How To Replace MSMPeng.exe For Defender After Trojan Attack???

B

Bobster52

Well-known member
Joined
Dec 13, 2012
Posts
69
Location
Florida
Good Morning Corrine;
Bobster52 here, Richard suggested I post a new thread here...I have just been the victim of a Trojan attack, (yesterday morning)...Was online viewing a webpage when a box from Adobe Flash Player popped up saying an update was available, and the download bar started running, I immediatly exited MSN Explorer back to my Desk Top because I have Flashplayer set to notify of updates, and let me decide if I want to install them or not, so right there I knew it was'nt from Adobe, also when they do send a notification for an update, its always there when the desktop opens on startup, not after I've gone online...Ok, so back on the desktop, the download bar finished dowloading, (guess I was'nt quick enough), and another box opened and said I have a more recent version of flash player on my computer than the one just downloaded, and did I want to continue, I clicked on no and closed the box...Then i started looking around...Found that My Eset Nod32 Antivirus was crippled, and that Windows Defender was'nt operating either...I was able to run a quick scan on Nod32 and it found 2 Trojans, and quarentined them (should have written their name down :banghead: but I'm 1/2 Polish)...I called up ESET, explained what happened and the Tech asked for the error message from Nod32, gave it to him, and he had me download and run a ESET Program called "Services Restore"...That fixed Nod32... then he suggested I reboot into Safe Mode with Networking and download and run the ESET On-Line Scanner, and call him back if that did'nt solve the problem...Before I exited, I turned off system restore to avoid the Trojans being copied into a ShadowCopy Restore Point...Now I'm in Safe Mode--Ran the Scanner and it came up clean, while I was there I also ran Maleware Bytes free program and did a full system scam and that came up clean, lastly I ran the Karpinsky Labs TDDS Killer program for Rootkits, and that came up clean...

Exited Safe Mode, rebooted, and landed back on my Desktop, pulled up Nod32 and erased the Trojans out of Detected Threats and out of the Quartine folder, Opened up System restore and created another Restore Point, clicked on Start, Explore, App Data, Local, deleted the 2 empty files at the top of the page and emptied out the Temp Folder, (from past experience, seems like most Trojans hide there) which did contain a folder with the Icon from Flash Player and created at the same date and time as the attack...From there just did regular clean up...Internet Options-Delete, Empty the Windows Temp Folder, Clear the CBS Log, and do a disk cleanup...Pretty sure I got rid of the Perbatrators...That is, unless you know of other places to Look???? (Let me appoligize now for this being so lengthy)

Soooo, Now my reason for this thread...Nod32 is running fine now, did a full system scan and came up o threats....And Windows Defender was also put back into a operating stage by the "Services Restore Tool", however when I manually tried to update Defenders Definition Library, I got a message that "This App Can Not Be Updated" but then when I opened Windows Update it showed it was just updated to KB915597 :s5:...I rebooted, and checked services, and sure enough Defender was running, however, when when I ran MSCONFIG, I found that the Start-Up Item For Windows Defender Had been Removed, And that is what I would like to replace, just to make sure I dont have any problems with Defender Updating correctly...Have done a little "Digging" last night to find there are supposedly 2 files that run in the "Processes" section of Windows Task Manager pertaining to Windows Defender, MSASCui.exe & MSMPeng.exe... The MSASCui.exe is present in the Processes section, however the MSMPeng.exe is not, and I cannot help but wonder if that file has anything to do with the missing entry in the System Configuration Start Menu, corrisponding to the appropriate Registry Key????

Any Suggestions would be greatly appreaciated...Thanks again, Bobster52
 
Hi Bobster52,

The infection doesn't sound like it was too serious, but we'll run a couple of checks just to make sure there is nothing still on the system. We'll run a couple of tools to get a deeper look at your system.

  1. Please download DDS.scr by sUBs and save it to your desktop.

    Disable any script blocker, and then double click dds.scr to run the tool.

    When done, DDS will save 2 logs to your desktop
    DDS.txt
    Attach.txt
    • Disable any script blocker and then double-click dds.scr to run.
    • Shortly after two logs will appear, DDS.txt & Attach.txt
    • The logs will automatically be saved to your desktop.

  2. Please download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double-click SecurityCheck.exe and follow the on-screen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt.
    • Please post the contents of that document with the other requested logs.
 
Last edited:
check your msconfig to see if a new startup program may be added to the list. uncheck any unwanted startup programs and services. then you can use process hacker from here: Overview - Process Hacker and see your running tasks. you can use ctrl+enter to find each task directory and even track its source.

if you need help in selecting your starup program, you can show me the list and we can help you on that.
place a screenshot of the process explorer here, and i can help you more in advance..
 
Will Watts said:
Hi Bobster52,

The infection doesn't sound like it was too serious, but we'll run a couple of checks just to make sure there is nothing still on the system. We'll run a couple of tools to get a deeper look at your system.

  1. Please download DDS.scr by sUBs and save it to your desktop.
    Disable any script blocker, and then double click dds.scr to run the tool.

    When done, DDS will save 2 logs to your desktop
    DDS.txt
    Attach.txt
    • Disable any script blocker and then double-click dds.scr to run.
    • Shortly after two logs will appear, DDS.txt & Attach.txt
    • The logs will automatically be saved to your desktop.
  2. Please download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double-click SecurityCheck.exe and follow the on-screen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt.
    • Please post the contents of that document with the other requested logs.
Click to expand...

would you tell me what exactly DDS do?( it has .scr extension! what is it? screansaver??!!)
 
Edit: Bob, please just follow the instructions provided by Will Watts.

mmmkarimi, DDS is a tool similar to HijackThis. It provides logs that are useful in analyzing what is on the computer.
 
Last edited:
Hey Will;
Thanks for the quick reply, did everything you asked for and were able to upload the 3 Txt. files, however when the GMER program finished, and I clicked on "Save" it is'nt giving me any options... Just sitting on my Desktop....Any suggestions on how to get it to you???? Thanks Bobster52...

Logs added to post by Corrine:

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 5.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 9
Java version out of Date!
Adobe Reader 10.1.5 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Bobby at 10:36:40 on 2013-01-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4095.2005 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files (x86)\LCDC\LCDC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files (x86)\MSN\MSNCoreFiles\msn.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [LCDC] C:\Program Files (x86)\LCDC\LCDC.exe 0
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [PowerPanel Personal Edition User Interaction] "C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [NWEReboot] <no file>
StartupFolder: C:\Users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
TCP: NameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{467C5093-C594-49BA-B4FD-0871C9C06C62} : DHCPNameServer = 192.168.1.1 192.168.0.1
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [SoundMan] SOUNDMAN.EXE
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
============= SERVICES / DRIVERS ===============
.
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-3-13 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-3-13 141920]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
R1 ehdrv;ehdrv;C:\Windows\System32\drivers\ehdrv.sys [2012-3-14 148528]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-3-14 137144]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-3-13 27648]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-10-7 271640]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
R3 lvsels64;Logitech Selective Suspend Filter;C:\Windows\System32\drivers\lvsels64.sys [2009-10-7 67992]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2012-11-4 50072]
R3 LVUVC64;QuickCam Orbit/Sphere MP(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\System32\drivers\point64.sys [2011-8-1 45416]
R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2006-11-2 1523712]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2006-11-2 392704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CLKMSVC10_38F51D56;CyberLink Product - 2012/10/30 19:15:06;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
S3 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2012-3-13 19968]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-3-13 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-01-09 20:00:45 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 20:00:45 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-08 18:13:13 67599240 ----a-w- C:\Windows\System32\mrt.exe
2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-23 01:54:35 2770432 ----a-w- C:\Windows\System32\win32k.sys
2012-11-22 04:22:38 456192 ----a-w- C:\Windows\System32\shlwapi.dll
2012-11-22 03:54:36 353280 ----a-w- C:\Windows\SysWow64\shlwapi.dll
2012-11-20 04:22:50 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-20 04:21:04 253952 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-04 23:03:09 319488 ----a-w- C:\Windows\HideWin.exe
2012-11-03 14:29:40 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-11-03 14:29:34 289768 ----a-w- C:\Windows\System32\javaws.exe
2012-11-03 14:29:34 189416 ----a-w- C:\Windows\System32\javaw.exe
2012-11-03 14:29:34 188904 ----a-w- C:\Windows\System32\java.exe
2012-11-03 14:29:33 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-11-03 14:29:33 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-11-03 14:26:24 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-03 14:26:18 246760 ----a-w- C:\Windows\SysWow64\javaws.exe
2012-11-03 14:26:17 174056 ----a-w- C:\Windows\SysWow64\javaw.exe
2012-11-03 14:26:17 174056 ----a-w- C:\Windows\SysWow64\java.exe
2012-11-03 14:26:16 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-11-03 14:26:16 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-11-02 10:47:16 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-02 10:47:16 1794560 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
2012-11-02 10:19:34 1400832 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-02 10:19:33 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
2012-10-30 23:10:59 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-10-30 23:10:59 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-10-30 23:10:59 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-10-30 04:32:22 210571 ----a-w- C:\ProgramData\1351571365.bdinstall.bin
2012-10-30 00:19:14 415129 ----a-w- C:\ProgramData\1351556090.bdinstall.bin
2012-10-29 15:14:02 60416 ----a-w- C:\Windows\ALCFDRTM.VER
2012-10-29 14:57:33 60416 ----a-w- C:\Windows\ALCFDRTM.EXE
.
============= FINISH: 10:36:58.28 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/12/2012 7:17:40 PM
System Uptime: 1/19/2013 5:53:53 AM (5 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | A8N-E
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | Socket 939 | 2412/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 279 GiB total, 228.95 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 223.43 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7100 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7100 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP312: 1/17/2013 4:06:02 PM - New Restore Point
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
Acronis True Image WD*Edition
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.5)
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_CDA_ToolboxIni64
AIO_Scan
BufferChm
C7100
c7100_Help
Copy
CyberLink Blu-ray Disc Suite
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDVD 10
CyberLink PowerProducer
CyberPower PowerPanel Personal Edition
D3DX10
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
ESET NOD32 Antivirus
eSupportQFolder
Fax
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Solution Center 8.0
HPProductAssistant
Java 7 Update 9
Java 7 Update 9 (64-bit)
Java Auto Updater
LCDC
LG United Mobile Driver
LightScribe System Software
Logitech QuickCam Driver Package
Logitech Webcam Software
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
NetDeviceManager64
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Drivers
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Realtek AC'97 Audio
Samsung USB Driver
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
SolutionCenter
Spelling Dictionaries Support For Adobe Reader X
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Winmx Community 1
.
==== End Of File ===========================
 

Attachments

Last edited by a moderator:
Hi Bobster52,

I actually edited out the instructions for GMER after my post. It's a useful tool to run, but it didn't look like it was needed here.

Does the program do nothing when you click save? There should be an ark.log file created either on your desktop, or in whichever directory GMER was run from. If no log has been produced, and GMER is not responding to the Save button, please exit the program, it may be a bug with the latest version. If it won't produce a log, don't worry as I don't think it will be needed here. Apologies for making you run the program unnecessarily.

Could you describe in more detail what the problem with Windows Defender is? Which files are present will vary depending on which version of Windows you're running - however, what error messages are you getting? Are there any other issues with the program, other than the update error?

In the meantime we'll take a look at your logs and get back to you as soon as we can.
 
Hey Will;
Strangely enough Defender seems to be running ok, but is missing the MSMPeng.exe file, and I also noticed that the entry for it in the System Configuration Start Menu is missing...Also in the registry entries under HKey Local Machine for Defender I noticed a few entries which were ---DisableAntiSpy Reg_DWord 0x00000000 (0)
-BddUpdateFailure Reg_DWord 0x00000000 (0)
-DeltaUpdateFailure Reg_DWord 0x00000000 (0)

And I just want to make sure that this wont cause any problems with it recieving the proper definition updates...Bobster52

Afterthought....Yea, GMER is just sitt'in there...No log that I can find....It's also not letting me delete the downloaded desktop program???
 
Will;
Just A Quick Note, just opened up Defender and it told me that at 11:30AM it found a Trojan;Win32/Sirefef!cfg and successfully removed it....Wonder why ESET Nod32 did'nt find it??? Think it was also contained in that GMER Log, maybe why it was'nt responding...Bobster52
 
Hi, Bob.

First things first -- I do not recommend clearing System Restore when dealing with malware. The reason is that if something goes wrong during the cleanup process, there is no restore point to return to. At lease with an infected restore point, it is possible to begin the cleanup again.

Before turning to the next step, I would like you to read Java, The Never-Ending Saga. It is your decision on whether you wish to keep Oracle Java on your computer. However, if you elect to do so, please follow the instructions to disable Java until needed. Even the latest, rushed update has been found to be vulnerable. If you wish to keep Java, please update to Java Version 7 Update 11.

After completing the above, since variants of Win32/Sirefef attempt to replace a randomly-selected system driver with its own malicious copy, please do the following so we can determine if that has happened or if there are any remnants.


Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2


!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

    Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
  • If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    CF_RC1.png

  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    CF_RC2.png

  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please copy/paste the C:\ComboFix.txt in your next reply.
 
Hi Corrine;
Wow that was no fun!!! Did what you asked, ComboFix did'nt download the recovery console, it ran in a blue window and after 50 some scans said that System32\services was infected and it was going to try to fix the windows folders....Frozen there for almost an hour so I closed out the screen, and re-ran it...this time it found a different infection, am sending you the log...When I click on my C-drive, now I have 4 files that weren't there before and missing some more things from the MSCONFIG start menu....The files are Boot-MSOCache-ProgramData-Qoobox-And the Text File I'm sending you....These files contain Quarintined files-Registry back-up files-Add/Remove program files- Ect....What do I do with all those files???

N-E-Way---I really appreciate you guys helping me with this, and look foward to your next post, with my new directive....Thanks again, Bobster52

Edit by Corrine to paste log:

ComboFix 13-01-17.04 - Bobby 01/19/2013 17:01:06.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4095.1286 [GMT -5:00]
Running from: c:\users\Bobby\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1351556090.bdinstall.bin
c:\programdata\1351571365.bdinstall.bin
c:\windows\SysWow64\msnphoto.scr
.
c:\windows\SysWow64\userinit.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 21:06 . 2013-01-19 21:06 308640 ----a-w- c:\windows\system32\javaws.exe
2013-01-19 21:06 . 2013-01-19 21:06 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-01-19 21:06 . 2013-01-19 21:06 188832 ----a-w- c:\windows\system32\javaw.exe
2013-01-19 21:06 . 2013-01-19 21:06 188832 ----a-w- c:\windows\system32\java.exe
2013-01-19 21:06 . 2013-01-19 21:06 -------- d-----w- c:\program files\Java
2013-01-19 21:05 . 2013-01-19 21:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-19 21:04 . 2013-01-19 21:04 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-19 21:04 . 2013-01-19 21:04 -------- d-----w- c:\program files (x86)\Java
2013-01-19 19:40 . 2013-01-19 19:41 -------- d-----w- c:\windows\LastGood
2013-01-19 19:39 . 2013-01-19 19:39 -------- d-----w- c:\program files\ESET
2013-01-18 11:55 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C615380-80EA-4ECA-AD2C-6271ABBBC435}\mpengine.dll
2013-01-08 18:12 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-08 18:12 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-08 18:11 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 18:11 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2013-01-08 18:11 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2013-01-08 18:11 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-08 18:11 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-08 18:11 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
2013-01-07 08:12 . 2013-01-17 15:25 -------- d-----w- c:\programdata\MSNDynFiles
2013-01-03 14:15 . 2013-01-03 14:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-03 14:15 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-03 12:59 . 2013-01-03 12:59 -------- d-----w- c:\users\Bobby\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-19 21:06 . 2012-11-03 14:29 1081760 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-19 21:06 . 2012-03-13 03:59 960416 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-19 21:04 . 2012-04-26 21:39 859552 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-19 21:04 . 2012-03-13 03:56 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-09 20:00 . 2012-04-05 21:04 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 20:00 . 2012-03-13 20:19 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 18:13 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2012-12-16 13:31 . 2012-12-20 20:50 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-20 20:50 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-20 20:50 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-20 20:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 04:50 . 2012-12-13 04:50 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-12-13 04:50 . 2012-12-13 04:50 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-12-13 04:50 . 2012-12-13 04:50 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-12-13 04:50 . 2012-12-13 04:50 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-12-13 04:50 . 2012-12-13 04:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-12-13 04:50 . 2012-12-13 04:50 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-12-13 04:50 . 2012-12-13 04:50 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-12-13 04:50 . 2012-12-13 04:50 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-12-13 04:50 . 2012-12-13 04:50 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-12-13 04:50 . 2012-12-13 04:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-12-13 04:50 . 2012-12-13 04:50 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-12-13 04:50 . 2012-12-13 04:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-12-13 04:50 . 2012-12-13 04:50 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-12-13 04:50 . 2012-12-13 04:50 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-12-13 04:50 . 2012-12-13 04:50 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-12-13 04:50 . 2012-12-13 04:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-12-13 04:50 . 2012-12-13 04:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-12-13 04:50 . 2012-12-13 04:50 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-12-13 04:50 . 2012-12-13 04:50 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-12-13 04:50 . 2012-12-13 04:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-12-13 04:50 . 2012-12-13 04:50 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-12-13 04:50 . 2012-12-13 04:50 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-12-13 04:50 . 2012-12-13 04:50 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-12-13 04:50 . 2012-12-13 04:50 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-12-13 04:50 . 2012-12-13 04:50 816640 ----a-w- c:\windows\system32\jscript.dll
2012-12-13 04:50 . 2012-12-13 04:50 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-12-13 04:50 . 2012-12-13 04:50 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-12-13 04:50 . 2012-12-13 04:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-12-13 04:50 . 2012-12-13 04:50 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-12-13 04:50 . 2012-12-13 04:50 248320 ----a-w- c:\windows\system32\ieui.dll
2012-12-13 04:50 . 2012-12-13 04:50 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-12-13 04:50 . 2012-12-13 04:50 222208 ----a-w- c:\windows\system32\msls31.dll
2012-12-13 04:50 . 2012-12-13 04:50 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-12-13 04:50 . 2012-12-13 04:50 197120 ----a-w- c:\windows\system32\msrating.dll
2012-12-13 04:50 . 2012-12-13 04:50 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-12-13 04:50 . 2012-12-13 04:50 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-12-13 04:50 . 2012-12-13 04:50 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-12-13 04:50 . 2012-12-13 04:50 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-12-13 04:50 . 2012-12-13 04:50 136192 ----a-w- c:\windows\system32\advpack.dll
2012-12-13 04:50 . 2012-12-13 04:50 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-12-13 04:50 . 2012-12-13 04:50 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-12-13 04:50 . 2012-12-13 04:50 12288 ----a-w- c:\windows\system32\mshta.exe
2012-12-13 04:50 . 2012-12-13 04:50 114176 ----a-w- c:\windows\system32\admparse.dll
2012-12-13 04:50 . 2012-12-13 04:50 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-12-13 04:50 . 2012-12-13 04:50 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-12-13 04:50 . 2012-12-13 04:50 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-12-13 04:50 . 2012-12-13 04:50 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-12-13 04:50 . 2012-12-13 04:50 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-12-13 04:50 . 2012-12-13 04:50 82432 ----a-w- c:\windows\system32\icardie.dll
2012-12-13 04:50 . 2012-12-13 04:50 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-12-13 04:50 . 2012-12-13 04:50 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-12-13 04:50 . 2012-12-13 04:50 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-12-13 04:50 . 2012-12-13 04:50 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-12-13 04:50 . 2012-12-13 04:50 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-12-13 04:50 . 2012-12-13 04:50 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-12-13 04:50 . 2012-12-13 04:50 448512 ----a-w- c:\windows\system32\html.iec
2012-12-13 04:50 . 2012-12-13 04:50 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-12-13 04:50 . 2012-12-13 04:50 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-12-13 04:50 . 2012-12-13 04:50 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-12-13 04:50 . 2012-12-13 04:50 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-13 04:50 . 2012-12-13 04:50 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-12-13 04:50 . 2012-12-13 04:50 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-12-13 04:50 . 2012-12-13 04:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-13 04:50 . 2012-12-13 04:50 237056 ----a-w- c:\windows\system32\url.dll
2012-12-13 04:50 . 2012-12-13 04:50 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-12-13 04:50 . 2012-12-13 04:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-12-13 04:50 . 2012-12-13 04:50 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-12-13 04:50 . 2012-12-13 04:50 160256 ----a-w- c:\windows\system32\wextract.exe
2012-12-13 04:50 . 2012-12-13 04:50 149504 ----a-w- c:\windows\system32\occache.dll
2012-12-13 04:50 . 2012-12-13 04:50 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-13 04:50 . 2012-12-13 04:50 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-12-13 04:50 . 2012-12-13 04:50 103936 ----a-w- c:\windows\system32\inseng.dll
2012-11-13 01:45 . 2012-12-11 20:39 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-11 20:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-04 23:03 . 2012-10-29 14:18 319488 ----a-w- c:\windows\HideWin.exe
2012-11-02 10:45 . 2012-12-11 20:39 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 10:45 . 2012-12-11 20:39 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-11-02 10:18 . 2012-12-11 20:39 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-11-02 08:59 . 2012-12-11 20:39 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-11-02 08:26 . 2012-12-11 20:39 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
2012-10-30 23:10 . 2012-10-30 22:45 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-10-30 23:10 . 2006-12-11 01:39 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-10-30 23:10 . 2006-12-11 01:39 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-10-29 15:14 . 2012-10-29 14:57 60416 ----a-w- c:\windows\ALCFDRTM.VER
2012-10-29 14:57 . 2012-10-29 14:57 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2012-10-23 12:24 . 2012-10-23 12:24 138744 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2012-10-23 12:24 . 2012-10-23 12:24 211344 ----a-w- c:\windows\system32\drivers\eamonm.sys
2012-10-23 12:24 . 2012-10-23 12:24 149592 ----a-w- c:\windows\system32\drivers\ehdrv.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LCDC"="c:\program files (x86)\LCDC\LCDC.exe" [2006-11-07 1691648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2005-10-24 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2012-10-30 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 19:40 453736 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 6325936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.0.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-NWEReboot - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-19 17:14:02
ComboFix-quarantined-files.txt 2013-01-19 22:14
.
Pre-Run: 243,034,877,952 bytes free
Post-Run: 243,004,391,424 bytes free
.
- - End Of File - - 91C03BD747620787A064E359DFC27E6C
 

Attachments

Last edited by a moderator:
Hi, Bob.

To answer your questions first --

  • ComboFix creates a folder at the root of the C: drive to store the backup, quarantine and log files. Please leave it for now. We will take care of it when we're sure we're finished with ComboFix.
  • MSOCache is for the Microsoft Office 2007 installation on your computer. See Description of the Local Install Source feature in 2007 Office programs.
  • Richard had you show hidden files during the process of working on the Windows Update issue. Boot and ProgramData have been on your computer all along.

Please explain what you mean that you are "missing some more things from the MSCONFIG start menu". Officially, MSConfig is System Configuration. It is a system utility intended to be used to troubleshoot the start up processes, rather than as a permanent solution for items in Start Up.

Since you already have my favorite antivirus software installed, let's try a different program for a second opinion.

Please go here to perform a Kaspersky scan.
  • Download the file, accept the license agreement and allow it to install.
  • When the program launches, click the option for Quick Scan.
  • When the scan is completed, if malware or vulnerabilities are found, click the arrow under the Details column.
  • Mouse over and select any findings and copy/paste the results as a reply.
 
Hi Corrine;
Well Here it is ---12:00am----and I'm just getting my old pute back to where it belongs...I gotta tell ya what I think of "ComboFix"...It has to be one of the crappiest pieces of software ever written (and I'm trying to be nice)...It totally trashed my system...I had to reboot several times to find that half of my apps. were'nt even loading, it dumped 4 files and a log in my "C" folder, and no I did'nt have my hidden files open...the pute was so unstable and erratic, I had to walk away from it for 30 minutes...when I came back I figured - ENOUGH! And did a system restore to the time just before I ran ComboFix...That got my apps running, did'nt take the folders out of :C:, but what the Hay...I then rebooted in safe mode with networking, downloaded MalewareBytes Beta Rootkit and followed the directions...Funny how on the first run it found that Trojan along with 3 of its varients...the first scan took 6 minutes...you reboot to clean the infection from your system...Ran the scan a 2nd time, and it found 1 more infection...rebooted again and ran it a 3rd time and the system came out clean, O infections...It even comes with a repair utility in case the rootkits damaged any of your programs like security, windows firewall, windows update, ect...Lucky me, mine seemed all fine..
It did the 3 scans in under 30 minutes and actually removed the infections that COMBOFIX left on my system...I would suggest that perhaps you look into using this application to rid your clients of rootkits...it's 300% better than ComboFix and actually removes the infections...I have spent the rest of the evening, moving files, deleting quartines, and cleaning up my system...I have attached the 3 logs from the MalewareBytes application for your inspection...
Don't get me wrong, I appoligize for all the ranting, and I really do appreciate all the help you guys have given me...It's just been a very frustrating evening...Sorry...
In the morning, I will download the Karpinsky app. and send you the logs...Butt it seems like we got a little side tract here, what I really wanted to accomplish was to put back the defender entery into the start menu on System Configuration...Thanks again, Bobster52
 

Attachments

Hey Corrine;
Here are the results...not really sure how to fix the IE problems...I think just turning off auto run solves the drive problems...No??? Thanks, Bobster52




product_logo.png

company_logo.png


Detailed report

Problems found



System protection (0)




Malware (0)



Vulnerabilities (0)



Other issues (8)



  • "Autorun from hard drives is allowed"
  • "Autorun from network drives is enabled"
  • "CD/DVD autorun is enabled"
  • "Removable media autorun is enabled"
  • "Microsoft Internet Explorer - disable caching data received via protected channel"
  • "Microsoft Internet Explorer: disable sending error reports"
  • "Windows Explorer: display of known file types extensions is disabled"
  • "Microsoft Internet Explorer: start page reset"
 
Last edited:
Hi Bobster52,

The Kaspersky "Other Problems" section are recommended suggestions. These aren't problems as such, just recommended settings to make your computer as secure as possible.

We completely understand your frustration, having an malware infections such as these are not pleasent experiences. Combofix is actually one of the best anti-malware tools in existence. It's important to remember that new infections are released daily, it's an uphill struggle for any tool to keep up with the latest versions - the most of advanced of which are designed to directly target the tools we use. That said, it's also not an "all-in-one" scanner, Combofix has a huge number of capabilities that won't be apparent on it's first run. We use this tool to target infections, and design fixes specific to each user.

A bit more information for you, the trojan you were infected with was Sirefef - this is also known as ZeroAccess. At present, this is one of the most advanced pieces of malware targeting users computers. It's designed specifically to counter anti-malware tools and make removal as hard as possible.

At present, you're still infected. If you look at the MBAM logs, you'll notice all the detections were all registry keys. Obviously these need to be removed, but MBAM also missed a crucial part of the malware that Combofix removed - however, the consequence of removing the infection was the problems you experienced afterwards. The issues you experienced were a direct result of the infection, and not caused by Combofix.

------------------------

It's likely we'll want to run Combofix again - as mentioned, after having done a system restore you're currently still infected with ZeroAccess. Please bear in mind it will likely take multiple runs with Combofix before the infection is fully removed and stable. I realise this may appear to be a side track, but if you do not wish to proceed then you're best option would be to reformat the computer. ZA causes a whole host of problems, and will likely download new malware in the future if left on the system.

I'd like to see what GMER is picking up. You should already have a copy of GMER downloaded from earlier, if not please download a new copy. (I'm having trouble access their site at the moment, so if you need to download a new copy and it isn't working please wait a few hours and then try again.)

If the Save button does not respond, please click COPY and copy/paste the contents of the log into your next post, or alternatively into a text document to attach.


------------------------

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror which will download a randomly named file
  • Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER
    gmericon_zps951fd5aa.jpg
    icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important
    GMER2new_zpsdd936679.jpg

  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled
Note:
  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning
 
Hey Will: Heres the copy of the log you wanted....Whats it show???...Just F.Y.I....Last night before I ran the MBAM, I turned off system restore, thusly keeping any infected shadow copys from reinfecting the system...Maybe we got lucky... And these reg. keys that GMrR found...Are they infected??? can they be deleted??? Standing by...Bobster52
afterthought----If those reg. entries are infected, how do you use GMER to remove them???

GMER 2.0.18444 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-01-20 09:14:23
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 WDC_WD3000GLFS-01F8U0 rev.03.03V01 279.46GB
Running: download.exe; Driver: C:\Users\Bobby\AppData\Local\Temp\kwliqpog.sys

---- User code sections - GMER 2.0 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1984] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000750a1a9e 4 bytes [C2, 04, 00, 00]
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a592a57
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a592a57@00125aa15b30 0xF0 0x0E 0x77 0xAA ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00125a592a57 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00125a592a57@00125aa15b30 0xF0 0x0E 0x77 0xAA ...
---- EOF - GMER 2.0 ----
 
Last edited by a moderator:
Hi Guys & Gal;
While I was sitting here doing nothing, I decided to download Kaspersky's TDSS Killer Rootkit App....I also downloaded the extra Driver for it to scan Moduales....Changed the parameters and checked all boxes...I did this because through reading, it stated on the app. itself that, it was designed specifically to rid you're computer of rootkits of ZeroAccess, and other types... I have also attached the log of the third time I ran it, (It did'nt find anything any of the 3 times I ran it)...Let me know what you think??? Thanks again, Bobster

