
17:21:58.0809 0x0444  [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe
17:21:58.0934 0x0444  Sidebar - ok
17:21:59.0012 0x0444  [ 596C3DD487001E237CCE431EAE6F3EA0, 9EAF0C370DA065AC19B073BE2CC77A3B2FF951177AD204471C3E290A109AB522 ] c:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
17:21:59.0074 0x0444  HPADVISOR - ok
17:21:59.0105 0x0444  swg - ok
17:21:59.0105 0x0444  Waiting for KSN requests completion. In queue: 14
17:22:00.0119 0x0444  Waiting for KSN requests completion. In queue: 14
17:22:01.0133 0x0444  Waiting for KSN requests completion. In queue: 14
17:22:02.0350 0x0444  Win FW state via NFP2: disabled
17:22:04.0924 0x0444  ============================================================
17:22:04.0924 0x0444  Scan finished
17:22:04.0924 0x0444  ============================================================
17:22:04.0924 0x053c  Detected object count: 1
17:22:04.0924 0x053c  Actual detected object count: 1
17:24:05.0403 0x053c  QuickTime Task ( UnsignedFile.Multi.Generic ) - skipped by user
17:24:05.0403 0x053c  QuickTime Task ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:24:07.0883 0x0298  Deinitialize success


17:16:20.0859 0x04ac  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
17:16:23.0460 0x04ac  ============================================================
17:16:23.0460 0x04ac  Current date / time: 2014/11/05 17:16:23.0460
17:16:23.0460 0x04ac  SystemInfo:
17:16:23.0460 0x04ac  
17:16:23.0460 0x04ac  OS Version: 6.0.6002 ServicePack: 2.0
17:16:23.0460 0x04ac  Product type: Workstation
17:16:23.0460 0x04ac  ComputerName: MAGGIE-PC
17:16:23.0460 0x04ac  UserName: MAGGIE
17:16:23.0460 0x04ac  Windows directory: C:\Windows
17:16:23.0460 0x04ac  System windows directory: C:\Windows
17:16:23.0460 0x04ac  Running under WOW64
17:16:23.0460 0x04ac  Processor architecture: Intel x64
17:16:23.0460 0x04ac  Number of processors: 2
17:16:23.0460 0x04ac  Page size: 0x1000
17:16:23.0460 0x04ac  Boot type: Safe boot with network
17:16:23.0460 0x04ac  ============================================================
17:16:25.0027 0x04ac  KLMD registered as C:\Windows\system32\drivers\58188642.sys
17:16:25.0353 0x04ac  System UUID: {B3ABFF97-6103-DD51-B359-99229128733C}
17:16:25.0756 0x04ac  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
17:16:25.0759 0x04ac  ============================================================
17:16:25.0759 0x04ac  \Device\Harddisk0\DR0:
17:16:25.0760 0x04ac  MBR partitions:
17:16:25.0760 0x04ac  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x388A00C1
17:16:25.0760 0x04ac  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x388A0100, BlocksNum 0x1AE4790
17:16:25.0760 0x04ac  ============================================================
17:16:25.0771 0x04ac  C: <-> \Device\Harddisk0\DR0\Partition1
17:16:25.0837 0x04ac  D: <-> \Device\Harddisk0\DR0\Partition2
17:16:25.0837 0x04ac  ============================================================
17:16:25.0837 0x04ac  Initialize success
17:16:25.0837 0x04ac  ============================================================
17:16:45.0397 0x02bc  KLMD registered as C:\Windows\system32\drivers\41349118.sys
17:16:46.0916 0x02bc  Deinitialize success
 



#3 monomo

monomo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 05 November 2014 - 08:43 PM

Here is the combofix log:

 

ComboFix 14-10-29.01 - MAGGIE 11/05/2014  12:36:29.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4084.2338 [GMT -8:00]
Running from: F:\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\program files (x86)\FunWebProducts
c:\program files (x86)\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO
c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO
c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO
c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO
c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\programdata\76779642
c:\programdata\76779642\76779642.ini
c:\users\MAGGIE\GoToAssistDownloadHelper.exe
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-05 to 2014-11-05  )))))))))))))))))))))))))))))))
.
.
2014-11-05 20:44 . 2014-11-05 20:46    --------    d-----w-    c:\users\MAGGIE\AppData\Local\temp
2014-11-05 20:44 . 2014-11-05 20:44    --------    d-----w-    c:\users\guest1\AppData\Local\temp
2014-11-05 20:44 . 2014-11-05 20:44    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2014-11-05 20:44 . 2014-11-05 20:44    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-11-05 20:22 . 2014-11-05 20:22    --------    d-----w-    c:\users\MAGGIE\AppData\Local\VS Revo Group
2014-11-05 20:22 . 2014-11-05 20:22    --------    d-----w-    c:\programdata\VS Revo Group
2014-11-05 20:22 . 2009-12-30 19:21    31800    ----a-w-    c:\windows\system32\drivers\revoflt.sys
2014-11-05 20:22 . 2014-11-05 20:22    --------    d-----w-    c:\program files\VS Revo Group
2014-11-05 19:45 . 2014-11-05 19:45    --------    d-----w-    c:\users\MAGGIE\AppData\Local\Mozilla
2014-11-05 19:44 . 2014-11-05 19:44    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2014-11-05 17:16 . 2014-11-05 17:16    --------    d-----w-    c:\program files (x86)\Apple Software Update
2014-11-05 17:16 . 2014-11-05 17:16    --------    d-----w-    c:\program files (x86)\AirPort
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-09 06:40 . 2014-10-05 05:37    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-09 06:24 . 2014-10-05 05:37    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-08-29 20:01 . 2006-11-02 12:35    101694776    ----a-w-    c:\windows\system32\mrt.exe
2014-08-23 01:05 . 2014-10-05 05:50    304128    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-23 00:42 . 2014-10-05 05:50    390144    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-22 23:38 . 2014-10-05 05:50    2782208    ----a-w-    c:\windows\system32\win32k.sys
2014-08-15 15:48 . 2014-10-05 05:50    17868288    ----a-w-    c:\windows\system32\mshtml.dll
2014-08-15 15:36 . 2014-10-05 05:50    10920960    ----a-w-    c:\windows\system32\ieframe.dll
2014-08-15 15:35 . 2014-10-05 05:50    2339328    ----a-w-    c:\windows\system32\jscript9.dll
2014-08-15 15:31 . 2014-10-05 05:50    1384960    ----a-w-    c:\windows\system32\urlmon.dll
2014-08-15 15:31 . 2014-10-05 05:50    1392128    ----a-w-    c:\windows\system32\wininet.dll
2014-08-15 15:30 . 2014-10-05 05:50    599040    ----a-w-    c:\windows\system32\vbscript.dll
2014-08-15 15:30 . 2014-10-05 05:50    816640    ----a-w-    c:\windows\system32\jscript.dll
2014-08-15 15:30 . 2014-10-05 05:50    1494016    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-08-15 15:29 . 2014-10-05 05:50    237056    ----a-w-    c:\windows\system32\url.dll
2014-08-15 15:29 . 2014-10-05 05:50    2156032    ----a-w-    c:\windows\system32\iertutil.dll
2014-08-15 15:29 . 2014-10-05 05:50    85504    ----a-w-    c:\windows\system32\jsproxy.dll
2014-08-15 15:29 . 2014-10-05 05:50    173056    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-08-15 15:29 . 2014-10-05 05:50    729088    ----a-w-    c:\windows\system32\msfeeds.dll
2014-08-15 15:29 . 2014-10-05 05:50    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-08-15 15:29 . 2014-10-05 05:50    282112    ----a-w-    c:\windows\system32\dxtrans.dll
2014-08-15 15:29 . 2014-10-05 05:50    55296    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-08-15 15:29 . 2014-10-05 05:50    96768    ----a-w-    c:\windows\system32\mshtmled.dll
2014-08-15 15:28 . 2014-10-05 05:50    11264    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-08-15 15:28 . 2014-10-05 05:50    248320    ----a-w-    c:\windows\system32\ieui.dll
2014-08-15 15:28 . 2014-10-05 05:50    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2014-08-15 15:28 . 2014-10-05 05:50    12800    ----a-w-    c:\windows\system32\mshta.exe
2014-08-15 14:42 . 2014-10-05 05:50    1810432    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-08-15 14:37 . 2014-10-05 05:50    1129472    ----a-w-    c:\windows\SysWow64\wininet.dll
2014-08-15 14:36 . 2014-10-05 05:50    1427968    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-08-15 14:35 . 2014-10-05 05:50    421376    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-08-15 14:35 . 2014-10-05 05:50    142848    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-08-15 14:34 . 2014-10-05 05:50    11776    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-08-15 14:34 . 2014-10-05 05:50    2382848    ----a-w-    c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51    87480    ----a-w-    c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-12 771360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\SMINST\Launcher.exe" [2009-03-03 54656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-2-9 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-17 c:\windows\Tasks\HPCeeScheduleForMAGGIE.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-07-29 01:17]
.
2011-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: PackageCab - hxxp://www.imgag.com/cp/install/AxCtp2.cab
FF - ProfilePath - c:\users\MAGGIE\AppData\Roaming\Mozilla\Firefox\Profiles\793idu09.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
BHO-{07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
Toolbar-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe
Wow6432Node-HKLM-Run-MyWebSearch Email Plugin - c:\progra~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\users\MAGGIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Advanced Registry Optimizer.lnk - c:\program files (x86)\Advanced Registry Optimizer\ARO.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-N360 - c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\2454B0AB\21.2.0.38\InstStub.exe
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.2.0.38\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.2.0.38\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1502000.026\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.2.0.38;c:\program files (x86)\Norton 360\Engine64\21.2.0.38"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2014-11-05  12:51:38 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-05 20:51
.
Pre-Run: 354,299,838,464 bytes free
Post-Run: 353,829,150,720 bytes free
.
- - End Of File - - BA8B92C0EB41BAFFC213DEB358AEF9C7
81CD5EC01DB0CE57EDD853F82462EF27
 