10:24:56.0162 4668 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:24:56.0633 4668 ============================================================
10:24:56.0633 4668 Current date / time: 2013/01/20 10:24:56.0633
10:24:56.0633 4668 SystemInfo:
10:24:56.0633 4668
10:24:56.0633 4668 OS Version: 6.0.6002 ServicePack: 2.0
10:24:56.0633 4668 Product type: Workstation
10:24:56.0633 4668 ComputerName: BOBS-TOY
10:24:56.0634 4668 UserName: Bobby
10:24:56.0634 4668 Windows directory: C:\Windows
10:24:56.0634 4668 System windows directory: C:\Windows
10:24:56.0634 4668 Running under WOW64
10:24:56.0634 4668 Processor architecture: Intel x64
10:24:56.0634 4668 Number of processors: 2
10:24:56.0634 4668 Page size: 0x1000
10:24:56.0634 4668 Boot type: Normal boot
10:24:56.0634 4668 ============================================================
10:24:56.0711 4668 BG loaded
10:24:56.0960 4668 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:24:56.0969 4668 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:24:56.0996 4668 ============================================================
10:24:56.0996 4668 \Device\Harddisk0\DR0:
10:24:56.0996 4668 MBR partitions:
10:24:56.0996 4668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22EEB000
10:24:56.0996 4668 \Device\Harddisk1\DR1:
10:24:57.0003 4668 MBR partitions:
10:24:57.0003 4668 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
10:24:57.0003 4668 ============================================================
10:24:57.0021 4668 C: <-> \Device\Harddisk0\DR0\Partition1
10:24:57.0050 4668 D: <-> \Device\Harddisk1\DR1\Partition1
10:24:57.0050 4668 ============================================================
10:24:57.0050 4668 Initialize success
10:24:57.0050 4668 ============================================================
10:25:56.0278 3508 ============================================================
10:25:56.0278 3508 Scan started
10:25:56.0278 3508 Mode: Manual; TDLFS;
10:25:56.0278 3508 ============================================================
10:25:56.0588 3508 ================ Scan system memory ========================
10:25:56.0588 3508 System memory - ok
10:25:56.0588 3508 ================ Scan services =============================
10:25:56.0675 3508 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
10:25:56.0677 3508 ACPI - ok
10:25:56.0733 3508 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:25:56.0734 3508 AdobeARMservice - ok
10:25:56.0760 3508 [ 9137451D37BA1C325CD6C2DEF3D2D692 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:25:56.0765 3508 adp94xx - ok
10:25:56.0785 3508 [ 01F80898DF5CC7DF19B3B11351846263 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:25:56.0788 3508 adpahci - ok
10:25:56.0802 3508 [ DA001DB13FFF45DFE9109936E265B7CC ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:25:56.0803 3508 adpu160m - ok
10:25:56.0819 3508 [ 2B10C35C5B7C5C0C28F572E035319602 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:25:56.0820 3508 adpu320 - ok
10:25:56.0845 3508 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:25:56.0846 3508 AeLookupSvc - ok
10:25:56.0874 3508 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
10:25:56.0878 3508 AFD - ok
10:25:56.0890 3508 [ 5CCDD13BC602AE33CD8B62D33C29AB72 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:25:56.0891 3508 agp440 - ok
10:25:56.0909 3508 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:25:56.0911 3508 aic78xx - ok
10:25:56.0994 3508 [ 853AD8BD8CA940D0F5AC2679A6ED439B ] ALCXWDM C:\Windows\system32\drivers\RTKVAC64.SYS
10:25:57.0039 3508 ALCXWDM - ok
10:25:57.0060 3508 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
10:25:57.0062 3508 ALG - ok
10:25:57.0096 3508 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
10:25:57.0096 3508 aliide - ok
10:25:57.0106 3508 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
10:25:57.0107 3508 amdide - ok
10:25:57.0132 3508 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:25:57.0133 3508 AmdK8 - ok
10:25:57.0140 3508 Andbus - ok
10:25:57.0153 3508 AndDiag - ok
10:25:57.0164 3508 AndGps - ok
10:25:57.0175 3508 ANDModem - ok
10:25:57.0205 3508 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
10:25:57.0206 3508 Appinfo - ok
10:25:57.0223 3508 [ 2E8623F2FED998A97129A3DB919551C8 ] arc C:\Windows\system32\drivers\arc.sys
10:25:57.0224 3508 arc - ok
10:25:57.0241 3508 [ 741A003C041A3EC480A2E71AF71E9654 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:25:57.0244 3508 arcsas - ok
10:25:57.0260 3508 Asushwio - ok
10:25:57.0275 3508 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:25:57.0276 3508 AsyncMac - ok
10:25:57.0300 3508 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
10:25:57.0300 3508 atapi - ok
10:25:57.0332 3508 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:25:57.0337 3508 AudioEndpointBuilder - ok
10:25:57.0346 3508 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:25:57.0351 3508 AudioSrv - ok
10:25:57.0384 3508 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
10:25:57.0389 3508 BFE - ok
10:25:57.0437 3508 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
10:25:57.0448 3508 BITS - ok
10:25:57.0455 3508 blbdrive - ok
10:25:57.0491 3508 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:25:57.0492 3508 bowser - ok
10:25:57.0508 3508 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:25:57.0509 3508 BrFiltLo - ok
10:25:57.0520 3508 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:25:57.0521 3508 BrFiltUp - ok
10:25:57.0546 3508 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
10:25:57.0547 3508 Browser - ok
10:25:57.0568 3508 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
10:25:57.0570 3508 Brserid - ok
10:25:57.0581 3508 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:25:57.0583 3508 BrSerWdm - ok
10:25:57.0606 3508 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:25:57.0606 3508 BrUsbMdm - ok
10:25:57.0617 3508 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:25:57.0618 3508 BrUsbSer - ok
10:25:57.0635 3508 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
10:25:57.0636 3508 BthEnum - ok
10:25:57.0650 3508 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:25:57.0651 3508 BTHMODEM - ok
10:25:57.0675 3508 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:25:57.0676 3508 BthPan - ok
10:25:57.0716 3508 [ E1466882252FF51EDDE48C3F7EDA2591 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
10:25:57.0722 3508 BTHPORT - ok
10:25:57.0756 3508 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll
10:25:57.0757 3508 BthServ - ok
10:25:57.0777 3508 [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
10:25:57.0778 3508 BTHUSB - ok
10:25:57.0789 3508 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:25:57.0795 3508 cdfs - ok
10:25:57.0818 3508 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:25:57.0819 3508 cdrom - ok
10:25:57.0840 3508 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
10:25:57.0840 3508 CertPropSvc - ok
10:25:57.0852 3508 [ F28F00596824058BC61D5EDF434C9B82 ] circlass C:\Windows\system32\drivers\circlass.sys
10:25:57.0853 3508 circlass - ok
10:25:57.0878 3508 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
10:25:57.0881 3508 CLFS - ok
10:25:57.0936 3508 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
10:25:57.0938 3508 CLKMSVC10_38F51D56 - ok
10:25:57.0980 3508 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:25:57.0981 3508 clr_optimization_v2.0.50727_32 - ok
10:25:58.0009 3508 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:25:58.0010 3508 clr_optimization_v2.0.50727_64 - ok
10:25:58.0048 3508 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:25:58.0051 3508 clr_optimization_v4.0.30319_32 - ok
10:25:58.0068 3508 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:25:58.0070 3508 clr_optimization_v4.0.30319_64 - ok
10:25:58.0093 3508 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:25:58.0093 3508 cmdide - ok
10:25:58.0110 3508 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:25:58.0110 3508 Compbatt - ok
10:25:58.0118 3508 COMSysApp - ok
10:25:58.0138 3508 [ B1192DCD5B9CF46BEED0E2A9E5BCF59A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:25:58.0139 3508 crcdisk - ok
10:25:58.0166 3508 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:25:58.0168 3508 CryptSvc - ok
10:25:58.0213 3508 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
10:25:58.0219 3508 DcomLaunch - ok
10:25:58.0243 3508 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:25:58.0244 3508 DfsC - ok
10:25:58.0322 3508 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
10:25:58.0348 3508 DFSR - ok
10:25:58.0378 3508 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:25:58.0381 3508 Dhcp - ok
10:25:58.0406 3508 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
10:25:58.0407 3508 disk - ok
10:25:58.0429 3508 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:25:58.0431 3508 Dnscache - ok
10:25:58.0450 3508 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
10:25:58.0453 3508 dot3svc - ok
10:25:58.0479 3508 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
10:25:58.0482 3508 DPS - ok
10:25:58.0506 3508 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:25:58.0507 3508 drmkaud - ok
10:25:58.0555 3508 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:25:58.0561 3508 DXGKrnl - ok
10:25:58.0593 3508 [ D57FE09B575545738A73A0C193D0616A ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
10:25:58.0595 3508 E1G60 - ok
10:25:58.0617 3508 [ 4337B4BF0F65B12A67D15CE868125B8F ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
10:25:58.0619 3508 eamonm - ok
10:25:58.0634 3508 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
10:25:58.0636 3508 EapHost - ok
10:25:58.0655 3508 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
10:25:58.0657 3508 Ecache - ok
10:25:58.0686 3508 [ EAD87F4C50ACFC045C56E035C7BF01F9 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
10:25:58.0688 3508 ehdrv - ok
10:25:58.0719 3508 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:25:58.0723 3508 ehRecvr - ok
10:25:58.0740 3508 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
10:25:58.0742 3508 ehSched - ok
10:25:58.0758 3508 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
10:25:58.0759 3508 ehstart - ok
10:25:58.0849 3508 [ E95AB781773870BD68ABE1AE1B57A8AC ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
10:25:58.0860 3508 ekrn - ok
10:25:58.0887 3508 [ 3D6298AFF3FE06C0616CE5D090A3EEAA ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:25:58.0890 3508 elxstor - ok
10:25:58.0931 3508 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:25:58.0935 3508 EMDMgmt - ok
10:25:58.0960 3508 [ 41A98830691AB0319357AEA95394F46A ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
10:25:58.0961 3508 epfwwfpr - ok
10:25:58.0988 3508 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
10:25:58.0993 3508 EventSystem - ok
10:25:59.0016 3508 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
10:25:59.0018 3508 exfat - ok
10:25:59.0041 3508 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:25:59.0044 3508 fastfat - ok
10:25:59.0071 3508 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:25:59.0072 3508 fdc - ok
10:25:59.0100 3508 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
10:25:59.0101 3508 fdPHost - ok
10:25:59.0128 3508 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
10:25:59.0128 3508 FDResPub - ok
10:25:59.0147 3508 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:25:59.0149 3508 FileInfo - ok
10:25:59.0170 3508 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:25:59.0170 3508 Filetrace - ok
10:25:59.0190 3508 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:25:59.0191 3508 flpydisk - ok
10:25:59.0217 3508 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:25:59.0220 3508 FltMgr - ok
10:25:59.0289 3508 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
10:25:59.0299 3508 FontCache - ok
10:25:59.0330 3508 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:25:59.0330 3508 FontCache3.0.0.0 - ok
10:25:59.0351 3508 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:25:59.0352 3508 Fs_Rec - ok
10:25:59.0378 3508 [ 7442BCA60ED46CC31C2F39728BBDD9AD ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
10:25:59.0379 3508 FTDIBUS - ok
10:25:59.0397 3508 [ 121AF3148CDDA212CFFBC4F6240699C2 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
10:25:59.0399 3508 FTSER2K - ok
10:25:59.0415 3508 [ B54520CC7B4B55134D7527B1CD3FC1F2 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:25:59.0417 3508 gagp30kx - ok
10:25:59.0462 3508 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
10:25:59.0468 3508 gpsvc - ok
10:25:59.0499 3508 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:25:59.0501 3508 HdAudAddService - ok
10:25:59.0541 3508 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:25:59.0548 3508 HDAudBus - ok
10:25:59.0574 3508 [ 68214C82FA6222591873677A72DF2A66 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:25:59.0576 3508 HidBatt - ok
10:25:59.0597 3508 [ 39F7D79B3401BE029D8451F761D30331 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:25:59.0598 3508 HidBth - ok
10:25:59.0613 3508 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:25:59.0614 3508 HidIr - ok
10:25:59.0626 3508 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
10:25:59.0627 3508 hidserv - ok
10:25:59.0646 3508 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:25:59.0646 3508 HidUsb - ok
10:25:59.0664 3508 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
10:25:59.0666 3508 hkmsvc - ok
10:25:59.0684 3508 [ 8EDC820115DF1E04763B2923676EA5B2 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:25:59.0685 3508 HpCISSs - ok
10:25:59.0729 3508 [ 682358F730B84B63E09C6B4EDC1DE7AE ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:25:59.0731 3508 hpqcxs08 - ok
10:25:59.0751 3508 [ 2E7BEE4AA776CF1C37836B26D1D29403 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:25:59.0752 3508 hpqddsvc - ok
10:25:59.0779 3508 [ E7E1680FDB1122846574D5C2F880DFB1 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
10:25:59.0785 3508 HPSLPSVC - ok
10:25:59.0817 3508 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:25:59.0822 3508 HTTP - ok
10:25:59.0839 3508 [ F2901763845570ECAC48E6A50EC50812 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:25:59.0841 3508 i2omp - ok
10:25:59.0870 3508 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:25:59.0872 3508 i8042prt - ok
10:25:59.0900 3508 [ 72C3EE7EA3CD75A772E62AE0E5DF8B8C ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:25:59.0903 3508 iaStorV - ok
10:25:59.0946 3508 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:25:59.0953 3508 idsvc - ok
10:25:59.0968 3508 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:25:59.0969 3508 iirsp - ok
10:26:00.0003 3508 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
10:26:00.0008 3508 IKEEXT - ok
10:26:00.0036 3508 [ 36A266C673812878996F72B200203FBB ] intelide C:\Windows\system32\drivers\intelide.sys
10:26:00.0037 3508 intelide - ok
10:26:00.0047 3508 [ CD802075728E514548841DCC3F8B0220 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:26:00.0049 3508 intelppm - ok
10:26:00.0068 3508 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:26:00.0071 3508 IPBusEnum - ok
10:26:00.0107 3508 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:26:00.0108 3508 IpFilterDriver - ok
10:26:00.0134 3508 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:26:00.0136 3508 iphlpsvc - ok
10:26:00.0148 3508 IpInIp - ok
10:26:00.0167 3508 [ EACDBBE429C6D170BDEEE0EFFCBC317B ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:26:00.0167 3508 IPMIDRV - ok
10:26:00.0193 3508 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:26:00.0195 3508 IPNAT - ok
10:26:00.0216 3508 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:26:00.0217 3508 IRENUM - ok
10:26:00.0240 3508 [ D3BB520B31F28C1A065CD058E762EE73 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:26:00.0242 3508 isapnp - ok
10:26:00.0264 3508 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:26:00.0267 3508 iScsiPrt - ok
10:26:00.0289 3508 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:26:00.0290 3508 iteatapi - ok
10:26:00.0308 3508 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:26:00.0311 3508 iteraid - ok
10:26:00.0332 3508 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:26:00.0333 3508 kbdclass - ok
10:26:00.0350 3508 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:26:00.0351 3508 kbdhid - ok
10:26:00.0375 3508 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
10:26:00.0375 3508 KeyIso - ok
10:26:00.0398 3508 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:26:00.0403 3508 KSecDD - ok
10:26:00.0429 3508 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:26:00.0430 3508 ksthunk - ok
10:26:00.0458 3508 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
10:26:00.0462 3508 KtmRm - ok
10:26:00.0478 3508 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:26:00.0481 3508 LanmanServer - ok
10:26:00.0509 3508 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:26:00.0513 3508 LanmanWorkstation - ok
10:26:00.0555 3508 [ EE963D96BFD97E54BA6CE6D2AC58DE35 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:26:00.0557 3508 LightScribeService - ok
10:26:00.0579 3508 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:26:00.0580 3508 lltdio - ok
10:26:00.0598 3508 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:26:00.0602 3508 lltdsvc - ok
10:26:00.0614 3508 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:26:00.0617 3508 lmhosts - ok
10:26:00.0643 3508 [ 1572F8D999C0AB4376AFDCE058A78DF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:26:00.0644 3508 LSI_FC - ok
10:26:00.0656 3508 [ 64470979C3E3C9FF60EDFB5230C56E0E ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:26:00.0658 3508 LSI_SAS - ok
10:26:00.0676 3508 [ 4CED7D3B54BFC5BBAE75C4A73C7F7428 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:26:00.0678 3508 LSI_SCSI - ok
10:26:00.0717 3508 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
10:26:00.0719 3508 luafv - ok
10:26:00.0726 3508 LVcKap64 - ok
10:26:00.0763 3508 [ B2085E335F2B57077B0CBADB6F1245CD ] lvpopf64 C:\Windows\system32\DRIVERS\lvpopf64.sys
10:26:00.0765 3508 lvpopf64 - ok
10:26:00.0784 3508 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:26:00.0785 3508 LVPr2M64 - ok
10:26:00.0791 3508 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:26:00.0791 3508 LVPr2Mon - ok
10:26:00.0829 3508 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
10:26:00.0831 3508 LVPrcS64 - ok
10:26:00.0845 3508 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
10:26:00.0847 3508 LVRS64 - ok
10:26:00.0872 3508 [ 99BCD802FE1C480E94DCB29D904F56CC ] lvsels64 C:\Windows\system32\DRIVERS\lvsels64.sys
10:26:00.0873 3508 lvsels64 - ok
10:26:00.0906 3508 [ F1CC5F4341DF18DA482531E55E0BB074 ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
10:26:00.0907 3508 LVUSBS64 - ok
10:26:01.0036 3508 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
10:26:01.0108 3508 LVUVC64 - ok
10:26:01.0133 3508 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:26:01.0136 3508 Mcx2Svc - ok
10:26:01.0160 3508 [ 2F631C2939D5F2E8958935EE701D70D7 ] megasas C:\Windows\system32\drivers\megasas.sys
10:26:01.0162 3508 megasas - ok
10:26:01.0179 3508 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
10:26:01.0181 3508 MMCSS - ok
10:26:01.0205 3508 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
10:26:01.0206 3508 Modem - ok
10:26:01.0235 3508 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:26:01.0236 3508 monitor - ok
10:26:01.0265 3508 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:26:01.0266 3508 mouclass - ok
10:26:01.0291 3508 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:26:01.0292 3508 mouhid - ok
10:26:01.0317 3508 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:26:01.0318 3508 MountMgr - ok
10:26:01.0340 3508 [ ED48EAC719EE28DB773359EB1B06E2B5 ] mpio C:\Windows\system32\drivers\mpio.sys
10:26:01.0342 3508 mpio - ok
10:26:01.0367 3508 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:26:01.0369 3508 mpsdrv - ok
10:26:01.0396 3508 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
10:26:01.0402 3508 MpsSvc - ok
10:26:01.0416 3508 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:26:01.0417 3508 Mraid35x - ok
10:26:01.0447 3508 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:26:01.0449 3508 MRxDAV - ok
10:26:01.0474 3508 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:26:01.0475 3508 mrxsmb - ok
10:26:01.0498 3508 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:26:01.0504 3508 mrxsmb10 - ok
10:26:01.0523 3508 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:26:01.0525 3508 mrxsmb20 - ok
10:26:01.0550 3508 [ EEADF970795148BFBB1DB3ABCC89C16B ] msahci C:\Windows\system32\drivers\msahci.sys
10:26:01.0551 3508 msahci - ok
10:26:01.0570 3508 [ 96D7C0A1B98434C6E4FF0C2E26A0E20A ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:26:01.0572 3508 msdsm - ok
10:26:01.0593 3508 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
10:26:01.0596 3508 MSDTC - ok
10:26:01.0615 3508 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:26:01.0617 3508 Msfs - ok
10:26:01.0637 3508 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:26:01.0638 3508 msisadrv - ok
10:26:01.0652 3508 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:26:01.0654 3508 MSiSCSI - ok
10:26:01.0661 3508 msiserver - ok
10:26:01.0676 3508 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:26:01.0677 3508 MSKSSRV - ok
10:26:01.0692 3508 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:26:01.0693 3508 MSPCLOCK - ok
10:26:01.0705 3508 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:26:01.0707 3508 MSPQM - ok
10:26:01.0731 3508 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:26:01.0734 3508 MsRPC - ok
10:26:01.0751 3508 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:26:01.0753 3508 mssmbios - ok
10:26:01.0775 3508 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:26:01.0777 3508 MSTEE - ok
10:26:01.0796 3508 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
10:26:01.0797 3508 MTsensor - ok
10:26:01.0814 3508 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
10:26:01.0817 3508 Mup - ok
10:26:01.0851 3508 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
10:26:01.0856 3508 napagent - ok
10:26:01.0880 3508 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:26:01.0883 3508 NativeWifiP - ok
10:26:01.0913 3508 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:26:01.0919 3508 NDIS - ok
10:26:01.0937 3508 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:26:01.0938 3508 NdisTapi - ok
10:26:01.0950 3508 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:26:01.0951 3508 Ndisuio - ok
10:26:01.0968 3508 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:26:01.0970 3508 NdisWan - ok
10:26:01.0986 3508 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:26:01.0988 3508 NDProxy - ok
10:26:02.0006 3508 [ 59267D2F0328599AA3B5408C2E06126F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:26:02.0008 3508 Net Driver HPZ12 - ok
10:26:02.0023 3508 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:26:02.0025 3508 NetBIOS - ok
10:26:02.0043 3508 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:26:02.0046 3508 netbt - ok
10:26:02.0069 3508 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
10:26:02.0071 3508 Netlogon - ok
10:26:02.0106 3508 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
10:26:02.0112 3508 Netman - ok
10:26:02.0140 3508 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
10:26:02.0144 3508 netprofm - ok
10:26:02.0168 3508 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:26:02.0170 3508 NetTcpPortSharing - ok
10:26:02.0190 3508 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:26:02.0191 3508 nfrd960 - ok
10:26:02.0216 3508 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
10:26:02.0219 3508 NlaSvc - ok
10:26:02.0266 3508 NMIndexingService - ok
10:26:02.0282 3508 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:26:02.0284 3508 Npfs - ok
10:26:02.0296 3508 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
10:26:02.0298 3508 nsi - ok
10:26:02.0314 3508 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:26:02.0318 3508 nsiproxy - ok
10:26:02.0381 3508 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:26:02.0392 3508 Ntfs - ok
10:26:02.0410 3508 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
10:26:02.0411 3508 Null - ok
10:26:02.0452 3508 [ 98350606682594521D56ECCB5D01ECF7 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
10:26:02.0462 3508 NVENETFD - ok
10:26:02.0473 3508 NVHDA - ok
10:26:02.0780 3508 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:26:02.0898 3508 nvlddmkm - ok
10:26:02.0920 3508 [ 840EEB44DC49317A6161961F7682CD99 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:26:02.0922 3508 nvraid - ok
10:26:02.0945 3508 [ 0F0BD64E57E1573447CDB1DDACF61418 ] nvrd64 C:\Windows\system32\drivers\nvrd64.sys
10:26:02.0947 3508 nvrd64 - ok
10:26:02.0973 3508 [ 94C5334040A5D500897F4C5FD12AEEDE ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:26:02.0975 3508 nvstor - ok
10:26:02.0993 3508 [ 38A1AA97F083AA585C392276689C3E91 ] nvstor64 C:\Windows\system32\drivers\nvstor64.sys
10:26:02.0994 3508 nvstor64 - ok
10:26:03.0044 3508 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
10:26:03.0052 3508 nvsvc - ok
10:26:03.0116 3508 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:26:03.0125 3508 nvUpdatusService - ok
10:26:03.0143 3508 [ AA1B6C86A4763502E20B65C025F39BAD ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:26:03.0145 3508 nv_agp - ok
10:26:03.0152 3508 NwlnkFlt - ok
10:26:03.0161 3508 NwlnkFwd - ok
10:26:03.0222 3508 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:26:03.0229 3508 odserv - ok
10:26:03.0259 3508 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:26:03.0261 3508 ohci1394 - ok
10:26:03.0293 3508 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:26:03.0294 3508 ose - ok
10:26:03.0335 3508 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:26:03.0344 3508 p2pimsvc - ok
10:26:03.0402 3508 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
10:26:03.0409 3508 p2psvc - ok
10:26:03.0447 3508 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:26:03.0449 3508 Parport - ok
10:26:03.0468 3508 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:26:03.0469 3508 partmgr - ok
10:26:03.0544 3508 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
10:26:03.0547 3508 PcaSvc - ok
10:26:03.0570 3508 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
10:26:03.0572 3508 pci - ok
10:26:03.0587 3508 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
10:26:03.0588 3508 pciide - ok
10:26:03.0617 3508 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:26:03.0619 3508 pcmcia - ok
10:26:03.0641 3508 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:26:03.0647 3508 PEAUTH - ok
10:26:03.0681 3508 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:26:03.0683 3508 PerfHost - ok
10:26:03.0740 3508 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
10:26:03.0750 3508 pla - ok
10:26:03.0781 3508 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:26:03.0784 3508 PlugPlay - ok
10:26:03.0807 3508 [ 5261A2FD55183AC6993145AB6662CDDF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:26:03.0809 3508 Pml Driver HPZ12 - ok
10:26:03.0830 3508 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:26:03.0838 3508 PNRPAutoReg - ok
10:26:03.0858 3508 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:26:03.0865 3508 PNRPsvc - ok
10:26:03.0888 3508 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
10:26:03.0889 3508 Point64 - ok
10:26:03.0916 3508 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:26:03.0921 3508 PolicyAgent - ok
10:26:03.0946 3508 [ 3ADFECB5CE0B7196282F0C0DA695B508 ] ppped C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
10:26:03.0949 3508 ppped - ok
10:26:03.0970 3508 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:26:03.0972 3508 PptpMiniport - ok
10:26:03.0983 3508 [ 6BC78E5F12CBB74E7930AAAA4A0DB387 ] Processor C:\Windows\system32\drivers\processr.sys
10:26:03.0985 3508 Processor - ok
10:26:04.0007 3508 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
10:26:04.0010 3508 ProfSvc - ok
10:26:04.0022 3508 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
10:26:04.0024 3508 ProtectedStorage - ok
10:26:04.0047 3508 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:26:04.0048 3508 PSched - ok
10:26:04.0084 3508 [ 4A29D25704917161BAD9B4659A248DFD ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:26:04.0094 3508 ql2300 - ok
10:26:04.0117 3508 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:26:04.0119 3508 ql40xx - ok
10:26:04.0143 3508 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
10:26:04.0147 3508 QWAVE - ok
10:26:04.0155 3508 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:26:04.0156 3508 QWAVEdrv - ok
10:26:04.0177 3508 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:26:04.0178 3508 RasAcd - ok
10:26:04.0190 3508 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
10:26:04.0194 3508 RasAuto - ok
10:26:04.0211 3508 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:26:04.0212 3508 Rasl2tp - ok
10:26:04.0229 3508 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
10:26:04.0233 3508 RasMan - ok
10:26:04.0243 3508 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:26:04.0244 3508 RasPppoe - ok
10:26:04.0270 3508 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:26:04.0272 3508 RasSstp - ok
10:26:04.0287 3508 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:26:04.0290 3508 rdbss - ok
10:26:04.0302 3508 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:26:04.0302 3508 RDPCDD - ok
10:26:04.0327 3508 [ 2D98DDA8EDCE73DF99854BF3692CCC87 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:26:04.0330 3508 rdpdr - ok
10:26:04.0338 3508 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:26:04.0339 3508 RDPENCDD - ok
10:26:04.0370 3508 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:26:04.0372 3508 RDPWD - ok
10:26:04.0396 3508 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:26:04.0398 3508 RemoteAccess - ok
10:26:04.0421 3508 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:26:04.0425 3508 RemoteRegistry - ok
10:26:04.0452 3508 [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:26:04.0453 3508 RFCOMM - ok
10:26:04.0501 3508 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
10:26:04.0505 3508 RichVideo - ok
10:26:04.0525 3508 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
10:26:04.0527 3508 RpcLocator - ok
10:26:04.0554 3508 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
10:26:04.0563 3508 RpcSs - ok
10:26:04.0589 3508 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:26:04.0590 3508 rspndr - ok
10:26:04.0616 3508 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
10:26:04.0618 3508 SamSs - ok
10:26:04.0638 3508 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:26:04.0640 3508 sbp2port - ok
10:26:04.0659 3508 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:26:04.0663 3508 SCardSvr - ok
10:26:04.0693 3508 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
10:26:04.0702 3508 Schedule - ok
10:26:04.0721 3508 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:26:04.0722 3508 SCPolicySvc - ok
10:26:04.0742 3508 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:26:04.0745 3508 SDRSVC - ok
10:26:04.0755 3508 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:26:04.0757 3508 secdrv - ok
10:26:04.0770 3508 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
10:26:04.0773 3508 seclogon - ok
10:26:04.0795 3508 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
10:26:04.0798 3508 SENS - ok
10:26:04.0818 3508 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:26:04.0819 3508 Serenum - ok
10:26:04.0847 3508 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:26:04.0849 3508 Serial - ok
10:26:04.0865 3508 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:26:04.0866 3508 sermouse - ok
10:26:04.0915 3508 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
10:26:04.0918 3508 SessionEnv - ok
10:26:04.0933 3508 [ 541B32F8D6B2DCB92EC43BAB267E79EA ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:26:04.0934 3508 sffdisk - ok
10:26:04.0951 3508 [ 446E7CCA3325C7E0AE0FDE7F73CDD9C2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:26:04.0952 3508 sffp_mmc - ok
10:26:04.0969 3508 [ 67EDC221348911E895AF51C57D9A3725 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:26:04.0970 3508 sffp_sd - ok
10:26:04.0986 3508 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:26:04.0987 3508 sfloppy - ok
10:26:05.0032 3508 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:26:05.0036 3508 SharedAccess - ok
10:26:05.0060 3508 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:26:05.0065 3508 ShellHWDetection - ok
10:26:05.0080 3508 [ 08DDA16573FA44F8B13AFE74597AD2E5 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:26:05.0081 3508 SiSRaid2 - ok
10:26:05.0118 3508 [ C52259E9DAAF3890D572D87FFEE0979E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:26:05.0119 3508 SiSRaid4 - ok
10:26:05.0273 3508 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
10:26:05.0294 3508 slsvc - ok
10:26:05.0306 3508 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:26:05.0308 3508 SLUINotify - ok
10:26:05.0334 3508 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:26:05.0336 3508 Smb - ok
10:26:05.0379 3508 [ 32CDE417100C530964E79C53B4E994CA ] snapman C:\Windows\system32\DRIVERS\snapman.sys
10:26:05.0382 3508 snapman - ok
10:26:05.0397 3508 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:26:05.0400 3508 SNMPTRAP - ok
10:26:05.0419 3508 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
10:26:05.0420 3508 spldr - ok
10:26:05.0445 3508 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
10:26:05.0449 3508 Spooler - ok
10:26:05.0478 3508 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
10:26:05.0482 3508 srv - ok
10:26:05.0500 3508 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:26:05.0506 3508 srv2 - ok
10:26:05.0523 3508 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:26:05.0525 3508 srvnet - ok
10:26:05.0559 3508 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
10:26:05.0560 3508 ssadbus - ok
10:26:05.0579 3508 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
10:26:05.0581 3508 ssadmdfl - ok
10:26:05.0615 3508 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
10:26:05.0617 3508 ssadmdm - ok
10:26:05.0638 3508 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
10:26:05.0640 3508 ssadserd - ok
10:26:05.0657 3508 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:26:05.0661 3508 SSDPSRV - ok
10:26:05.0678 3508 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:26:05.0681 3508 SstpSvc - ok
10:26:05.0723 3508 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:26:05.0726 3508 Stereo Service - ok
10:26:05.0751 3508 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
10:26:05.0751 3508 StillCam - ok
10:26:05.0782 3508 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
10:26:05.0788 3508 stisvc - ok
10:26:05.0808 3508 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:26:05.0809 3508 swenum - ok
10:26:05.0860 3508 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
10:26:05.0864 3508 swprv - ok
10:26:05.0877 3508 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:26:05.0878 3508 Symc8xx - ok
10:26:05.0898 3508 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:26:05.0899 3508 Sym_hi - ok
10:26:05.0920 3508 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:26:05.0921 3508 Sym_u3 - ok
10:26:05.0973 3508 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
10:26:05.0981 3508 SysMain - ok
10:26:06.0004 3508 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:26:06.0006 3508 TabletInputService - ok
10:26:06.0028 3508 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:26:06.0032 3508 TapiSrv - ok
10:26:06.0050 3508 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
10:26:06.0053 3508 TBS - ok
10:26:06.0109 3508 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:26:06.0120 3508 Tcpip - ok
10:26:06.0168 3508 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:26:06.0184 3508 Tcpip6 - ok
10:26:06.0209 3508 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:26:06.0210 3508 tcpipreg - ok
10:26:06.0233 3508 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:26:06.0234 3508 TDPIPE - ok
10:26:06.0251 3508 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:26:06.0252 3508 TDTCP - ok
10:26:06.0276 3508 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:26:06.0276 3508 tdx - ok
10:26:06.0294 3508 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:26:06.0296 3508 TermDD - ok
10:26:06.0321 3508 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
10:26:06.0330 3508 TermService - ok
10:26:06.0345 3508 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
10:26:06.0353 3508 Themes - ok
10:26:06.0388 3508 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
10:26:06.0390 3508 THREADORDER - ok
10:26:06.0447 3508 [ 6ADC063FD51F03EF0CAB3E716A725BD2 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
10:26:06.0456 3508 timounter - ok
10:26:06.0478 3508 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
10:26:06.0481 3508 TrkWks - ok
10:26:06.0508 3508 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:26:06.0509 3508 TrustedInstaller - ok
10:26:06.0539 3508 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:26:06.0541 3508 tssecsrv - ok
10:26:06.0560 3508 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:26:06.0561 3508 tunmp - ok
10:26:06.0587 3508 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:26:06.0588 3508 tunnel - ok
10:26:06.0614 3508 [ E4722DFBD6232ACF17543EF2C2DCE8D2 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:26:06.0616 3508 uagp35 - ok
10:26:06.0691 3508 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:26:06.0694 3508 udfs - ok
10:26:06.0716 3508 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:26:06.0719 3508 UI0Detect - ok
10:26:06.0731 3508 [ 5663D7696ABBE71F8C9D915C5374118A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:26:06.0733 3508 uliagpkx - ok
10:26:06.0772 3508 [ 6030B68E86A30D1B315B51C4D7778B16 ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:26:06.0774 3508 uliahci - ok
10:26:06.0793 3508 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:26:06.0796 3508 UlSata - ok
10:26:06.0819 3508 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:26:06.0820 3508 ulsata2 - ok
10:26:06.0847 3508 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:26:06.0848 3508 umbus - ok
10:26:06.0889 3508 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
10:26:06.0894 3508 upnphost - ok
10:26:06.0928 3508 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:26:06.0930 3508 usbaudio - ok
10:26:06.0953 3508 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:26:06.0955 3508 usbccgp - ok
10:26:06.0982 3508 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:26:06.0982 3508 usbcir - ok
10:26:07.0000 3508 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:26:07.0001 3508 usbehci - ok
10:26:07.0026 3508 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:26:07.0029 3508 usbhub - ok
10:26:07.0041 3508 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:26:07.0042 3508 usbohci - ok
10:26:07.0057 3508 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:26:07.0058 3508 usbprint - ok
10:26:07.0076 3508 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:26:07.0078 3508 USBSTOR - ok
10:26:07.0095 3508 [ 7BF55D2538740B25936E93553E5D190D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:26:07.0097 3508 usbuhci - ok
10:26:07.0129 3508 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:26:07.0131 3508 usbvideo - ok
10:26:07.0147 3508 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
10:26:07.0150 3508 UxSms - ok
10:26:07.0194 3508 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
10:26:07.0199 3508 vds - ok
10:26:07.0230 3508 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:26:07.0231 3508 vga - ok
10:26:07.0252 3508 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:26:07.0253 3508 VgaSave - ok
10:26:07.0273 3508 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
10:26:07.0274 3508 viaide - ok
10:26:07.0302 3508 [ 96A4F56CBBA3DCF5D90CDA1BC218D040 ] vididr C:\Windows\system32\DRIVERS\vididr.sys
10:26:07.0304 3508 vididr - ok
10:26:07.0326 3508 [ C69A784BEC737CD7460EBF3C3834D65E ] vidsflt53 C:\Windows\system32\DRIVERS\vsflt53.sys
10:26:07.0327 3508 vidsflt53 - ok
10:26:07.0347 3508 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:26:07.0349 3508 volmgr - ok
10:26:07.0381 3508 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:26:07.0385 3508 volmgrx - ok
10:26:07.0415 3508 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:26:07.0418 3508 volsnap - ok
10:26:07.0438 3508 [ 410AE2C141142C58BC617FC2C677F8B0 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:26:07.0439 3508 vsmraid - ok
10:26:07.0519 3508 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
10:26:07.0530 3508 VSS - ok
10:26:07.0563 3508 [ 23DE6F86133361C8DD5410E08A32BB3E ] VST64HWBS2 C:\Windows\system32\DRIVERS\VSTBS26.SYS
10:26:07.0566 3508 VST64HWBS2 - ok
10:26:07.0624 3508 [ E6CD7F641916484B0141D191A390D866 ] VST64_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:26:07.0635 3508 VST64_DPV - ok
10:26:07.0668 3508 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
10:26:07.0673 3508 W32Time - ok
10:26:07.0698 3508 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:26:07.0699 3508 WacomPen - ok
10:26:07.0720 3508 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:26:07.0721 3508 Wanarp - ok
10:26:07.0729 3508 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:26:07.0730 3508 Wanarpv6 - ok
10:26:07.0751 3508 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:26:07.0757 3508 wcncsvc - ok
10:26:07.0772 3508 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:26:07.0775 3508 WcsPlugInService - ok
10:26:07.0789 3508 [ 59B501B0A04C9672142B7FFA2BDBF663 ] Wd C:\Windows\system32\drivers\wd.sys
10:26:07.0789 3508 Wd - ok
10:26:07.0846 3508 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:26:07.0851 3508 Wdf01000 - ok
10:26:07.0870 3508 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:26:07.0873 3508 WdiServiceHost - ok
10:26:07.0882 3508 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:26:07.0884 3508 WdiSystemHost - ok
10:26:07.0912 3508 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
10:26:07.0915 3508 WebClient - ok
10:26:07.0930 3508 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:26:07.0935 3508 Wecsvc - ok
10:26:07.0953 3508 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:26:07.0956 3508 wercplsupport - ok
10:26:07.0969 3508 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
10:26:07.0973 3508 WerSvc - ok
10:26:08.0021 3508 [ B5C348B265178FB9EE55ADDB3929485D ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:26:08.0027 3508 winachsf - ok
10:26:08.0057 3508 WinDefend - ok
10:26:08.0072 3508 WinHttpAutoProxySvc - ok
10:26:08.0115 3508 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:26:08.0117 3508 Winmgmt - ok
10:26:08.0169 3508 [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM C:\Windows\system32\WsmSvc.dll
10:26:08.0179 3508 WinRM - ok
10:26:08.0245 3508 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:26:08.0251 3508 Wlansvc - ok
10:26:08.0348 3508 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:26:08.0364 3508 wlidsvc - ok
10:26:08.0384 3508 [ AE34218455D5DC12D1E45DE85F160346 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:26:08.0386 3508 WmiAcpi - ok
10:26:08.0410 3508 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:26:08.0412 3508 wmiApSrv - ok
10:26:08.0423 3508 WMPNetworkSvc - ok
10:26:08.0446 3508 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:26:08.0449 3508 WPCSvc - ok
10:26:08.0483 3508 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:26:08.0486 3508 WPDBusEnum - ok
10:26:08.0699 3508 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:26:08.0707 3508 WPFFontCache_v0400 - ok
10:26:08.0726 3508 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:26:08.0727 3508 ws2ifsl - ok
10:26:08.0745 3508 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
10:26:08.0747 3508 wscsvc - ok
10:26:08.0755 3508 WSearch - ok
10:26:08.0822 3508 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:26:08.0841 3508 wuauserv - ok
10:26:08.0868 3508 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:26:08.0870 3508 WUDFRd - ok
10:26:08.0884 3508 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:26:08.0887 3508 wudfsvc - ok
10:26:08.0902 3508 ================ Scan global ===============================
10:26:08.0926 3508 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
10:26:08.0953 3508 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
10:26:08.0968 3508 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
10:26:08.0998 3508 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
10:26:09.0002 3508 [Global] - ok
10:26:09.0004 3508 ================ Scan MBR ==================================
10:26:09.0013 3508 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:26:09.0151 3508 \Device\Harddisk0\DR0 - ok
10:26:09.0173 3508 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
10:26:09.0257 3508 \Device\Harddisk1\DR1 - ok
10:26:09.0257 3508 ================ Scan VBR ==================================
10:26:09.0262 3508 [ 65708BC37EB8469C4E7BB25A60849021 ] \Device\Harddisk0\DR0\Partition1
10:26:09.0263 3508 \Device\Harddisk0\DR0\Partition1 - ok
10:26:09.0271 3508 [ D567F67EE2409E7D918AB32795AC5875 ] \Device\Harddisk1\DR1\Partition1
10:26:09.0272 3508 \Device\Harddisk1\DR1\Partition1 - ok
10:26:09.0276 3508 ================ Scan active images ========================
10:26:09.0280 3508 [ E68D9B3A3905619732F7FE039466A623 ] C:\Windows\System32\drivers\atapi.sys
10:26:09.0280 3508 C:\Windows\System32\drivers\atapi.sys - ok
10:26:09.0289 3508 [ 4F4E1093ADFBAE48544DA6E7CCF09FE4 ] C:\Windows\System32\drivers\crashdmp.sys
10:26:09.0290 3508 C:\Windows\System32\drivers\crashdmp.sys - ok
10:26:09.0299 3508 [ 7E7270D67964C9EDDE6BFDAAC07B7999 ] C:\Windows\System32\drivers\Dumpata.sys
10:26:09.0299 3508 C:\Windows\System32\drivers\Dumpata.sys - ok
10:26:09.0309 3508 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] C:\Windows\System32\drivers\tunnel.sys
10:26:09.0309 3508 C:\Windows\System32\drivers\tunnel.sys - ok
10:26:09.0320 3508 [ 89EC74A9E602D16A75A4170511029B3C ] C:\Windows\System32\drivers\TUNMP.SYS
10:26:09.0320 3508 C:\Windows\System32\drivers\TUNMP.SYS - ok
10:26:09.0331 3508 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] C:\Windows\System32\drivers\amdk8.sys
10:26:09.0331 3508 C:\Windows\System32\drivers\amdk8.sys - ok
10:26:09.0341 3508 [ E406B003A354776D317762694956B0FC ] C:\Windows\System32\drivers\usbohci.sys
10:26:09.0341 3508 C:\Windows\System32\drivers\usbohci.sys - ok
10:26:09.0351 3508 [ A60FDA63F3901AE49C244FF988427A9C ] C:\Windows\System32\drivers\usbport.sys
10:26:09.0351 3508 C:\Windows\System32\drivers\usbport.sys - ok
10:26:09.0360 3508 [ 827E44DE934A736EA31E91D353EB126F ] C:\Windows\System32\drivers\usbehci.sys
10:26:09.0361 3508 C:\Windows\System32\drivers\usbehci.sys - ok
10:26:09.0370 3508 [ F1CC5F4341DF18DA482531E55E0BB074 ] C:\Windows\System32\drivers\LVUSBS64.sys
10:26:09.0370 3508 C:\Windows\System32\drivers\LVUSBS64.sys - ok
10:26:09.0381 3508 [ 4C01941132AF4405D43668302CC59D2F ] C:\Windows\System32\drivers\usbd.sys
10:26:09.0381 3508 C:\Windows\System32\drivers\usbd.sys - ok
10:26:09.0390 3508 [ 6DF6A6E5642D97B07214B1FBED4A15B3 ] C:\Windows\System32\drivers\ks.sys
10:26:09.0390 3508 C:\Windows\System32\drivers\ks.sys - ok
10:26:09.0399 3508 [ A54FA007FD0349AB68DE6D3016A95C8C ] C:\Windows\System32\drivers\drmk.sys
10:26:09.0399 3508 C:\Windows\System32\drivers\drmk.sys - ok
10:26:09.0409 3508 [ 7B7820082CACF593D6FF343D082A3AA3 ] C:\Windows\System32\drivers\portcls.sys
10:26:09.0409 3508 C:\Windows\System32\drivers\portcls.sys - ok
10:26:09.0414 3508 [ 853AD8BD8CA940D0F5AC2679A6ED439B ] C:\Windows\System32\drivers\RTKVAC64.SYS
10:26:09.0415 3508 C:\Windows\System32\drivers\RTKVAC64.SYS - ok
10:26:09.0424 3508 [ 1D419CF43DB29396ECD7113D129D94EB ] C:\Windows\System32\drivers\ksthunk.sys
10:26:09.0424 3508 C:\Windows\System32\drivers\ksthunk.sys - ok
10:26:09.0434 3508 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] C:\Windows\System32\drivers\cdrom.sys
10:26:09.0434 3508 C:\Windows\System32\drivers\cdrom.sys - ok
10:26:09.0444 3508 [ 23DE6F86133361C8DD5410E08A32BB3E ] C:\Windows\System32\drivers\VSTBS26.SYS
10:26:09.0444 3508 C:\Windows\System32\drivers\VSTBS26.SYS - ok
10:26:09.0453 3508 [ E6CD7F641916484B0141D191A390D866 ] C:\Windows\System32\drivers\VSTDPV6.SYS
10:26:09.0453 3508 C:\Windows\System32\drivers\VSTDPV6.SYS - ok
10:26:09.0463 3508 [ B5C348B265178FB9EE55ADDB3929485D ] C:\Windows\System32\drivers\VSTCNXT6.SYS
10:26:09.0463 3508 C:\Windows\System32\drivers\VSTCNXT6.SYS - ok
10:26:09.0473 3508 [ 59848D5CC74606F0EE7557983BB73C2E ] C:\Windows\System32\drivers\modem.sys
10:26:09.0473 3508 C:\Windows\System32\drivers\modem.sys - ok
10:26:09.0481 3508 [ 98350606682594521D56ECCB5D01ECF7 ] C:\Windows\System32\drivers\nvmfdx64.sys
10:26:09.0485 3508 C:\Windows\System32\drivers\nvmfdx64.sys - ok
10:26:09.0495 3508 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] C:\Windows\System32\drivers\nvlddmkm.sys
10:26:09.0495 3508 C:\Windows\System32\drivers\nvlddmkm.sys - ok
10:26:09.0522 3508 [ B8E554E502D5123BC111F99D6A2181B4 ] C:\Windows\System32\drivers\dxgkrnl.sys
10:26:09.0522 3508 C:\Windows\System32\drivers\dxgkrnl.sys - ok
10:26:09.0531 3508 [ 2F956EA22FCCE4C9F15C64175C891A1E ] C:\Windows\System32\drivers\watchdog.sys
10:26:09.0531 3508 C:\Windows\System32\drivers\watchdog.sys - ok
10:26:09.0543 3508 [ F942C5820205F2FB453243EDFEC82A3D ] C:\Windows\System32\drivers\hdaudbus.sys
10:26:09.0543 3508 C:\Windows\System32\drivers\hdaudbus.sys - ok
10:26:09.0552 3508 [ 6936198F2CC25B39CF5262436C80DF46 ] C:\Windows\System32\drivers\ASACPI.sys
10:26:09.0553 3508 C:\Windows\System32\drivers\ASACPI.sys - ok
10:26:09.0560 3508 [ 81B79B6DF71FA1D2C6D688D830616E39 ] C:\Windows\System32\drivers\fdc.sys
10:26:09.0561 3508 C:\Windows\System32\drivers\fdc.sys - ok
10:26:09.0570 3508 [ 2449316316411D65BD2C761A6FFB2CE2 ] C:\Windows\System32\drivers\serenum.sys
10:26:09.0570 3508 C:\Windows\System32\drivers\serenum.sys - ok
10:26:09.0580 3508 [ 4B438170BE2FC8E0BD35EE87A960F84F ] C:\Windows\System32\drivers\serial.sys
10:26:09.0580 3508 C:\Windows\System32\drivers\serial.sys - ok
10:26:09.0589 3508 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] C:\Windows\System32\drivers\parport.sys
10:26:09.0590 3508 C:\Windows\System32\drivers\parport.sys - ok
10:26:09.0599 3508 [ 14B4DB4381E4A55F570D8BB699B791D6 ] C:\Windows\System32\drivers\serscan.sys
10:26:09.0599 3508 C:\Windows\System32\drivers\serscan.sys - ok
10:26:09.0608 3508 [ E4FDF99599F27EC25D2CF6D754243520 ] C:\Windows\System32\drivers\msiscsi.sys
10:26:09.0608 3508 C:\Windows\System32\drivers\msiscsi.sys - ok
10:26:09.0618 3508 [ F78A39ED87D918058A14F36159DE5BDA ] C:\Windows\System32\drivers\Storport.sys
10:26:09.0618 3508 C:\Windows\System32\drivers\Storport.sys - ok
10:26:09.0627 3508 [ C39A90534C5B1E28B8BC8B38A3900AFF ] C:\Windows\System32\drivers\tdi.sys
10:26:09.0628 3508 C:\Windows\System32\drivers\tdi.sys - ok
10:26:09.0637 3508 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] C:\Windows\System32\drivers\rasl2tp.sys
10:26:09.0637 3508 C:\Windows\System32\drivers\rasl2tp.sys - ok
10:26:09.0646 3508 [ 64DF698A425478E321981431AC171334 ] C:\Windows\System32\drivers\ndistapi.sys
10:26:09.0646 3508 C:\Windows\System32\drivers\ndistapi.sys - ok
10:26:09.0657 3508 [ F8158771905260982CE724076419EF19 ] C:\Windows\System32\drivers\ndiswan.sys
10:26:09.0657 3508 C:\Windows\System32\drivers\ndiswan.sys - ok
10:26:09.0666 3508 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] C:\Windows\System32\drivers\raspppoe.sys
10:26:09.0666 3508 C:\Windows\System32\drivers\raspppoe.sys - ok
10:26:09.0681 3508 [ 23386E9952025F5F21C368971E2E7301 ] C:\Windows\System32\drivers\raspptp.sys
10:26:09.0681 3508 C:\Windows\System32\drivers\raspptp.sys - ok
10:26:09.0693 3508 [ C6A593B51F34C33E5474539544072527 ] C:\Windows\System32\drivers\rassstp.sys
10:26:09.0693 3508 C:\Windows\System32\drivers\rassstp.sys - ok
10:26:09.0703 3508 [ 423696F3BA6472DD17699209B933BC26 ] C:\Windows\System32\drivers\kbdclass.sys
10:26:09.0703 3508 C:\Windows\System32\drivers\kbdclass.sys - ok
10:26:09.0714 3508 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] C:\Windows\System32\drivers\mouclass.sys
10:26:09.0714 3508 C:\Windows\System32\drivers\mouclass.sys - ok
10:26:09.0726 3508 [ 8C19678D22649EC002EF2282EAE92F98 ] C:\Windows\System32\drivers\termdd.sys
10:26:09.0726 3508 C:\Windows\System32\drivers\termdd.sys - ok
10:26:09.0736 3508 [ 855796E59DF77EA93AF46F20155BF55B ] C:\Windows\System32\drivers\mssmbios.sys
10:26:09.0736 3508 C:\Windows\System32\drivers\mssmbios.sys - ok
10:26:09.0746 3508 [ 8A851CA908B8B974F89C50D2E18D4F0C ] C:\Windows\System32\drivers\swenum.sys
10:26:09.0746 3508 C:\Windows\System32\drivers\swenum.sys - ok
10:26:09.0755 3508 [ 46E9A994C4FED537DD951F60B86AD3F4 ] C:\Windows\System32\drivers\umbus.sys
10:26:09.0756 3508 C:\Windows\System32\drivers\umbus.sys - ok
10:26:09.0765 3508 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] C:\Windows\System32\drivers\usbhub.sys
10:26:09.0765 3508 C:\Windows\System32\drivers\usbhub.sys - ok
10:26:09.0773 3508 [ 230923EA2B80F79B0F88D90F87B87EBD ] C:\Windows\System32\drivers\flpydisk.sys
10:26:09.0773 3508 C:\Windows\System32\drivers\flpydisk.sys - ok
10:26:09.0784 3508 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] C:\Windows\System32\drivers\ndproxy.sys
10:26:09.0784 3508 C:\Windows\System32\drivers\ndproxy.sys - ok
10:26:09.0794 3508 [ 68E732382B32417FF61FD663259B4B09 ] C:\Windows\System32\drivers\HdAudio.sys
10:26:09.0794 3508 C:\Windows\System32\drivers\HdAudio.sys - ok
10:26:09.0803 3508 [ 4337B4BF0F65B12A67D15CE868125B8F ] C:\Windows\System32\drivers\eamonm.sys
10:26:09.0803 3508 C:\Windows\System32\drivers\eamonm.sys - ok
10:26:09.0811 3508 [ 5779B86CD8B32519FBECB136394D946A ] C:\Windows\System32\drivers\fs_rec.sys
10:26:09.0811 3508 C:\Windows\System32\drivers\fs_rec.sys - ok
10:26:09.0820 3508 [ DD5D684975352B85B52E3FD5347C20CB ] C:\Windows\System32\drivers\null.sys
10:26:09.0820 3508 C:\Windows\System32\drivers\null.sys - ok
10:26:09.0830 3508 [ EAD87F4C50ACFC045C56E035C7BF01F9 ] C:\Windows\System32\drivers\ehdrv.sys
10:26:09.0831 3508 C:\Windows\System32\drivers\ehdrv.sys - ok
10:26:09.0840 3508 [ B13C6930BE914AA433C320E01B0182F3 ] C:\Windows\System32\drivers\hidparse.sys
10:26:09.0840 3508 C:\Windows\System32\drivers\hidparse.sys - ok
10:26:09.0849 3508 [ DBDF75D51464FBC47D0104EC3D572C05 ] C:\Windows\System32\drivers\kbdhid.sys
10:26:09.0849 3508 C:\Windows\System32\drivers\kbdhid.sys - ok
10:26:09.0859 3508 [ B83AB16B51FEDA65DD81B8C59D114D63 ] C:\Windows\System32\drivers\vga.sys
10:26:09.0859 3508 C:\Windows\System32\drivers\vga.sys - ok
10:26:09.0868 3508 [ 84F9479F8BD5EF517E98CBBD8D3300F7 ] C:\Windows\System32\drivers\videoprt.sys
10:26:09.0868 3508 C:\Windows\System32\drivers\videoprt.sys - ok
10:26:09.0878 3508 [ 603900CC05F6BE65CCBF373800AF3716 ] C:\Windows\System32\drivers\RDPCDD.sys
10:26:09.0878 3508 C:\Windows\System32\drivers\RDPCDD.sys - ok
10:26:09.0888 3508 [ 704F59BFC4512D2BB0146AEC31B10A7C ] C:\Windows\System32\drivers\msfs.sys
10:26:09.0888 3508 C:\Windows\System32\drivers\msfs.sys - ok
10:26:09.0896 3508 [ CAB9421DAF3D97B33D0D055858E2C3AB ] C:\Windows\System32\drivers\RDPENCDD.sys
10:26:09.0897 3508 C:\Windows\System32\drivers\RDPENCDD.sys - ok
10:26:09.0906 3508 [ B298874F8E0EA93F06EC40AA8D146478 ] C:\Windows\System32\drivers\npfs.sys
10:26:09.0906 3508 C:\Windows\System32\drivers\npfs.sys - ok
10:26:09.0915 3508 [ 1013B3B663A56D3DDD784F581C1BD005 ] C:\Windows\System32\drivers\rasacd.sys
10:26:09.0918 3508 C:\Windows\System32\drivers\rasacd.sys - ok
10:26:09.0920 3508 [ 458919C8C42E398DC4802178D5FFEE27 ] C:\Windows\System32\drivers\tdx.sys
10:26:09.0920 3508 C:\Windows\System32\drivers\tdx.sys - ok
10:26:09.0931 3508 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] C:\Windows\System32\drivers\smb.sys
10:26:09.0931 3508 C:\Windows\System32\drivers\smb.sys - ok
10:26:09.0940 3508 [ C4F6CE6087760AD70960C9EB130E7943 ] C:\Windows\System32\drivers\afd.sys
10:26:09.0944 3508 C:\Windows\System32\drivers\afd.sys - ok
10:26:09.0949 3508 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] C:\Windows\System32\drivers\netbt.sys
10:26:09.0949 3508 C:\Windows\System32\drivers\netbt.sys - ok
10:26:09.0959 3508 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] C:\Windows\System32\drivers\pacer.sys
10:26:09.0959 3508 C:\Windows\System32\drivers\pacer.sys - ok
10:26:09.0969 3508 [ A499294F5029A7862ADC115BDA7371CE ] C:\Windows\System32\drivers\netbios.sys
10:26:09.0969 3508 C:\Windows\System32\drivers\netbios.sys - ok
10:26:09.0977 3508 [ B8E7049622300D20BA6D8BE0C47C0CFD ] C:\Windows\System32\drivers\wanarp.sys
10:26:09.0978 3508 C:\Windows\System32\drivers\wanarp.sys - ok
10:26:09.0987 3508 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] C:\Windows\System32\drivers\rdbss.sys
10:26:09.0987 3508 C:\Windows\System32\drivers\rdbss.sys - ok
10:26:09.0997 3508 [ 1523AF19EE8B030BA682F7A53537EAEB ] C:\Windows\System32\drivers\nsiproxy.sys
10:26:09.0997 3508 C:\Windows\System32\drivers\nsiproxy.sys - ok
10:26:10.0013 3508 [ 8B722BA35205C71E7951CDC4CDBADE19 ] C:\Windows\System32\drivers\dfsc.sys
10:26:10.0013 3508 C:\Windows\System32\drivers\dfsc.sys - ok
10:26:10.0028 3508 [ 784491AA0A781059AA3EC0BCB7AD760A ] C:\Windows\System32\ntdll.dll
10:26:10.0028 3508 C:\Windows\System32\ntdll.dll - ok
10:26:10.0037 3508 [ C17704EA5B0F83D78F1377075FFE1C89 ] C:\Windows\System32\smss.exe
10:26:10.0037 3508 C:\Windows\System32\smss.exe - ok
10:26:10.0047 3508 [ E24D4475713CB382A720D003BDDA9628 ] C:\Windows\System32\autochk.exe
10:26:10.0047 3508 C:\Windows\System32\autochk.exe - ok
10:26:10.0056 3508 [ 70B7902B8DDD3C4B88AC3FC278A9B987 ] C:\Windows\System32\drivers\hidclass.sys
10:26:10.0056 3508 C:\Windows\System32\drivers\hidclass.sys - ok
10:26:10.0065 3508 [ 443BDD2D30BB4F00795C797E2CF99EDF ] C:\Windows\System32\drivers\hidusb.sys
10:26:10.0065 3508 C:\Windows\System32\drivers\hidusb.sys - ok
10:26:10.0077 3508 [ 07E3498FC60834219D2356293DA0FECC ] C:\Windows\System32\drivers\usbccgp.sys
10:26:10.0077 3508 C:\Windows\System32\drivers\usbccgp.sys - ok
10:26:10.0088 3508 [ 5747BC465ABEA2858C5D037252AED84E ] C:\Windows\System32\drivers\lvuvc64.sys
10:26:10.0088 3508 C:\Windows\System32\drivers\lvuvc64.sys - ok
10:26:10.0099 3508 [ B2085E335F2B57077B0CBADB6F1245CD ] C:\Windows\System32\drivers\lvpopf64.sys
10:26:10.0099 3508 C:\Windows\System32\drivers\lvpopf64.sys - ok
10:26:10.0110 3508 [ 99BCD802FE1C480E94DCB29D904F56CC ] C:\Windows\System32\drivers\lvsels64.sys
10:26:10.0110 3508 C:\Windows\System32\drivers\lvsels64.sys - ok
10:26:10.0119 3508 [ C6BA890DE6E41857FBE84175519CAE7D ] C:\Windows\System32\drivers\USBAUDIO.sys
10:26:10.0119 3508 C:\Windows\System32\drivers\USBAUDIO.sys - ok
10:26:10.0128 3508 [ 986C1CB787A007BAA5F74E7D316D7246 ] C:\Windows\System32\drivers\lvrs64.sys
10:26:10.0128 3508 C:\Windows\System32\drivers\lvrs64.sys - ok
10:26:10.0138 3508 [ 68214C82FA6222591873677A72DF2A66 ] C:\Windows\System32\drivers\hidbatt.sys
10:26:10.0138 3508 C:\Windows\System32\drivers\hidbatt.sys - ok
10:26:10.0147 3508 [ 7442BCA60ED46CC31C2F39728BBDD9AD ] C:\Windows\System32\drivers\ftdibus.sys
10:26:10.0147 3508 C:\Windows\System32\drivers\ftdibus.sys - ok
10:26:10.0156 3508 [ B854C1558FCA0C269A38663E8B59B581 ] C:\Windows\System32\drivers\USBSTOR.SYS
10:26:10.0156 3508 C:\Windows\System32\drivers\USBSTOR.SYS - ok
10:26:10.0169 3508 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] C:\Windows\System32\drivers\mouhid.sys
10:26:10.0169 3508 C:\Windows\System32\drivers\mouhid.sys - ok
10:26:10.0173 3508 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] C:\Windows\System32\drivers\point64.sys
10:26:10.0173 3508 C:\Windows\System32\drivers\point64.sys - ok
10:26:10.0185 3508 [ 121AF3148CDDA212CFFBC4F6240699C2 ] C:\Windows\System32\drivers\ftser2k.sys
10:26:10.0185 3508 C:\Windows\System32\drivers\ftser2k.sys - ok
10:26:10.0197 3508 [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
10:26:10.0197 3508 C:\Windows\System32\iertutil.dll - ok
10:26:10.0206 3508 [ 891E1D0DCDE747C8F1EE71E61EA193F5 ] C:\Windows\System32\lpk.dll
10:26:10.0207 3508 C:\Windows\System32\lpk.dll - ok
10:26:10.0218 3508 [ 3B2671CBC989F1B2084290D787DE8499 ] C:\Windows\System32\oleaut32.dll
10:26:10.0218 3508 C:\Windows\System32\oleaut32.dll - ok
10:26:10.0226 3508 [ BAB10B35E2D5EE0DC3DE05A177C52C50 ] C:\Windows\System32\ws2_32.dll
10:26:10.0227 3508 C:\Windows\System32\ws2_32.dll - ok
10:26:10.0236 3508 [ 2C74308C8A20F3F3A2226DFE36914CBF ] C:\Windows\System32\msvcrt.dll
10:26:10.0236 3508 C:\Windows\System32\msvcrt.dll - ok
10:26:10.0245 3508 [ BE2E23B3DD533B33338D9B3D826574DA ] C:\Windows\System32\setupapi.dll
10:26:10.0245 3508 C:\Windows\System32\setupapi.dll - ok
10:26:10.0254 3508 [ A02EB771DAE80667E3C877CF19E3F6EE ] C:\Windows\System32\kernel32.dll
10:26:10.0254 3508 C:\Windows\System32\kernel32.dll - ok
10:26:10.0264 3508 [ 0CB93E3F36C4F4122E7CBBAA731F67D1 ] C:\Windows\System32\ole32.dll
10:26:10.0264 3508 C:\Windows\System32\ole32.dll - ok
10:26:10.0272 3508 [ 533B3BA63E5DB49FC59A842A1DE3121F ] C:\Windows\System32\normaliz.dll
10:26:10.0272 3508 C:\Windows\System32\normaliz.dll - ok
10:26:10.0282 3508 [ 604384D4459F4A68FF88E7C212C43F61 ] C:\Windows\System32\shlwapi.dll
10:26:10.0282 3508 C:\Windows\System32\shlwapi.dll - ok
10:26:10.0292 3508 [ AA09B70F619CBF499EFC22E7A63E3CE6 ] C:\Windows\System32\comdlg32.dll
10:26:10.0292 3508 C:\Windows\System32\comdlg32.dll - ok
10:26:10.0302 3508 [ C669ABA2C3298B4B4F252EB6A5AE8964 ] C:\Windows\System32\gdi32.dll
10:26:10.0302 3508 C:\Windows\System32\gdi32.dll - ok
10:26:10.0310 3508 [ 7CAF51D586DFE475147DFB158BEBB3F8 ] C:\Windows\System32\nsi.dll
10:26:10.0310 3508 C:\Windows\System32\nsi.dll - ok
10:26:10.0319 3508 [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
10:26:10.0319 3508 C:\Windows\System32\urlmon.dll - ok
10:26:10.0328 3508 [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
10:26:10.0328 3508 C:\Windows\System32\wininet.dll - ok
10:26:10.0339 3508 [ 487C3C0927F67331681294B867A4141B ] C:\Windows\System32\shell32.dll
10:26:10.0339 3508 C:\Windows\System32\shell32.dll - ok
10:26:10.0348 3508 [ ADC1964755BB12485A15070A4D4F2697 ] C:\Windows\System32\Wldap32.dll
10:26:10.0348 3508 C:\Windows\System32\Wldap32.dll - ok
10:26:10.0361 3508 [ 09ED5DF1622C759B5EB9C40B89FD310A ] C:\Windows\System32\imagehlp.dll
10:26:10.0361 3508 C:\Windows\System32\imagehlp.dll - ok
10:26:10.0369 3508 [ 62C15795629FA290656C6A7E5CD25F52 ] C:\Windows\System32\imm32.dll
10:26:10.0369 3508 C:\Windows\System32\imm32.dll - ok
10:26:10.0378 3508 [ 11EAF90B44A9E378CB6F4ECBF2471F60 ] C:\Windows\System32\usp10.dll
10:26:10.0379 3508 C:\Windows\System32\usp10.dll - ok
10:26:10.0389 3508 [ 87CB61DF57FEC0948A26F9E671ADD81A ] C:\Windows\System32\msctf.dll
10:26:10.0389 3508 C:\Windows\System32\msctf.dll - ok
10:26:10.0397 3508 [ F3F5549E69AE8509342E67E4F972CA1C ] C:\Windows\System32\user32.dll
10:26:10.0397 3508 C:\Windows\System32\user32.dll - ok
10:26:10.0406 3508 [ 8E0189219E941613B1512431604114E0 ] C:\Windows\System32\rpcrt4.dll
10:26:10.0406 3508 C:\Windows\System32\rpcrt4.dll - ok
10:26:10.0416 3508 [ DB310BF331A32FD208CADA64ABA2903A ] C:\Windows\System32\clbcatq.dll
10:26:10.0416 3508 C:\Windows\System32\clbcatq.dll - ok
10:26:10.0427 3508 [ BB8C4784AA400BDC3D51B6ACAA077E96 ] C:\Windows\System32\advapi32.dll
10:26:10.0427 3508 C:\Windows\System32\advapi32.dll - ok
10:26:10.0435 3508 [ 74ABE02BF1937B32C6FC169A782FCF60 ] C:\Windows\System32\comctl32.dll
10:26:10.0435 3508 C:\Windows\System32\comctl32.dll - ok
10:26:10.0440 3508 [ AEF2D8B0B518A5623FC5F9832F622677 ] C:\Windows\System32\psapi.dll
10:26:10.0440 3508 C:\Windows\System32\psapi.dll - ok
10:26:10.0452 3508 [ 6F29236AB5926100972924BD29D9D225 ] C:\Windows\SysWOW64\normaliz.dll
10:26:10.0452 3508 C:\Windows\SysWOW64\normaliz.dll - ok
10:26:10.0461 3508 [ 4C2DC63036D452FDB636D58D8EA7BC90 ] C:\Windows\System32\drivers\dxapi.sys
10:26:10.0461 3508 C:\Windows\System32\drivers\dxapi.sys - ok
10:26:10.0472 3508 [ 553875DDFE111FACA013045E08C01AFA ] C:\Windows\System32\win32k.sys
10:26:10.0472 3508 C:\Windows\System32\win32k.sys - ok