#4 monomo

monomo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 05 November 2014 - 11:46 PM

second fss log in normal mode (still no internet)  also would like to point out that I could not succesfully merge the the reg file SDRSVC.reg.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by MAGGIE (administrator) on MAGGIE-PC on 05-11-2014 17:55:28
Running from C:\Users\MAGGIE\Downloads
Loaded Profile: MAGGIE (Available profiles: MAGGIE & Guest)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Kaspersky Lab ZAO) C:\Users\MAGGIE\AppData\Local\temp\{AB835877-B639-45C1-A226-D91C60C47F2C}.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424 2009-04-09] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [224616 2009-02-06] (Microsoft Corp.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-04-14] (Apple Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75016 2008-12-04] (Hewlett-Packard)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-09] (CyberLink)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\SMINST\Launcher.exe [54656 2009-03-03] (soft thinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3277918069-3277075093-3568412804-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\S-1-5-21-3277918069-3277075093-3568412804-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3277918069-3277075093-3568412804-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3277918069-3277075093-3568412804-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\MAGGIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\buShell.dll No File
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\buShell.dll No File
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\buShell.dll No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3277918069-3277075093-3568412804-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {2052DCC8-B257-4186-BECC-E2FF0D00B0E3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {9FE1854E-F8B1-4F62-87BC-C43259DF9735} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - {2052DCC8-B257-4186-BECC-E2FF0D00B0E3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {9FE1854E-F8B1-4F62-87BC-C43259DF9735} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-8398-26FADCF27386} -  No File
DPF: HKLM-x32 {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\MAGGIE\AppData\Roaming\Mozilla\Firefox\Profiles\793idu09.default
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn [2014-05-21]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF [2013-10-27]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed]
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-12-04] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [358984 2014-05-21] (Verizon) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1502000.026\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 1965AAFFAB07E3FB03C77F81BEBA3547
C:\Windows\system32\drivers\adp94xx.sys F14215E37CF124104575073F782111D2
C:\Windows\system32\drivers\adpahci.sys 7D05A75E3066861A6610F7EE04FF085C
C:\Windows\system32\drivers\adpu160m.sys 820A201FE08A0C345B3BEDBC30E1A77C
C:\Windows\system32\drivers\adpu320.sys 9B4AB6854559DC168FBB4C24FC52E794
C:\Windows\system32\drivers\afd.sys E58A17E945593544C707423F9772EEA0
C:\Windows\system32\drivers\agp440.sys F6F6793B7F17B550ECFDBD3B229173F7
C:\Windows\system32\drivers\djsvs.sys 222CB641B4B8A1D1126F8033F9FD6A00
C:\Windows\system32\drivers\aliide.sys 157D0898D4B73F075CE9FA26B482DF98
C:\Windows\system32\drivers\amdide.sys 970FA5059E61E30D25307B99903E991E
C:\Windows\system32\drivers\amdk8.sys CDC3632A3A5EA4DBB83E46076A3165A1
C:\Windows\system32\drivers\arc.sys BA8417D4765F3988FF921F30F630E303
C:\Windows\system32\drivers\arcsas.sys 9D41C435619733B34CC16A511E644B11
C:\Windows\System32\DRIVERS\asyncmac.sys 22D13FF3DAFEC2A80634752B1EAA2DE6
C:\Windows\System32\drivers\atapi.sys E68D9B3A3905619732F7FE039466A623
C:\Windows\system32\drivers\blbdrive.sys 79FEEB40056683F8F61398D81DDA65D2
C:\Windows\System32\DRIVERS\bowser.sys 2348447A80920B2493A9B582A23E81E1
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys F0F0BA4D815BE446AA6A4583CA3BCA9B
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys E0777B34E05F8A82A21856EFC900C29F
C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys 0510396A957E9FD7205BA62D3CAE4528
C:\Windows\System32\DRIVERS\cdfs.sys B4D787DB8D30793A4D4DF9FEED18F136
C:\Windows\System32\DRIVERS\cdrom.sys C025AA69BE3D0D25C7A2E746EF6F94FC
C:\Windows\system32\drivers\circlass.sys 02EA568D498BBDD4BA55BF3FCE34D456
C:\Windows\System32\CLFS.sys 3DCA9A18B204939CFB24BEA53E31EB48
C:\Windows\system32\drivers\cmdide.sys E5D5499A1C50A54B5161296B6AFE6192
C:\Windows\system32\drivers\compbatt.sys 7FB8AD01DB0EABE60C8A861531A8F431
C:\Windows\System32\drivers\crcdisk.sys A8585B6412253803CE8EFCBD6D6DC15C
C:\Windows\System32\Drivers\dfsc.sys 8B722BA35205C71E7951CDC4CDBADE19
C:\Windows\System32\drivers\disk.sys B0107E40ECDB5FA692EBF832F295D905
C:\Windows\System32\DRIVERS\Dot4.sys 74C02B1717740C3B8039539E23E4B53F
C:\Windows\System32\DRIVERS\Dot4Prt.sys 08321D1860235BF42CF2854234337AEA
C:\Windows\System32\DRIVERS\dot4usb.sys 4ADCCF0124F2B6911D3786A5D0E779E5
C:\Windows\System32\drivers\drmkaud.sys F1A78A98CFC2EE02144C6BEC945447E6
C:\Windows\System32\drivers\dxgkrnl.sys 362CCEF305F45829316D62D3410F2062
C:\Windows\System32\DRIVERS\E1G6032E.sys 264CEE7B031A9D6C827F3D0CB031F2FE
C:\Windows\System32\drivers\ecache.sys 5F94962BE5A62DB6E447FF6470C4F48A
C:\Windows\system32\drivers\elxstor.sys C4636D6E10469404AB5308D9FD45ED07
C:\Windows\system32\drivers\errdev.sys BC3A58E938BB277E46BF4B3003B01ABD
C:\Windows\System32\Drivers\exfat.sys 486844F47B6636044A42454614ED4523
C:\Windows\System32\Drivers\fastfat.sys 1E34B436811CCA4A2783C0BC7A0BEB2E
C:\Windows\System32\DRIVERS\fdc.sys 81B79B6DF71FA1D2C6D688D830616E39
C:\Windows\System32\drivers\fileinfo.sys 457B7D1D533E4BD62A99AED9C7BB4C59
C:\Windows\System32\drivers\filetrace.sys D421327FD6EFCCAF884A54C58E1B0D7F
C:\Windows\System32\DRIVERS\flpydisk.sys 230923EA2B80F79B0F88D90F87B87EBD
C:\Windows\System32\drivers\fltmgr.sys E3041BC26D6930D61F42AEDB79C91720
C:\Windows\System32\Drivers\Fs_Rec.sys 5779B86CD8B32519FBECB136394D946A
C:\Windows\system32\drivers\gagp30kx.sys C8E416668D3DC2BE3D4FE4C79224997F
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys AF4DEE5531395DEE72B35B36C9671FD0
C:\Windows\System32\DRIVERS\HDAudBus.sys F942C5820205F2FB453243EDFEC82A3D
C:\Windows\system32\drivers\hidbth.sys B4881C84A180E75B8C25DC1D726C375F
C:\Windows\system32\drivers\hidir.sys 4E77A77E2C986E8F88F996BB3E1AD829
C:\Windows\System32\DRIVERS\hidusb.sys 443BDD2D30BB4F00795C797E2CF99EDF
C:\Windows\system32\drivers\hpcisss.sys D7109A1E6BD2DFDBCBA72A6BC626A13B
C:\Windows\System32\drivers\HTTP.sys 098F1E4E5C9CB5B0063A959063631610
C:\Windows\system32\drivers\i2omp.sys DA94C854CEA5FAC549D4E1F6E88349E8
C:\Windows\System32\DRIVERS\i8042prt.sys CBB597659A2713CE0C9CC20C88C7591F
C:\Windows\system32\drivers\iastorv.sys 3E3BF3627D886736D0B4E90054F929F6
C:\Windows\System32\DRIVERS\igdkmd64.sys A124C87CD0B39C9E510E138534468383
C:\Windows\system32\drivers\iirsp.sys 8C3951AD2FE886EF76C7B5027C3125D3
C:\Windows\System32\drivers\RTKVHD64.sys 1EDAB7F9B9DE4424BECCDEF950CE2FF0
C:\Windows\System32\drivers\intelide.sys DF797A12176F11B2D301C5B234BB200E
C:\Windows\System32\DRIVERS\intelppm.sys BFD84AF32FA1BAD6231C4585CB469630
C:\Windows\System32\DRIVERS\ipfltdrv.sys D8AABC341311E4780D6FCE8C73C0AD81
C:\Windows\system32\drivers\ipmidrv.sys 9C2EE2E6E5A7203BFAE15C299475EC67
C:\Windows\System32\DRIVERS\ipnat.sys B7E6212F581EA5F6AB0C3A6CEEEB89BE
C:\Windows\System32\drivers\irenum.sys 8C42CA155343A2F11D29FECA67FAA88D
C:\Windows\system32\drivers\isapnp.sys 0672BFCEDC6FC468A2B0500D81437F4F
C:\Windows\System32\DRIVERS\msiscsi.sys E4FDF99599F27EC25D2CF6D754243520
C:\Windows\system32\drivers\iteatapi.sys 63C766CDC609FF8206CB447A65ABBA4A
C:\Windows\system32\drivers\iteraid.sys 1281FE73B17664631D12F643CBEA3F59
C:\Windows\System32\DRIVERS\kbdclass.sys 423696F3BA6472DD17699209B933BC26
C:\Windows\System32\DRIVERS\kbdhid.sys DBDF75D51464FBC47D0104EC3D572C05