10:26:10.0480 3508 [ B4ABE68596B173FF2AB2076BC7C35EB4 ] C:\Windows\System32\csrss.exe
10:26:10.0480 3508 C:\Windows\System32\csrss.exe - ok
10:26:10.0491 3508 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\System32\basesrv.dll
10:26:10.0491 3508 C:\Windows\System32\basesrv.dll - ok
10:26:10.0502 3508 [ D01E68E878FC8E3D79A1E84308745E82 ] C:\Windows\System32\csrsrv.dll
10:26:10.0502 3508 C:\Windows\System32\csrsrv.dll - ok
10:26:10.0514 3508 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\System32\winsrv.dll
10:26:10.0514 3508 C:\Windows\System32\winsrv.dll - ok
10:26:10.0525 3508 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] C:\Windows\System32\drivers\monitor.sys
10:26:10.0525 3508 C:\Windows\System32\drivers\monitor.sys - ok
10:26:10.0536 3508 [ 86173B7125321C93E355DF3837039244 ] C:\Windows\System32\tsddd.dll
10:26:10.0536 3508 C:\Windows\System32\tsddd.dll - ok
10:26:10.0546 3508 [ 117EA87DF785CA1B9D821F6F213DCE07 ] C:\Windows\System32\wininit.exe
10:26:10.0546 3508 C:\Windows\System32\wininit.exe - ok
10:26:10.0555 3508 [ FEA83138B1C1D6EB55046C4612905888 ] C:\Windows\System32\secur32.dll
10:26:10.0555 3508 C:\Windows\System32\secur32.dll - ok
10:26:10.0564 3508 [ 95E848589698D6CF716ECF1403925DFC ] C:\Windows\System32\userenv.dll
10:26:10.0564 3508 C:\Windows\System32\userenv.dll - ok
10:26:10.0573 3508 [ 89A722B06A83706797E283016181BEAB ] C:\Windows\System32\KBDUS.DLL
10:26:10.0577 3508 C:\Windows\System32\KBDUS.DLL - ok
10:26:10.0582 3508 [ 16687F0351E513BF2019073ABF02B585 ] C:\Windows\System32\sxs.dll
10:26:10.0583 3508 C:\Windows\System32\sxs.dll - ok
10:26:10.0593 3508 [ D1BDCF6DE24D16E16FC57AEE4A1BE9AE ] C:\Windows\System32\WlS0WndH.dll
10:26:10.0593 3508 C:\Windows\System32\WlS0WndH.dll - ok
10:26:10.0601 3508 [ AFBE3FC3CF0996A9ABC8925419250AB3 ] C:\Windows\System32\cdd.dll
10:26:10.0601 3508 C:\Windows\System32\cdd.dll - ok
10:26:10.0610 3508 [ F33E804A031F160D128AB78990DE7C91 ] C:\Windows\System32\apphelp.dll
10:26:10.0611 3508 C:\Windows\System32\apphelp.dll - ok
10:26:10.0620 3508 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] C:\Windows\System32\lsass.exe
10:26:10.0620 3508 C:\Windows\System32\lsass.exe - ok
10:26:10.0629 3508 [ 54D814DC2FA54AA847D240D4EA0E6586 ] C:\Windows\System32\lsm.exe
10:26:10.0629 3508 C:\Windows\System32\lsm.exe - ok
10:26:10.0638 3508 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\System32\services.exe
10:26:10.0639 3508 C:\Windows\System32\services.exe - ok
10:26:10.0647 3508 [ 902F14A1FDF1B4A543326A35CB21EB1F ] C:\Windows\System32\lsasrv.dll
10:26:10.0647 3508 C:\Windows\System32\lsasrv.dll - ok
10:26:10.0656 3508 [ 495EB57ACF30983AA441B70A8DE2B7ED ] C:\Windows\System32\scesrv.dll
10:26:10.0656 3508 C:\Windows\System32\scesrv.dll - ok
10:26:10.0668 3508 [ 009456399B31D69C67654F6C3618D9A8 ] C:\Windows\System32\sysntfy.dll
10:26:10.0669 3508 C:\Windows\System32\sysntfy.dll - ok
10:26:10.0679 3508 [ 0C2E0A8562FE4B33D00E175A97E05793 ] C:\Windows\System32\wmsgapi.dll
10:26:10.0679 3508 C:\Windows\System32\wmsgapi.dll - ok
10:26:10.0687 3508 [ 5EF9205E045643A5A75A82B116395B25 ] C:\Windows\System32\authz.dll
10:26:10.0687 3508 C:\Windows\System32\authz.dll - ok
10:26:10.0712 3508 [ F3E5C76AA1175D29F6459BDB7DF345EC ] C:\Windows\System32\netapi32.dll
10:26:10.0712 3508 C:\Windows\System32\netapi32.dll - ok
10:26:10.0722 3508 [ 60EEC5440C2D05E5FDA04900E45FF717 ] C:\Windows\System32\samsrv.dll
10:26:10.0722 3508 C:\Windows\System32\samsrv.dll - ok
10:26:10.0731 3508 [ 419CE835359938213BD32A7AA327F2B9 ] C:\Windows\System32\cryptdll.dll
10:26:10.0731 3508 C:\Windows\System32\cryptdll.dll - ok
10:26:10.0740 3508 [ FA19D9DE54B122316274703D50F34130 ] C:\Windows\System32\ncobjapi.dll
10:26:10.0740 3508 C:\Windows\System32\ncobjapi.dll - ok
10:26:10.0751 3508 [ E4C283A98F118CEC9E087EAC4E9EFB6A ] C:\Windows\System32\dnsapi.dll
10:26:10.0751 3508 C:\Windows\System32\dnsapi.dll - ok
10:26:10.0761 3508 [ 5279672A8BDAF3CFB0A4C6E0591987AC ] C:\Windows\System32\samlib.dll
10:26:10.0761 3508 C:\Windows\System32\samlib.dll - ok
10:26:10.0770 3508 [ 0F421175574BFE0BF2F4D8E910A253BB ] C:\Windows\System32\aelupsvc.dll
10:26:10.0770 3508 C:\Windows\System32\aelupsvc.dll - ok
10:26:10.0781 3508 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] C:\Windows\System32\alg.exe
10:26:10.0781 3508 C:\Windows\System32\alg.exe - ok
10:26:10.0791 3508 [ 301D19A870E40C12540BE46034BD6B20 ] C:\Windows\System32\msasn1.dll
10:26:10.0791 3508 C:\Windows\System32\msasn1.dll - ok
10:26:10.0803 3508 [ 33741BA808457C9AF07055C0FBEFE973 ] C:\Windows\System32\ntdsapi.dll
10:26:10.0803 3508 C:\Windows\System32\ntdsapi.dll - ok
10:26:10.0813 3508 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] C:\Windows\System32\appinfo.dll
10:26:10.0813 3508 C:\Windows\System32\appinfo.dll - ok
10:26:10.0822 3508 [ 79318C744693EC983D20E9337A2F8196 ] C:\Windows\System32\audiosrv.dll
10:26:10.0822 3508 C:\Windows\System32\audiosrv.dll - ok
10:26:10.0835 3508 [ D7924B0F3AB5574BF59CA2892BE8961A ] C:\Windows\System32\feclient.dll
10:26:10.0835 3508 C:\Windows\System32\feclient.dll - ok
10:26:10.0843 3508 [ B3EBBD687BDFCBBBBCB6115B682D1845 ] C:\Windows\System32\mpr.dll
10:26:10.0844 3508 C:\Windows\System32\mpr.dll - ok
10:26:10.0851 3508 [ FFB96C2589FFA60473EAD78B39FBDE29 ] C:\Windows\System32\BFE.DLL
10:26:10.0852 3508 C:\Windows\System32\BFE.DLL - ok
10:26:10.0860 3508 [ 9BDB79FD2FD662BA9AD573C3EC0342A6 ] C:\Windows\System32\crypt32.dll
10:26:10.0861 3508 C:\Windows\System32\crypt32.dll - ok
10:26:10.0870 3508 [ 6D316F4859634071CC25C4FD4589AD2C ] C:\Windows\System32\qmgr.dll
10:26:10.0870 3508 C:\Windows\System32\qmgr.dll - ok
10:26:10.0880 3508 [ EE11F2630840479C4AA784AF3770F8E2 ] C:\Windows\System32\SLC.dll
10:26:10.0880 3508 C:\Windows\System32\SLC.dll - ok
10:26:10.0888 3508 [ 45B4004F43B48E4A3F12B85891F81221 ] C:\Windows\System32\wevtapi.dll
10:26:10.0889 3508 C:\Windows\System32\wevtapi.dll - ok
10:26:10.0898 3508 [ A1B39DE453433B115B4EA69EE0343816 ] C:\Windows\System32\browser.dll
10:26:10.0898 3508 C:\Windows\System32\browser.dll - ok
10:26:10.0910 3508 [ 22E65FFD640F16968F855F5B3528D366 ] C:\Windows\System32\bthserv.dll
10:26:10.0910 3508 C:\Windows\System32\bthserv.dll - ok
10:26:10.0918 3508 [ 5A268127633C7EE2A7FB87F39D748D56 ] C:\Windows\System32\certprop.dll
10:26:10.0918 3508 C:\Windows\System32\certprop.dll - ok
10:26:10.0927 3508 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] C:\Windows\System32\dhcpcsvc.dll
10:26:10.0927 3508 C:\Windows\System32\dhcpcsvc.dll - ok
10:26:10.0931 3508 [ A9D70295BA8F31D5EA118B0A6B74183E ] C:\Windows\System32\IPHLPAPI.DLL
10:26:10.0931 3508 C:\Windows\System32\IPHLPAPI.DLL - ok
10:26:10.0941 3508 [ DDEE5FE5C3C3141CE02DE6B7B2BF686B ] C:\Windows\System32\comres.dll
10:26:10.0941 3508 C:\Windows\System32\comres.dll - ok
10:26:10.0951 3508 [ 956148910C7EB6A8C095D9B4E6F94E62 ] C:\Windows\System32\dhcpcsvc6.dll
10:26:10.0951 3508 C:\Windows\System32\dhcpcsvc6.dll - ok
10:26:10.0961 3508 [ 58AAAEA100F45F4F44297D6DE9ACF8ED ] C:\Windows\System32\winnsi.dll
10:26:10.0961 3508 C:\Windows\System32\winnsi.dll - ok
10:26:10.0970 3508 [ 21322B1A2AD337C579F4A65EA0D25193 ] C:\Windows\System32\cngaudit.dll
10:26:10.0970 3508 C:\Windows\System32\cngaudit.dll - ok
10:26:10.0978 3508 [ CE7183F26642FAFE46C8374AE70A66DB ] C:\Windows\System32\oleres.dll
10:26:10.0978 3508 C:\Windows\System32\oleres.dll - ok
10:26:10.0987 3508 [ 02EE316487BCC8F4F6017CAD538365CC ] C:\Windows\System32\bcrypt.dll
10:26:10.0988 3508 C:\Windows\System32\bcrypt.dll - ok
10:26:10.0997 3508 [ 2E4733239CB09A2212C44FCD1C1B4CC9 ] C:\Windows\System32\dfsrres.dll
10:26:10.0997 3508 C:\Windows\System32\dfsrres.dll - ok
10:26:11.0007 3508 [ FD51DED28EEC823940432D05BACE2490 ] C:\Windows\System32\ncrypt.dll
10:26:11.0007 3508 C:\Windows\System32\ncrypt.dll - ok
10:26:11.0020 3508 [ 1A7156DD1E850E9914E5E991E3225B94 ] C:\Windows\System32\dot3svc.dll
10:26:11.0020 3508 C:\Windows\System32\dot3svc.dll - ok
10:26:11.0037 3508 [ B7CCDC4B877DC3CC665DE8F322F2BD9E ] C:\Windows\System32\credssp.dll
10:26:11.0037 3508 C:\Windows\System32\credssp.dll - ok
10:26:11.0047 3508 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] C:\Windows\System32\dps.dll
10:26:11.0047 3508 C:\Windows\System32\dps.dll - ok
10:26:11.0056 3508 [ C2303883FD9BE49DC36A6400643002EA ] C:\Windows\System32\eapsvc.dll
10:26:11.0056 3508 C:\Windows\System32\eapsvc.dll - ok
10:26:11.0068 3508 [ 14CE384D2E27B64C256BDA4DC39C312D ] C:\Windows\ehome\ehrecvr.exe
10:26:11.0068 3508 C:\Windows\ehome\ehrecvr.exe - ok
10:26:11.0078 3508 [ F7097878AE102618656A04F03951C339 ] C:\Windows\System32\msprivs.dll
10:26:11.0079 3508 C:\Windows\System32\msprivs.dll - ok
10:26:11.0089 3508 [ CD6D49EA9DBBD3EA9E449FD84C51C731 ] C:\Windows\System32\kerberos.dll
10:26:11.0089 3508 C:\Windows\System32\kerberos.dll - ok
10:26:11.0098 3508 [ B93159C1313D66FDFBBE876F5189CD52 ] C:\Windows\ehome\ehsched.exe
10:26:11.0098 3508 C:\Windows\ehome\ehsched.exe - ok
10:26:11.0108 3508 [ F5EE2527D74449868E3C3227A59BCD28 ] C:\Windows\ehome\ehstart.dll
10:26:11.0108 3508 C:\Windows\ehome\ehstart.dll - ok
10:26:11.0118 3508 [ 253607D6C54A1604436F08E67CCED044 ] C:\Windows\System32\WSHTCPIP.DLL
10:26:11.0119 3508 C:\Windows\System32\WSHTCPIP.DLL - ok
10:26:11.0128 3508 [ A9B18B63A4FD6BAAB83326706D857FAB ] C:\Windows\System32\emdmgmt.dll
10:26:11.0128 3508 C:\Windows\System32\emdmgmt.dll - ok
10:26:11.0137 3508 [ 2C305F6445662EFF9A08B1BA41784CC0 ] C:\Windows\System32\wship6.dll
10:26:11.0137 3508 C:\Windows\System32\wship6.dll - ok
10:26:11.0146 3508 [ B3564B747D0B059D99E888F8369E56BC ] C:\Windows\System32\wevtsvc.dll
10:26:11.0146 3508 C:\Windows\System32\wevtsvc.dll - ok
10:26:11.0155 3508 [ BB9267ACACD8B7533DD936C34A0CBA5E ] C:\Windows\System32\fdPHost.dll
10:26:11.0155 3508 C:\Windows\System32\fdPHost.dll - ok
10:26:11.0164 3508 [ 300C80931EABBE1DB7591C516EFE8D0F ] C:\Windows\System32\FDResPub.dll
10:26:11.0164 3508 C:\Windows\System32\FDResPub.dll - ok
10:26:11.0175 3508 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] C:\Windows\System32\FntCache.dll
10:26:11.0175 3508 C:\Windows\System32\FntCache.dll - ok
10:26:11.0187 3508 [ 599DA6EB260D9601D2D67AE177F95568 ] C:\Windows\System32\wshqos.dll
10:26:11.0187 3508 C:\Windows\System32\wshqos.dll - ok
10:26:11.0195 3508 [ F145BF4C4668E7E312069F81EF847CFC ] C:\Windows\System32\nlasvc.dll
10:26:11.0195 3508 C:\Windows\System32\nlasvc.dll - ok
10:26:11.0204 3508 [ E60BB0CDC5EA153F6D24C51AAD4A73FD ] C:\Windows\System32\PresentationHost.exe
10:26:11.0204 3508 C:\Windows\System32\PresentationHost.exe - ok
10:26:11.0214 3508 [ B06524F21423565E7DAED0B508DA16F3 ] C:\Windows\System32\atmfd.dll
10:26:11.0214 3508 C:\Windows\System32\atmfd.dll - ok
10:26:11.0222 3508 [ 899F834C330A96A80EC36DAEDA2FF018 ] C:\Windows\System32\gpapi.dll
10:26:11.0222 3508 C:\Windows\System32\gpapi.dll - ok
10:26:11.0231 3508 [ 59361D38A297755D46A540E450202B2A ] C:\Windows\System32\hidserv.dll
10:26:11.0231 3508 C:\Windows\System32\hidserv.dll - ok
10:26:11.0240 3508 [ 062972C53BDC6819CE0BAAAA5382F758 ] C:\Windows\System32\NapiNSP.dll
10:26:11.0241 3508 C:\Windows\System32\NapiNSP.dll - ok
10:26:11.0251 3508 [ E1BAEEE7949ED5019259E69393367400 ] C:\Windows\System32\pnrpnsp.dll
10:26:11.0251 3508 C:\Windows\System32\pnrpnsp.dll - ok
10:26:11.0261 3508 [ 42161FDC47A49CD513D29BACB99D6E0D ] C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
10:26:11.0261 3508 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
10:26:11.0269 3508 [ B12F367EA39C0795FD57E31242CE1A5A ] C:\Windows\System32\KMSVC.DLL
10:26:11.0269 3508 C:\Windows\System32\KMSVC.DLL - ok
10:26:11.0278 3508 [ 434B2B82B237FC2F4F8F6844A8FF1909 ] C:\Windows\System32\msv1_0.dll
10:26:11.0279 3508 C:\Windows\System32\msv1_0.dll - ok
10:26:11.0288 3508 [ BB08D93011B82883EC33C7707A9627BE ] C:\Windows\System32\mswsock.dll
10:26:11.0288 3508 C:\Windows\System32\mswsock.dll - ok
10:26:11.0297 3508 [ 0C9EA6E654E7B0471741E343A6C671AF ] C:\Windows\System32\IKEEXT.DLL
10:26:11.0297 3508 C:\Windows\System32\IKEEXT.DLL - ok
10:26:11.0305 3508 [ A3F1B171702CA04744EE514243B45BFB ] C:\Windows\System32\netlogon.dll
10:26:11.0305 3508 C:\Windows\System32\netlogon.dll - ok
10:26:11.0314 3508 [ 6D0773A3A65D28B663F334C90441D01A ] C:\Windows\System32\winlogon.exe
10:26:11.0315 3508 C:\Windows\System32\winlogon.exe - ok
10:26:11.0323 3508 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] C:\Windows\System32\IPBusEnum.dll
10:26:11.0324 3508 C:\Windows\System32\IPBusEnum.dll - ok
10:26:11.0335 3508 [ 1671EF15434501ABBE9E7BE905EF998B ] C:\Windows\System32\winsta.dll
10:26:11.0335 3508 C:\Windows\System32\winsta.dll - ok
10:26:11.0344 3508 [ BF0DBFA9792C5C14FA00F61C75116C1B ] C:\Windows\System32\iphlpsvc.dll
10:26:11.0344 3508 C:\Windows\System32\iphlpsvc.dll - ok
10:26:11.0353 3508 [ C6336D1625515CC5F70E5630CFF14182 ] C:\Windows\System32\keyiso.dll
10:26:11.0353 3508 C:\Windows\System32\keyiso.dll - ok
10:26:11.0364 3508 [ 15C815573011719585EB836614ED1DF1 ] C:\Windows\System32\rascfg.dll
10:26:11.0364 3508 C:\Windows\System32\rascfg.dll - ok
10:26:11.0375 3508 [ CA307C0BD127FA7ADE5E6FEE8750F046 ] C:\Windows\System32\winbrand.dll
10:26:11.0375 3508 C:\Windows\System32\winbrand.dll - ok
10:26:11.0385 3508 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] C:\Windows\System32\srvsvc.dll
10:26:11.0386 3508 C:\Windows\System32\srvsvc.dll - ok
10:26:11.0394 3508 [ CAF86FC1388BE1E470F1A7B43E348ADB ] C:\Windows\System32\wkssvc.dll
10:26:11.0394 3508 C:\Windows\System32\wkssvc.dll - ok
10:26:11.0404 3508 [ 4698036AE905F88E02C3F69BA77981FB ] C:\Windows\ehome\ehres.dll
10:26:11.0404 3508 C:\Windows\ehome\ehres.dll - ok
10:26:11.0413 3508 [ 4B8C95B49C58D7A41BF3FE38AA64DC6C ] C:\Windows\System32\lltdres.dll
10:26:11.0413 3508 C:\Windows\System32\lltdres.dll - ok
10:26:11.0422 3508 [ A47F8080CACC23C91FE823AD19AA5612 ] C:\Windows\System32\lmhsvc.dll
10:26:11.0422 3508 C:\Windows\System32\lmhsvc.dll - ok
10:26:11.0431 3508 [ 4C7F1DA7E2BF41EB19208540DD5574C8 ] C:\Windows\System32\schannel.dll
10:26:11.0431 3508 C:\Windows\System32\schannel.dll - ok
10:26:11.0443 3508 [ B4A04D5AA66E8F77DE19E0EB89C52D2B ] C:\Windows\System32\wdigest.dll
10:26:11.0443 3508 C:\Windows\System32\wdigest.dll - ok
10:26:11.0452 3508 [ 4D27759CC69F69E4B3228A970FF55F88 ] C:\Windows\System32\rsaenh.dll
10:26:11.0452 3508 C:\Windows\System32\rsaenh.dll - ok
10:26:11.0462 3508 [ BC69DA355B62C898DFEA93851335EAF0 ] C:\Windows\System32\TSpkg.dll
10:26:11.0462 3508 C:\Windows\System32\TSpkg.dll - ok
10:26:11.0471 3508 [ FFA2B274A5CC6C9A03CBDCF5B8F0239A ] C:\Windows\System32\FirewallAPI.dll
10:26:11.0471 3508 C:\Windows\System32\FirewallAPI.dll - ok
10:26:11.0480 3508 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] C:\Windows\System32\mmcss.dll
10:26:11.0481 3508 C:\Windows\System32\mmcss.dll - ok
10:26:11.0492 3508 [ 1371FA9D8B1E567AE852E0F74D41D040 ] C:\Windows\System32\iscsidsc.dll
10:26:11.0492 3508 C:\Windows\System32\iscsidsc.dll - ok
10:26:11.0503 3508 [ FCD84867883C365A24C61E50AF8A6DB9 ] C:\Windows\System32\msimsg.dll
10:26:11.0503 3508 C:\Windows\System32\msimsg.dll - ok
10:26:11.0511 3508 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] C:\Windows\System32\QAGENTRT.DLL
10:26:11.0511 3508 C:\Windows\System32\QAGENTRT.DLL - ok
10:26:11.0522 3508 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] C:\Windows\System32\netman.dll
10:26:11.0522 3508 C:\Windows\System32\netman.dll - ok
10:26:11.0535 3508 [ 0341CB05512AA87BB64A834DE6264C34 ] C:\Windows\System32\netprof.dll
10:26:11.0535 3508 C:\Windows\System32\netprof.dll - ok
10:26:11.0543 3508 [ ACB62BAA1C319B17752553DF3026EEEB ] C:\Windows\System32\nsisvc.dll
10:26:11.0543 3508 C:\Windows\System32\nsisvc.dll - ok
10:26:11.0553 3508 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] C:\Windows\System32\p2psvc.dll
10:26:11.0553 3508 C:\Windows\System32\p2psvc.dll - ok
10:26:11.0563 3508 [ 9AB157B374192FF276C1628FBDBA2B0E ] C:\Windows\System32\pcasvc.dll
10:26:11.0563 3508 C:\Windows\System32\pcasvc.dll - ok
10:26:11.0572 3508 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] C:\Windows\System32\pla.dll
10:26:11.0573 3508 C:\Windows\System32\pla.dll - ok
10:26:11.0581 3508 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] C:\Windows\System32\umpnpmgr.dll
10:26:11.0581 3508 C:\Windows\System32\umpnpmgr.dll - ok
10:26:11.0593 3508 [ F7BEA2085635CA9B2B991D8EDC426D3A ] C:\Windows\System32\polstore.dll
10:26:11.0593 3508 C:\Windows\System32\polstore.dll - ok
10:26:11.0601 3508 [ E058CE4FC2449D8BFA14739C83B7FF2A ] C:\Windows\System32\profsvc.dll
10:26:11.0601 3508 C:\Windows\System32\profsvc.dll - ok
10:26:11.0610 3508 [ 43A4F5B4EAC81FA11DAC3143ADC77CBA ] C:\Windows\System32\psbase.dll
10:26:11.0611 3508 C:\Windows\System32\psbase.dll - ok
10:26:11.0619 3508 [ 90574842C3DA781E279061A3EFF91F07 ] C:\Windows\System32\qwave.dll
10:26:11.0619 3508 C:\Windows\System32\qwave.dll - ok
10:26:11.0629 3508 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] C:\Windows\System32\drivers\qwavedrv.sys
10:26:11.0629 3508 C:\Windows\System32\drivers\qwavedrv.sys - ok
10:26:11.0637 3508 [ B2AE18F847D07F0044404DDF7CB04497 ] C:\Windows\System32\rasauto.dll
10:26:11.0638 3508 C:\Windows\System32\rasauto.dll - ok
10:26:11.0647 3508 [ 3AD83E4046C43BE510DE681588ACB8AF ] C:\Windows\System32\rasmans.dll
10:26:11.0647 3508 C:\Windows\System32\rasmans.dll - ok
10:26:11.0656 3508 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] C:\Windows\System32\sstpsvc.dll
10:26:11.0656 3508 C:\Windows\System32\sstpsvc.dll - ok
10:26:11.0665 3508 [ C612B9557DA73F70D41F8A6FBC8E5344 ] C:\Windows\System32\mprdim.dll
10:26:11.0665 3508 C:\Windows\System32\mprdim.dll - ok
10:26:11.0674 3508 [ F46C457840D4B7A4DAAFEE739CE04102 ] C:\Windows\System32\Locator.exe
10:26:11.0674 3508 C:\Windows\System32\Locator.exe - ok
10:26:11.0685 3508 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] C:\Windows\System32\regsvc.dll
10:26:11.0685 3508 C:\Windows\System32\regsvc.dll - ok
10:26:11.0697 3508 [ FD1CDCF108D5EF3366F00D18B70FB89B ] C:\Windows\System32\SCardSvr.dll
10:26:11.0697 3508 C:\Windows\System32\SCardSvr.dll - ok
10:26:11.0707 3508 [ 0F838C811AD295D2A4489B9993096C63 ] C:\Windows\System32\schedsvc.dll
10:26:11.0707 3508 C:\Windows\System32\schedsvc.dll - ok
10:26:11.0727 3508 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] C:\Windows\System32\sdrsvc.dll
10:26:11.0727 3508 C:\Windows\System32\sdrsvc.dll - ok
10:26:11.0739 3508 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] C:\Windows\System32\ipnathlp.dll
10:26:11.0739 3508 C:\Windows\System32\ipnathlp.dll - ok
10:26:11.0748 3508 [ 5ACDCBC67FCF894A1815B9F96D704490 ] C:\Windows\System32\seclogon.dll
10:26:11.0748 3508 C:\Windows\System32\seclogon.dll - ok
10:26:11.0758 3508 [ 90973A64B96CD647FF81C79443618EED ] C:\Windows\System32\Sens.dll
10:26:11.0758 3508 C:\Windows\System32\Sens.dll - ok
10:26:11.0768 3508 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] C:\Windows\System32\SessEnv.dll
10:26:11.0768 3508 C:\Windows\System32\SessEnv.dll - ok
10:26:11.0778 3508 [ 56793271ECDEDD350C5ADD305603E963 ] C:\Windows\System32\shsvcs.dll
10:26:11.0778 3508 C:\Windows\System32\shsvcs.dll - ok
10:26:11.0788 3508 [ A9A27A8E257B45A604FDAD4F26FE7241 ] C:\Windows\System32\SLsvc.exe
10:26:11.0788 3508 C:\Windows\System32\SLsvc.exe - ok
10:26:11.0802 3508 [ FD74B4B7C2088E390A30C85A896FC3AF ] C:\Windows\System32\SLUINotify.dll
10:26:11.0802 3508 C:\Windows\System32\SLUINotify.dll - ok
10:26:11.0811 3508 [ F8F08779E7D997913607B0146710CC04 ] C:\Windows\System32\tcpipcfg.dll
10:26:11.0811 3508 C:\Windows\System32\tcpipcfg.dll - ok
10:26:11.0821 3508 [ F8F47F38909823B1AF28D60B96340CFF ] C:\Windows\System32\snmptrap.exe
10:26:11.0821 3508 C:\Windows\System32\snmptrap.exe - ok
10:26:11.0832 3508 [ F66FF751E7EFC816D266977939EF5DC3 ] C:\Windows\System32\spoolsv.exe
10:26:11.0832 3508 C:\Windows\System32\spoolsv.exe - ok
10:26:11.0844 3508 [ 192C74646EC5725AEF3F80D19FF75F6A ] C:\Windows\System32\ssdpsrv.dll
10:26:11.0844 3508 C:\Windows\System32\ssdpsrv.dll - ok
10:26:11.0854 3508 [ 15825C1FBFB8779992CB65087F316AF5 ] C:\Windows\System32\wiaservc.dll
10:26:11.0854 3508 C:\Windows\System32\wiaservc.dll - ok
10:26:11.0864 3508 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] C:\Windows\System32\swprv.dll
10:26:11.0865 3508 C:\Windows\System32\swprv.dll - ok
10:26:11.0875 3508 [ 92D7A8B0F87B036F17D25885937897A6 ] C:\Windows\System32\sysmain.dll
10:26:11.0875 3508 C:\Windows\System32\sysmain.dll - ok
10:26:11.0885 3508 [ 005CE42567F9113A3BCCB3B20073B029 ] C:\Windows\System32\TabSvc.dll
10:26:11.0885 3508 C:\Windows\System32\TabSvc.dll - ok
10:26:11.0895 3508 [ CC2562B4D55E0B6A4758C65407F63B79 ] C:\Windows\System32\tapisrv.dll
10:26:11.0895 3508 C:\Windows\System32\tapisrv.dll - ok
10:26:11.0906 3508 [ CDBE8D7C1E201B911CDC346D06617FB5 ] C:\Windows\System32\tbssvc.dll
10:26:11.0907 3508 C:\Windows\System32\tbssvc.dll - ok
10:26:11.0919 3508 [ 5CDD30BC217082DAC71A9878D9BFD566 ] C:\Windows\System32\termsrv.dll
10:26:11.0919 3508 C:\Windows\System32\termsrv.dll - ok
10:26:11.0929 3508 [ F4689F05AF472A651A7B1B7B02D200E7 ] C:\Windows\System32\trkwks.dll
10:26:11.0930 3508 C:\Windows\System32\trkwks.dll - ok
10:26:11.0940 3508 [ 66328B08EF5A9305D8EDE36B93930369 ] C:\Windows\servicing\TrustedInstaller.exe
10:26:11.0940 3508 C:\Windows\servicing\TrustedInstaller.exe - ok
10:26:11.0947 3508 [ 060507C4113391394478F6953A79EEDC ] C:\Windows\System32\UI0Detect.exe
10:26:11.0948 3508 C:\Windows\System32\UI0Detect.exe - ok
10:26:11.0961 3508 [ 449F5AB17863698F12F0BC8E99079AA6 ] C:\Windows\System32\dwm.exe
10:26:11.0961 3508 C:\Windows\System32\dwm.exe - ok
10:26:11.0971 3508 [ 7093799FF80E9DECA0680D2E3535BE60 ] C:\Windows\System32\upnphost.dll
10:26:11.0971 3508 C:\Windows\System32\upnphost.dll - ok
10:26:11.0980 3508 [ 294945381DFA7CE58CECF0A9896AF327 ] C:\Windows\System32\vds.exe
10:26:11.0981 3508 C:\Windows\System32\vds.exe - ok
10:26:11.0990 3508 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] C:\Windows\System32\VSSVC.exe
10:26:11.0990 3508 C:\Windows\System32\VSSVC.exe - ok
10:26:12.0000 3508 [ F14A7DE2EA41883E250892E1E5230A9A ] C:\Windows\System32\w32time.dll
10:26:12.0000 3508 C:\Windows\System32\w32time.dll - ok
10:26:12.0010 3508 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] C:\Windows\System32\wcncsvc.dll
10:26:12.0011 3508 C:\Windows\System32\wcncsvc.dll - ok
10:26:12.0022 3508 [ EA4B369560E986F19D93F45A881484AC ] C:\Windows\System32\WcsPlugInService.dll
10:26:12.0022 3508 C:\Windows\System32\WcsPlugInService.dll - ok
10:26:12.0047 3508 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] C:\Windows\System32\wdi.dll
10:26:12.0047 3508 C:\Windows\System32\wdi.dll - ok
10:26:12.0058 3508 [ 3E6D05381CF35F75EBB055544A8ED9AC ] C:\Windows\System32\WebClnt.dll
10:26:12.0058 3508 C:\Windows\System32\WebClnt.dll - ok
10:26:12.0074 3508 [ BD9A749F36710FFA02E0E530F7451936 ] C:\Windows\System32\wecsvc.dll
10:26:12.0074 3508 C:\Windows\System32\wecsvc.dll - ok
10:26:12.0088 3508 [ 9C980351D7E96288EA0C23AE232BD065 ] C:\Windows\System32\wercplsupport.dll
10:26:12.0089 3508 C:\Windows\System32\wercplsupport.dll - ok
10:26:12.0104 3508 [ 66B9ECEBC46683F47EDC06333C075FEF ] C:\Windows\System32\wersvc.dll
10:26:12.0104 3508 C:\Windows\System32\wersvc.dll - ok
10:26:12.0123 3508 [ A2D043408A2DC9CDE48CFF88FCD74662 ] C:\Windows\System32\winhttp.dll
10:26:12.0123 3508 C:\Windows\System32\winhttp.dll - ok
10:26:12.0136 3508 [ D2E7296ED1BD26D8DB2799770C077A02 ] C:\Windows\System32\wbem\WMIsvc.dll
10:26:12.0136 3508 C:\Windows\System32\wbem\WMIsvc.dll - ok
10:26:12.0148 3508 [ 42717DB2BE3A075D0F0CD5C927C27A43 ] C:\Windows\System32\WsmSvc.dll
10:26:12.0148 3508 C:\Windows\System32\WsmSvc.dll - ok
10:26:12.0160 3508 [ EC339C8115E91BAED835957E9A677F16 ] C:\Windows\System32\wlansvc.dll
10:26:12.0160 3508 C:\Windows\System32\wlansvc.dll - ok
10:26:12.0169 3508 [ 21FA389E65A852698B6A1341F36EE02D ] C:\Windows\System32\wbem\WmiApSrv.exe
10:26:12.0169 3508 C:\Windows\System32\wbem\WmiApSrv.exe - ok
10:26:12.0178 3508 [ 56382A5EB85A25446745E3BD6D50A3A5 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
10:26:12.0179 3508 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
10:26:12.0189 3508 [ CBC156C913F099E6680D1DF9307DB7A8 ] C:\Windows\System32\wpcsvc.dll
10:26:12.0190 3508 C:\Windows\System32\wpcsvc.dll - ok
10:26:12.0202 3508 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] C:\Windows\System32\wpdbusenum.dll
10:26:12.0202 3508 C:\Windows\System32\wpdbusenum.dll - ok
10:26:12.0210 3508 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:26:12.0210 3508 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe - ok
10:26:12.0218 3508 [ A2AC37A1EEF83BD9E912B0EFCBEA06BD ] C:\Windows\System32\SearchIndexer.exe
10:26:12.0218 3508 C:\Windows\System32\SearchIndexer.exe - ok
10:26:12.0227 3508 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] C:\Windows\System32\wscsvc.dll
10:26:12.0227 3508 C:\Windows\System32\wscsvc.dll - ok
10:26:12.0236 3508 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
10:26:12.0236 3508 C:\Windows\System32\wuaueng.dll - ok
10:26:12.0245 3508 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] C:\Windows\System32\WUDFSvc.dll
10:26:12.0245 3508 C:\Windows\System32\WUDFSvc.dll - ok
10:26:12.0254 3508 [ 9922ADB6DCA8F0F5EA038BEFF339C08B ] C:\Windows\System32\scecli.dll
10:26:12.0254 3508 C:\Windows\System32\scecli.dll - ok
10:26:12.0263 3508 [ EE3718BCF5CEF1C457C10A745E410959 ] C:\Windows\System32\ntmarta.dll
10:26:12.0263 3508 C:\Windows\System32\ntmarta.dll - ok
10:26:12.0272 3508 [ CDA9F1373805AF88F6FA4F2064BBA24D ] C:\Windows\System32\svchost.exe
10:26:12.0272 3508 C:\Windows\System32\svchost.exe - ok
10:26:12.0281 3508 [ 7823A58BF0FE3CAAA555C12B5CF91290 ] C:\Windows\System32\powrprof.dll
10:26:12.0281 3508 C:\Windows\System32\powrprof.dll - ok
10:26:12.0291 3508 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] C:\Windows\System32\drivers\luafv.sys
10:26:12.0291 3508 C:\Windows\System32\drivers\luafv.sys - ok
10:26:12.0301 3508 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] C:\Windows\System32\nvvsvc.exe
10:26:12.0301 3508 C:\Windows\System32\nvvsvc.exe - ok
10:26:12.0309 3508 [ 6C2D2558DECB89C83873F80160D19F2C ] C:\Windows\System32\wtsapi32.dll
10:26:12.0310 3508 C:\Windows\System32\wtsapi32.dll - ok
10:26:12.0319 3508 [ 46662CD685A6341AB4AED86D134D80E9 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd\comctl32.dll
10:26:12.0319 3508 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd\comctl32.dll - ok
10:26:12.0329 3508 [ F0359F7CE712D69ACEF0886BDB4792ED ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:26:12.0329 3508 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - ok
10:26:12.0338 3508 [ 6AAF63A85181E39F94EC0641C55A4EF0 ] C:\Windows\SysWOW64\ntdll.dll
10:26:12.0339 3508 C:\Windows\SysWOW64\ntdll.dll - ok
10:26:12.0347 3508 [ 813C216E14005CB42BBD1B037FCF030F ] C:\Windows\System32\wow64.dll
10:26:12.0347 3508 C:\Windows\System32\wow64.dll - ok
10:26:12.0356 3508 [ 8FE910915F14C9C6A9561D8032B603D3 ] C:\Windows\System32\wow64win.dll
10:26:12.0356 3508 C:\Windows\System32\wow64win.dll - ok
10:26:12.0369 3508 [ CA9EECC6092B9C2CE86D95C04B51BA20 ] C:\Windows\System32\wow64cpu.dll
10:26:12.0369 3508 C:\Windows\System32\wow64cpu.dll - ok
10:26:12.0375 3508 [ D59DD2AAFF94EAB9BD6C7940C2851735 ] C:\Windows\SysWOW64\kernel32.dll
10:26:12.0375 3508 C:\Windows\SysWOW64\kernel32.dll - ok
10:26:12.0385 3508 [ 17AF64D727545F2804F6E6D998327E3F ] C:\Windows\SysWOW64\msvcrt.dll
10:26:12.0385 3508 C:\Windows\SysWOW64\msvcrt.dll - ok
10:26:12.0394 3508 [ 69827805A221C21450BA22F4326A2EE3 ] C:\Windows\SysWOW64\version.dll
10:26:12.0395 3508 C:\Windows\SysWOW64\version.dll - ok
10:26:12.0404 3508 [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\Windows\SysWOW64\setupapi.dll
10:26:12.0404 3508 C:\Windows\SysWOW64\setupapi.dll - ok
10:26:12.0413 3508 [ 50CAA7072C171B9887215C83D52069E4 ] C:\Windows\SysWOW64\advapi32.dll
10:26:12.0413 3508 C:\Windows\SysWOW64\advapi32.dll - ok
10:26:12.0422 3508 [ 0ABE67004EB4C162F4456E64F90A11FD ] C:\Windows\SysWOW64\rpcrt4.dll
10:26:12.0423 3508 C:\Windows\SysWOW64\rpcrt4.dll - ok
10:26:12.0431 3508 [ 05C8C8767E29163FC251164FF6839EA5 ] C:\Windows\SysWOW64\gdi32.dll
10:26:12.0431 3508 C:\Windows\SysWOW64\gdi32.dll - ok
10:26:12.0440 3508 [ 3D4DD2D3D59ABE3BA902778C57D2E004 ] C:\Windows\SysWOW64\secur32.dll
10:26:12.0440 3508 C:\Windows\SysWOW64\secur32.dll - ok
10:26:12.0450 3508 [ D29FDB5DEDBDC1BD882164DC6DC4DD53 ] C:\Windows\SysWOW64\user32.dll
10:26:12.0451 3508 C:\Windows\SysWOW64\user32.dll - ok
10:26:12.0456 3508 [ B218342214D9BBA0F54EA12BA2E9278C ] C:\Windows\SysWOW64\oleaut32.dll
10:26:12.0456 3508 C:\Windows\SysWOW64\oleaut32.dll - ok
10:26:12.0466 3508 [ 9586E7CB2255A8B097A7E4538202585E ] C:\Windows\SysWOW64\ole32.dll
10:26:12.0466 3508 C:\Windows\SysWOW64\ole32.dll - ok
10:26:12.0475 3508 [ 5EC8FB83F31AA2D6F421F02C3F4F4475 ] C:\Windows\SysWOW64\winspool.drv
10:26:12.0476 3508 C:\Windows\SysWOW64\winspool.drv - ok
10:26:12.0485 3508 [ B8FBE5F40B09F5D20E1E5CCFEF893D62 ] C:\Windows\SysWOW64\imm32.dll
10:26:12.0485 3508 C:\Windows\SysWOW64\imm32.dll - ok
10:26:12.0495 3508 [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\Windows\SysWOW64\msctf.dll
10:26:12.0495 3508 C:\Windows\SysWOW64\msctf.dll - ok
10:26:12.0505 3508 [ DF37346EA13082E3E1B423B54014E641 ] C:\Windows\SysWOW64\lpk.dll
10:26:12.0506 3508 C:\Windows\SysWOW64\lpk.dll - ok
10:26:12.0514 3508 [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\Windows\SysWOW64\usp10.dll
10:26:12.0514 3508 C:\Windows\SysWOW64\usp10.dll - ok
10:26:12.0523 3508 [ 145E7826A07D98628924A9B06F6273AB ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstres.dll
10:26:12.0523 3508 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstres.dll - ok
10:26:12.0535 3508 [ 7AD857422AFA068A39A4B4BBF7FCC49C ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvwl.dll
10:26:12.0536 3508 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvwl.dll - ok
10:26:12.0545 3508 [ B0F9073BE86C6D4EDD4EBA674251E699 ] C:\Windows\SysWOW64\crypt32.dll
10:26:12.0545 3508 C:\Windows\SysWOW64\crypt32.dll - ok
10:26:12.0553 3508 [ B2E569EF26DAC9D6994A2AFF4F601B7A ] C:\Windows\SysWOW64\wintrust.dll
10:26:12.0553 3508 C:\Windows\SysWOW64\wintrust.dll - ok
10:26:12.0562 3508 [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\Windows\SysWOW64\msasn1.dll
10:26:12.0563 3508 C:\Windows\SysWOW64\msasn1.dll - ok
10:26:12.0572 3508 [ 665417528489096BBCB8AEA46D3DA924 ] C:\Windows\SysWOW64\userenv.dll
10:26:12.0572 3508 C:\Windows\SysWOW64\userenv.dll - ok
10:26:12.0581 3508 [ EB49FAA5EBBC06356FB12476438781B9 ] C:\Windows\SysWOW64\imagehlp.dll
10:26:12.0581 3508 C:\Windows\SysWOW64\imagehlp.dll - ok
10:26:12.0590 3508 [ CD08EEC61C591AF59A39F4363C567D30 ] C:\Windows\SysWOW64\ntmarta.dll
10:26:12.0590 3508 C:\Windows\SysWOW64\ntmarta.dll - ok
10:26:12.0598 3508 [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\Windows\SysWOW64\Wldap32.dll
10:26:12.0598 3508 C:\Windows\SysWOW64\Wldap32.dll - ok
10:26:12.0608 3508 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] C:\Windows\System32\rpcss.dll
10:26:12.0608 3508 C:\Windows\System32\rpcss.dll - ok
10:26:12.0618 3508 [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\Windows\SysWOW64\nsi.dll
10:26:12.0618 3508 C:\Windows\SysWOW64\nsi.dll - ok
10:26:12.0627 3508 [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\Windows\SysWOW64\psapi.dll
10:26:12.0627 3508 C:\Windows\SysWOW64\psapi.dll - ok
10:26:12.0635 3508 [ 453DE2958C885527E20C79A3FEFE6AF7 ] C:\Windows\SysWOW64\samlib.dll
10:26:12.0636 3508 C:\Windows\SysWOW64\samlib.dll - ok
10:26:12.0645 3508 [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\Windows\SysWOW64\ws2_32.dll
10:26:12.0645 3508 C:\Windows\SysWOW64\ws2_32.dll - ok
10:26:12.0655 3508 [ EA3D2B63BA304EB6EDABBAFA21599B47 ] C:\Windows\System32\version.dll
10:26:12.0655 3508 C:\Windows\System32\version.dll - ok
10:26:12.0664 3508 [ A99871BA522CB2539AE275AC18CACC8F ] C:\Windows\SysWOW64\cabinet.dll
10:26:12.0664 3508 C:\Windows\SysWOW64\cabinet.dll - ok
10:26:12.0674 3508 [ 7D2A43E8FDF725A1133F6C6056A72CDC ] C:\Program Files\Windows Defender\MpSvc.dll
10:26:12.0677 3508 C:\Program Files\Windows Defender\MpSvc.dll - ok
10:26:12.0685 3508 [ 08C16507241D274FF9B583E5C4F9DBC8 ] C:\Windows\System32\wintrust.dll
10:26:12.0685 3508 C:\Windows\System32\wintrust.dll - ok