C:\Windows\System32\Drivers\ksecdd.sys 88956AD9FA510848AD176777A6C6C1F5
C:\Windows\system32\drivers\ksthunk.sys 1D419CF43DB29396ECD7113D129D94EB
C:\Windows\System32\DRIVERS\lltdio.sys 96ECE2659B6654C10A0C310AE3A6D02C
C:\Windows\system32\drivers\lsi_fc.sys ACBE1AF32D3123E330A07BFBC5EC4A9B
C:\Windows\system32\drivers\lsi_sas.sys 799FFB2FC4729FA46D2157C0065B3525
C:\Windows\system32\drivers\lsi_scsi.sys F445FF1DAAD8A226366BFAF42551226B
C:\Windows\system32\drivers\luafv.sys 52F87B9CC8932C2A7375C3B2A9BE5E3E
C:\Windows\system32\drivers\mbam.sys 5C3669B71657F22E67A1D4BD49D2CBE7
C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3
C:\Windows\system32\drivers\mwac.sys 852C80EA88A9D8844EF1485143E79E48
C:\Windows\system32\drivers\megasas.sys 5C5CD6AACED32FB26C3FB34B3DCF972F
C:\Windows\system32\drivers\megasr.sys 859BC2436B076C77C159ED694ACFE8F8
C:\Windows\System32\drivers\modem.sys 59848D5CC74606F0EE7557983BB73C2E
C:\Windows\System32\DRIVERS\monitor.sys C247CC2A57E0A0C8C6DCCF7807B3E9E5
C:\Windows\System32\DRIVERS\mouclass.sys 9367304E5E412B120CF5F4EA14E4E4F1
C:\Windows\System32\DRIVERS\mouhid.sys C2C2BD5C5CE5AAF786DDD74B75D2AC69
C:\Windows\System32\drivers\mountmgr.sys 11BC9B1E8801B01F7F6ADB9EAD30019B
C:\Windows\system32\drivers\mpio.sys F8276EB8698142884498A528DFEA8478
C:\Windows\System32\drivers\mpsdrv.sys C92B9ABDB65A5991E00C28F13491DBA2
C:\Windows\system32\drivers\mraid35x.sys 3C200630A89EF2C0864D515B7A75802E
C:\Windows\system32\drivers\mrxdav.sys 7C1DE4AA96DC0C071611F9E7DE02A68D
C:\Windows\System32\DRIVERS\mrxsmb.sys 1485811B320FF8C7EDAD1CAEBB1C6C2B
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3B929A60C833FC615FD97FBA82BC7632
C:\Windows\System32\DRIVERS\mrxsmb20.sys C64AB3E1F53B4F5B5BB6D796B2D7BEC3
C:\Windows\system32\drivers\msahci.sys 1AC860612B85D8E85EE257D372E39F4D
C:\Windows\system32\drivers\msdsm.sys 264BBB4AAF312A485F0E44B65A6B7202
C:\Windows\System32\Drivers\Msfs.sys 704F59BFC4512D2BB0146AEC31B10A7C
C:\Windows\System32\drivers\msisadrv.sys 00EBC952961664780D43DCA157E79B27
C:\Windows\System32\drivers\MSKSSRV.sys 0EA73E498F53B96D83DBFCA074AD4CF8
C:\Windows\System32\drivers\MSPCLOCK.sys 52E59B7E992A58E740AA63F57EDBAE8B
C:\Windows\System32\drivers\MSPQM.sys 49084A75BAE043AE02D5B44D02991BB2
C:\Windows\System32\Drivers\MsRPC.sys DC6CCF440CDEDE4293DB41C37A5060A5
C:\Windows\System32\DRIVERS\mssmbios.sys 855796E59DF77EA93AF46F20155BF55B
C:\Windows\System32\drivers\MSTEE.sys 86D632D75D05D5B7C7C043FA3564AE86
C:\Windows\System32\Drivers\mup.sys 0CC49F78D8ACA0877D885F149084E543
C:\Windows\System32\DRIVERS\nwifi.sys 2007B826C4ACD94AE32232B41F0842B9
C:\Windows\System32\drivers\ndis.sys 65950E07329FCEE8E6516B17C8D0ABB6
C:\Windows\System32\DRIVERS\ndistapi.sys 64DF698A425478E321981431AC171334
C:\Windows\System32\DRIVERS\ndisuio.sys 8BAA43196D7B5BB972C9A6B2BBF61A19
C:\Windows\System32\DRIVERS\ndiswan.sys F8158771905260982CE724076419EF19
C:\Windows\System32\Drivers\NDProxy.sys 9CB77ED7CB72850253E973A2D6AFDF49
C:\Windows\System32\DRIVERS\netbios.sys A499294F5029A7862ADC115BDA7371CE
C:\Windows\System32\DRIVERS\netbt.sys FC2C792EBDDC8E28DF939D6A92C83D61
C:\Windows\system32\drivers\nfrd960.sys 4AC08BD6AF2DF42E0C3196D826C8AEA7
C:\Windows\System32\Drivers\Npfs.sys B298874F8E0EA93F06EC40AA8D146478
C:\Windows\System32\drivers\nsiproxy.sys 1523AF19EE8B030BA682F7A53537EAEB
C:\Windows\System32\Drivers\Ntfs.sys 2ACCAA3C3C55370A32F17B3595E1A217
C:\Windows\System32\Drivers\Null.sys DD5D684975352B85B52E3FD5347C20CB
C:\Windows\system32\drivers\nvraid.sys 2C040B7ADA5B06F6FACADAC8514AA034
C:\Windows\system32\drivers\nvstor.sys F7EA0FE82842D05EDA3EFDD376DBFDBA
C:\Windows\system32\drivers\nv_agp.sys 19067CA93075EF4823E3938A686F532F
C:\Windows\system32\drivers\ohci1394.sys 7B58953E2F263421FDBB09A192712A85
C:\Windows\system32\drivers\parport.sys AECD57F94C887F58919F307C35498EA0
C:\Windows\System32\drivers\partmgr.sys B43751085E2ABE389DA466BC62A4B987
C:\Windows\System32\drivers\pci.sys 47AB1E0FC9D0E12BB53BA246E3A0906D
C:\Windows\system32\drivers\pciide.sys 8D618C829034479985A9ED56106CC732
C:\Windows\system32\drivers\pcmcia.sys 037661F3D7C507C9993B7010CEEE6288
C:\Windows\System32\drivers\peauth.sys 58865916F53592A61549B04941BFD80D
C:\Windows\System32\DRIVERS\raspptp.sys 23386E9952025F5F21C368971E2E7301
C:\Windows\system32\drivers\processr.sys 5080E59ECEE0BC923F14018803AA7A01
C:\Windows\System32\DRIVERS\pacer.sys C5AB7F0809392D0DA027F4A2A81BFA31
C:\Windows\system32\drivers\ql2300.sys 0B83F4E681062F3839BE2EC1D98FD94A
C:\Windows\system32\drivers\ql40xx.sys E1C80F8D4D1E39EF9595809C1369BF2A
C:\Windows\system32\drivers\qwavedrv.sys E8D76EDAB77EC9C634C27B8EAC33ADC5
C:\Windows\System32\DRIVERS\rasacd.sys 1013B3B663A56D3DDD784F581C1BD005
C:\Windows\System32\DRIVERS\rasl2tp.sys AC7BC4D42A7E558718DFDEC599BBFC2C
C:\Windows\System32\DRIVERS\raspppoe.sys 4517FBF8B42524AFE4EDE1DE102AAE3E
C:\Windows\System32\DRIVERS\rassstp.sys C6A593B51F34C33E5474539544072527
C:\Windows\System32\DRIVERS\rdbss.sys 322DB5C6B55E8D8EE8D6F358B2AAABB1
C:\Windows\System32\DRIVERS\RDPCDD.sys 603900CC05F6BE65CCBF373800AF3716
C:\Windows\system32\drivers\rdpdr.sys C045D1FB111C28DF0D1BE8D4BDA22C06
C:\Windows\System32\drivers\rdpencdd.sys CAB9421DAF3D97B33D0D055858E2C3AB
C:\Windows\System32\Drivers\RDPWD.sys AE4BD9E1C33D351D8E607FC81F15160C
C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\Windows\System32\DRIVERS\rspndr.sys 22A9CB08B1A6707C1550C6BF099AAE73
C:\Windows\System32\DRIVERS\Rtlh64.sys C6701C5F6781D7DED9208A4D554AC37B
C:\Windows\system32\drivers\sbp2port.sys CD9C693589C60AD59BBBCFB0E524E01B
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys F71BFE7AC6C52273B7C82CBF1BB2A222
C:\Windows\system32\drivers\serial.sys E62FAC91EE288DB29A9696A9D279929C
C:\Windows\system32\drivers\sermouse.sys A842F04833684BCEEA7336211BE478DF
C:\Windows\system32\drivers\sffdisk.sys 14D4B4465193A87C127933978E8C4106
C:\Windows\system32\drivers\sffp_mmc.sys 7073AEE3F82F3D598E3825962AA98AB2
C:\Windows\system32\drivers\sffp_sd.sys 35E59EBE4A01A0532ED67975161C7B82
C:\Windows\system32\drivers\sfloppy.sys 6B7838C94135768BD455CBDC23E39E5F
C:\Windows\system32\drivers\sisraid2.sys 7A5DE502AEB719D4594C6471060A78B3
C:\Windows\system32\drivers\sisraid4.sys 3A2F769FAB9582BC720E11EA1DFB184D
C:\Windows\System32\DRIVERS\smb.sys 290B6F6A0EC4FCDFC90F5CB6D7020473
C:\Windows\System32\Drivers\spldr.sys 386C3C63F00A7040C7EC5E384217E89D
C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS F718A57D946EAC76EFCB351D74E269F4
C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS B18CE01B9C09C59422BA7C7064248B35
C:\Windows\System32\DRIVERS\srv.sys 880A57FCCB571EBD063D4DD50E93E46D
C:\Windows\System32\DRIVERS\srv2.sys A1AD14A6D7A37891FFFECA35EBBB0730
C:\Windows\System32\DRIVERS\srvnet.sys 4BED62F4FA4D8300973F1151F4C4D8A7
C:\Windows\System32\DRIVERS\swenum.sys 8A851CA908B8B974F89C50D2E18D4F0C
C:\Windows\system32\drivers\symc8xx.sys 2F26A2C6FC96B29BEFF5D8ED74E6625B
C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS 5C9EE2303CA7F267665D75237862B39C
C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS 9F31630D7FC2DD9D5DA1CE359AAD1F46
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 97E11C50CE52277B377396EA8838E539
C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS 48C2934683CBD06F662B088EEF49EF6A
C:\Windows\System32\Drivers\N360x64\1502000.026\SYMTDIV.SYS 018D1F8343C301B4AF9DD042D2FFBCC8
C:\Windows\system32\drivers\sym_hi.sys A909667976D3BCCD1DF813FED517D837
C:\Windows\system32\drivers\sym_u3.sys 36887B56EC2D98B9C362F6AE4DE5B7B0
C:\Windows\System32\drivers\tcpip.sys 00F77C4555FFABC21ADDB3160B2F574A
C:\Windows\System32\DRIVERS\tcpip.sys 00F77C4555FFABC21ADDB3160B2F574A
C:\Windows\System32\drivers\tcpipreg.sys C7E72A4071EE0200E3C075DACFB2B334
C:\Windows\System32\drivers\tdpipe.sys 1D8BF4AAA5FB7A2761475781DC1195BC
C:\Windows\System32\drivers\tdtcp.sys 7F7E00CDF609DF657F4CDA02DD1C9BB1
C:\Windows\System32\DRIVERS\tdx.sys 458919C8C42E398DC4802178D5FFEE27
C:\Windows\System32\DRIVERS\termdd.sys 8C19678D22649EC002EF2282EAE92F98
C:\Windows\System32\DRIVERS\tssecsrv.sys B2388462329ACD17AF50D8701E0C1B18
 