10:26:12.0694 3508 [ D07D4DA02FA8C7092FD402634419797D ] C:\Program Files\Windows Defender\MpClient.dll
10:26:12.0694 3508 C:\Program Files\Windows Defender\MpClient.dll - ok
10:26:12.0703 3508 [ BAD79FECE1387CDD8388A3314645757F ] C:\Windows\System32\LogonUI.exe
10:26:12.0703 3508 C:\Windows\System32\LogonUI.exe - ok
10:26:12.0707 3508 [ 363D07C0F427C72BDE0B6D6492A205C9 ] C:\Windows\System32\authui.dll
10:26:12.0707 3508 C:\Windows\System32\authui.dll - ok
10:26:12.0717 3508 [ 6B58266234B36ABCDD43C797B0D1932E ] C:\Windows\System32\msimg32.dll
10:26:12.0717 3508 C:\Windows\System32\msimg32.dll - ok
10:26:12.0727 3508 [ 6B5DC9711FD15A0E944A4F17366E2300 ] C:\Windows\System32\slwga.dll
10:26:12.0727 3508 C:\Windows\System32\slwga.dll - ok
10:26:12.0736 3508 [ D883BD7C5BA86AE7D442C3A24F13A46D ] C:\Windows\System32\p2pcollab.dll
10:26:12.0736 3508 C:\Windows\System32\p2pcollab.dll - ok
10:26:12.0746 3508 [ 88DBC757681093478BC80211C21695E5 ] C:\Windows\System32\uxtheme.dll
10:26:12.0746 3508 C:\Windows\System32\uxtheme.dll - ok
10:26:12.0756 3508 [ 4EAC411F90DCDE41D05D8184DE335524 ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_56abd97bb593eaca\GdiPlus.dll
10:26:12.0757 3508 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_56abd97bb593eaca\GdiPlus.dll - ok
10:26:12.0766 3508 [ 16881B42E07390FAA8C7331E9B8316A7 ] C:\Windows\System32\duser.dll
10:26:12.0766 3508 C:\Windows\System32\duser.dll - ok
10:26:12.0777 3508 [ 656CF740A2FDB99664A91C439D05C0ED ] C:\Windows\System32\xmllite.dll
10:26:12.0777 3508 C:\Windows\System32\xmllite.dll - ok
10:26:12.0787 3508 [ 303C4EB5C2FB40F194E2B24CAD7148EF ] C:\Windows\System32\MMDevAPI.dll
10:26:12.0787 3508 C:\Windows\System32\MMDevAPI.dll - ok
10:26:12.0797 3508 [ 05411EF3E66659C63803563BB06C2E17 ] C:\Windows\System32\dimsjob.dll
10:26:12.0797 3508 C:\Windows\System32\dimsjob.dll - ok
10:26:12.0806 3508 [ 99AA51A6AE40DED4A74776E6E1C066C1 ] C:\Windows\System32\adtschema.dll
10:26:12.0807 3508 C:\Windows\System32\adtschema.dll - ok
10:26:12.0817 3508 [ 514A07C903607458B6B5A430B09BF794 ] C:\Windows\System32\avrt.dll
10:26:12.0817 3508 C:\Windows\System32\avrt.dll - ok
10:26:12.0828 3508 [ 73F18E253DF8E0A9CE5FC45E62FB1945 ] C:\Windows\System32\cabinet.dll
10:26:12.0828 3508 C:\Windows\System32\cabinet.dll - ok
10:26:12.0838 3508 [ 99112D6C120A951755E0B3DB24996910 ] C:\Windows\System32\WUDFPlatform.dll
10:26:12.0838 3508 C:\Windows\System32\WUDFPlatform.dll - ok
10:26:12.0847 3508 [ E3041BC26D6930D61F42AEDB79C91720 ] C:\Windows\System32\drivers\fltMgr.sys
10:26:12.0848 3508 C:\Windows\System32\drivers\fltMgr.sys - ok
10:26:12.0858 3508 [ C501852F1CA40FFC55363ACC0D2DF5BA ] C:\Windows\System32\SmartcardCredentialProvider.dll
10:26:12.0858 3508 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
10:26:12.0869 3508 [ 9E693C6146932B5369DFFA584E805EF6 ] C:\Windows\System32\PSHED.DLL
10:26:12.0869 3508 C:\Windows\System32\PSHED.DLL - ok
10:26:12.0879 3508 [ F59CF3BFE865EB795C5DE5850F48B321 ] C:\Windows\System32\rasplap.dll
10:26:12.0879 3508 C:\Windows\System32\rasplap.dll - ok
10:26:12.0889 3508 [ 30042487E83BF3B518DD9B92A2F52F42 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C615380-80EA-4ECA-AD2C-6271ABBBC435}\mpengine.dll
10:26:12.0889 3508 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C615380-80EA-4ECA-AD2C-6271ABBBC435}\mpengine.dll - ok
10:26:12.0900 3508 [ A4F3F34A7146D8633FA8D346535A9CAA ] C:\Windows\System32\rasapi32.dll
10:26:12.0900 3508 C:\Windows\System32\rasapi32.dll - ok
10:26:12.0911 3508 [ C30BD20F185A47DCD4FD05F5AE1BC077 ] C:\Windows\System32\rasman.dll
10:26:12.0911 3508 C:\Windows\System32\rasman.dll - ok
10:26:12.0922 3508 [ F0884FA3E83C79775BF89C74DD28B616 ] C:\Windows\System32\tapi32.dll
10:26:12.0922 3508 C:\Windows\System32\tapi32.dll - ok
10:26:12.0931 3508 [ F1D25FB6A8BF8FBAE49717B684670393 ] C:\Windows\System32\rtutils.dll
10:26:12.0931 3508 C:\Windows\System32\rtutils.dll - ok
10:26:12.0941 3508 [ 7500278FEF4A66B0D76D8438F0295F4E ] C:\Windows\System32\winmm.dll
10:26:12.0941 3508 C:\Windows\System32\winmm.dll - ok
10:26:12.0953 3508 [ 4C1A82E9362DF1282355FBA3037DF0C4 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C615380-80EA-4ECA-AD2C-6271ABBBC435}\mpasbase.vdm
10:26:12.0953 3508 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C615380-80EA-4ECA-AD2C-6271ABBBC435}\mpasbase.vdm - ok
10:26:12.0963 3508 [ D58A65112AE355CADFABEEFC8D329A8F ] C:\Windows\System32\oleacc.dll
10:26:12.0963 3508 C:\Windows\System32\oleacc.dll - ok
10:26:12.0968 3508 [ F1A78A98CFC2EE02144C6BEC945447E6 ] C:\Windows\System32\drivers\drmkaud.sys
10:26:12.0968 3508 C:\Windows\System32\drivers\drmkaud.sys - ok
10:26:12.0978 3508 [ B1D4BB8DFD7128A90982562268920724 ] C:\Windows\System32\WinSCard.dll
10:26:12.0978 3508 C:\Windows\System32\WinSCard.dll - ok
10:26:12.0989 3508 [ 00C7DAFAD08FAD59E51EB9A1F90925DE ] C:\Windows\System32\shgina.dll
10:26:12.0989 3508 C:\Windows\System32\shgina.dll - ok
10:26:13.0000 3508 [ FE13271EF661F8BE83A1A0D3366164D0 ] C:\Windows\System32\propsys.dll
10:26:13.0000 3508 C:\Windows\System32\propsys.dll - ok
10:26:13.0021 3508 [ 4CEA4255CAE84BF21FCA9A2827E16CBB ] C:\Windows\System32\shacct.dll
10:26:13.0021 3508 C:\Windows\System32\shacct.dll - ok
10:26:13.0037 3508 [ 7F633AC83782EB0E8ADE513B8A1A9BC8 ] C:\Windows\System32\audiodg.exe
10:26:13.0037 3508 C:\Windows\System32\audiodg.exe - ok
10:26:13.0052 3508 [ D45037FE4F25DC9B60B9757655A61E15 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C615380-80EA-4ECA-AD2C-6271ABBBC435}\mpasdlta.vdm
10:26:13.0052 3508 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C615380-80EA-4ECA-AD2C-6271ABBBC435}\mpasdlta.vdm - ok
10:26:13.0060 3508 [ 17BF3BF5296936B153FDDDA189B60E07 ] C:\Windows\System32\ksuser.dll
10:26:13.0060 3508 C:\Windows\System32\ksuser.dll - ok
10:26:13.0075 3508 [ 35FBB6F5993C9EE70CDB72CC8AAB5D38 ] C:\Windows\System32\wdmaud.drv
10:26:13.0075 3508 C:\Windows\System32\wdmaud.drv - ok
10:26:13.0088 3508 [ A1A408E9F8C2DB9C3B3BA21C25CCF9C3 ] C:\Windows\System32\AudioEng.dll
10:26:13.0088 3508 C:\Windows\System32\AudioEng.dll - ok
10:26:13.0097 3508 [ EEFDA2A090E8000740D46B09DCDBEAFF ] C:\Windows\System32\AudioSes.dll
10:26:13.0097 3508 C:\Windows\System32\AudioSes.dll - ok
10:26:13.0106 3508 [ A0E1B575BA8F504968CD40C0FAEB2384 ] C:\Windows\System32\gpsvc.dll
10:26:13.0106 3508 C:\Windows\System32\gpsvc.dll - ok
10:26:13.0119 3508 [ C5EDECA7546B009484B23FAD0E9724C1 ] C:\Windows\System32\nlaapi.dll
10:26:13.0119 3508 C:\Windows\System32\nlaapi.dll - ok
10:26:13.0127 3508 [ 7FC9AFDD2A2ACFCB52FB05D57FE8C2F4 ] C:\Windows\System32\atl.dll
10:26:13.0127 3508 C:\Windows\System32\atl.dll - ok
10:26:13.0137 3508 [ 215DFBEF790637C2B9C02BB23C9887EB ] C:\Windows\System32\msacm32.dll
10:26:13.0137 3508 C:\Windows\System32\msacm32.dll - ok
10:26:13.0147 3508 [ 9A328CC4E4490E929E30332AC902CAC1 ] C:\Windows\System32\msacm32.drv
10:26:13.0147 3508 C:\Windows\System32\msacm32.drv - ok
10:26:13.0157 3508 [ 62BDB059ED8AE0C63E33BBF990941E0F ] C:\Windows\System32\midimap.dll
10:26:13.0157 3508 C:\Windows\System32\midimap.dll - ok
10:26:13.0167 3508 [ 75C881C65CEF2C7B911EB0A351957368 ] C:\Windows\System32\drivers\spsys.sys
10:26:13.0167 3508 C:\Windows\System32\drivers\spsys.sys - ok
10:26:13.0175 3508 [ E12F22B73F153DECE721CD45EC05B4AF ] C:\Windows\System32\es.dll
10:26:13.0175 3508 C:\Windows\System32\es.dll - ok
10:26:13.0187 3508 [ 48FEF0CD6C0D4CA428DE7024F297E1CD ] C:\Windows\System32\WindowsCodecs.dll
10:26:13.0187 3508 C:\Windows\System32\WindowsCodecs.dll - ok
10:26:13.0200 3508 [ DF3E3167B03804F32AD274C33F77B308 ] C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
10:26:13.0201 3508 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe - ok
10:26:13.0211 3508 [ E08935E54CEE225BEB3CC220CBCC734A ] C:\Windows\System32\AUDIOKSE.dll
10:26:13.0211 3508 C:\Windows\System32\AUDIOKSE.dll - ok
10:26:13.0216 3508 [ 56697D33950E5E83A4049F477BE7C320 ] C:\Windows\System32\hid.dll
10:26:13.0217 3508 C:\Windows\System32\hid.dll - ok
10:26:13.0227 3508 [ E6B41597405B5BE4BBA61810F9287AFB ] C:\Windows\System32\RtkAPO64.dll
10:26:13.0227 3508 C:\Windows\System32\RtkAPO64.dll - ok
10:26:13.0237 3508 [ 4CE5C4F80620D6DBBB054003EAD71F95 ] C:\Windows\System32\nvsvc64.dll
10:26:13.0237 3508 C:\Windows\System32\nvsvc64.dll - ok
10:26:13.0247 3508 [ 11205381BBBF98F0CA1C672056808B8F ] C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll
10:26:13.0247 3508 C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll - ok
10:26:13.0257 3508 [ D76E231E4850BB3F88A3D9A78DF191E3 ] C:\Windows\System32\uxsms.dll
10:26:13.0257 3508 C:\Windows\System32\uxsms.dll - ok
10:26:13.0267 3508 [ 87B1E9B5DBFADA04D9FFDC52D16CB000 ] C:\Windows\System32\mscms.dll
10:26:13.0267 3508 C:\Windows\System32\mscms.dll - ok
10:26:13.0276 3508 [ FEB771AF00A645DCA8A7D07CC33F7E8E ] C:\Windows\System32\winspool.drv
10:26:13.0276 3508 C:\Windows\System32\winspool.drv - ok
10:26:13.0286 3508 [ 1AD703C14E705F69D4ADF79154054173 ] C:\Windows\System32\dwmapi.dll
10:26:13.0286 3508 C:\Windows\System32\dwmapi.dll - ok
10:26:13.0298 3508 [ 40965B72A0A33DDB8423B85F93E4C136 ] C:\Program Files\NVIDIA Corporation\Display\nvui.dll
10:26:13.0298 3508 C:\Program Files\NVIDIA Corporation\Display\nvui.dll - ok
10:26:13.0307 3508 [ E6E9DC01812ABA16DBAE5EFA4EF63E57 ] C:\Windows\System32\nvapi64.dll
10:26:13.0307 3508 C:\Windows\System32\nvapi64.dll - ok
10:26:13.0317 3508 [ DE2B9C350BB7C9CF355972AB8CB9B865 ] C:\Windows\System32\WMALFXGFXDSP.dll
10:26:13.0317 3508 C:\Windows\System32\WMALFXGFXDSP.dll - ok
10:26:13.0327 3508 [ 96ECE2659B6654C10A0C310AE3A6D02C ] C:\Windows\System32\drivers\lltdio.sys
10:26:13.0327 3508 C:\Windows\System32\drivers\lltdio.sys - ok
10:26:13.0337 3508 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] C:\Windows\System32\drivers\rspndr.sys
10:26:13.0337 3508 C:\Windows\System32\drivers\rspndr.sys - ok
10:26:13.0347 3508 [ B7BD00787568A178CDE26A83B5C847BE ] C:\Windows\System32\mfplat.dll
10:26:13.0347 3508 C:\Windows\System32\mfplat.dll - ok
10:26:13.0357 3508 [ 09451F87CFF73FF22D9479FB0A73861C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_41466cae55469b30\comctl32.dll
10:26:13.0357 3508 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_41466cae55469b30\comctl32.dll - ok
10:26:13.0367 3508 [ D7CA52F89A7F4520610FF3682F0E42EE ] C:\Windows\System32\nvsvcr.dll
10:26:13.0368 3508 C:\Windows\System32\nvsvcr.dll - ok
10:26:13.0378 3508 [ C946428303FDBD85D6F17C9F104938D7 ] C:\Program Files\NVIDIA Corporation\Display\nvuir.dll
10:26:13.0378 3508 C:\Program Files\NVIDIA Corporation\Display\nvuir.dll - ok
10:26:13.0386 3508 [ 06230F1B721494A6DF8D47FD395BB1B0 ] C:\Windows\System32\dnsrslvr.dll
10:26:13.0387 3508 C:\Windows\System32\dnsrslvr.dll - ok
10:26:13.0398 3508 [ BC2A18841494B3756894627FF279C65E ] C:\Windows\System32\nvcpl.dll
10:26:13.0399 3508 C:\Windows\System32\nvcpl.dll - ok
10:26:13.0408 3508 [ C765A8406048E3094501ED8F17BFA4D6 ] C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll
10:26:13.0408 3508 C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll - ok
10:26:13.0417 3508 [ 3B3DE5C189F896A7961A12BA74851BCB ] C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll
10:26:13.0417 3508 C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll - ok
10:26:13.0426 3508 [ 6B6D0747C1D56D5742F5171B57E8CB6F ] C:\Windows\System32\ktmw32.dll
10:26:13.0427 3508 C:\Windows\System32\ktmw32.dll - ok
10:26:13.0436 3508 [ 3ADB1950539C78F82EFD392BE98BE80D ] C:\Windows\System32\taskcomp.dll
10:26:13.0436 3508 C:\Windows\System32\taskcomp.dll - ok
10:26:13.0446 3508 [ 0CACD3E5A4E1F231DAA19A737F9B6FF9 ] C:\Program Files\Windows Defender\MpRtPlug.dll
10:26:13.0446 3508 C:\Program Files\Windows Defender\MpRtPlug.dll - ok
10:26:13.0457 3508 [ CE010ACB489CAA0253A3F692E0892631 ] C:\Windows\System32\tdh.dll
10:26:13.0457 3508 C:\Windows\System32\tdh.dll - ok
10:26:13.0466 3508 [ 098F1E4E5C9CB5B0063A959063631610 ] C:\Windows\System32\drivers\http.sys
10:26:13.0466 3508 C:\Windows\System32\drivers\http.sys - ok
10:26:13.0471 3508 [ 808A26DA7028B02A081A5A1BCBF69A2A ] C:\Windows\System32\wiarpc.dll
10:26:13.0471 3508 C:\Windows\System32\wiarpc.dll - ok
10:26:13.0483 3508 [ D48445B07F61CAFE2FE8972AAB4E31B8 ] C:\Windows\System32\spoolss.dll
10:26:13.0483 3508 C:\Windows\System32\spoolss.dll - ok
10:26:13.0493 3508 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] C:\Windows\System32\drivers\srvnet.sys
10:26:13.0493 3508 C:\Windows\System32\drivers\srvnet.sys - ok
10:26:13.0504 3508 [ 2CAB7B034B867AAB48D298F93D04BD3E ] C:\Windows\System32\wscapi.dll
10:26:13.0504 3508 C:\Windows\System32\wscapi.dll - ok
10:26:13.0513 3508 [ 7972615E382EF39785FD45F136F64D8C ] C:\Windows\System32\FWPUCLNT.DLL
10:26:13.0513 3508 C:\Windows\System32\FWPUCLNT.DLL - ok
10:26:13.0524 3508 [ 2348447A80920B2493A9B582A23E81E1 ] C:\Windows\System32\drivers\bowser.sys
10:26:13.0525 3508 C:\Windows\System32\drivers\bowser.sys - ok
10:26:13.0535 3508 [ C92B9ABDB65A5991E00C28F13491DBA2 ] C:\Windows\System32\drivers\mpsdrv.sys
10:26:13.0535 3508 C:\Windows\System32\drivers\mpsdrv.sys - ok
10:26:13.0544 3508 [ 897E3BAF68BA406A61682AE39C83900C ] C:\Windows\System32\MPSSVC.dll
10:26:13.0545 3508 C:\Windows\System32\MPSSVC.dll - ok
10:26:13.0557 3508 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] C:\Windows\System32\drivers\mrxdav.sys
10:26:13.0557 3508 C:\Windows\System32\drivers\mrxdav.sys - ok
10:26:13.0565 3508 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] C:\Windows\System32\drivers\mrxsmb.sys
10:26:13.0565 3508 C:\Windows\System32\drivers\mrxsmb.sys - ok
10:26:13.0575 3508 [ 3B929A60C833FC615FD97FBA82BC7632 ] C:\Windows\System32\drivers\mrxsmb10.sys
10:26:13.0575 3508 C:\Windows\System32\drivers\mrxsmb10.sys - ok
10:26:13.0586 3508 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] C:\Windows\System32\drivers\mrxsmb20.sys
10:26:13.0586 3508 C:\Windows\System32\drivers\mrxsmb20.sys - ok
10:26:13.0594 3508 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] C:\Windows\System32\drivers\srv2.sys
10:26:13.0595 3508 C:\Windows\System32\drivers\srv2.sys - ok
10:26:13.0605 3508 [ 10446646D128E580C46615338E74E672 ] C:\Windows\System32\rundll32.exe
10:26:13.0605 3508 C:\Windows\System32\rundll32.exe - ok
10:26:13.0615 3508 [ 880A57FCCB571EBD063D4DD50E93E46D ] C:\Windows\System32\drivers\srv.sys
10:26:13.0616 3508 C:\Windows\System32\drivers\srv.sys - ok
10:26:13.0625 3508 [ DE3C091D7E05093B7ABA93DA5952F0FD ] C:\Windows\System32\netmsg.dll
10:26:13.0625 3508 C:\Windows\System32\netmsg.dll - ok
10:26:13.0634 3508 [ 476616A17AE5F69CE583D8E1E2A7B134 ] C:\Windows\System32\sscore.dll
10:26:13.0634 3508 C:\Windows\System32\sscore.dll - ok
10:26:13.0644 3508 [ 2BFD160AB9531CD20EDC9639EB0CD711 ] C:\Windows\System32\clusapi.dll
10:26:13.0644 3508 C:\Windows\System32\clusapi.dll - ok
10:26:13.0653 3508 [ 45C5EAB112D3481A25485B0CF7E3597D ] C:\Windows\System32\activeds.dll
10:26:13.0654 3508 C:\Windows\System32\activeds.dll - ok
10:26:13.0666 3508 [ D1E792408F710173E4E4FB6BFB248DB3 ] C:\Windows\System32\wfapigp.dll
10:26:13.0666 3508 C:\Windows\System32\wfapigp.dll - ok
10:26:13.0673 3508 [ 80B8B7FF3AADD2156EE969C048644CAF ] C:\Windows\System32\adsldpc.dll
10:26:13.0674 3508 C:\Windows\System32\adsldpc.dll - ok
10:26:13.0683 3508 [ 77C276A0E431203EE56E52600A2575EA ] C:\Windows\System32\credui.dll
10:26:13.0683 3508 C:\Windows\System32\credui.dll - ok
10:26:13.0693 3508 [ D55A487295CC38D9E533C5AD87C1EB69 ] C:\Windows\System32\resutils.dll
10:26:13.0693 3508 C:\Windows\System32\resutils.dll - ok
10:26:13.0703 3508 [ 5D8D2CE2A66DD02E0033F8F0378A3DA1 ] C:\Windows\System32\WsmRes.dll
10:26:13.0703 3508 C:\Windows\System32\WsmRes.dll - ok
10:26:13.0714 3508 [ 1E68A512FB6010B600CBC3577147AC50 ] C:\Windows\System32\plasrv.exe
10:26:13.0714 3508 C:\Windows\System32\plasrv.exe - ok
10:26:13.0719 3508 [ 8449D81B9FB1CCADEC3E64F30E1076C7 ] C:\Windows\System32\winrnr.dll
10:26:13.0719 3508 C:\Windows\System32\winrnr.dll - ok
10:26:13.0733 3508 [ 2A70994A408D889715DE6A527679397E ] C:\Windows\System32\wshbth.dll
10:26:13.0733 3508 C:\Windows\System32\wshbth.dll - ok
10:26:13.0743 3508 [ 70071E1657823DA231713D74A9CC8ECA ] C:\Windows\System32\rasadhlp.dll
10:26:13.0743 3508 C:\Windows\System32\rasadhlp.dll - ok
10:26:13.0757 3508 [ 57D1DE90D43E25C9E645D81FFC4FB678 ] C:\Windows\System32\umb.dll
10:26:13.0757 3508 C:\Windows\System32\umb.dll - ok
10:26:13.0767 3508 [ 38573C7D9D91B316E6EE76E0C94F749E ] C:\Windows\System32\localspl.dll
10:26:13.0767 3508 C:\Windows\System32\localspl.dll - ok
10:26:13.0778 3508 [ 2CCA759379C220D29F0066CA49E9259F ] C:\Windows\System32\sfc.dll
10:26:13.0778 3508 C:\Windows\System32\sfc.dll - ok
10:26:13.0787 3508 [ E80A3D76B6645F0FF96CE865220A927A ] C:\Windows\System32\hpz3l4v2.dll
10:26:13.0792 3508 C:\Windows\System32\hpz3l4v2.dll - ok
10:26:13.0797 3508 [ 74D59F72104C9FF8D154D1AB372A5A57 ] C:\Windows\System32\tcpmon.dll
10:26:13.0797 3508 C:\Windows\System32\tcpmon.dll - ok
10:26:13.0808 3508 [ 943F05B78BC03F3463FCE26D4B5B81A9 ] C:\Windows\System32\snmpapi.dll
10:26:13.0808 3508 C:\Windows\System32\snmpapi.dll - ok
10:26:13.0817 3508 [ 57120423BC6342F0EAE16E3720184D5A ] C:\Windows\System32\wsnmp32.dll
10:26:13.0817 3508 C:\Windows\System32\wsnmp32.dll - ok
10:26:13.0826 3508 [ 8B517F63A5B87F8FFAC2145F0673498A ] C:\Windows\System32\msxml6.dll
10:26:13.0826 3508 C:\Windows\System32\msxml6.dll - ok
10:26:13.0836 3508 [ 7BCB22C93FF0E90683F3513531E2990B ] C:\Windows\System32\tcpmib.dll
10:26:13.0836 3508 C:\Windows\System32\tcpmib.dll - ok
10:26:13.0844 3508 [ 4B7BB89AFC32632F775D8A3E62FCA979 ] C:\Windows\System32\mgmtapi.dll
10:26:13.0845 3508 C:\Windows\System32\mgmtapi.dll - ok
10:26:13.0857 3508 [ 5948F2B4FECE4F3301D290771F5183CF ] C:\Windows\System32\usbmon.dll
10:26:13.0857 3508 C:\Windows\System32\usbmon.dll - ok
10:26:13.0864 3508 [ DE0EED5106BD03CE11CDBF690285FE6C ] C:\Windows\System32\WSDMon.dll
10:26:13.0864 3508 C:\Windows\System32\WSDMon.dll - ok
10:26:13.0874 3508 [ 6542A767BD7A90F5383605E6849FDF48 ] C:\Windows\System32\WSDApi.dll
10:26:13.0875 3508 C:\Windows\System32\WSDApi.dll - ok
10:26:13.0883 3508 [ 65247F45AADA547397134AF688EFE471 ] C:\Windows\System32\httpapi.dll
10:26:13.0883 3508 C:\Windows\System32\httpapi.dll - ok
10:26:13.0894 3508 [ 0C063350E73B443666B17F225BB9FEC7 ] C:\Windows\System32\cfgmgr32.dll
10:26:13.0894 3508 C:\Windows\System32\cfgmgr32.dll - ok
10:26:13.0904 3508 [ 7F80E2C493079E9D42CCECC715790E10 ] C:\Windows\System32\fundisc.dll
10:26:13.0904 3508 C:\Windows\System32\fundisc.dll - ok
10:26:13.0913 3508 [ 19BDFEDD205E79B89809813A510033FA ] C:\Windows\System32\msxml3.dll
10:26:13.0913 3508 C:\Windows\System32\msxml3.dll - ok
10:26:13.0923 3508 [ 651FA7FE5001BEB69972928FDDC93678 ] C:\Windows\System32\spool\prtprocs\x64\hpzpp4v2.dll
10:26:13.0923 3508 C:\Windows\System32\spool\prtprocs\x64\hpzpp4v2.dll - ok
10:26:13.0933 3508 [ 1D2CC592516BD0544A107104461688F4 ] C:\Windows\System32\win32spl.dll
10:26:13.0933 3508 C:\Windows\System32\win32spl.dll - ok
10:26:13.0943 3508 [ 961F7B0A130E1FA3976ED1E9573D4D36 ] C:\Windows\System32\netrap.dll
10:26:13.0943 3508 C:\Windows\System32\netrap.dll - ok
10:26:13.0953 3508 [ 19CB8D7776D3656006496C4D890F5312 ] C:\Windows\System32\printcom.dll
10:26:13.0953 3508 C:\Windows\System32\printcom.dll - ok
10:26:13.0964 3508 [ 0842A765D31D6E4AE50D6DF7DED61748 ] C:\Windows\System32\SensApi.dll
10:26:13.0965 3508 C:\Windows\System32\SensApi.dll - ok
10:26:13.0970 3508 [ A5A54257E6FD4AF082CCB0470AD4FC98 ] C:\Windows\System32\inetpp.dll
10:26:13.0970 3508 C:\Windows\System32\inetpp.dll - ok
10:26:13.0983 3508 [ 75C34D22D3E7D1D0238B62C55F604BFC ] C:\Windows\System32\cscapi.dll
10:26:13.0983 3508 C:\Windows\System32\cscapi.dll - ok
10:26:13.0994 3508 [ 8FFD3CABA60DCABD2109466DC6D61338 ] C:\Windows\System32\spool\drivers\x64\3\UNIDRV.DLL
10:26:13.0994 3508 C:\Windows\System32\spool\drivers\x64\3\UNIDRV.DLL - ok
10:26:14.0008 3508 [ 61C890E8692080DD1349B711D0772434 ] C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll
10:26:14.0008 3508 C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll - ok
10:26:14.0029 3508 [ 8A2084FC83B32759EF1C21E92F29617C ] C:\Windows\System32\spool\drivers\x64\3\hpzui4v2.dll
10:26:14.0029 3508 C:\Windows\System32\spool\drivers\x64\3\hpzui4v2.dll - ok
10:26:14.0041 3508 [ E5A2A9DC53E0F12AE4409AB32DAA54A7 ] C:\Windows\System32\compstui.dll
10:26:14.0042 3508 C:\Windows\System32\compstui.dll - ok
10:26:14.0050 3508 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] C:\Windows\System32\drivers\asyncmac.sys
10:26:14.0050 3508 C:\Windows\System32\drivers\asyncmac.sys - ok
10:26:14.0061 3508 [ CA78B312C44E4D52E842C2C8BD48E452 ] C:\Windows\System32\cryptsvc.dll
10:26:14.0061 3508 C:\Windows\System32\cryptsvc.dll - ok
10:26:14.0074 3508 [ E95AB781773870BD68ABE1AE1B57A8AC ] C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
10:26:14.0074 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe - ok
10:26:14.0085 3508 [ 290A15C136531024982698A124F299FB ] C:\Windows\System32\taskschd.dll
10:26:14.0085 3508 C:\Windows\System32\taskschd.dll - ok
10:26:14.0095 3508 [ 2E10EB73ED1E094E9A113D0798058B88 ] C:\Windows\System32\vssapi.dll
10:26:14.0095 3508 C:\Windows\System32\vssapi.dll - ok
10:26:14.0105 3508 [ E8AECB69B2057EB308BE15A77AF2489E ] C:\Windows\System32\vsstrace.dll
10:26:14.0105 3508 C:\Windows\System32\vsstrace.dll - ok
10:26:14.0116 3508 [ C2156710CD27EDCEBB24239681F22AAC ] C:\Windows\System32\cryptnet.dll
10:26:14.0116 3508 C:\Windows\System32\cryptnet.dll - ok
10:26:14.0126 3508 [ AAF101900A23D75AE1AE00840FA6F3B8 ] C:\Windows\SysWOW64\shell32.dll
10:26:14.0126 3508 C:\Windows\SysWOW64\shell32.dll - ok
10:26:14.0135 3508 [ 420B075CD71AB9E58D15DD258958FBA3 ] C:\Windows\SysWOW64\shlwapi.dll
10:26:14.0135 3508 C:\Windows\SysWOW64\shlwapi.dll - ok
10:26:14.0146 3508 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
10:26:14.0146 3508 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
10:26:14.0158 3508 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
10:26:14.0158 3508 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
10:26:14.0168 3508 [ BE3C082837866C4C291ADAF163C10EA6 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
10:26:14.0168 3508 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - ok
10:26:14.0178 3508 [ 26F139DDEC6407508071930D3D07337E ] C:\Windows\SysWOW64\credssp.dll
10:26:14.0178 3508 C:\Windows\SysWOW64\credssp.dll - ok
10:26:14.0191 3508 [ 98B656EAF128CD06F625B09C84D959E1 ] C:\Windows\SysWOW64\netapi32.dll
10:26:14.0192 3508 C:\Windows\SysWOW64\netapi32.dll - ok
10:26:14.0201 3508 [ 50E3E76B0901BB4FC029BB88BFA5CE79 ] C:\Windows\SysWOW64\schannel.dll
10:26:14.0201 3508 C:\Windows\SysWOW64\schannel.dll - ok
10:26:14.0215 3508 [ D89585872F9C5130226CB42A0C42C220 ] C:\Windows\System32\dssenh.dll
10:26:14.0215 3508 C:\Windows\System32\dssenh.dll - ok
10:26:14.0225 3508 [ A6BCDC241B6578C7DB57B5973B99FE7E ] C:\Windows\System32\wdscore.dll
10:26:14.0225 3508 C:\Windows\System32\wdscore.dll - ok
10:26:14.0232 3508 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\SysWOW64\ieframe.dll
10:26:14.0232 3508 C:\Windows\SysWOW64\ieframe.dll - ok
10:26:14.0242 3508 [ F42483814FC39170B3982A184EC5AAA2 ] C:\Windows\SysWOW64\wtsapi32.dll
10:26:14.0242 3508 C:\Windows\SysWOW64\wtsapi32.dll - ok
10:26:14.0251 3508 [ 41A98830691AB0319357AEA95394F46A ] C:\Windows\System32\drivers\epfwwfpr.sys
10:26:14.0251 3508 C:\Windows\System32\drivers\epfwwfpr.sys - ok
10:26:14.0261 3508 [ 3794B461C45882E06856F282EEF025AF ] C:\Windows\SysWOW64\svchost.exe
10:26:14.0261 3508 C:\Windows\SysWOW64\svchost.exe - ok
10:26:14.0274 3508 [ 2E7BEE4AA776CF1C37836B26D1D29403 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:26:14.0274 3508 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll - ok
10:26:14.0283 3508 [ EE963D96BFD97E54BA6CE6D2AC58DE35 ] C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:26:14.0283 3508 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe - ok
10:26:14.0294 3508 [ 4F1EA8710CEF4CF052C81A960A4A15E5 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll
10:26:14.0294 3508 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll - ok
10:26:14.0303 3508 [ DC15AB7168C0309D8F04FD95B6240422 ] C:\Windows\SysWOW64\oleacc.dll
10:26:14.0303 3508 C:\Windows\SysWOW64\oleacc.dll - ok
10:26:14.0313 3508 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\SysWOW64\iertutil.dll
10:26:14.0313 3508 C:\Windows\SysWOW64\iertutil.dll - ok
10:26:14.0323 3508 [ C394079EB162E812D682C73FA96AF6E4 ] C:\Windows\SysWOW64\clbcatq.dll
10:26:14.0323 3508 C:\Windows\SysWOW64\clbcatq.dll - ok
10:26:14.0334 3508 [ F7EA004E8F125D6BE9D74630FC05EFFA ] C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
10:26:14.0334 3508 C:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll - ok
10:26:14.0342 3508 [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\Windows\SysWOW64\IPHLPAPI.DLL
10:26:14.0342 3508 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
10:26:14.0352 3508 [ 9028559C132146FB75EB7ACF384B086A ] C:\Windows\SysWOW64\dhcpcsvc.dll
10:26:14.0352 3508 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
10:26:14.0364 3508 [ E14170AEA125119B98FA2BDE3FF4F462 ] C:\Windows\SysWOW64\rsaenh.dll
10:26:14.0364 3508 C:\Windows\SysWOW64\rsaenh.dll - ok
10:26:14.0375 3508 [ E04D15C0C6EFC869986F5AD556CC62EE ] C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
10:26:14.0375 3508 C:\Program Files (x86)\Common Files\LightScribe\LSLog.dll - ok
10:26:14.0384 3508 [ 85E861D0B88DB2B54ACB0839654C09F7 ] C:\Windows\SysWOW64\dnsapi.dll
10:26:14.0384 3508 C:\Windows\SysWOW64\dnsapi.dll - ok
10:26:14.0393 3508 [ 6B09105742C75DF80CEF21700F20F55A ] C:\Windows\SysWOW64\winnsi.dll
10:26:14.0394 3508 C:\Windows\SysWOW64\winnsi.dll - ok
10:26:14.0403 3508 [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\Windows\SysWOW64\dhcpcsvc6.dll
10:26:14.0403 3508 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
10:26:14.0416 3508 [ E582816A4855914DEFFC212E12B3B744 ] C:\Windows\SysWOW64\wsock32.dll
10:26:14.0416 3508 C:\Windows\SysWOW64\wsock32.dll - ok
10:26:14.0423 3508 [ 248A1F31ABB58DDDDC01490EF0BDC777 ] C:\Windows\SysWOW64\cryptui.dll
10:26:14.0423 3508 C:\Windows\SysWOW64\cryptui.dll - ok
10:26:14.0434 3508 [ 59267D2F0328599AA3B5408C2E06126F ] C:\Windows\System32\HPZinw12.dll
10:26:14.0434 3508 C:\Windows\System32\HPZinw12.dll - ok
10:26:14.0443 3508 [ 5E1D96076745F73C56B1307FEE6BEDFE ] C:\Windows\System32\ncsi.dll
10:26:14.0443 3508 C:\Windows\System32\ncsi.dll - ok
10:26:14.0452 3508 [ BA019C21DAC7CAC193C93E86B9F2F3CB ] C:\Windows\System32\wsock32.dll
10:26:14.0453 3508 C:\Windows\System32\wsock32.dll - ok
10:26:14.0465 3508 [ 2EC53B5A351C4D443896DBAD117F7E82 ] C:\Windows\SysWOW64\msimg32.dll
10:26:14.0465 3508 C:\Windows\SysWOW64\msimg32.dll - ok
10:26:14.0473 3508 [ 9A7F4B2EDACD11444D048AA19CBB26AF ] C:\Windows\SysWOW64\powrprof.dll
10:26:14.0473 3508 C:\Windows\SysWOW64\powrprof.dll - ok
10:26:14.0479 3508 [ 8BE000F9A0B0FF7194AAEFB02C9BDE99 ] C:\Windows\SysWOW64\wer.dll
10:26:14.0479 3508 C:\Windows\SysWOW64\wer.dll - ok
10:26:14.0492 3508 [ 3CB863B78642405371CB3A71C07E2382 ] C:\Windows\SysWOW64\rasapi32.dll
10:26:14.0492 3508 C:\Windows\SysWOW64\rasapi32.dll - ok
10:26:14.0503 3508 [ EC760B0B76A4353DE49D66520EB2141F ] C:\Windows\SysWOW64\SensApi.dll
10:26:14.0503 3508 C:\Windows\SysWOW64\SensApi.dll - ok
10:26:14.0512 3508 [ 3A1DDA77F331D107BA40DB06E4D666E9 ] C:\Windows\SysWOW64\rasman.dll
10:26:14.0512 3508 C:\Windows\SysWOW64\rasman.dll - ok
10:26:14.0522 3508 [ 70F08ECE7A30A639D3F0C8C433685C7D ] C:\Windows\SysWOW64\tapi32.dll
10:26:14.0522 3508 C:\Windows\SysWOW64\tapi32.dll - ok
10:26:14.0535 3508 [ 467FBA22AD764B6AB85BE58C25EEF15D ] C:\Windows\System32\ssdpapi.dll
10:26:14.0535 3508 C:\Windows\System32\ssdpapi.dll - ok
10:26:14.0545 3508 [ 3D418A22A56471295AEB1CEB9027C3DA ] C:\Windows\SysWOW64\rtutils.dll
10:26:14.0545 3508 C:\Windows\SysWOW64\rtutils.dll - ok
10:26:14.0554 3508 [ 14FF750EFE13B0C21E5A06507C3A97B1 ] C:\Windows\SysWOW64\winmm.dll
10:26:14.0554 3508 C:\Windows\SysWOW64\winmm.dll - ok
10:26:14.0564 3508 [ 1F94EA31C9543B855F53BDAC7792DA4E ] C:\Windows\SysWOW64\mpr.dll
10:26:14.0564 3508 C:\Windows\SysWOW64\mpr.dll - ok
10:26:14.0574 3508 [ B64AC7967D6B9FB2D6152AC768A1CB88 ] C:\Windows\SysWOW64\onex.dll
10:26:14.0574 3508 C:\Windows\SysWOW64\onex.dll - ok
10:26:14.0584 3508 [ 17C0E094BEE5BC03CF491972F71AA6EF ] C:\Windows\SysWOW64\wlanapi.dll
10:26:14.0584 3508 C:\Windows\SysWOW64\wlanapi.dll - ok
10:26:14.0593 3508 [ 58865916F53592A61549B04941BFD80D ] C:\Windows\System32\drivers\PEAuth.sys
10:26:14.0593 3508 C:\Windows\System32\drivers\PEAuth.sys - ok
10:26:14.0603 3508 [ 5261A2FD55183AC6993145AB6662CDDF ] C:\Windows\System32\HPZipm12.dll
10:26:14.0603 3508 C:\Windows\System32\HPZipm12.dll - ok
10:26:14.0612 3508 [ 5D0FE613570CABE3992F7DBCD68E61D1 ] C:\Windows\SysWOW64\eappcfg.dll
10:26:14.0616 3508 C:\Windows\SysWOW64\eappcfg.dll - ok
10:26:14.0624 3508 [ 9D9FFC923FADBB575E0452EA0BBB15BD ] C:\Windows\SysWOW64\eappprxy.dll
10:26:14.0624 3508 C:\Windows\SysWOW64\eappprxy.dll - ok
10:26:14.0631 3508 [ 76EAEF4DDEBBC7C38853F586C0E91DCE ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll
10:26:14.0631 3508 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll - ok
10:26:14.0641 3508 [ 3ADFECB5CE0B7196282F0C0DA695B508 ] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
10:26:14.0641 3508 C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe - ok
10:26:14.0650 3508 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] C:\Windows\System32\IPSECSVC.DLL
10:26:14.0650 3508 C:\Windows\System32\IPSECSVC.DLL - ok
10:26:14.0660 3508 [ 8269CC01940A202BBB9FDF26705DBD67 ] C:\Windows\SysWOW64\hid.dll
10:26:14.0660 3508 C:\Windows\SysWOW64\hid.dll - ok
10:26:14.0669 3508 [ 75EB73E64F5B4655D9797D20F26DE320 ] C:\Windows\SysWOW64\duser.dll
10:26:14.0669 3508 C:\Windows\SysWOW64\duser.dll - ok
10:26:14.0678 3508 [ 3606CE1AC3D6A9A9CB7DB35D7F5C54EC ] C:\Windows\SysWOW64\shfolder.dll
10:26:14.0678 3508 C:\Windows\SysWOW64\shfolder.dll - ok
10:26:14.0687 3508 [ 14DC30962660BA05F1F54EB11AA5A2B4 ] C:\Windows\System32\FwRemoteSvr.dll
10:26:14.0687 3508 C:\Windows\System32\FwRemoteSvr.dll - ok
10:26:14.0697 3508 [ 88B630F6AEB5A11F6AD064930B38C2C0 ] C:\Windows\SysWOW64\uxtheme.dll
10:26:14.0697 3508 C:\Windows\SysWOW64\uxtheme.dll - ok
10:26:14.0710 3508 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
10:26:14.0711 3508 C:\Windows\System32\drivers\secdrv.sys - ok
10:26:14.0720 3508 [ 4ACF748A8E576761E4C610ACAB67B1BC ] C:\Windows\SysWOW64\bcrypt.dll
10:26:14.0720 3508 C:\Windows\SysWOW64\bcrypt.dll - ok
10:26:14.0731 3508 [ EB2170D0DDF3B2A92506AE16BC524B0B ] C:\Windows\SysWOW64\wlanutil.dll
10:26:14.0731 3508 C:\Windows\SysWOW64\wlanutil.dll - ok
10:26:14.0737 3508 [ C7E72A4071EE0200E3C075DACFB2B334 ] C:\Windows\System32\drivers\tcpipreg.sys
10:26:14.0737 3508 C:\Windows\System32\drivers\tcpipreg.sys - ok
10:26:14.0746 3508 [ 09DEF3ABB6A196749299359AC5578DD8 ] C:\Windows\SysWOW64\msxml4.dll
10:26:14.0747 3508 C:\Windows\SysWOW64\msxml4.dll - ok
10:26:14.0756 3508 [ 4E1CC9DB8B680795F17F20FC6C51974B ] C:\Windows\System32\icaapi.dll
10:26:14.0756 3508 C:\Windows\System32\icaapi.dll - ok
10:26:14.0767 3508 [ 401DFFDBBBD3F07C747ED1AE2BB88106 ] C:\Windows\SysWOW64\msi.dll
10:26:14.0767 3508 C:\Windows\SysWOW64\msi.dll - ok
10:26:14.0777 3508 [ 77784A2BD5912A4EC6284255865526BC ] C:\Windows\SysWOW64\Faultrep.dll
10:26:14.0777 3508 C:\Windows\SysWOW64\Faultrep.dll - ok
10:26:14.0787 3508 [ 22CFAEB9172F5F198048401485CD0571 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
10:26:14.0787 3508 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
10:26:14.0798 3508 [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\Windows\SysWOW64\wship6.dll
10:26:14.0799 3508 C:\Windows\SysWOW64\wship6.dll - ok
10:26:14.0808 3508 [ 2BACD71123F42CEA603F4E205E1AE337 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:26:14.0808 3508 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
10:26:14.0818 3508 [ 05C3B38DB95BA5585817A4F898EE5581 ] C:\Windows\SysWOW64\wshqos.dll
10:26:14.0818 3508 C:\Windows\SysWOW64\wshqos.dll - ok
10:26:14.0828 3508 [ 3E5EF481EAA9695181B6C02A2B88983E ] C:\Windows\System32\wiatrace.dll
10:26:14.0828 3508 C:\Windows\System32\wiatrace.dll - ok
10:26:14.0840 3508 [ FC62A635063B762E1C3C60EA77279378 ] C:\Windows\SysWOW64\NapiNSP.dll
10:26:14.0840 3508 C:\Windows\SysWOW64\NapiNSP.dll - ok
10:26:14.0849 3508 [ E9DBC876EC1C78A74A55D8D121016344 ] C:\Windows\System32\wbemcomn.dll
10:26:14.0850 3508 C:\Windows\System32\wbemcomn.dll - ok
10:26:14.0859 3508 [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\Windows\SysWOW64\pnrpnsp.dll
10:26:14.0860 3508 C:\Windows\SysWOW64\pnrpnsp.dll - ok
10:26:14.0870 3508 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
10:26:14.0870 3508 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
10:26:14.0880 3508 [ 8307FD0EE878BD92A63F44F435C92C30 ] C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnHips.dll
10:26:14.0880 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnHips.dll - ok
10:26:14.0890 3508 [ 8E10B36901325C1ABE28E71FB8E437D9 ] C:\Windows\System32\wsdchngr.dll
10:26:14.0890 3508 C:\Windows\System32\wsdchngr.dll - ok
10:26:14.0900 3508 [ CA98E7B18B97C8C344BF3E7AA454C616 ] C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnScan.dll
10:26:14.0900 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnScan.dll - ok
10:26:14.0909 3508 [ 589CDC23CCDC419C36DDD200BEB00944 ] C:\Windows\System32\wer.dll
10:26:14.0909 3508 C:\Windows\System32\wer.dll - ok
10:26:14.0918 3508 [ B25321F9C037BA9AE1DD68B36913ACAC ] C:\Windows\System32\wbem\WinMgmtR.dll
10:26:14.0918 3508 C:\Windows\System32\wbem\WinMgmtR.dll - ok
10:26:14.0927 3508 [ 0FB3004FBE091E3C088699716667D54C ] C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnAmon.dll
10:26:14.0928 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnAmon.dll - ok
10:26:14.0941 3508 [ 1A09CB187440993FA5E24DE1EEB7B916 ] C:\Windows\SysWOW64\cfgmgr32.dll
10:26:14.0941 3508 C:\Windows\SysWOW64\cfgmgr32.dll - ok
10:26:14.0950 3508 [ B42C4F2DC07D78243C1F5757ADB5AAD4 ] C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnEmon.dll
10:26:14.0950 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnEmon.dll - ok
10:26:14.0960 3508 [ 52276111E466B1B09FF70C89DB54A532 ] C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnDmon.dll
10:26:14.0960 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnDmon.dll - ok
10:26:14.0974 3508 [ B7EC974D87A0EC914C1838FFD636E07C ] C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnEpfw.dll
10:26:14.0974 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnEpfw.dll - ok
10:26:14.0983 3508 [ 898804F8043BA721AC2E9F45AA55558B ] C:\Windows\System32\PortableDeviceApi.dll
10:26:14.0983 3508 C:\Windows\System32\PortableDeviceApi.dll - ok
10:26:14.0994 3508 [ 6FF25F418D373097C199E3ACCFA06E78 ] C:\Windows\System32\tquery.dll
10:26:14.0994 3508 C:\Windows\System32\tquery.dll - ok
10:26:15.0003 3508 [ 4AE4B527900174BB68BC879DD55576CF ] C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnUpdate.dll
10:26:15.0003 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnUpdate.dll - ok
10:26:15.0017 3508 [ 0644F36EE3D8677FAFF163B7718B6259 ] C:\Program Files\ESET\ESET NOD32 Antivirus\x86\updater.dll
10:26:15.0017 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\updater.dll - ok
10:26:15.0029 3508 [ 079FD1D59EAD19270C979AF174D881A3 ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
10:26:15.0029 3508 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
10:26:15.0041 3508 [ 9EFEFCB149E2333D3FD42CD28694A187 ] C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnMailPlugins.dll
10:26:15.0042 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrnMailPlugins.dll - ok
10:26:15.0053 3508 [ A0B762992A52FA8A657A97C34BEEA807 ] C:\Windows\System32\mssrch.dll
10:26:15.0053 3508 C:\Windows\System32\mssrch.dll - ok
10:26:15.0073 3508 [ 41F84775AE00035887A98EE774914939 ] C:\Windows\System32\PortableDeviceConnectApi.dll
10:26:15.0073 3508 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
10:26:15.0079 3508 [ 900B9B25C345AAA4F90913BA9AECABF4 ] C:\Windows\System32\dbghelp.dll
10:26:15.0079 3508 C:\Windows\System32\dbghelp.dll - ok
10:26:15.0092 3508 [ 2A46FFE841EC43001D5A293A54DB34DE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
10:26:15.0092 3508 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
10:26:15.0108 3508 [ 9CD5C19647965D5EAEF1DB61E4871544 ] C:\Windows\System32\drivers\WUDFPf.sys
10:26:15.0108 3508 C:\Windows\System32\drivers\WUDFPf.sys - ok
10:26:15.0116 3508 [ 501A65252617B495C0F1832F908D54D8 ] C:\Windows\System32\drivers\WUDFRd.sys
10:26:15.0117 3508 C:\Windows\System32\drivers\WUDFRd.sys - ok
10:26:15.0126 3508 [ C964590AE89867A55D77B847E6B00613 ] C:\Windows\System32\hpowiav1.dll
10:26:15.0126 3508 C:\Windows\System32\hpowiav1.dll - ok
10:26:15.0136 3508 [ 54BEFBE0B681A7254FD74E1E5288F7F6 ] C:\Windows\System32\msidle.dll
10:26:15.0136 3508 C:\Windows\System32\msidle.dll - ok
10:26:15.0145 3508 [ 7846D0136CC2B264926A73047BA7688A ] C:\Windows\System32\netprofm.dll
10:26:15.0145 3508 C:\Windows\System32\netprofm.dll - ok
10:26:15.0154 3508 [ 1894F161AF417784AAECFAFE77DE940E ] C:\Windows\System32\sqmapi.dll
10:26:15.0155 3508 C:\Windows\System32\sqmapi.dll - ok
10:26:15.0166 3508 [ C1AE82B8F60ADB630C00DCE48E571CDD ] C:\Windows\System32\netcfgx.dll
10:26:15.0166 3508 C:\Windows\System32\netcfgx.dll - ok
10:26:15.0175 3508 [ 27F479DFA5E1BD942E056888DCF5C270 ] C:\Windows\System32\Query.dll
10:26:15.0175 3508 C:\Windows\System32\Query.dll - ok
10:26:15.0186 3508 [ D23E5184266747DDCE9D0C6581D916B3 ] C:\Windows\System32\hnetcfg.dll
10:26:15.0186 3508 C:\Windows\System32\hnetcfg.dll - ok
10:26:15.0195 3508 [ 595BAC1B188813CEAE88A599738E60F8 ] C:\Windows\System32\mssprxy.dll
10:26:15.0195 3508 C:\Windows\System32\mssprxy.dll - ok
10:26:15.0208 3508 [ 21F36392598072A73C7576CD8AFD6E70 ] C:\Windows\System32\wbem\wbemprox.dll
10:26:15.0208 3508 C:\Windows\System32\wbem\wbemprox.dll - ok
10:26:15.0219 3508 [ A5D8AD128FBB763F147F29F3D6A1C084 ] C:\Windows\System32\npmproxy.dll
10:26:15.0219 3508 C:\Windows\System32\npmproxy.dll - ok
10:26:15.0232 3508 [ F4E1AA5D59C849A4AB47E895DC76B9C8 ] C:\Windows\SysWOW64\sfc.dll
10:26:15.0232 3508 C:\Windows\SysWOW64\sfc.dll - ok
10:26:15.0242 3508 [ 12BCF4DAD8E5A1B3D5FA7AB4A79DA105 ] C:\Windows\SysWOW64\sfc_os.dll
10:26:15.0242 3508 C:\Windows\SysWOW64\sfc_os.dll - ok
10:26:15.0249 3508 [ D642A49B5E19B3F5B0B4647FAE27817E ] C:\Windows\System32\wbem\wbemcore.dll
10:26:15.0249 3508 C:\Windows\System32\wbem\wbemcore.dll - ok
10:26:15.0258 3508 [ 37B697901FE364144D634128369098FF ] C:\Windows\System32\wbem\esscli.dll
10:26:15.0258 3508 C:\Windows\System32\wbem\esscli.dll - ok
10:26:15.0268 3508 [ 11F705A35F4CB2B4D6FA51606A9B8C54 ] C:\Windows\System32\wbem\fastprox.dll
10:26:15.0268 3508 C:\Windows\System32\wbem\fastprox.dll - ok
10:26:15.0279 3508 [ 8F8380E73A04BCB85340B1A3653FB8A5 ] C:\Windows\System32\wbem\wbemsvc.dll
10:26:15.0279 3508 C:\Windows\System32\wbem\wbemsvc.dll - ok
10:26:15.0289 3508 [ 1AE49D81622BE6364194F70045F07194 ] C:\Windows\System32\wbem\wmiutils.dll
10:26:15.0289 3508 C:\Windows\System32\wbem\wmiutils.dll - ok
10:26:15.0299 3508 [ D65FC2E31EF411245C8D5C7B3F7F17AD ] C:\Windows\System32\WUDFHost.exe
10:26:15.0299 3508 C:\Windows\System32\WUDFHost.exe - ok
10:26:15.0308 3508 [ 5103B1E343F2D5FBDFA8D0318ABC59C4 ] C:\Windows\System32\wbem\repdrvfs.dll
10:26:15.0308 3508 C:\Windows\System32\wbem\repdrvfs.dll - ok
10:26:15.0318 3508 [ CDBAE31A2B6C8819DDBC5CF8432E3B3E ] C:\Windows\System32\en-US\tquery.dll.mui
10:26:15.0318 3508 C:\Windows\System32\en-US\tquery.dll.mui - ok
10:26:15.0328 3508 [ E21FFFE678FF09BAA6BF5F76BD8805C6 ] C:\Windows\System32\esent.dll
10:26:15.0328 3508 C:\Windows\System32\esent.dll - ok
10:26:15.0340 3508 [ 31335CC5155B7C3DD5B6EDDC94E2DCB9 ] C:\Windows\System32\WUDFx.dll
10:26:15.0340 3508 C:\Windows\System32\WUDFx.dll - ok
10:26:15.0349 3508 [ A2F0CFDCEA42C4CE7FEF5694A35647D8 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
10:26:15.0349 3508 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
10:26:15.0358 3508 [ E946553F786521C073AABC7CD0714807 ] C:\Windows\System32\wbem\WmiPrvSD.dll
10:26:15.0358 3508 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
10:26:15.0368 3508 [ D4F19174AE170369E44E4F9AEFE71111 ] C:\Windows\System32\WMVCORE.DLL
10:26:15.0369 3508 C:\Windows\System32\WMVCORE.DLL - ok
10:26:15.0377 3508 [ A44E61A183FD6D65C655E31A330ECA7E ] C:\Windows\System32\msscb.dll
10:26:15.0377 3508 C:\Windows\System32\msscb.dll - ok
10:26:15.0386 3508 [ 8D94313E7A7786997B4C362B7CCB5D29 ] C:\Windows\System32\wbem\wbemess.dll
10:26:15.0387 3508 C:\Windows\System32\wbem\wbemess.dll - ok
10:26:15.0396 3508 [ 8812E3739BB8AB48D7A4867522D50B6B ] C:\Windows\System32\WMASF.DLL
10:26:15.0396 3508 C:\Windows\System32\WMASF.DLL - ok
10:26:15.0406 3508 [ CB93619E613950A9DF4085BD23B22D57 ] C:\Windows\System32\PortableDeviceClassExtension.dll
10:26:15.0406 3508 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
10:26:15.0416 3508 [ A0A92B5F2926C52A3FF415E928BC9301 ] C:\Windows\System32\PortableDeviceTypes.dll
10:26:15.0416 3508 C:\Windows\System32\PortableDeviceTypes.dll - ok
10:26:15.0424 3508 [ B86856774D194C43D8BE0E9900DD76F3 ] C:\Windows\System32\PortableDeviceWiaCompat.dll
10:26:15.0424 3508 C:\Windows\System32\PortableDeviceWiaCompat.dll - ok
10:26:15.0433 3508 [ BED93F434CD291DEC110901F7343E000 ] C:\Windows\System32\dllhost.exe
10:26:15.0434 3508 C:\Windows\System32\dllhost.exe - ok
10:26:15.0443 3508 [ ED4EC7C21A3607A4CB7D36E9C5B90AB2 ] C:\Windows\System32\AtBroker.exe
10:26:15.0443 3508 C:\Windows\System32\AtBroker.exe - ok
10:26:15.0453 3508 [ A0AB2BB9A92293D9CE66E252719AB5FE ] C:\Windows\System32\userinit.exe
10:26:15.0453 3508 C:\Windows\System32\userinit.exe - ok
10:26:15.0461 3508 [ EA85B96A8BFB435749C9004BC7340347 ] C:\Windows\System32\taskeng.exe
10:26:15.0462 3508 C:\Windows\System32\taskeng.exe - ok
10:26:15.0472 3508 [ A78E7E16E8696172FF3F4147E6050DC3 ] C:\Windows\System32\dwmredir.dll
10:26:15.0472 3508 C:\Windows\System32\dwmredir.dll - ok
10:26:15.0483 3508 [ B77AD1818DBD476245B1281016E075E4 ] C:\Windows\System32\milcore.dll
10:26:15.0484 3508 C:\Windows\System32\milcore.dll - ok
10:26:15.0494 3508 [ D4175BE7CA634C7BB9205F7EE4F3F7E4 ] C:\Windows\System32\d3d9.dll
10:26:15.0494 3508 C:\Windows\System32\d3d9.dll - ok
10:26:15.0500 3508 [ E6409B960CCAA48F292A4808E00167C8 ] C:\Windows\System32\d3d8thk.dll
10:26:15.0500 3508 C:\Windows\System32\d3d8thk.dll - ok
10:26:15.0511 3508 [ E395B66E2AD9E960A8E563D7BB9923F5 ] C:\Windows\System32\nvd3dumx.dll
10:26:15.0511 3508 C:\Windows\System32\nvd3dumx.dll - ok
10:26:15.0521 3508 [ 6B08E54A451B3F95E4109DBA7E594270 ] C:\Windows\explorer.exe
10:26:15.0521 3508 C:\Windows\explorer.exe - ok
10:26:15.0533 3508 [ 18ADF933B54C8953FCC3EEAB4EAF4A63 ] C:\Windows\System32\TSChannel.dll
10:26:15.0533 3508 C:\Windows\System32\TSChannel.dll - ok
10:26:15.0542 3508 [ 9DCAA0F7D8EC0C07BBBE724041DB7AC5 ] C:\Windows\System32\shdocvw.dll
10:26:15.0542 3508 C:\Windows\System32\shdocvw.dll - ok
10:26:15.0551 3508 [ EE9040473EB1339E75E79A75FA47A825 ] C:\Windows\System32\browseui.dll
10:26:15.0551 3508 C:\Windows\System32\browseui.dll - ok
10:26:15.0561 3508 [ 5F0501B0C731E7F2DDE196E3A32E3500 ] C:\Windows\System32\PlaySndSrv.dll
10:26:15.0561 3508 C:\Windows\System32\PlaySndSrv.dll - ok
10:26:15.0570 3508 [ 7B005E3F9825A98312E089CBA0F83DAA ] C:\Windows\System32\uDWM.dll
10:26:15.0574 3508 C:\Windows\System32\uDWM.dll - ok
10:26:15.0583 3508 [ B420EB9D254C2C16CCFBB09BCC6AB113 ] C:\Windows\System32\MsCtfMonitor.dll
10:26:15.0583 3508 C:\Windows\System32\MsCtfMonitor.dll - ok
10:26:15.0591 3508 [ AD27B41DA928C0338E6F364BE928D3F7 ] C:\Windows\System32\msutb.dll
10:26:15.0591 3508 C:\Windows\System32\msutb.dll - ok
10:26:15.0602 3508 [ 27CEEAA8E6149FC6F2F9EE5E0BDAC5A5 ] C:\Windows\System32\actxprxy.dll
10:26:15.0602 3508 C:\Windows\System32\actxprxy.dll - ok
10:26:15.0612 3508 [ AD8DDBB13B341B931CC9229BBC9D0625 ] C:\Windows\System32\HotStartUserAgent.dll
10:26:15.0612 3508 C:\Windows\System32\HotStartUserAgent.dll - ok
10:26:15.0624 3508 [ B4CFC53DFE9C66AD7DF500B5183926C1 ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll
10:26:15.0624 3508 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll - ok
10:26:15.0633 3508 [ 48DC4268BAA33F8770F498F96100E301 ] C:\Windows\System32\pautoenr.dll
10:26:15.0633 3508 C:\Windows\System32\pautoenr.dll - ok
10:26:15.0644 3508 [ B2E32F41E1D6500F62CAEF5EF2B17196 ] C:\Windows\System32\EhStorShell.dll
10:26:15.0644 3508 C:\Windows\System32\EhStorShell.dll - ok
10:26:15.0654 3508 [ 63BD471712132D597431407527A57628 ] C:\Windows\System32\dxgi.dll
10:26:15.0654 3508 C:\Windows\System32\dxgi.dll - ok
10:26:15.0664 3508 [ C88208718545410FA0F11E06F6E7F01B ] C:\Windows\System32\certcli.dll
10:26:15.0664 3508 C:\Windows\System32\certcli.dll - ok
10:26:15.0674 3508 [ EDC41901878A99EA11765F5536CCAE67 ] C:\Windows\System32\imageres.dll
10:26:15.0674 3508 C:\Windows\System32\imageres.dll - ok
10:26:15.0683 3508 [ 5AF34B08C676F16A070A7D7EF2AB4C3E ] C:\Windows\System32\CertEnroll.dll
10:26:15.0683 3508 C:\Windows\System32\CertEnroll.dll - ok
10:26:15.0693 3508 [ A45D8543AE13502984366767D7A4B4CD ] C:\Windows\System32\IconCodecService.dll
10:26:15.0693 3508 C:\Windows\System32\IconCodecService.dll - ok
10:26:15.0703 3508 [ 2EDBDB75D2F41386804B2CB53C572E75 ] C:\Windows\System32\TMM.dll
10:26:15.0703 3508 C:\Windows\System32\TMM.dll - ok
10:26:15.0714 3508 [ A77267CDDE66443FB779CEE39CEE2141 ] C:\Windows\System32\QAGENT.DLL
10:26:15.0714 3508 C:\Windows\System32\QAGENT.DLL - ok
10:26:15.0724 3508 [ ED99B5F4B9DFE4BECA711F3B0340F931 ] C:\Windows\System32\QUTIL.DLL
10:26:15.0724 3508 C:\Windows\System32\QUTIL.DLL - ok
10:26:15.0740 3508 [ 32D71D277A2250EFD2451BDCF22E4447 ] C:\Program Files\ESET\ESET NOD32 Antivirus\x86\eplgOE.dll
10:26:15.0740 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\eplgOE.dll - ok
10:26:15.0745 3508 [ 35ACD5EA63D75E97DD0E9A1629E582B2 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
10:26:15.0745 3508 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll - ok
10:26:15.0757 3508 [ 1107BD574A84367735FEC38B9BD64E6B ] C:\Windows\SysWOW64\apphelp.dll
10:26:15.0757 3508 C:\Windows\SysWOW64\apphelp.dll - ok
10:26:15.0766 3508 [ 4B555106290BD117334E9A08761C035A ] C:\Windows\SysWOW64\rundll32.exe
10:26:15.0766 3508 C:\Windows\SysWOW64\rundll32.exe - ok
10:26:15.0777 3508 [ 1DACD1530C6E58AEAE9F6DE7DA851935 ] C:\Windows\SysWOW64\shimeng.dll
10:26:15.0777 3508 C:\Windows\SysWOW64\shimeng.dll - ok
10:26:15.0786 3508 [ CE1B8C59DA1E6EB97516DE5AA5D37D49 ] C:\Windows\AppPatch\acwow64.dll
10:26:15.0786 3508 C:\Windows\AppPatch\acwow64.dll - ok
10:26:15.0795 3508 [ D6804F089CBB6749E95124E7C4D80900 ] C:\Windows\AppPatch\AcLayers.dll
10:26:15.0795 3508 C:\Windows\AppPatch\AcLayers.dll - ok
10:26:15.0805 3508 [ E95CD2991EB4EC3ED165EC33B6F55BAD ] C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOE.dll
10:26:15.0805 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\eplgOE.dll - ok
10:26:15.0816 3508 [ 8617350C9B590B63E620881092751BCB ] C:\Windows\SysWOW64\mswsock.dll
10:26:15.0816 3508 C:\Windows\SysWOW64\mswsock.dll - ok
10:26:15.0825 3508 [ D1A84F7D4CAFCFE2A32149FF418056E5 ] C:\Windows\SysWOW64\nlaapi.dll
10:26:15.0825 3508 C:\Windows\SysWOW64\nlaapi.dll - ok
10:26:15.0836 3508 [ C411C80F90D6732380352B98B37BBD53 ] C:\Windows\SysWOW64\winrnr.dll
10:26:15.0836 3508 C:\Windows\SysWOW64\winrnr.dll - ok
10:26:15.0845 3508 [ A7D525E5C0D91C8C1D84C6BCD25AD77D ] C:\Windows\SysWOW64\rasadhlp.dll
10:26:15.0845 3508 C:\Windows\SysWOW64\rasadhlp.dll - ok
10:26:15.0854 3508 [ EFA80360111D8D179E39E314A49C9ED4 ] C:\Windows\SysWOW64\wshbth.dll
10:26:15.0854 3508 C:\Windows\SysWOW64\wshbth.dll - ok
10:26:15.0865 3508 [ 682358F730B84B63E09C6B4EDC1DE7AE ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:26:15.0865 3508 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll - ok
10:26:15.0874 3508 [ D0A95E567224B4C347CBDD6541E5D928 ] C:\Windows\SysWOW64\wscisvif.dll
10:26:15.0874 3508 C:\Windows\SysWOW64\wscisvif.dll - ok
10:26:15.0886 3508 [ 7371D6B52B85190971CB3F35FA0CED05 ] C:\Windows\System32\diagperf.dll
10:26:15.0886 3508 C:\Windows\System32\diagperf.dll - ok
10:26:15.0895 3508 [ 1B7A24F2BFA1BB09CC67D4688B411039 ] C:\Windows\System32\pcadm.dll
10:26:15.0895 3508 C:\Windows\System32\pcadm.dll - ok
10:26:15.0905 3508 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\SysWOW64\urlmon.dll
10:26:15.0905 3508 C:\Windows\SysWOW64\urlmon.dll - ok
10:26:15.0915 3508 [ A0F4852A5DB9754BEC06F84B400AE743 ] C:\Windows\SysWOW64\wscapi.dll
10:26:15.0916 3508 C:\Windows\SysWOW64\wscapi.dll - ok
10:26:15.0925 3508 [ E7E1680FDB1122846574D5C2F880DFB1 ] C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
10:26:15.0925 3508 C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL - ok
10:26:15.0935 3508 [ 0FD5754319A388FBD2E13C21E806AC42 ] C:\Windows\System32\pnpts.dll
10:26:15.0935 3508 C:\Windows\System32\pnpts.dll - ok
10:26:15.0945 3508 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\SysWOW64\wininet.dll
10:26:15.0945 3508 C:\Windows\SysWOW64\wininet.dll - ok
10:26:15.0956 3508 [ 67058C46504BC12D821F38CF99B7B28F ] C:\Windows\SysWOW64\es.dll
10:26:15.0958 3508 C:\Windows\SysWOW64\es.dll - ok
10:26:15.0975 3508 [ BE6FAC6F0745C67DAE7522C96406D083 ] C:\Windows\SysWOW64\sxs.dll
10:26:15.0975 3508 C:\Windows\SysWOW64\sxs.dll - ok
10:26:15.0985 3508 [ 7DACD94118E2D8B6D72F47ADEB0367BF ] C:\Windows\SysWOW64\propsys.dll
10:26:15.0986 3508 C:\Windows\SysWOW64\propsys.dll - ok
10:26:15.0999 3508 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
10:26:15.0999 3508 C:\Windows\System32\ie4uinit.exe - ok
10:26:16.0010 3508 [ DBBB05E1AD745B842BA790A3835637C8 ] C:\Windows\System32\timedate.cpl
10:26:16.0010 3508 C:\Windows\System32\timedate.cpl - ok
10:26:16.0025 3508 [ F77B49A32331FA80F11C86877A6700DB ] C:\Windows\System32\mprapi.dll
10:26:16.0025 3508 C:\Windows\System32\mprapi.dll - ok
10:26:16.0035 3508 [ 111C47816F39A91EAAA18DA0A54E8E63 ] C:\Windows\SysWOW64\imageres.dll
10:26:16.0035 3508 C:\Windows\SysWOW64\imageres.dll - ok
10:26:16.0044 3508 [ 5C45623C1A5EC70BCCB3090DB21BF075 ] C:\Windows\System32\msshsq.dll
10:26:16.0044 3508 C:\Windows\System32\msshsq.dll - ok
10:26:16.0057 3508 [ 1E642FBD902FB74778F57A76F8D620F5 ] C:\Windows\System32\NaturalLanguage6.dll
10:26:16.0057 3508 C:\Windows\System32\NaturalLanguage6.dll - ok
10:26:16.0068 3508 [ B10A9A227380873769BF3FC3ED2ED764 ] C:\Windows\System32\nci.dll
10:26:16.0068 3508 C:\Windows\System32\nci.dll - ok
10:26:16.0083 3508 [ 90FABA79E004399E5FC69BBBD016CAF9 ] C:\Windows\System32\NlsData0009.dll
10:26:16.0084 3508 C:\Windows\System32\NlsData0009.dll - ok
10:26:16.0093 3508 [ 261711765B035E7546F319AD3873E7B5 ] C:\Windows\System32\wlaninst.dll
10:26:16.0093 3508 C:\Windows\System32\wlaninst.dll - ok
10:26:16.0103 3508 [ C8E7E069468BC0DEAFE69375421FE839 ] C:\Windows\System32\NlsLexicons0009.dll
10:26:16.0103 3508 C:\Windows\System32\NlsLexicons0009.dll - ok
10:26:16.0114 3508 [ 8BDE3074EE7BB92030448419E33635C7 ] C:\Windows\System32\linkinfo.dll
10:26:16.0114 3508 C:\Windows\System32\linkinfo.dll - ok
10:26:16.0124 3508 [ 0058E2924F2B6483591FAA7C2A6595A7 ] C:\Windows\System32\msiltcfg.dll
10:26:16.0124 3508 C:\Windows\System32\msiltcfg.dll - ok
10:26:16.0133 3508 [ D092AA9740076D7B55BA7E3ECD22DFA7 ] C:\Windows\System32\msi.dll
10:26:16.0133 3508 C:\Windows\System32\msi.dll - ok
10:26:16.0143 3508 [ C71E7ABB1A34E56CE73AE117C8DD566F ] C:\Windows\System32\ieframe.dll
10:26:16.0143 3508 C:\Windows\System32\ieframe.dll - ok
10:26:16.0153 3508 [ FD0D2E1FAEBAE5031BE2EB8000D973F1 ] C:\Program Files\Internet Explorer\iexplore.exe
10:26:16.0153 3508 C:\Program Files\Internet Explorer\iexplore.exe - ok
10:26:16.0162 3508 [ 88CA0FFA894AF4B0D90B93FAA2A0A0D9 ] C:\Program Files\Microsoft IntelliType Pro\itype.exe
10:26:16.0165 3508 C:\Program Files\Microsoft IntelliType Pro\itype.exe - ok
10:26:16.0172 3508 [ 5B72629C8144D1A96490D4C090D28DA1 ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
10:26:16.0172 3508 C:\Program Files\Microsoft IntelliPoint\ipoint.exe - ok
10:26:16.0183 3508 [ 82955BAF6EE545110F7CE768AECA4144 ] C:\Windows\System32\thumbcache.dll
10:26:16.0183 3508 C:\Windows\System32\thumbcache.dll - ok
10:26:16.0193 3508 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft IntelliType Pro\SQMAPI.dll
10:26:16.0193 3508 C:\Program Files\Microsoft IntelliType Pro\SQMAPI.dll - ok
10:26:16.0203 3508 [ 9E465711248B66D72C7E9D3867D5CB19 ] C:\Program Files\Microsoft IntelliType Pro\dpgmkb.dll
10:26:16.0203 3508 C:\Program Files\Microsoft IntelliType Pro\dpgmkb.dll - ok
10:26:16.0217 3508 [ E572915DB4DAD7F062D99334D9F10BFF ] C:\Windows\System32\networkexplorer.dll
10:26:16.0217 3508 C:\Windows\System32\networkexplorer.dll - ok
10:26:16.0227 3508 [ 4FDA635475F67582522E61AF21A672E6 ] C:\Windows\SOUNDMAN.EXE
10:26:16.0227 3508 C:\Windows\SOUNDMAN.EXE - ok
10:26:16.0238 3508 [ 3CDC9975457E78EE6A9D64599DBB76DD ] C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll
10:26:16.0238 3508 C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll - ok
10:26:16.0249 3508 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll
10:26:16.0249 3508 C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll - ok
10:26:16.0256 3508 [ 079C4723655133D5F74A93E232A2E8A8 ] C:\Windows\System32\ntshrui.dll
10:26:16.0256 3508 C:\Windows\System32\ntshrui.dll - ok
10:26:16.0266 3508 [ B51A921F2CA7A068F5025D6EF3C5C8DD ] C:\Program Files\Windows Mail\WinMail.exe
10:26:16.0266 3508 C:\Program Files\Windows Mail\WinMail.exe - ok
10:26:16.0276 3508 [ 509DC499D0D0DDD18D1BA3A9516F6C4C ] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
10:26:16.0276 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe - ok
10:26:16.0286 3508 [ E6DD15E668DAF0A02470CF551B0A0105 ] C:\PROGRA~2\WI1F86~1\MESSEN~1\msgslang.dll
10:26:16.0286 3508 C:\PROGRA~2\WI1F86~1\MESSEN~1\msgslang.dll - ok
10:26:16.0294 3508 [ 722909EA9156F50EF1B386D76D4525A5 ] C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
10:26:16.0295 3508 C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe - ok
10:26:16.0305 3508 [ FF6669F7A1782D54E338F5C6EC806E1E ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
10:26:16.0305 3508 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe - ok
10:26:16.0316 3508 [ 61C090AFC693640742904A4FA2409BBC ] C:\Windows\System32\ExplorerFrame.dll
10:26:16.0316 3508 C:\Windows\System32\ExplorerFrame.dll - ok
10:26:16.0326 3508 [ B79515AFF098E5A56DFBD316152534DE ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
10:26:16.0326 3508 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok
10:26:16.0335 3508 [ D9CBFAC3A040C3096A3F9ADC958F2FC1 ] C:\Program Files (x86)\LCDC\LCDC.exe
10:26:16.0335 3508 C:\Program Files (x86)\LCDC\LCDC.exe - ok
10:26:16.0344 3508 [ 406121C827A2901E72DAB2197DAE180E ] C:\Windows\System32\wercon.exe
10:26:16.0344 3508 C:\Windows\System32\wercon.exe - ok
10:26:16.0358 3508 [ 72A73B43C20902760022FBC91B3EC948 ] C:\Windows\System32\cmd.exe
10:26:16.0358 3508 C:\Windows\System32\cmd.exe - ok
10:26:16.0366 3508 [ BF2DD8B1253FB01CADB9C7C152984C89 ] C:\Windows\ehome\ehshell.exe
10:26:16.0366 3508 C:\Windows\ehome\ehshell.exe - ok
10:26:16.0374 3508 [ 27336F3CC6B3B53043D0666AC0CA4A7F ] C:\Windows\System32\notepad.exe
10:26:16.0374 3508 C:\Windows\System32\notepad.exe - ok
10:26:16.0384 3508 [ FF0729002E081668620A681182D63FE6 ] C:\Windows\System32\wuapp.exe
10:26:16.0384 3508 C:\Windows\System32\wuapp.exe - ok
10:26:16.0393 3508 [ 9C5A0F070196B601D629F5BA9AA921F8 ] C:\Program Files\Windows Sidebar\sidebar.exe
10:26:16.0393 3508 C:\Program Files\Windows Sidebar\sidebar.exe - ok
10:26:16.0403 3508 [ B8188F967F6ABD6A49AE59486D10ADD1 ] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
10:26:16.0404 3508 C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe - ok
10:26:16.0413 3508 [ 50EBD31C3527366FAFA468BD609F7352 ] C:\Windows\System32\wucltux.dll
10:26:16.0413 3508 C:\Windows\System32\wucltux.dll - ok
10:26:16.0421 3508 [ 376D1B585060CD65BEEFE15A8577FCA0 ] C:\Windows\System32\sfc_os.dll
10:26:16.0422 3508 C:\Windows\System32\sfc_os.dll - ok
10:26:16.0433 3508 [ DB83DA870C2C9A612A07A635444BA846 ] C:\Windows\System32\miguiresource.dll
10:26:16.0433 3508 C:\Windows\System32\miguiresource.dll - ok
10:26:16.0442 3508 [ 1E70071E1753E43983B1202CE98AEC6F ] C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
10:26:16.0442 3508 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe - ok
10:26:16.0452 3508 [ FD647CA82ACF232DBE5F20345647B948 ] C:\Windows\AppPatch\AcGenral.dll
10:26:16.0452 3508 C:\Windows\AppPatch\AcGenral.dll - ok
10:26:16.0465 3508 [ 832726DEFA39BBA2D34C9E20CEA471C0 ] C:\Windows\System32\wdc.dll
10:26:16.0465 3508 C:\Windows\System32\wdc.dll - ok
10:26:16.0473 3508 [ 814B65E22070E087479A275AAE1931AC ] C:\Windows\System32\control.exe
10:26:16.0473 3508 C:\Windows\System32\control.exe - ok
10:26:16.0484 3508 [ 65437DAD4F238EA9549408A783002222 ] C:\Windows\ehome\ehtray.exe
10:26:16.0484 3508 C:\Windows\ehome\ehtray.exe - ok
10:26:16.0493 3508 [ BDBB449425991154135E5ED1559927E6 ] C:\Windows\SysWOW64\msacm32.dll
10:26:16.0494 3508 C:\Windows\SysWOW64\msacm32.dll - ok
10:26:16.0503 3508 [ 9E341BB55760A87268862E40DBA1CEF0 ] C:\Windows\System32\accessibilitycpl.dll
10:26:16.0503 3508 C:\Windows\System32\accessibilitycpl.dll - ok
10:26:16.0510 3508 [ 9B96F6952186336CC6E3D4E08BE2E0AF ] C:\Windows\SysWOW64\dwmapi.dll
10:26:16.0510 3508 C:\Windows\SysWOW64\dwmapi.dll - ok
10:26:16.0520 3508 [ 4E1784B96F81FA2F561E5524CCD5FC7E ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_88dc01492fb256de\msvcr80.dll
10:26:16.0520 3508 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_88dc01492fb256de\msvcr80.dll - ok
10:26:16.0531 3508 [ DFFB91500638FACA4CDEA50E4E1F02F9 ] C:\Windows\System32\Magnify.exe
10:26:16.0531 3508 C:\Windows\System32\Magnify.exe - ok
10:26:16.0540 3508 [ 9A6A653ADF28D9D69670B48F535E6B90 ] C:\Windows\SysWOW64\runonce.exe
10:26:16.0540 3508 C:\Windows\SysWOW64\runonce.exe - ok
10:26:16.0550 3508 [ 4AA2A0E26CEF1A803741253DCF9A1503 ] C:\Windows\SysWOW64\comdlg32.dll
10:26:16.0551 3508 C:\Windows\SysWOW64\comdlg32.dll - ok
10:26:16.0561 3508 [ 9DBA941FCC46A45C55C7A2105FB794AC ] C:\Windows\System32\syncui.dll
10:26:16.0561 3508 C:\Windows\System32\syncui.dll - ok
10:26:16.0571 3508 [ 8A777C49978A4E03C4F1442E8FDC5CC2 ] C:\Windows\System32\osk.exe
10:26:16.0575 3508 C:\Windows\System32\osk.exe - ok
10:26:16.0581 3508 [ EA42F79A76F4795E0930FB1E9FFFA5CF ] C:\Program Files\ESET\ESET NOD32 Antivirus\mfc80u.dll
10:26:16.0581 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\mfc80u.dll - ok
10:26:16.0591 3508 [ A361672E1AE1581B475F035607F4FD87 ] C:\Windows\System32\cryptui.dll
10:26:16.0591 3508 C:\Windows\System32\cryptui.dll - ok
10:26:16.0600 3508 [ 12E8A79644955A6D1D371CBD7DA7C871 ] C:\Windows\SysWOW64\inetmib1.dll
10:26:16.0600 3508 C:\Windows\SysWOW64\inetmib1.dll - ok
10:26:16.0609 3508 [ AF24A9DF84637BF9858EC6FB88EBA7B2 ] C:\Windows\SysWOW64\snmpapi.dll
10:26:16.0609 3508 C:\Windows\SysWOW64\snmpapi.dll - ok
10:26:16.0619 3508 [ 9E3244FE8BA484E98461B8619C86F0D5 ] C:\Program Files\Windows Calendar\WinCal.exe
10:26:16.0619 3508 C:\Program Files\Windows Calendar\WinCal.exe - ok
10:26:16.0627 3508 [ 48DD40677817CE1053C2315F5A87E0D3 ] C:\Program Files\Windows Defender\MSASCui.exe
10:26:16.0627 3508 C:\Program Files\Windows Defender\MSASCui.exe - ok
10:26:16.0637 3508 [ F2C56E2FB83F06831F9565E77C48078D ] C:\Windows\ehome\ehmsas.exe
10:26:16.0637 3508 C:\Windows\ehome\ehmsas.exe - ok
10:26:16.0646 3508 [ 13E47C975E14031E7DC611191B70FD35 ] C:\Program Files\Movie Maker\DVDMaker.exe
10:26:16.0646 3508 C:\Program Files\Movie Maker\DVDMaker.exe - ok
10:26:16.0656 3508 [ 8D43735C8B4519CCC473D68E25F24C1D ] C:\Windows\SysWOW64\msvbvm60.dll
10:26:16.0656 3508 C:\Windows\SysWOW64\msvbvm60.dll - ok
10:26:16.0665 3508 [ A689FCC60150715CFEFD235335BCFCA3 ] C:\Program Files\ESET\ESET NOD32 Antivirus\msvcr80.dll
10:26:16.0665 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\msvcr80.dll - ok
10:26:16.0675 3508 [ 3898DDD17D019A40AD432EDABA5E66F7 ] C:\Program Files\Microsoft IntelliType Pro\dpgcmd.dll
10:26:16.0675 3508 C:\Program Files\Microsoft IntelliType Pro\dpgcmd.dll - ok
10:26:16.0685 3508 [ 8F50FB284B7C97C241F6F53E4C88453B ] C:\Program Files\Windows Collaboration\WinCollab.exe
10:26:16.0685 3508 C:\Program Files\Windows Collaboration\WinCollab.exe - ok
10:26:16.0695 3508 [ 5DD36EC36334E0ED4275AA3A55F5D22C ] C:\Program Files\Movie Maker\MOVIEMK.exe
10:26:16.0695 3508 C:\Program Files\Movie Maker\MOVIEMK.exe - ok
10:26:16.0707 3508 [ E9B44CD74DBA07FDDAA6562C29BCF8F2 ] C:\Windows\ehome\ehProxy.dll
10:26:16.0707 3508 C:\Windows\ehome\ehProxy.dll - ok
10:26:16.0716 3508 [ 7FB82497FBBF96ACC9E143E7F183BFA7 ] C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
10:26:16.0716 3508 C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe - ok
10:26:16.0726 3508 [ C1F78C1F69CE92BF051A7071F1345210 ] C:\Windows\System32\fsquirt.exe
10:26:16.0726 3508 C:\Windows\System32\fsquirt.exe - ok
10:26:16.0735 3508 [ 0D0CF0B2CBB7FEA573CFD471BAF1BCB8 ] C:\Program Files (x86)\LCDC\borlndmm.dll
10:26:16.0736 3508 C:\Program Files (x86)\LCDC\borlndmm.dll - ok
10:26:16.0745 3508 [ C72A515E6835CB775A01BA4F42B1A730 ] C:\Windows\System32\calc.exe
10:26:16.0745 3508 C:\Windows\System32\calc.exe - ok
10:26:16.0754 3508 [ FC06A07DC10C3412E2787429A72412CA ] C:\Program Files\Microsoft IntelliType Pro\Components\Commands\DPGHnt\DPGHnt.dll
10:26:16.0754 3508 C:\Program Files\Microsoft IntelliType Pro\Components\Commands\DPGHnt\DPGHnt.dll - ok
10:26:16.0760 3508 [ DB4A027E320B226D33F68C71D85103F6 ] C:\Windows\System32\mblctr.exe
10:26:16.0760 3508 C:\Windows\System32\mblctr.exe - ok
10:26:16.0770 3508 [ 48B306A0F08606FEB6C6DD9BDF6E4E0F ] C:\Windows\System32\NetProj.exe
10:26:16.0770 3508 C:\Windows\System32\NetProj.exe - ok
10:26:16.0780 3508 [ 61D4DBC6D1C1C98DC935888295A89D01 ] C:\Windows\System32\NetProjW.dll
10:26:16.0780 3508 C:\Windows\System32\NetProjW.dll - ok
10:26:16.0790 3508 [ EC0A7FB35A11EEF77C76781E122BAF0C ] C:\Windows\System32\mspaint.exe
10:26:16.0790 3508 C:\Windows\System32\mspaint.exe - ok
10:26:16.0800 3508 [ 30485EC6C84241DDB0BD7B8A2EB6BB3C ] C:\Windows\System32\mstsc.exe
10:26:16.0800 3508 C:\Windows\System32\mstsc.exe - ok
10:26:16.0809 3508 [ 90AC8F872CB91DF1EABF372AFBC65D0B ] C:\Program Files\ESET\ESET NOD32 Antivirus\msvcp80.dll
10:26:16.0810 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\msvcp80.dll - ok
10:26:16.0820 3508 [ 9935F595C9B80BC40723042B43086549 ] C:\Windows\winsxs\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_fc42961a63b5a82b\mfc80ENU.dll
10:26:16.0820 3508 C:\Windows\winsxs\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_fc42961a63b5a82b\mfc80ENU.dll - ok
10:26:16.0829 3508 [ 483E6FE556B3146D5A634B8552FDD15C ] C:\Windows\System32\wlanapi.dll
10:26:16.0829 3508 C:\Windows\System32\wlanapi.dll - ok
10:26:16.0838 3508 [ 0B40AAC953EE451373FB8E26A73ADC94 ] C:\Windows\System32\SnippingTool.exe
10:26:16.0838 3508 C:\Windows\System32\SnippingTool.exe - ok
10:26:16.0849 3508 [ ECBAA8694660229262B781BEB7DDD625 ] C:\Windows\System32\SoundRecorder.exe
10:26:16.0849 3508 C:\Windows\System32\SoundRecorder.exe - ok
10:26:16.0859 3508 [ A41D6AFF8AFD743507887FD7747B35D3 ] C:\Windows\System32\mobsync.exe
10:26:16.0859 3508 C:\Windows\System32\mobsync.exe - ok
10:26:16.0868 3508 [ 8E29B921BC400F51276F781C4CFB87F6 ] C:\Windows\System32\oobefldr.dll
10:26:16.0868 3508 C:\Windows\System32\oobefldr.dll - ok
10:26:16.0877 3508 [ FAFD25FE1BE024AE20605DCD01F1C435 ] C:\Program Files\Windows NT\Accessories\wordpad.exe
10:26:16.0878 3508 C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
10:26:16.0887 3508 [ CE881FB400AAFE32D3DC0A7561B547C2 ] C:\Windows\Speech\Common\sapisvr.exe
10:26:16.0887 3508 C:\Windows\Speech\Common\sapisvr.exe - ok
10:26:16.0898 3508 [ 4FDF6B8B9449D4AF1D98A0705CB6747D ] C:\Windows\System32\Speech\SpeechUX\sapi.cpl
10:26:16.0898 3508 C:\Windows\System32\Speech\SpeechUX\sapi.cpl - ok
10:26:16.0908 3508 [ C1303E3D550F2934BA825A80D335D18A ] C:\Windows\System32\sdclt.exe
10:26:16.0908 3508 C:\Windows\System32\sdclt.exe - ok
10:26:16.0917 3508 [ 38D057FA41217FB904B3A0BC34B8D367 ] C:\Windows\System32\charmap.exe
10:26:16.0917 3508 C:\Windows\System32\charmap.exe - ok
10:26:16.0926 3508 [ E1748B86DC11BACA3400B92BB21913CE ] C:\Windows\System32\dfrgui.exe
10:26:16.0926 3508 C:\Windows\System32\dfrgui.exe - ok
10:26:16.0936 3508 [ 32BFF048169F9A57B9BBAF2DC90EAC1B ] C:\Windows\System32\stobject.dll
10:26:16.0936 3508 C:\Windows\System32\stobject.dll - ok
10:26:16.0945 3508 [ 93E888DA525F3DA1D8A94C174DDCC7C0 ] C:\Windows\System32\batmeter.dll
10:26:16.0946 3508 C:\Windows\System32\batmeter.dll - ok