CONT.
C:\Windows\System32\DRIVERS\tunmp.sys 89EC74A9E602D16A75A4170511029B3C
C:\Windows\System32\DRIVERS\tunnel.sys 30A9B3F45AD081BFFC3BCAA9C812B609
C:\Windows\system32\drivers\uagp35.sys FEC266EF401966311744BD0F359F7F56
C:\Windows\System32\DRIVERS\udfs.sys FAF2640A2A76ED03D449E443194C4C34
C:\Windows\system32\drivers\uliagpkx.sys 4EC9447AC3AB462647F60E547208CA00
C:\Windows\system32\drivers\uliahci.sys 697F0446134CDC8F99E69306184FBBB4
C:\Windows\system32\drivers\ulsata.sys 31707F09846056651EA2C37858F5DDB0
C:\Windows\system32\drivers\ulsata2.sys 85E5E43ED5B48C8376281BAB519271B7
C:\Windows\System32\DRIVERS\umbus.sys 46E9A994C4FED537DD951F60B86AD3F4
C:\Windows\System32\Drivers\usbaapl64.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 858CC93477F9A9383E07861892600FF9
C:\Windows\system32\drivers\usbcir.sys 9247F7E0B65852C1F6631480984D6ED2
C:\Windows\System32\DRIVERS\usbehci.sys 82C3790E4E6F35087EF00994C7A72988
C:\Windows\System32\DRIVERS\usbhub.sys BE2EB33AF6EE2E5DA07EB987E0A321F5
C:\Windows\system32\drivers\usbohci.sys EBA14EF0C07CEC233F1529C698D0D154
C:\Windows\System32\DRIVERS\usbprint.sys 28B693B6D31E7B9332C1BDCEFEF228C1
C:\Windows\System32\DRIVERS\USBSTOR.SYS B854C1558FCA0C269A38663E8B59B581
C:\Windows\System32\DRIVERS\usbuhci.sys 308F6DDC052C970D679DA37D8A305279
C:\Windows\System32\DRIVERS\vgapnp.sys 916B94BCF1E09873FFF2D5FB11767BBC
C:\Windows\System32\drivers\vga.sys B83AB16B51FEDA65DD81B8C59D114D63
C:\Windows\system32\drivers\viaide.sys 8294B6C3FDB6C33F24E150DE647ECDAA
C:\Windows\System32\drivers\volmgr.sys 2B7E885ED951519A12C450D24535DFCA
C:\Windows\System32\drivers\volmgrx.sys CEC5AC15277D75D9E5DEC2E1C6EAF877
C:\Windows\System32\drivers\volsnap.sys 582F710097B46140F5A89A19A6573D4B
C:\Windows\system32\drivers\vsmraid.sys A68F455ED2673835209318DD61BFBB0E
C:\Windows\system32\drivers\wacompen.sys FEF8FE5923FEAD2CEE4DFABFCE3393A7
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\system32\drivers\wd.sys 0C17A0816F65B89E362E682AD5E7266E
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\system32\drivers\wmiacpi.sys E18AEBAAA5A773FE11AA2C70F65320F5
C:\Windows\system32\drivers\ws2ifsl.sys 8A900348370E359B6BFF6A550E4649E1
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 17:48 - 2014-11-05 17:48 - 00000000 ____D () C:\Users\MAGGIE\Downloads\Vista
2014-11-05 17:47 - 2014-11-05 17:48 - 00014499 _____ () C:\Users\MAGGIE\Downloads\Vista.zip
2014-11-05 17:47 - 2014-11-05 17:47 - 00791393 _____ (Lars Hederer ) C:\Users\MAGGIE\Downloads\erunt-setup.exe
2014-11-05 17:47 - 2014-11-05 17:47 - 00000725 _____ () C:\Users\MAGGIE\Desktop\NTREGOPT.lnk
2014-11-05 17:47 - 2014-11-05 17:47 - 00000706 _____ () C:\Users\MAGGIE\Desktop\ERUNT.lnk
2014-11-05 17:47 - 2014-11-05 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-11-05 17:47 - 2014-11-05 17:47 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-11-05 17:41 - 2014-11-05 12:31 - 05591672 ____R (Swearware) C:\Users\MAGGIE\Desktop\ComboFix.exe
2014-11-05 17:33 - 2014-11-05 17:33 - 00000085 _____ () C:\Windows\wininit.ini
2014-11-05 17:16 - 2014-11-05 17:16 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\MAGGIE\Downloads\tdsskiller.exe
2014-11-05 17:08 - 2014-11-05 17:08 - 00088417 _____ () C:\Users\MAGGIE\Downloads\Shortcut.txt
2014-11-05 17:05 - 2014-11-05 17:08 - 00025684 _____ () C:\Users\MAGGIE\Downloads\Addition.txt
2014-11-05 17:04 - 2014-11-05 17:55 - 00033557 _____ () C:\Users\MAGGIE\Downloads\FRST.txt
2014-11-05 17:04 - 2014-11-05 17:55 - 00000000 ____D () C:\FRST
2014-11-05 17:04 - 2014-11-05 17:04 - 02114560 _____ (Farbar) C:\Users\MAGGIE\Downloads\FRST64.exe
2014-11-05 16:26 - 2014-11-05 12:46 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20141105-162643.backup
2014-11-05 16:20 - 2014-11-05 16:20 - 00000000 ____D () C:\Users\MAGGIE\Documents\ProcAlyzer Dumps
2014-11-05 16:14 - 2014-11-05 17:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-05 16:14 - 2014-11-05 17:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-05 16:13 - 2014-11-05 16:13 - 00305664 _____ (Secure By Design Inc.) C:\Users\MAGGIE\Downloads\Ninite AdAware Spybot 2 Super Installer.exe
2014-11-05 16:00 - 2014-09-27 15:41 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-05 16:00 - 2014-09-16 22:57 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-05 16:00 - 2014-09-16 08:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-05 15:54 - 2014-06-15 14:18 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-05 15:54 - 2014-06-15 14:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-05 15:54 - 2014-06-13 10:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-05 15:54 - 2014-06-13 10:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-05 15:54 - 2014-06-13 09:36 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-05 15:54 - 2014-06-13 09:36 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-05 15:52 - 2014-09-04 15:38 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-11-05 15:12 - 2014-11-05 15:56 - 00000000 ____D () C:\Windows\pss
2014-11-05 15:02 - 2014-09-19 15:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-05 15:02 - 2014-09-19 15:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-05 15:02 - 2014-09-19 15:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-05 15:02 - 2014-09-19 15:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-05 15:02 - 2014-09-19 15:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-05 15:02 - 2014-09-19 15:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-05 15:02 - 2014-09-19 15:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-05 15:02 - 2014-09-19 15:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-05 15:02 - 2014-09-19 14:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-05 15:02 - 2014-09-19 14:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-05 15:02 - 2014-09-19 14:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-05 15:02 - 2014-09-19 14:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-05 15:02 - 2014-09-19 14:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-05 15:02 - 2014-09-19 14:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-05 15:02 - 2014-09-19 14:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-05 15:02 - 2014-09-19 14:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-05 15:02 - 2014-09-19 14:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-05 15:02 - 2014-09-19 14:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-05 15:01 - 2014-09-19 16:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-05 15:01 - 2014-09-19 15:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-05 15:01 - 2014-09-19 15:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-05 15:01 - 2014-09-19 15:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-05 15:01 - 2014-09-19 15:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-05 15:01 - 2014-09-19 15:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-05 15:01 - 2014-09-19 15:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-05 15:01 - 2014-09-19 15:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-05 15:01 - 2014-09-19 15:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-05 15:01 - 2014-09-19 15:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-05 15:01 - 2014-09-19 15:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-05 15:01 - 2014-09-19 15:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-05 15:01 - 2014-09-19 15:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-05 15:01 - 2014-09-19 14:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-05 15:01 - 2014-09-19 14:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-05 15:01 - 2014-09-19 14:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-05 15:01 - 2014-09-19 14:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-05 15:01 - 2014-09-19 14:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-05 15:01 - 2014-09-19 14:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-05 15:01 - 2014-09-19 14:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-05 15:01 - 2014-09-19 14:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-05 15:01 - 2014-09-19 14:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-05 15:01 - 2014-09-19 14:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-05 15:01 - 2014-09-19 14:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-05 14:59 - 2014-11-05 17:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-05 14:58 - 2014-11-05 14:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-05 14:57 - 2014-11-05 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-05 14:57 - 2014-11-05 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-05 14:57 - 2014-11-05 14:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-05 14:57 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-05 14:57 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-05 14:57 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-05 14:11 - 2014-11-05 14:17 - 00000000 ____D () C:\AdwCleaner
2014-11-05 14:10 - 2014-11-05 14:10 - 01375089 _____ () C:\Users\MAGGIE\Downloads\AdwCleaner.exe
2014-11-05 13:53 - 2014-11-05 13:53 - 00000732 _____ () C:\Users\MAGGIE\AppData\Local\d3d9caps64.dat
2014-11-05 13:29 - 2014-11-05 13:28 - 00305664 _____ (Secure By Design Inc.) C:\Users\MAGGIE\Desktop\Ninite AdAware Malwarebytes Installer.exe
2014-11-05 12:51 - 2014-11-05 12:51 - 00021271 _____ () C:\ComboFix.txt
2014-11-05 12:32 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-05 12:32 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-05 12:32 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-05 12:32 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-05 12:32 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-05 12:32 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-05 12:32 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-05 12:32 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-05 12:22 - 2014-11-05 12:22 - 00000000 ____D () C:\Users\MAGGIE\AppData\Local\VS Revo Group
2014-11-05 12:22 - 2014-11-05 12:22 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-11-05 12:22 - 2014-11-05 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-11-05 12:22 - 2014-11-05 12:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-05 12:22 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-11-05 12:20 - 2014-11-05 17:54 - 00000000 ____D () C:\Windows\erdnt
2014-11-05 12:20 - 2014-11-05 12:51 - 00000000 ____D () C:\Qoobox
2014-11-05 12:06 - 2014-11-05 12:06 - 00002081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-11-05 11:45 - 2014-11-05 11:45 - 00000000 ____D () C:\Users\MAGGIE\AppData\Local\Mozilla
2014-11-05 11:44 - 2014-11-05 11:44 - 00000902 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-05 11:44 - 2014-11-05 11:44 - 00000890 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-05 11:44 - 2014-11-05 11:44 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-05 11:44 - 2014-11-05 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-05 11:44 - 2014-11-05 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-05 09:16 - 2014-11-05 09:16 - 00001798 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirPort Utility.lnk
2014-11-05 09:16 - 2014-11-05 09:16 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-11-05 09:16 - 2014-11-05 09:16 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-11-05 09:16 - 2014-11-05 09:16 - 00000000 ____D () C:\Program Files (x86)\AirPort

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 17:53 - 2009-07-28 22:17 - 00000000 ____D () C:\Program Files (x86)\SMINST
2014-11-05 17:52 - 2006-11-02 07:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 17:52 - 2006-11-02 07:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-05 17:52 - 2006-11-02 07:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-05 17:52 - 2006-11-02 07:21 - 00283072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-05 17:41 - 2006-11-02 04:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-05 17:34 - 2008-01-20 19:26 - 00375068 _____ () C:\Windows\PFRO.log
2014-11-05 17:00 - 2008-01-20 17:53 - 01897113 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 17:00 - 2006-11-02 07:42 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-05 16:59 - 2009-07-28 22:06 - 00003580 _____ () C:\Windows\System32\Tasks\HP Health Check
2014-11-05 15:58 - 2009-07-28 21:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-05 15:52 - 2013-08-16 17:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-05 15:50 - 2006-11-02 04:35 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-05 15:34 - 2006-11-02 05:33 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-11-05 14:55 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-05 13:52 - 2010-03-26 12:55 - 00006000 _____ () C:\Users\MAGGIE\AppData\Local\d3d9caps.dat
2014-11-05 12:51 - 2006-11-02 05:33 - 00000000 __RHD () C:\Users\Default
2014-11-05 12:46 - 2006-11-02 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-05 12:44 - 2006-11-02 04:33 - 75497472 _____ () C:\Windows\system32\config\software.bak
2014-11-05 12:44 - 2006-11-02 04:33 - 60817408 _____ () C:\Windows\system32\config\components.bak
2014-11-05 12:44 - 2006-11-02 04:33 - 21757952 _____ () C:\Windows\system32\config\system.bak
2014-11-05 12:44 - 2006-11-02 04:33 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-11-05 12:44 - 2006-11-02 04:33 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-11-05 12:44 - 2006-11-02 04:33 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-11-05 12:43 - 2009-07-31 18:38 - 00000000 ____D () C:\Users\MAGGIE
2014-11-05 12:28 - 2010-11-11 20:10 - 00000000 ____D () C:\Users\MAGGIE\AppData\Local\CrashDumps
2014-11-05 12:28 - 2010-05-13 11:33 - 00000000 ____D () C:\Users\MAGGIE\Tracing
2014-11-05 12:19 - 2010-03-24 05:52 - 00011264 _____ () C:\Users\MAGGIE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-05 12:18 - 2006-11-02 07:27 - 00167078 _____ () C:\Windows\setupact.log
2014-11-05 12:11 - 2010-11-09 08:18 - 00000000 ____D () C:\Users\MAGGIE\AppData\Local\Windows Live
2014-11-05 12:10 - 2009-07-31 18:43 - 00067192 _____ () C:\Users\MAGGIE\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-05 12:06 - 2010-05-06 19:21 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-11-05 12:04 - 2006-11-02 05:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-05 12:03 - 2009-07-28 21:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-11-05 11:45 - 2010-03-23 18:42 - 00000000 ____D () C:\Users\MAGGIE\AppData\Roaming\Mozilla
2014-11-05 09:16 - 2011-02-20 10:56 - 00001830 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-11-05 09:16 - 2011-02-20 10:56 - 00000000 ____D () C:\Users\MAGGIE\AppData\Local\Apple
2014-11-05 09:07 - 2009-07-31 18:44 - 00000000 ____D () C:\Users\MAGGIE\AppData\Local\VirtualStore
2014-11-05 09:06 - 2009-07-28 22:08 - 00000000 ____D () C:\ProgramData\WildTangent
2014-11-05 08:43 - 2006-11-02 05:33 - 00000000 ____D () C:\Windows\rescache
2014-10-13 20:56 - 2012-03-01 18:05 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