10:26:16.0955 3508 [ 10DEAF6B32EB834F5C534EB942111FA8 ] C:\Windows\System32\migwiz\migwiz.exe
10:26:16.0955 3508 C:\Windows\System32\migwiz\migwiz.exe - ok
10:26:16.0965 3508 [ A4AF702E6BB80D014C56EDE22C6BC423 ] C:\Windows\System32\msinfo32.exe
10:26:16.0965 3508 C:\Windows\System32\msinfo32.exe - ok
10:26:16.0976 3508 [ 8DBF26D220D8EE44D7A6286BE2F2C767 ] C:\Windows\System32\rstrui.exe
10:26:16.0976 3508 C:\Windows\System32\rstrui.exe - ok
10:26:16.0986 3508 [ 549D573FE2B83C3ECF7553E8996DFA17 ] C:\Windows\System32\StikyNot.exe
10:26:16.0986 3508 C:\Windows\System32\StikyNot.exe - ok
10:26:16.0998 3508 [ A4E789205FB6C1FC0FB2FD3898455F57 ] C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
10:26:16.0999 3508 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe - ok
10:26:17.0009 3508 [ 4F69B3864A6FA36744E275BABD731B74 ] C:\Program Files\Windows Journal\Journal.exe
10:26:17.0009 3508 C:\Program Files\Windows Journal\Journal.exe - ok
10:26:17.0014 3508 [ 5C8C51B679B947F3DF948533C0926240 ] C:\Windows\System32\SndVolSSO.dll
10:26:17.0014 3508 C:\Windows\System32\SndVolSSO.dll - ok
10:26:17.0029 3508 [ FF253B202C460492B9A35C457066CCC0 ] C:\Windows\ehome\ehSSO.dll
10:26:17.0029 3508 C:\Windows\ehome\ehSSO.dll - ok
10:26:17.0038 3508 [ AA6FAA30D3D0D4424DBA3D74D1CA1E14 ] C:\Windows\System32\netshell.dll
10:26:17.0038 3508 C:\Windows\System32\netshell.dll - ok
10:26:17.0049 3508 [ DE95622B09554A70DB4F035D197330BF ] C:\Windows\System32\pnidui.dll
10:26:17.0049 3508 C:\Windows\System32\pnidui.dll - ok
10:26:17.0061 3508 [ 4DD86EDDA09715DC235E41C1F698F041 ] C:\Windows\System32\wlanutil.dll
10:26:17.0061 3508 C:\Windows\System32\wlanutil.dll - ok
10:26:17.0075 3508 [ DED15764B578A26BE9E45E7692820549 ] C:\Windows\System32\onex.dll
10:26:17.0075 3508 C:\Windows\System32\onex.dll - ok
10:26:17.0084 3508 [ B50D0BF177657752B826697259341858 ] C:\Windows\System32\eappprxy.dll
10:26:17.0084 3508 C:\Windows\System32\eappprxy.dll - ok
10:26:17.0094 3508 [ 9DD626CC4FB7CAAC19B2F4C33CD6A2A3 ] C:\Windows\System32\fdProxy.dll
10:26:17.0094 3508 C:\Windows\System32\fdProxy.dll - ok
10:26:17.0104 3508 [ 31519A9B25D4A8998EEC9C81E69269D9 ] C:\Windows\System32\fdWSD.dll
10:26:17.0104 3508 C:\Windows\System32\fdWSD.dll - ok
10:26:17.0114 3508 [ 8AA015739AA5D31E19E853FD1554C769 ] C:\Windows\System32\mycomput.dll
10:26:17.0114 3508 C:\Windows\System32\mycomput.dll - ok
10:26:17.0123 3508 [ F50B03EB7C150E44DF2843F2138D4F70 ] C:\Windows\System32\mlang.dll
10:26:17.0123 3508 C:\Windows\System32\mlang.dll - ok
10:26:17.0133 3508 [ F91D87E625D94F74477525861F7B38D7 ] C:\Windows\System32\odbcad32.exe
10:26:17.0133 3508 C:\Windows\System32\odbcad32.exe - ok
10:26:17.0142 3508 [ DDCDE414B6DB14707DBD504EB23EF13E ] C:\Windows\System32\fdSSDP.dll
10:26:17.0143 3508 C:\Windows\System32\fdSSDP.dll - ok
10:26:17.0152 3508 [ 53E401AE1E8CEF522E00576650CC11EB ] C:\Windows\System32\odbcint.dll
10:26:17.0152 3508 C:\Windows\System32\odbcint.dll - ok
10:26:17.0162 3508 [ 688844EFB733D426D90A56499B5DC6CD ] C:\Windows\System32\iscsicpl.exe
10:26:17.0162 3508 C:\Windows\System32\iscsicpl.exe - ok
10:26:17.0171 3508 [ 8BAFE3351162FB7CD8E392BA93B25EB4 ] C:\Windows\System32\iscsicpl.dll
10:26:17.0171 3508 C:\Windows\System32\iscsicpl.dll - ok
10:26:17.0182 3508 [ 39872A309B2DB96738AF44402F7BD43C ] C:\Windows\System32\rasdlg.dll
10:26:17.0182 3508 C:\Windows\System32\rasdlg.dll - ok
10:26:17.0191 3508 [ BEEBCBC84D58FC34B3C9DD3A24BB8F24 ] C:\Windows\System32\MdSched.exe
10:26:17.0191 3508 C:\Windows\System32\MdSched.exe - ok
10:26:17.0201 3508 [ 256AD83B5C6B3F36247AFCF3A95EFCF9 ] C:\Windows\System32\filemgmt.dll
10:26:17.0201 3508 C:\Windows\System32\filemgmt.dll - ok
10:26:17.0211 3508 [ F1F799F596CA296EE9725EFEA01A63D7 ] C:\Windows\System32\msconfig.exe
10:26:17.0211 3508 C:\Windows\System32\msconfig.exe - ok
10:26:17.0221 3508 [ 03C1410DBD7B35D105B732424FEB7516 ] C:\Windows\System32\AuthFWGP.dll
10:26:17.0221 3508 C:\Windows\System32\AuthFWGP.dll - ok
10:26:17.0231 3508 [ B6A7E7F43234BFA6A8E6CC4110CB9448 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
10:26:17.0232 3508 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
10:26:17.0245 3508 [ 80948418A00EE8B0DD61038919985936 ] C:\Program Files (x86)\LCDC\Plugins\IPA.dll
10:26:17.0245 3508 C:\Program Files (x86)\LCDC\Plugins\IPA.dll - ok
10:26:17.0257 3508 [ 03FDED7449428CE493432EE35FE5A2FB ] C:\Windows\System32\eappcfg.dll
10:26:17.0257 3508 C:\Windows\System32\eappcfg.dll - ok
10:26:17.0266 3508 [ DF4F9708003752B4C475300BEC1F042B ] C:\Program Files\Microsoft Games\Chess\Chess.exe
10:26:17.0266 3508 C:\Program Files\Microsoft Games\Chess\Chess.exe - ok
10:26:17.0274 3508 [ 697D6CAF74F39C7F0017088C6F6B5C33 ] C:\Program Files\Windows Media Player\wmpnssci.dll
10:26:17.0274 3508 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
10:26:17.0282 3508 [ 2620C17442BAA264DBE18953FFD10889 ] C:\Windows\System32\wmpmde.dll
10:26:17.0283 3508 C:\Windows\System32\wmpmde.dll - ok
10:26:17.0292 3508 [ FDAC777249FC4A5ED75FF3F563817FA1 ] C:\Windows\System32\AltTab.dll
10:26:17.0292 3508 C:\Windows\System32\AltTab.dll - ok
10:26:17.0302 3508 [ 6B28D35E4C2C9D9ABA083EE4F9FD51CC ] C:\Windows\System32\WPDShServiceObj.dll
10:26:17.0302 3508 C:\Windows\System32\WPDShServiceObj.dll - ok
10:26:17.0312 3508 [ C56EBA7C1D396FCAF3C8D6867EF1C10E ] C:\Windows\System32\mf.dll
10:26:17.0312 3508 C:\Windows\System32\mf.dll - ok
10:26:17.0327 3508 [ AF96CCADA9B7ADB6488DDB6A60374821 ] C:\Windows\System32\evr.dll
10:26:17.0327 3508 C:\Windows\System32\evr.dll - ok
10:26:17.0342 3508 [ FE46A75556E66B8CC472FA75EFF0C347 ] C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL
10:26:17.0342 3508 C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL - ok
10:26:17.0353 3508 [ A949AA49376F8CB91D19EA8A7ADC94D4 ] C:\Windows\System32\wmdrmsdk.dll
10:26:17.0353 3508 C:\Windows\System32\wmdrmsdk.dll - ok
10:26:17.0362 3508 [ F041AB49DE23CC8BDB404EE59CD1935D ] C:\Windows\System32\dxva2.dll
10:26:17.0362 3508 C:\Windows\System32\dxva2.dll - ok
10:26:17.0370 3508 [ 9BBD858EEC0AA9894B8063218CF1D19D ] C:\Windows\System32\upnp.dll
10:26:17.0371 3508 C:\Windows\System32\upnp.dll - ok
10:26:17.0381 3508 [ DE7F813217EC88C0A6D4D8F2F39D7949 ] C:\Windows\SysWOW64\msiltcfg.dll
10:26:17.0381 3508 C:\Windows\SysWOW64\msiltcfg.dll - ok
10:26:17.0391 3508 [ DE489A291F364B1473D6858560107113 ] C:\Windows\System32\wmp.dll
10:26:17.0391 3508 C:\Windows\System32\wmp.dll - ok
10:26:17.0400 3508 [ CBD5ECDFD293FAF6D812D4D564C5BE4A ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll
10:26:17.0401 3508 C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll - ok
10:26:17.0411 3508 [ ADDA78CA5B8A711CD57E10E8CBE9B31E ] C:\Program Files\ESET\ESET NOD32 Antivirus\SysInspector.exe
10:26:17.0411 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\SysInspector.exe - ok
10:26:17.0420 3508 [ 17A6EDDACA30C67BF44B999A54A6B187 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll
10:26:17.0420 3508 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll - ok
10:26:17.0430 3508 [ E47546535986A8FA3221AC777DB56C57 ] C:\Program Files\ESET\ESET NOD32 Antivirus\SysRescue.exe
10:26:17.0430 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\SysRescue.exe - ok
10:26:17.0440 3508 [ B6D5917CF9FDA3B434AD908559EBD2B3 ] C:\Windows\System32\srchadmin.dll
10:26:17.0440 3508 C:\Windows\System32\srchadmin.dll - ok
10:26:17.0450 3508 [ 323F7C44A4A31B03E4C0424F627E6BC2 ] C:\Program Files\ESET\ESET NOD32 Antivirus\callmsi.exe
10:26:17.0450 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\callmsi.exe - ok
10:26:17.0458 3508 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
10:26:17.0458 3508 C:\Windows\System32\webcheck.dll - ok
10:26:17.0470 3508 [ 19C69E1F96A4E4D92822002D6EEE9913 ] C:\Windows\System32\msvfw32.dll
10:26:17.0470 3508 C:\Windows\System32\msvfw32.dll - ok
10:26:17.0481 3508 [ E55DE59CD89138BD973602F9F202E84D ] C:\Windows\System32\SyncCenter.dll
10:26:17.0481 3508 C:\Windows\System32\SyncCenter.dll - ok
10:26:17.0493 3508 [ 94D616EBF8A3D2F7F8300F255E377A80 ] C:\Windows\System32\wmploc.DLL
10:26:17.0493 3508 C:\Windows\System32\wmploc.DLL - ok
10:26:17.0504 3508 [ B4D787DB8D30793A4D4DF9FEED18F136 ] C:\Windows\System32\drivers\cdfs.sys
10:26:17.0504 3508 C:\Windows\System32\drivers\cdfs.sys - ok
10:26:17.0516 3508 [ E4D4500B9F619DF2F1765FE259B12A4F ] C:\Windows\System32\WindowsAnytimeUpgrade.exe
10:26:17.0516 3508 C:\Windows\System32\WindowsAnytimeUpgrade.exe - ok
10:26:17.0522 3508 [ 23E4E5A6876082BADECA7B80DD7B21C0 ] C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
10:26:17.0522 3508 C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll - ok
10:26:17.0533 3508 [ 7D2CB10042CAC091DE7BC04AFF27CF9E ] C:\Windows\System32\wbem\unsecapp.exe
10:26:17.0533 3508 C:\Windows\System32\wbem\unsecapp.exe - ok
10:26:17.0542 3508 [ ED10D55B28FCD8A6DEA09AE3FE20EC3A ] C:\Windows\System32\imapi2.dll
10:26:17.0542 3508 C:\Windows\System32\imapi2.dll - ok
10:26:17.0552 3508 [ CD2B49ACFAD057AD5577AA26040CC052 ] C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
10:26:17.0552 3508 C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe - ok
10:26:17.0562 3508 [ F2DB8923DBF9491BC7D387E305505CF5 ] C:\Windows\System32\gameux.dll
10:26:17.0566 3508 C:\Windows\System32\gameux.dll - ok
10:26:17.0572 3508 [ E97B6931B5629D7E9F6EE29A68FD6123 ] C:\Windows\System32\wbem\WmiPrvSE.exe
10:26:17.0572 3508 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
10:26:17.0582 3508 [ 69C0460E837047E172A3B92858ED7AB3 ] C:\Program Files\Microsoft Games\Hearts\Hearts.exe
10:26:17.0582 3508 C:\Program Files\Microsoft Games\Hearts\Hearts.exe - ok
10:26:17.0592 3508 [ 6B80D55576B222FDF6F8407D6237EFC6 ] C:\Windows\System32\wmpps.dll
10:26:17.0592 3508 C:\Windows\System32\wmpps.dll - ok
10:26:17.0601 3508 [ 11D415DB881C617288D3CB81BB1FE51D ] C:\Windows\System32\wbem\NCProv.dll
10:26:17.0602 3508 C:\Windows\System32\wbem\NCProv.dll - ok
10:26:17.0611 3508 [ 9E703EC2E91C9071D75E34F1A7327ECA ] C:\Windows\System32\wmdrmdev.dll
10:26:17.0611 3508 C:\Windows\System32\wmdrmdev.dll - ok
10:26:17.0620 3508 [ F347FD7DD03B3408691049CDE0ABB6B6 ] C:\Windows\System32\wbem\wmiprov.dll
10:26:17.0620 3508 C:\Windows\System32\wbem\wmiprov.dll - ok
10:26:17.0631 3508 [ B4761127BA6B6353566FF735EC22F4A4 ] C:\Program Files\Microsoft Games\inkball\inkball.exe
10:26:17.0631 3508 C:\Program Files\Microsoft Games\inkball\inkball.exe - ok
10:26:17.0643 3508 [ 2AD435E35966C65619A272B4831D72BB ] C:\Windows\System32\drmv2clt.dll
10:26:17.0643 3508 C:\Windows\System32\drmv2clt.dll - ok
10:26:17.0652 3508 [ 98C42F36A13C25E099F1E081EB4EC59D ] C:\Windows\System32\wmi.dll
10:26:17.0652 3508 C:\Windows\System32\wmi.dll - ok
10:26:17.0662 3508 [ 06FDEA0167BAD4CDE26210F92F33FDBA ] C:\Windows\System32\wbem\wbemcons.dll
10:26:17.0662 3508 C:\Windows\System32\wbem\wbemcons.dll - ok
10:26:17.0672 3508 [ A0CB916FDBB52C039F5D482701645E86 ] C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
10:26:17.0673 3508 C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe - ok
10:26:17.0684 3508 [ 45EEA3DBE0182FBCFCF9B1F286178BB9 ] C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
10:26:17.0684 3508 C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe - ok
10:26:17.0695 3508 [ C4E6DF4D491A82DFF4EA56BD4C3A6633 ] C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
10:26:17.0695 3508 C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe - ok
10:26:17.0704 3508 [ DBC0B012A13C7738871D569005DEB5D1 ] C:\Windows\System32\bthprops.cpl
10:26:17.0704 3508 C:\Windows\System32\bthprops.cpl - ok
10:26:17.0715 3508 [ 4EF7F56C5D3D3FC63E7296F2A3D283D5 ] C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
10:26:17.0716 3508 C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe - ok
10:26:17.0726 3508 [ EF4C006CC67119A5E3EA534EC85BEA23 ] C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
10:26:17.0726 3508 C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe - ok
10:26:17.0736 3508 [ D2D38B8C685DAD88191CD434823D9BD6 ] C:\Program Files (x86)\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr40.exe
10:26:17.0737 3508 C:\Program Files (x86)\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr40.exe - ok
10:26:17.0745 3508 [ EF6D2BC5AF87B6DDFB52245FF77046B7 ] C:\Windows\System32\brcpl.dll
10:26:17.0745 3508 C:\Windows\System32\brcpl.dll - ok
10:26:17.0756 3508 [ 5767ED421A03FA524B5F18A2C28C1143 ] C:\Windows\System32\msra.exe
10:26:17.0756 3508 C:\Windows\System32\msra.exe - ok
10:26:17.0766 3508 [ 21EF4BB2A6FF4116FD83FAEE52D4A416 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
10:26:17.0766 3508 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe - ok
10:26:17.0776 3508 [ 7E2CF680C69680064D43F4FFE5831DD1 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
10:26:17.0777 3508 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe - ok
10:26:17.0783 3508 [ C0F4A57BA5E09A28AE3D2F67ED219EEA ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
10:26:17.0784 3508 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe - ok
10:26:17.0793 3508 [ 484ACF6AF85A29AC52F3CF054DFDE9D3 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
10:26:17.0793 3508 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe - ok
10:26:17.0804 3508 [ E1AB2AC4A4D50B479DF1B1CEA4A7409B ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
10:26:17.0804 3508 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe - ok
10:26:17.0815 3508 [ 8561C0534F3038B31A5284CE661FDE38 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
10:26:17.0815 3508 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe - ok
10:26:17.0826 3508 [ 051023B22D675856D49360356293A939 ] C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIconDll
10:26:17.0827 3508 C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIconDll - ok
10:26:17.0837 3508 [ 1DEAF8D21FCCB72FFCF374E0FE6C1DB5 ] C:\Windows\System32\SearchProtocolHost.exe
10:26:17.0837 3508 C:\Windows\System32\SearchProtocolHost.exe - ok
10:26:17.0846 3508 [ EBCEDFD064A4F210037AD21EC8AFC220 ] C:\Windows\System32\msshooks.dll
10:26:17.0847 3508 C:\Windows\System32\msshooks.dll - ok
10:26:17.0857 3508 [ D9F0D37D97862C15D1417903B8FCBF5C ] C:\Windows\System32\mssvp.dll
10:26:17.0857 3508 C:\Windows\System32\mssvp.dll - ok
10:26:17.0867 3508 [ D5EA86C4F2533F5515C614138A120F22 ] C:\Windows\System32\mapi32.dll
10:26:17.0867 3508 C:\Windows\System32\mapi32.dll - ok
10:26:17.0876 3508 [ 93655E5D1E940E5A0F73F5A1719A0DA0 ] C:\Windows\System32\mssph.dll
10:26:17.0876 3508 C:\Windows\System32\mssph.dll - ok
10:26:17.0886 3508 [ E953EB7C4E1A369EE98E3B25006891CA ] C:\Program Files\Microsoft Office\Office12\ONFILTER.DLL
10:26:17.0886 3508 C:\Program Files\Microsoft Office\Office12\ONFILTER.DLL - ok
10:26:17.0896 3508 [ 56336BB69172A2CEE15B2491DB4C70C1 ] C:\Windows\System32\msfeeds.dll
10:26:17.0896 3508 C:\Windows\System32\msfeeds.dll - ok
10:26:17.0906 3508 [ BBDE232916FC116C8CB46011683AD854 ] C:\Windows\System32\SearchFilterHost.exe
10:26:17.0906 3508 C:\Windows\System32\SearchFilterHost.exe - ok
10:26:17.0916 3508 [ 74A2612CF3812F85BB4CCF5F343D91E5 ] C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01_64.key
10:26:17.0916 3508 C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01_64.key - ok
10:26:17.0926 3508 [ 991C17B9FA553A2F474142CD68312974 ] C:\Windows\System32\wmdrmnet.dll
10:26:17.0926 3508 C:\Windows\System32\wmdrmnet.dll - ok
10:26:17.0936 3508 [ 0EC4D4E4F59F0E9EC2EF01CB1860C534 ] C:\Program Files\ESET\ESET NOD32 Antivirus\eguiHips.dll
10:26:17.0936 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiHips.dll - ok
10:26:17.0949 3508 [ 3B4D0AA285F848041DEA8D1B4FF2D132 ] C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe
10:26:17.0949 3508 C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe - ok
10:26:17.0957 3508 [ CFF3C4ABDCC5356B0674743BDF0FB674 ] C:\Windows\System32\mshtml.dll
10:26:17.0957 3508 C:\Windows\System32\mshtml.dll - ok
10:26:17.0967 3508 [ 84F9BAD395DADAFA8E46BE7946B18ECD ] C:\Windows\System32\msimtf.dll
10:26:17.0967 3508 C:\Windows\System32\msimtf.dll - ok
10:26:17.0978 3508 [ F924D18569D6E32F867C80F217A185E8 ] C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll
10:26:17.0978 3508 C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll - ok
10:26:17.0987 3508 [ E1466882252FF51EDDE48C3F7EDA2591 ] C:\Windows\System32\drivers\bthport.sys
10:26:17.0988 3508 C:\Windows\System32\drivers\bthport.sys - ok
10:26:17.0997 3508 [ 970192CDED77A128E7E30722E5EE6B9C ] C:\Windows\System32\drivers\BTHUSB.SYS
10:26:17.0997 3508 C:\Windows\System32\drivers\BTHUSB.SYS - ok
10:26:18.0010 3508 [ 9568BB33BBAD356EDD6CDE988E570523 ] C:\Windows\System32\jscript9.dll
10:26:18.0010 3508 C:\Windows\System32\jscript9.dll - ok
10:26:18.0021 3508 [ C4A3D3512EA3E9DEA5A107B6D60CC8CF ] C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll
10:26:18.0021 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll - ok
10:26:18.0032 3508 [ 0FEC5F3C533DAE4B68C57EB8432E7881 ] C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll
10:26:18.0033 3508 C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll - ok
10:26:18.0048 3508 [ CD71E053D7260E4102D99A28F9196070 ] C:\Windows\System32\drivers\rfcomm.sys
10:26:18.0048 3508 C:\Windows\System32\drivers\rfcomm.sys - ok
10:26:18.0058 3508 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] C:\Windows\System32\drivers\bthenum.sys
10:26:18.0058 3508 C:\Windows\System32\drivers\bthenum.sys - ok
10:26:18.0070 3508 [ BEFC5311736B475AC5B60C14FF7C775A ] C:\Windows\System32\drivers\bthpan.sys
10:26:18.0070 3508 C:\Windows\System32\drivers\bthpan.sys - ok
10:26:18.0082 3508 [ 39F7D79B3401BE029D8451F761D30331 ] C:\Windows\System32\drivers\hidbth.sys
10:26:18.0082 3508 C:\Windows\System32\drivers\hidbth.sys - ok
10:26:18.0092 3508 [ 3410CE42581D2353A07ED9A36BD22263 ] C:\Windows\System32\d2d1.dll
10:26:18.0092 3508 C:\Windows\System32\d2d1.dll - ok
10:26:18.0101 3508 [ 390A3F2E21527EB0159603C03CC47A8F ] C:\Windows\System32\DWrite.dll
10:26:18.0101 3508 C:\Windows\System32\DWrite.dll - ok
10:26:18.0111 3508 [ 77DE62C2CAADA7D76A3AEDB39CC3C2DA ] C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll
10:26:18.0111 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll - ok
10:26:18.0119 3508 [ 55C049CE80CAE59EFE40111AC3BF0758 ] C:\Windows\System32\d3d10_1.dll
10:26:18.0119 3508 C:\Windows\System32\d3d10_1.dll - ok
10:26:18.0132 3508 [ 0AFD84E045F78E03A3FF67D3A307B881 ] C:\Windows\System32\d3d10_1core.dll
10:26:18.0132 3508 C:\Windows\System32\d3d10_1core.dll - ok
10:26:18.0140 3508 [ 90060BF23791B94B01717B791650C4F9 ] C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll
10:26:18.0141 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll - ok
10:26:18.0150 3508 [ D7BF5F0EDFE4419DDD6CCC78CB46789D ] C:\Windows\System32\d3d10warp.dll
10:26:18.0150 3508 C:\Windows\System32\d3d10warp.dll - ok
10:26:18.0159 3508 [ 6E6602DE23AB3776007702FC9540E8E9 ] C:\Windows\System32\vbscript.dll
10:26:18.0160 3508 C:\Windows\System32\vbscript.dll - ok
10:26:18.0168 3508 [ 45A2C1362FB321FBAB8797A31EECB5E9 ] C:\Program Files\ESET\ESET NOD32 Antivirus\eguiDmon.dll
10:26:18.0168 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiDmon.dll - ok
10:26:18.0178 3508 [ A3287F8EB6182FB060C818524C7D6A63 ] C:\Windows\System32\dxtrans.dll
10:26:18.0178 3508 C:\Windows\System32\dxtrans.dll - ok
10:26:18.0187 3508 [ DB4ECD7A8D5E4C19ED7E3FA8A6B6568D ] C:\Windows\System32\ddrawex.dll
10:26:18.0187 3508 C:\Windows\System32\ddrawex.dll - ok
10:26:18.0199 3508 [ 01E10D690970C018CEDF4FA2D8D400F0 ] C:\Windows\System32\ddraw.dll
10:26:18.0199 3508 C:\Windows\System32\ddraw.dll - ok
10:26:18.0207 3508 [ 313E3ED165D567407AFFA82D7DD0A144 ] C:\Windows\System32\dciman32.dll
10:26:18.0207 3508 C:\Windows\System32\dciman32.dll - ok
10:26:18.0216 3508 [ D6A99F26E31C9F15D8D8CC42FFE6D16B ] C:\Windows\System32\dxtmsft.dll
10:26:18.0216 3508 C:\Windows\System32\dxtmsft.dll - ok
10:26:18.0225 3508 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
10:26:18.0225 3508 C:\Windows\System32\msls31.dll - ok
10:26:18.0236 3508 [ 00D63F95C21D1FE5CFD23E9F815A7A25 ] C:\Windows\System32\d3d10.dll
10:26:18.0237 3508 C:\Windows\System32\d3d10.dll - ok
10:26:18.0248 3508 [ AD47DE9AC3309EAF362DA8870272F1D3 ] C:\Windows\System32\d3d10core.dll
10:26:18.0248 3508 C:\Windows\System32\d3d10core.dll - ok
10:26:18.0258 3508 [ 8F8E0EE62D73C72015D43E91BBF62B01 ] C:\Windows\System32\rastapi.dll
10:26:18.0258 3508 C:\Windows\System32\rastapi.dll - ok
10:26:18.0269 3508 [ 8139F933EF1559D4E7187E48F93EA136 ] C:\Windows\System32\unimdm.tsp
10:26:18.0269 3508 C:\Windows\System32\unimdm.tsp - ok
10:26:18.0278 3508 [ B3F777F027078644A7EC57C1EA40A5F1 ] C:\Windows\System32\uniplat.dll
10:26:18.0278 3508 C:\Windows\System32\uniplat.dll - ok
10:26:18.0284 3508 [ AA2AD4B7292A3D5F2B0295DB8A35669B ] C:\Windows\System32\unimdmat.dll
10:26:18.0284 3508 C:\Windows\System32\unimdmat.dll - ok
10:26:18.0292 3508 [ 0C31659ABF8C63995E355B330ACB3AE2 ] C:\Windows\System32\modemui.dll
10:26:18.0292 3508 C:\Windows\System32\modemui.dll - ok
10:26:18.0302 3508 [ ABCA3F75096C7CAF510CE0117FA29397 ] C:\Windows\System32\kmddsp.tsp
10:26:18.0302 3508 C:\Windows\System32\kmddsp.tsp - ok
10:26:18.0311 3508 [ A39C6C710DAC32A2D3B0677F648FD711 ] C:\Windows\System32\ndptsp.tsp
10:26:18.0312 3508 C:\Windows\System32\ndptsp.tsp - ok
10:26:18.0321 3508 [ AE865C840368BEEF09E2E2C619E8DB48 ] C:\Windows\System32\hidphone.tsp
10:26:18.0321 3508 C:\Windows\System32\hidphone.tsp - ok
10:26:18.0330 3508 [ 4500B574CB7F5ED6EE8E0BBC72AE2E31 ] C:\Windows\System32\rasppp.dll
10:26:18.0330 3508 C:\Windows\System32\rasppp.dll - ok
10:26:18.0340 3508 [ 88C3F45AAF528E67D85C6F303958AA0C ] C:\Windows\System32\rasqec.dll
10:26:18.0341 3508 C:\Windows\System32\rasqec.dll - ok
10:26:18.0349 3508 [ BFDF69526CB6476992540D4C477CC27A ] C:\Windows\System32\raschap.dll
10:26:18.0350 3508 C:\Windows\System32\raschap.dll - ok
10:26:18.0359 3508 [ 0160AD4F8F4F817428CA74358612EC48 ] C:\Windows\System32\rastls.dll
10:26:18.0359 3508 C:\Windows\System32\rastls.dll - ok
10:26:18.0368 3508 [ C1B76A6F1109D8078CE6D8CA57AB95E0 ] C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
10:26:18.0368 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll - ok
10:26:18.0378 3508 [ 63913CC6067DCA9F284697521E430D03 ] C:\Windows\System32\icm32.dll
10:26:18.0378 3508 C:\Windows\System32\icm32.dll - ok
10:26:18.0391 3508 [ F92525D67E5D18C11958BE37185675DE ] C:\Program Files\Windows Sidebar\wlsrvc.dll
10:26:18.0391 3508 C:\Program Files\Windows Sidebar\wlsrvc.dll - ok
10:26:18.0399 3508 [ BC687BE08AF06AB5FE481BFAFFC55C6D ] C:\Windows\System32\dot3api.dll
10:26:18.0399 3508 C:\Windows\System32\dot3api.dll - ok
10:26:18.0409 3508 [ D86A2D30934F2192E477D4159632AD63 ] C:\Windows\System32\wlanhlp.dll
10:26:18.0409 3508 C:\Windows\System32\wlanhlp.dll - ok
10:26:18.0417 3508 [ B7BA7FCA10C6B5189734D750CC8500EA ] C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
10:26:18.0417 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll - ok
10:26:18.0426 3508 [ 0696656FA1046777BAF8CA686EEE81DB ] C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
10:26:18.0426 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll - ok
10:26:18.0437 3508 [ BE01E566D1F569AAB32D0335613E1EEA ] C:\Windows\SysWOW64\dllhost.exe
10:26:18.0437 3508 C:\Windows\SysWOW64\dllhost.exe - ok
10:26:18.0446 3508 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\Windows\SysWOW64\wuapi.dll
10:26:18.0446 3508 C:\Windows\SysWOW64\wuapi.dll - ok
10:26:18.0455 3508 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\Windows\SysWOW64\wups.dll
10:26:18.0455 3508 C:\Windows\SysWOW64\wups.dll - ok
10:26:18.0465 3508 [ 468B4C4E57F4F371F13990F0F3B010C4 ] C:\Windows\System32\mspatcha.dll
10:26:18.0466 3508 C:\Windows\System32\mspatcha.dll - ok
10:26:18.0475 3508 [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
10:26:18.0475 3508 C:\Windows\System32\wups.dll - ok
10:26:18.0486 3508 [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll
10:26:18.0486 3508 C:\Windows\System32\wups2.dll - ok
10:26:18.0495 3508 [ 376FAD0BD6E157205C8144D23A66493D ] C:\Windows\System32\wbem\cimwin32.dll
10:26:18.0499 3508 C:\Windows\System32\wbem\cimwin32.dll - ok
10:26:18.0506 3508 [ BFEFE6082328C37E7A441143E5ADCA31 ] C:\Windows\System32\framedynos.dll
10:26:18.0506 3508 C:\Windows\System32\framedynos.dll - ok
10:26:18.0516 3508 [ A483A370982BB46F7962C3190EB468FD ] C:\Windows\System32\security.dll
10:26:18.0516 3508 C:\Windows\System32\security.dll - ok
10:26:18.0525 3508 [ C847CF49E40CC92523C6EB231AA1BAE5 ] C:\Windows\System32\wbem\wmipcima.dll
10:26:18.0526 3508 C:\Windows\System32\wbem\wmipcima.dll - ok
10:26:18.0534 3508 [ 7DC262AEEA66CCD6ED86DAAB16C4CDFF ] C:\Windows\System32\ntlanman.dll
10:26:18.0534 3508 C:\Windows\System32\ntlanman.dll - ok
10:26:18.0541 3508 [ 2790F04DFDDA00B7B6DE6719399A8739 ] C:\Windows\System32\drprov.dll
10:26:18.0541 3508 C:\Windows\System32\drprov.dll - ok
10:26:18.0550 3508 [ AAC4DFF79689736D8B316FC05A3E25EC ] C:\Windows\System32\davclnt.dll
10:26:18.0550 3508 C:\Windows\System32\davclnt.dll - ok
10:26:18.0560 3508 [ A7CFBE578BBD7707F8C2C9395C08D63A ] C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
10:26:18.0560 3508 C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll - ok
10:26:18.0570 3508 [ 034A8E26B3DC5939D094F5B7506A7672 ] C:\Program Files (x86)\Acronis\TrueImageHome\timounter64.dll
10:26:18.0570 3508 C:\Program Files (x86)\Acronis\TrueImageHome\timounter64.dll - ok
10:26:18.0582 3508 [ FF9A2056DD887436DB8C8C21C2337ACE ] C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
10:26:18.0582 3508 C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll - ok
10:26:18.0588 3508 [ F7A5CC67E7ECEAFD6982F08A7AC60BD3 ] C:\Windows\System32\synceng.dll
10:26:18.0589 3508 C:\Windows\System32\synceng.dll - ok
10:26:18.0600 3508 [ AEC6EF113ADB5308F178975EB9C52E71 ] C:\Windows\System32\consent.exe
10:26:18.0600 3508 C:\Windows\System32\consent.exe - ok
10:26:18.0609 3508 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Bobby\Desktop\tdsskiller.exe
10:26:18.0609 3508 C:\Users\Bobby\Desktop\tdsskiller.exe - ok
10:26:18.0618 3508 [ DBD02E3E6F061EBBBF9B99A9D7CBA30B ] C:\Windows\SysWOW64\winhttp.dll
10:26:18.0618 3508 C:\Windows\SysWOW64\winhttp.dll - ok
10:26:18.0627 3508 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\13242436.sys
10:26:18.0627 3508 C:\Windows\System32\drivers\13242436.sys - ok
10:26:18.0636 3508 [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D ] C:\Windows\SysWOW64\riched20.dll
10:26:18.0636 3508 C:\Windows\SysWOW64\riched20.dll - ok
10:26:18.0645 3508 [ 167AC31450C0C53A01FA1491E94D7678 ] C:\Windows\SysWOW64\shdocvw.dll
10:26:18.0645 3508 C:\Windows\SysWOW64\shdocvw.dll - ok
10:26:18.0657 3508 [ 8D78BA30DB4AE040A52EDEE725782715 ] C:\Windows\SysWOW64\actxprxy.dll
10:26:18.0658 3508 C:\Windows\SysWOW64\actxprxy.dll - ok
10:26:18.0666 3508 [ 7E451C585AD79B895D03A3301EC5A675 ] C:\Windows\System32\shfolder.dll
10:26:18.0666 3508 C:\Windows\System32\shfolder.dll - ok
10:26:18.0675 3508 [ 85155AC913CA65ADE0323DC751AF3391 ] C:\Windows\System32\bitsperf.dll
10:26:18.0675 3508 C:\Windows\System32\bitsperf.dll - ok
10:26:18.0684 3508 [ 980F1A36B970F5AE361C5C2A90C9E972 ] C:\Windows\System32\bitsigd.dll
10:26:18.0684 3508 C:\Windows\System32\bitsigd.dll - ok
10:26:18.0693 3508 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:26:18.0693 3508 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
10:26:18.0703 3508 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\SysWOW64\msvcr100_clr0400.dll
10:26:18.0703 3508 C:\Windows\SysWOW64\msvcr100_clr0400.dll - ok
10:26:18.0713 3508 [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\SysWOW64\mscoree.dll
10:26:18.0713 3508 C:\Windows\SysWOW64\mscoree.dll - ok
10:26:18.0724 3508 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:26:18.0724 3508 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok
10:26:18.0733 3508 [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll
10:26:18.0733 3508 C:\Windows\System32\msvcr100_clr0400.dll - ok
10:26:18.0742 3508 [ 72AB6633E9B39EC7FEBEDF083A9061E5 ] C:\Windows\System32\mscoree.dll
10:26:18.0742 3508 C:\Windows\System32\mscoree.dll - ok
10:26:18.0751 3508 [ 1FAF6926F3416D3DA05C5B265491BDAE ] C:\Windows\System32\msdtckrm.dll
10:26:18.0751 3508 C:\Windows\System32\msdtckrm.dll - ok
10:26:18.0761 3508 [ 84E035225474E48CD3A6A3CE52332095 ] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:26:18.0761 3508 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe - ok
10:26:18.0771 3508 [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
10:26:18.0771 3508 C:\Windows\System32\wuapi.dll - ok
10:26:18.0780 3508 [ EBFA7A306C65010DED108F5A26598642 ] C:\Windows\System32\wscisvif.dll
10:26:18.0780 3508 C:\Windows\System32\wscisvif.dll - ok
10:26:18.0785 3508 [ 52A4F6983D85E74275DA0573FCD36094 ] C:\Windows\System32\wscproxystub.dll
10:26:18.0785 3508 C:\Windows\System32\wscproxystub.dll - ok
10:26:18.0795 3508 [ A0BA0C7A27F8A9EA42C295DF693FA191 ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_676975d87cc9b6e6\CbsCore.dll
10:26:18.0795 3508 C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_676975d87cc9b6e6\CbsCore.dll - ok
10:26:18.0804 3508 [ A6BCDC241B6578C7DB57B5973B99FE7E ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_676975d87cc9b6e6\wdscore.dll
10:26:18.0804 3508 C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_676975d87cc9b6e6\wdscore.dll - ok
10:26:18.0816 3508 [ 2E1874F23940AD24A6D3840407F38691 ] C:\Windows\System32\dpx.dll
10:26:18.0816 3508 C:\Windows\System32\dpx.dll - ok
10:26:18.0825 3508 [ C1FF45BEE358DA5EE0ACC919E4B4CB73 ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_676975d87cc9b6e6\wcp.dll
10:26:18.0825 3508 C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_676975d87cc9b6e6\wcp.dll - ok
10:26:18.0835 3508 [ DEDBBECE90B40EE3126A09EAADCF184B ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_676975d87cc9b6e6\DrUpdate.dll
10:26:18.0835 3508 C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_676975d87cc9b6e6\DrUpdate.dll - ok
10:26:18.0844 3508 [ 30810163170F9C5761DCA6E9BEC07944 ] C:\Windows\System32\srclient.dll
10:26:18.0844 3508 C:\Windows\System32\srclient.dll - ok
10:26:18.0853 3508 [ 85515E689B247D6992E0D191400E3F79 ] C:\Windows\System32\spp.dll
10:26:18.0853 3508 C:\Windows\System32\spp.dll - ok
10:26:18.0862 3508 [ A1A7BABE18FC30D9EEE8E2D2712A20E3 ] C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_676975d87cc9b6e6\wrpint.dll
10:26:18.0863 3508 C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_676975d87cc9b6e6\wrpint.dll - ok
10:26:18.0872 3508 [ D6D0E3A93026682F73B094DCCF3F9AEB ] C:\Windows\System32\sxsstore.dll
10:26:18.0872 3508 C:\Windows\System32\sxsstore.dll - ok
10:26:18.0882 3508 [ 8337336020747453AE693CBD73A8FB34 ] C:\Windows\servicing\CbsApi.dll
10:26:18.0882 3508 C:\Windows\servicing\CbsApi.dll - ok
10:26:18.0891 3508 [ 3F5BA480D11B1FBCC7DE4B784B35893E ] C:\Windows\System32\advpack.dll
10:26:18.0892 3508 C:\Windows\System32\advpack.dll - ok
10:26:18.0901 3508 [ F54D10EA2FE5EC846603A4CABDD6F235 ] C:\Windows\System32\mstask.dll
10:26:18.0901 3508 C:\Windows\System32\mstask.dll - ok
10:26:18.0909 3508 [ 13CC59C1B04E9F20A87987C68CD4BE3F ] C:\Windows\SysWOW64\ncrypt.dll
10:26:18.0909 3508 C:\Windows\SysWOW64\ncrypt.dll - ok
10:26:18.0919 3508 [ 0F420E81062757EA8363CBACD4D40D6D ] C:\Windows\SysWOW64\gpapi.dll
10:26:18.0919 3508 C:\Windows\SysWOW64\gpapi.dll - ok
10:26:18.0928 3508 [ C6DF7A87063D006ECF1FD8156CB6DE3F ] C:\Windows\SysWOW64\SLC.dll
10:26:18.0928 3508 C:\Windows\SysWOW64\SLC.dll - ok
10:26:18.0938 3508 [ 09469B8EDD2755143FDA06867AAD7E73 ] C:\Windows\SysWOW64\cryptnet.dll
10:26:18.0938 3508 C:\Windows\SysWOW64\cryptnet.dll - ok
10:26:18.0948 3508 [ 5C27AAAB9A1B1CA30F14C624C19F4DEE ] C:\Windows\System32\wbem\WMIADAP.exe
10:26:18.0948 3508 C:\Windows\System32\wbem\WMIADAP.exe - ok
10:26:18.0957 3508 [ E4B386B22D1B6B1684D4CBB5D67AE04C ] C:\Windows\System32\loadperf.dll
10:26:18.0957 3508 C:\Windows\System32\loadperf.dll - ok
10:26:18.0966 3508 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\17954157.sys
10:26:18.0966 3508 C:\Windows\System32\drivers\17954157.sys - ok
10:26:18.0975 3508 ============================================================
10:26:18.0975 3508 Scan finished
10:26:18.0975 3508 ============================================================
10:26:18.0993 4004 Detected object count: 0
10:26:18.0993 4004 Actual detected object count: 0
10:26:27.0700 4760 Deinitialize success
 