Some content of TEMP:
====================
C:\Users\MAGGIE\AppData\Local\temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\MAGGIE\AppData\Local\temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\MAGGIE\AppData\Local\temp\Quarantine.exe
C:\Users\MAGGIE\AppData\Local\temp\{AB835877-B639-45C1-A226-D91C60C47F2C}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-us
inherit                 {globalsettings}
default                 {current}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No
customactions           0x1000085000001
                        0x54000001
custom:54000001         {863df33e-9817-11dc-b72e-001b24047e4e}

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-us
inherit                 {bootloadersettings}
recoverysequence        {572bcd55-ffa7-11d9-aae2-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {25ce0e04-7c00-11de-a31d-002421ad8421}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[D:]\sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path                    \windows\system32\boot\winload.exe
description             HP Recovery Manager
osdevice                ramdisk=[D:]\sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae2-0007e994107d}
device                  ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             HP Recovery Manager
osdevice                ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {863df33e-9817-11dc-b72e-001b24047e4e}
device                  ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             F11 Boot from BCD
osdevice                ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {25ce0e04-7c00-11de-a31d-002421ad8421}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
extendedinput           Yes

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description             Ramdisk Device Options
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi

Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             RAM Disk Settings
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi



LastRegBack: 2014-11-05 17:59

==================== End Of Log ============================



#5 monomo

monomo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 05 November 2014 - 11:48 PM

I am following the thread http://www.bleepingcomputer.com/forums/t/540686/wireless-internet-only-works-in-safe-mode-microsoft-security-center-wont-work/page-2

 

Got to post http://www.bleepingcomputer.com/forums/t/540686/wireless-internet-only-works-in-safe-mode-microsoft-security-center-wont-work/page-2#entry3424207

 

This is where the member makes a custom script...I also noticed that the OP ran into the same problem of not finding One reg file which I also noticed and skipped over.



#6 monomo

monomo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 06 November 2014 - 01:12 PM

Good morning, back at it again.



#7 monomo

monomo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 06 November 2014 - 09:16 PM

Bump! haven't been on this forum in a while, but having this problem really has sparked my interest in malware again...I want to be able to help others one day in this forum.  Even though I walk into walls all of the time so don't do what I say! LOL



#8 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 10 November 2014 - 08:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554930 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#9 monomo

monomo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 14 November 2014 - 12:55 AM

Hello, thanks for the response.



#10 monomo

monomo
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 PM

Posted 14 November 2014 - 12:58 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 10.67.2
Run by dell at 21:56:23 on 2014-11-13
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3519.1427 [GMT -8:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version9\tv_w32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\dell\Downloads\utorrent.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tango\Tango.exe
C:\Program Files\ManyCam\ManyCam.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\Users\dell\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\LG Electronics\LG On-Screen Phone\LGOsp.exe
C:\Program Files\LG Electronics\LG On-Screen Phone\LGBTConServerW32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\21.6.0.32\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\21.6.0.32\coieplg.dll
uRun: [uTorrent] "c:\users\dell\downloads\utorrent.exe"
uRun: [Google Update] "c:\users\dell\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Tango] c:\program files\tango\Tango.exe -r
uRun: [ManyCam] "c:\program files\manycam\ManyCam.exe" --silent
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [iCloudDrive] c:\program files\common files\apple\internet services\iCloudDrive.exe
uRun: [EPSON Stylus Photo R280 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticka.exe /fu "c:\windows\temp\E_S3423.tmp" /EF "HKCU"
uRun: [GoogleChromeAutoLaunch_9FD5ED0742D873E78F8A54709BF48770] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
StartupFolder: c:\users\dell\appdata\roaming\micros~1\windows\startm~1\programs\startup\deskpins.lnk - c:\program files\deskpins\DeskPins.exe
StartupFolder: c:\users\dell\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\dell\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{11A3C3C8-604A-4509-A30D-FA9C92305824} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1C2AF7EC-8D0F-4AA3-928A-314D1B88E384} : DHCPNameServer = 192.168.255.249
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dell\appdata\roaming\mozilla\firefox\profiles\p6sw3iug.default-1414537421305\
FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\users\dell\appdata\local\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\users\dell\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1506000.020\symds.sys [2014-10-24 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1506000.020\symefa.sys [2014-10-24 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton internet security\nortondata\21.0.2.1\definitions\bashdefs\20141107.001\BHDrvx86.sys [2014-11-10 1138392]
R1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\nis\1506000.020\ccsetx86.sys [2014-10-24 127064]
R1 IDSVix86;IDSVix86;c:\program files\norton internet security\nortondata\21.0.2.1\definitions\ipsdefs\20141113.001\IDSvix86.sys [2014-11-13 476888]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1506000.020\ironx86.sys [2014-10-24 209624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1506000.020\symnets.sys [2014-10-24 447704]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2014-7-22 142648]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-6-13 1236336]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\21.6.0.32\nis.exe [2014-10-24 276376]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RalinkRegistryWriter.exe [2014-10-6 69632]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-9-12 66344]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-10-5 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-10-5 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-10-5 171928]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-10-24 4799760]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2014-11-3 2054680]
R3 e1kexpress;Intel® Network Connections Driver K;c:\windows\system32\drivers\e1k6232.sys [2013-12-20 369416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-10-24 111408]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2014-7-28 47728]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2014-5-13 29936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys [2013-4-18 25856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2014-10-5 43368]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-11-11 102912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-10-10 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-10-10 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2014-10-10 27136]
.
=============== Created Last 30 ================
.
2014-11-13 16:25:10    --------    d-----w-    c:\program files\CCleaner
2014-11-12 05:56:59    67584    ----a-w-    c:\windows\system32\packager.dll
2014-11-10 19:13:26    93808    ----a-w-    c:\program files\mozilla firefox\webapprt-stub.exe
2014-11-04 23:19:30    --------    d-----w-    c:\program files\Epson Software
2014-11-04 23:18:52    80024    ----a-w-    c:\windows\system32\PICSDK.dll
2014-11-04 23:18:52    51360    ----a-w-    c:\windows\system32\EpPicPrt.dll
2014-11-04 23:18:52    51360    ----a-w-    c:\windows\system32\EpPicMgr.dll
2014-11-04 23:18:52    501912    ----a-w-    c:\windows\system32\PICSDK2.dll
2014-11-04 23:18:52    108704    ----a-w-    c:\windows\system32\PICEntry.dll
2014-11-04 23:18:49    --------    d-----w-    c:\programdata\EPSON
2014-11-04 23:16:12    --------    d-----w-    c:\program files\EPSON
2014-11-04 01:04:57    1002008    ----a-w-    c:\windows\system32\mesoludlg.exe
2014-11-04 01:04:57    --------    d-----w-    c:\windows\system32\Lang
2014-11-04 01:04:57    --------    d-----w-    c:\program files\common files\postureAgent
2014-11-04 01:04:45    --------    d-----w-    c:\program files\common files\Intel
2014-10-25 06:30:43    --------    d-----w-    c:\program files\TeamViewer
2014-10-24 17:46:35    --------    d-----w-    C:\NPE
2014-10-24 17:43:30    --------    d-----w-    c:\users\dell\appdata\local\NPE
2014-10-24 17:36:36    --------    d-----r-    c:\users\dell\iCloudDrive
2014-10-24 17:36:33    --------    d-----w-    c:\users\dell\appdata\local\Apple Inc
2014-10-24 17:28:28    936152    ----a-w-    c:\windows\system32\drivers\nis\1506000.020\symefa.sys
2014-10-24 17:28:28    447704    ----a-w-    c:\windows\system32\drivers\nis\1506000.020\symnets.sys
2014-10-24 17:28:28    367704    ----a-r-    c:\windows\system32\drivers\nis\1506000.020\symds.sys
2014-10-24 17:28:28    32984    ----a-w-    c:\windows\system32\drivers\nis\1506000.020\srtspx.sys
2014-10-24 17:28:28    21520    ----a-r-    c:\windows\system32\drivers\nis\1506000.020\symelam.sys
2014-10-24 17:28:27    664792    ----a-w-    c:\windows\system32\drivers\nis\1506000.020\srtsp.sys
2014-10-24 17:28:27    209624    ----a-w-    c:\windows\system32\drivers\nis\1506000.020\ironx86.sys
2014-10-24 17:28:27    127064    ----a-w-    c:\windows\system32\drivers\nis\1506000.020\ccsetx86.sys
2014-10-24 17:28:15    --------    d-----w-    c:\windows\system32\drivers\nis\1506000.020
2014-10-24 17:22:42    142936    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2014-10-24 17:22:42    --------    d-----w-    c:\program files\common files\Symantec Shared
2014-10-24 17:21:51    --------    d-----w-    c:\windows\system32\drivers\NIS
2014-10-24 17:21:48    --------    d-----w-    c:\programdata\Norton
2014-10-24 17:21:48    --------    d-----w-    c:\program files\Norton Internet Security
2014-10-24 17:21:40    --------    d-----w-    c:\programdata\NortonInstaller
2014-10-24 17:21:40    --------    d-----w-    c:\program files\NortonInstaller
2014-10-23 21:06:42    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2014-10-23 21:06:42    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2014-10-23 21:06:42    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2014-10-23 21:06:42    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2014-10-23 21:06:42    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2014-10-23 21:03:56    --------    d-----w-    c:\program files\iPod
2014-10-23 21:03:49    --------    d-----w-    c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-10-23 21:03:49    --------    d-----w-    c:\program files\iTunes
2014-10-17 22:58:16    --------    d-----w-    c:\users\dell\appdata\local\CrashDumps
2014-10-16 18:06:59    --------    d-----w-    c:\users\dell\appdata\roaming\Unity
2014-10-16 18:05:32    --------    d-----w-    c:\users\dell\appdata\local\Unity
2014-10-16 00:54:40    157696    ----a-w-    c:\windows\system32\winsta.dll
2014-10-16 00:54:39    304128    ----a-w-    c:\windows\system32\winlogon.exe
2014-10-16 00:54:39    130048    ----a-w-    c:\windows\system32\rdpcorekmts.dll
2014-10-16 00:54:38    184320    ----a-w-    c:\windows\system32\drivers\rdpwd.sys
2014-10-16 00:54:36    31232    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2014-10-16 00:53:51    2744320    ----a-w-    c:\windows\system32\rdpcorets.dll
2014-10-16 00:53:42    156824    ----a-w-    c:\windows\system32\mscorier.dll
2014-10-16 00:53:42    1131664    ----a-w-    c:\windows\system32\dfshim.dll
2014-10-16 00:53:41    81560    ----a-w-    c:\windows\system32\mscories.dll
2014-10-16 00:53:38    372736    ----a-w-    c:\windows\system32\rastls.dll
2014-10-16 00:50:58    96768    ----a-w-    c:\windows\system32\appidpolicyconverter.exe
.
==================== Find3M  ====================
.
2014-11-12 08:34:08    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 08:34:08    701104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-11-06 03:28:20    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-11-06 03:28:06    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-11-06 03:13:43    501248    ----a-w-    c:\windows\system32\vbscript.dll
2014-11-06 03:13:36    62464    ----a-w-    c:\windows\system32\iesetup.dll
2014-11-06 03:12:44    47616    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-11-06 03:10:58    64000    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-11-06 02:59:36    115712    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-11-06 02:59:34    102912    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-11-06 02:58:38    620032    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-11-06 02:51:33    667648    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-06 02:42:36    60416    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-06 02:21:49    4298240    ----a-w-    c:\windows\system32\jscript9.dll
2014-11-06 02:21:25    2051072    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-11-06 02:20:37    1155072    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-11-06 01:52:35    1892864    ----a-w-    c:\windows\system32\wininet.dll
2014-10-18 01:33:18    571904    ----a-w-    c:\windows\system32\oleaut32.dll
2014-10-14 01:56:19    136632    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50:50    523776    ----a-w-    c:\windows\system32\termsrv.dll
2014-10-14 01:50:39    1059840    ----a-w-    c:\windows\system32\lsasrv.dll
2014-10-14 01:47:30    146432    ----a-w-    c:\windows\system32\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    c:\windows\system32\adtschema.dll
2014-10-10 21:32:35    13824    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
2014-10-10 00:45:54    2379264    ----a-w-    c:\windows\system32\win32k.sys
2014-10-07 22:35:58    110296    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-06 03:30:41    231424    ----a-w-    c:\windows\system32\mswsock.dll
2014-10-06 03:30:27    49152    ----a-w-    c:\windows\system32\taskhost.exe
2014-10-06 03:27:48    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2014-10-06 01:06:22    87608    ----a-w-    c:\users\dell\appdata\roaming\inst.exe
2014-10-06 01:06:22    47360    ----a-w-    c:\users\dell\appdata\roaming\pcouffin.sys
2014-10-06 00:28:57    96680    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-10-03 01:44:42    442880    ----a-w-    c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44:31    275968    ----a-w-    c:\windows\system32\EncDump.dll
2014-10-03 01:44:26    475136    ----a-w-    c:\windows\system32\audiosrv.dll
2014-10-03 01:44:26    374784    ----a-w-    c:\windows\system32\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    c:\windows\system32\AudioSes.dll
2014-10-02 21:23:20    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2014-10-02 21:23:20    69632    ----a-w-    c:\windows\system32\QuickTime.qts
2014-09-25 01:40:50    519680    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-19 09:23:55    172032    ----a-w-    c:\windows\system32\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    c:\windows\system32\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    c:\windows\system32\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    c:\windows\system32\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    c:\windows\system32\msv1_0.dll
2014-09-19 09:23:42    550912    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-19 09:23:36    17408    ----a-w-    c:\windows\system32\credssp.dll
2014-09-09 21:47:10    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-05 01:52:10    445952    ----a-w-    c:\windows\system32\aepdu.dll
2014-09-05 01:47:39    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-08-30 01:50:57    5702656    ----a-w-    c:\windows\system32\mstscax.dll
2014-08-23 01:46:55    305152    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-21 06:26:21    1237504    ----a-w-    c:\windows\system32\msxml3.dll
2014-08-21 06:23:10    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2014-08-19 02:41:38    50176    ----a-w-    c:\windows\system32\setbcdlocale.dll
2014-08-19 02:41:22    50688    ----a-w-    c:\windows\system32\appidapi.dll
2014-08-19 02:41:22    27648    ----a-w-    c:\windows\system32\appidsvc.dll
2014-08-19 02:40:49    16896    ----a-w-    c:\windows\system32\appidcertstorecheck.exe
2014-08-19 01:48:34    50176    ----a-w-    c:\windows\system32\drivers\appid.sys
.
============= FINISH: 21:57:13.45 ===============
 