Hi Bobster52,

We understand your frustration, but at this rate you could easily end up with an unbootable computer. A lot of tools have already been run, and it's becoming increasingly difficult to keep track of what's left of the infection.

Just F.Y.I....Last night before I ran the MBAM, I turned off system restore, thusly keeping any infected shadow copys from reinfecting the system
Click to expand...

As Corrine mentioned before, system restore points shouldn't be wiped until after the infection is fully removed. They pose no threat unless a restore point is used, an infection will not jump from the shadow copy to the rest of the system. However, they do act as a vital backup in case something goes wrong. If an infection proves problematic during removal and prevents the PC from booting, it's better to go back to an earlier restore point and re-introduce the infection.

Checking all the boxes with TDSSKiller could have easily resulted in an unbootable PC, those parameters are designed to be used only in specific circumstances. Advanced rootkits actively target this tool, if you'd been unlucky enough to have certain variants onboard your computer wouldn't have survived the run.

----------------------

Going forward, please make sure System Restore is enabled and create a restore point. We're going to run Combofix again, but to reassure you we need to make sure there is a restore point to fall back on. Combofix also has a number of built in backups that we can restore if something goes wrong.

If you still have Combofix.exe, please delete this file. There is no need to delete any of the other files associated with Combofix. Once you've deleted the main Combofix.exe (if it still exists), please proceed and download a new copy using the instructions below.

If you encounter issues after running Combofix, please describe them in detail and give us time to get back to you before taking any further action.

  1. Download ComboFix from the following location:

    Link 1

    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs here

  3. Double click on combofix.exe & follow the prompts.

  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

  5. When finished, it shall produce a log for you. Post that log in your next reply


    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------

  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
 
Hey Will;
First I just want to appoligize, for getting so antzy, and bombarding you with all the logs...N-E-Way things went a lot more smoothly this time, and it appears with almost no corruption at all, as a matter of fact the log only took about 15 minutes to finish, hopefully thats a good sign...Tell me what you think of the GMER Log and your findings on the ComboFix Log that I'm attaching, that is when you have a chance, and again, sorry if i've seemed pushy, dont mean to be, just yesterday took it's toll on me...Will be really looking foward to getting this rootkit out of the computer...Will be waiting for your further instructions....Thanks again...Bobster52

----

Edit for log:

ComboFix 13-01-17.04 - Bobby 01/20/2013 11:24:51.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4095.2485 [GMT -5:00]
Running from: c:\users\Bobby\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-20 to 2013-01-20 )))))))))))))))))))))))))))))))
.
.
2013-01-20 16:30 . 2013-01-20 16:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-20 16:30 . 2013-01-20 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-20 16:30 . 2013-01-20 16:30 -------- d-----w- c:\users\Bobby\AppData\Local\temp
2013-01-20 00:38 . 2013-01-20 00:38 308640 ----a-w- c:\windows\system32\javaws.exe
2013-01-20 00:38 . 2013-01-20 00:38 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-01-20 00:38 . 2013-01-20 00:38 188832 ----a-w- c:\windows\system32\javaw.exe
2013-01-20 00:38 . 2013-01-20 00:38 188832 ----a-w- c:\windows\system32\java.exe
2013-01-19 21:06 . 2013-01-19 21:06 -------- d-----w- c:\program files\Java
2013-01-19 21:05 . 2013-01-19 21:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-01-19 21:04 . 2013-01-19 21:04 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-19 21:04 . 2013-01-19 21:04 -------- d-----w- c:\program files (x86)\Java
2013-01-19 19:39 . 2013-01-19 19:39 -------- d-----w- c:\program files\ESET
2013-01-18 11:55 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C615380-80EA-4ECA-AD2C-6271ABBBC435}\mpengine.dll
2013-01-08 18:12 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-08 18:12 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-08 18:11 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 18:11 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2013-01-08 18:11 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2013-01-08 18:11 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-08 18:11 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-08 18:11 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
2013-01-07 08:12 . 2013-01-17 15:25 -------- d-----w- c:\programdata\MSNDynFiles
2013-01-03 12:59 . 2013-01-03 12:59 -------- d-----w- c:\users\Bobby\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-20 00:38 . 2012-11-03 14:29 1081760 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-20 00:38 . 2012-03-13 03:59 960416 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-19 21:04 . 2012-04-26 21:39 859552 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-19 21:04 . 2012-03-13 03:56 780192 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-09 20:00 . 2012-04-05 21:04 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 20:00 . 2012-03-13 20:19 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 18:13 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
2012-12-16 13:31 . 2012-12-20 20:50 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 13:12 . 2012-12-20 20:50 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-16 11:08 . 2012-12-20 20:50 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 10:50 . 2012-12-20 20:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 04:50 . 2012-12-13 04:50 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-12-13 04:50 . 2012-12-13 04:50 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-12-13 04:50 . 2012-12-13 04:50 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-12-13 04:50 . 2012-12-13 04:50 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-12-13 04:50 . 2012-12-13 04:50 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-12-13 04:50 . 2012-12-13 04:50 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-12-13 04:50 . 2012-12-13 04:50 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-12-13 04:50 . 2012-12-13 04:50 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-12-13 04:50 . 2012-12-13 04:50 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-12-13 04:50 . 2012-12-13 04:50 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-12-13 04:50 . 2012-12-13 04:50 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-12-13 04:50 . 2012-12-13 04:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-12-13 04:50 . 2012-12-13 04:50 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-12-13 04:50 . 2012-12-13 04:50 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-12-13 04:50 . 2012-12-13 04:50 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-12-13 04:50 . 2012-12-13 04:50 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-12-13 04:50 . 2012-12-13 04:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-12-13 04:50 . 2012-12-13 04:50 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-12-13 04:50 . 2012-12-13 04:50 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-12-13 04:50 . 2012-12-13 04:50 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-12-13 04:50 . 2012-12-13 04:50 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-12-13 04:50 . 2012-12-13 04:50 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-12-13 04:50 . 2012-12-13 04:50 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-12-13 04:50 . 2012-12-13 04:50 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-12-13 04:50 . 2012-12-13 04:50 816640 ----a-w- c:\windows\system32\jscript.dll
2012-12-13 04:50 . 2012-12-13 04:50 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-12-13 04:50 . 2012-12-13 04:50 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-12-13 04:50 . 2012-12-13 04:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-12-13 04:50 . 2012-12-13 04:50 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-12-13 04:50 . 2012-12-13 04:50 248320 ----a-w- c:\windows\system32\ieui.dll
2012-12-13 04:50 . 2012-12-13 04:50 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-12-13 04:50 . 2012-12-13 04:50 222208 ----a-w- c:\windows\system32\msls31.dll
2012-12-13 04:50 . 2012-12-13 04:50 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-12-13 04:50 . 2012-12-13 04:50 197120 ----a-w- c:\windows\system32\msrating.dll
2012-12-13 04:50 . 2012-12-13 04:50 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-12-13 04:50 . 2012-12-13 04:50 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-12-13 04:50 . 2012-12-13 04:50 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-12-13 04:50 . 2012-12-13 04:50 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-12-13 04:50 . 2012-12-13 04:50 136192 ----a-w- c:\windows\system32\advpack.dll
2012-12-13 04:50 . 2012-12-13 04:50 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-12-13 04:50 . 2012-12-13 04:50 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-12-13 04:50 . 2012-12-13 04:50 12288 ----a-w- c:\windows\system32\mshta.exe
2012-12-13 04:50 . 2012-12-13 04:50 114176 ----a-w- c:\windows\system32\admparse.dll
2012-12-13 04:50 . 2012-12-13 04:50 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-12-13 04:50 . 2012-12-13 04:50 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-12-13 04:50 . 2012-12-13 04:50 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-12-13 04:50 . 2012-12-13 04:50 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-12-13 04:50 . 2012-12-13 04:50 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-12-13 04:50 . 2012-12-13 04:50 82432 ----a-w- c:\windows\system32\icardie.dll
2012-12-13 04:50 . 2012-12-13 04:50 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-12-13 04:50 . 2012-12-13 04:50 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-12-13 04:50 . 2012-12-13 04:50 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-12-13 04:50 . 2012-12-13 04:50 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-12-13 04:50 . 2012-12-13 04:50 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-12-13 04:50 . 2012-12-13 04:50 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-12-13 04:50 . 2012-12-13 04:50 448512 ----a-w- c:\windows\system32\html.iec
2012-12-13 04:50 . 2012-12-13 04:50 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-12-13 04:50 . 2012-12-13 04:50 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-12-13 04:50 . 2012-12-13 04:50 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-12-13 04:50 . 2012-12-13 04:50 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-13 04:50 . 2012-12-13 04:50 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-12-13 04:50 . 2012-12-13 04:50 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-12-13 04:50 . 2012-12-13 04:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-13 04:50 . 2012-12-13 04:50 237056 ----a-w- c:\windows\system32\url.dll
2012-12-13 04:50 . 2012-12-13 04:50 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-12-13 04:50 . 2012-12-13 04:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-12-13 04:50 . 2012-12-13 04:50 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-12-13 04:50 . 2012-12-13 04:50 160256 ----a-w- c:\windows\system32\wextract.exe
2012-12-13 04:50 . 2012-12-13 04:50 149504 ----a-w- c:\windows\system32\occache.dll
2012-12-13 04:50 . 2012-12-13 04:50 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-13 04:50 . 2012-12-13 04:50 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-12-13 04:50 . 2012-12-13 04:50 103936 ----a-w- c:\windows\system32\inseng.dll
2012-11-13 01:45 . 2012-12-11 20:39 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-13 01:29 . 2012-12-11 20:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-04 23:03 . 2012-10-29 14:18 319488 ----a-w- c:\windows\HideWin.exe
2012-11-02 10:45 . 2012-12-11 20:39 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 10:45 . 2012-12-11 20:39 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-11-02 10:18 . 2012-12-11 20:39 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-11-02 08:59 . 2012-12-11 20:39 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-11-02 08:26 . 2012-12-11 20:39 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
2012-10-30 23:10 . 2012-10-30 22:45 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-10-30 23:10 . 2006-12-11 01:39 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-10-30 23:10 . 2006-12-11 01:39 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-10-29 15:14 . 2012-10-29 14:57 60416 ----a-w- c:\windows\ALCFDRTM.VER
2012-10-29 14:57 . 2012-10-29 14:57 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2012-10-23 12:24 . 2012-10-23 12:24 138744 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2012-10-23 12:24 . 2012-10-23 12:24 211344 ----a-w- c:\windows\system32\drivers\eamonm.sys
2012-10-23 12:24 . 2012-10-23 12:24 149592 ----a-w- c:\windows\system32\drivers\ehdrv.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LCDC"="c:\program files (x86)\LCDC\LCDC.exe" [2006-11-07 1691648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2005-10-24 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"B9864E2C-516D-4587-A290-189473179455"="start" [X]
.
c:\users\Bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2012-10-30 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 02485070
*NewlyCreated* - 65559996
*NewlyCreated* - 98465247
*Deregistered* - 02485070
*Deregistered* - 65559996
*Deregistered* - 98465247
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 19:40 453736 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 6325936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.0.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-NWEReboot - (no file)
SafeBoot-65559996.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-20 11:31:47
ComboFix-quarantined-files.txt 2013-01-20 16:31
.
Pre-Run: 245,630,492,672 bytes free
Post-Run: 245,526,945,792 bytes free
.
- - End Of File - - F511E0C3C3DEF9F75E14C635B579936F
 

Attachments

Last edited by a moderator:
Hi Bobster52,

It's normal for users to get anxious, especially when there is no obvious reason for some of our steps. Ultimately it's your computer, but we just need users to be aware that running ahead of us can cause difficulties. Luckily, it looks like the System Restore didn't undo the work on our previous run of Combofix. It's looking good now.

The GMER log didn't tell us anything interesting. The log it produces aren't infected files, but certain hidden items that could be suspicious. As it is, the GMER log is normal and no further action is required.

------------------------------------------------------

Press the Windows "logo" key and "R" then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A logfile will open, please copy/paste the contents into your next reply.

------------------------------------------------------

The infection looks like it's been dealt with - the tools you ran before posting took out the majority of the infection. ComboFix apears to have taken out the rest, if you look at the first Combofix log you'll notice that userinit.exe was listed as infected. This is a standard target for this particular infection. However, as none of the other tools are picking anything extra up, we can proceed.

I'm currently looking into your Windows Defender problem. You mentioned earlier:

And Windows Defender was also put back into a operating stage by the "Services Restore Tool", however when I manually tried to update Defenders Definition Library, I got a message that "This App Can Not Be Updated"
Click to expand...

Please try this again. Do you get the same error message? Are you able to update Windows Defender? Is it working as normal?

Are you getting any error messages at all, or is the only issue the missing file you mentioned earlier?
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top