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/5/2014 5:20:11 PM
System Uptime: 11/13/2014 4:18:35 PM (5 hours ago)
.
Motherboard: Hewlett-Packard |  | 3032h
Processor: Intel® Core™2 Quad CPU    Q8400  @ 2.66GHz | XU1 PROCESSOR | 2667/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 14.731 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is FIXED (NTFS) - 684 GiB total, 25.312 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Linksys Wireless-G PCI Adapter
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&776F17C&0&20F0
Manufacturer: Linksys, A Division of Cisco Systems, Inc.
Name: Linksys Wireless-G PCI Adapter
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00321737&REV_01\4&776F17C&0&20F0
Service: RT2500
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&AE8F725&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&AE8F725&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP38: 11/13/2014 7:25:25 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
4K Video Downloader 3.4
4K YouTube to MP3 2.9
7-Zip 9.20
Ad-Aware Antivirus
Adobe Flash Player 15 Plugin
Any Video Converter 5.7.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Camtasia Studio 8
CCleaner
CDBurnerXP
ChromecastApp
CutePDF Writer 3.0
DeskPins (remove only)
Dropbox
Epson Print CD
EPSON Printer Software
FileZilla Client 3.9.0.6
Google Chrome
Google Update Helper
HandBrake 0.9.9.1
iCloud
ImgBurn
Intel® Active Management Technology
iTunes
Java 7 Update 67
Java Auto Updater
K-Lite Codec Pack 10.7.5 Full
LG On-Screen Phone
LG United Mobile Drivers
Malwarebytes Anti-Malware version 2.0.2.1012
ManyCam 4.0.110
Microsoft .NET Framework 4.5.1
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 33.1 (x86 en-US)
Mozilla Maintenance Service
Norton Internet Security
Notepad++
QuickTime 7
Ralink Wireless LAN
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Skype™ 6.21
Spybot - Search & Destroy
SumatraPDF
SUPERAntiSpyware
Tango
TeamViewer 9
Unity Web Player
Videostream Port Fix
VirtualCloneDrive
VLC media player
VSO ConvertXToDVD
.
==== Event Viewer Messages From Past Week ========
.
11/12/2014 3:18:43 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:56 AM

Posted 14 November 2014 - 07:50 PM

Greetings monomo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me so that I may evaluate the most recent information.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:56 AM

Posted 17 November 2014 - 09:55 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:56 AM

Posted 19 November 2014 - 09:34 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users