Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect, not TDSS [Solved]


  • This topic is locked This topic is locked

#1
yumito

yumito

    Member

  • Member
  • PipPip
  • 14 posts
Topic explains it, i read another topic on this but i wasnt sure is his instructions were specific to the log used by OTL. I checked with IE, Chrome, and Firefox all are doing it.
(Also Not sure if its related but: Malwarebytes quarantines svchost.exe as a "trojan". and i did a blue screen physical memory dump while playing arma2-dayz.)
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello yumito and welcome to my office here at G2G! Posted Image

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed
Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.
Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
yumito

yumito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL
-----------------
OTL logfile created on: 10/11/2012 11:41:20 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trudy\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 9.86 Gb Available Physical Memory | 82.22% Memory free
23.98 Gb Paging File | 21.64 Gb Available in Paging File | 90.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 925.16 Gb Total Space | 726.23 Gb Free Space | 78.50% Space Free | Partition Type: NTFS
Drive D: | 196.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WAFFLES | User Name: Trudy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/11 04:18:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trudy\Desktop\OTL.exe
PRC - [2012/09/22 16:34:24 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/10 19:00:12 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Trudy\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/10 06:06:15 | 000,460,312 | ---- | M] () -- C:\Users\Trudy\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 06:06:13 | 012,435,992 | ---- | M] () -- C:\Users\Trudy\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 06:06:12 | 004,005,912 | ---- | M] () -- C:\Users\Trudy\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 06:04:57 | 000,578,072 | ---- | M] () -- C:\Users\Trudy\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 06:04:55 | 000,123,928 | ---- | M] () -- C:\Users\Trudy\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 06:04:44 | 000,156,712 | ---- | M] () -- C:\Users\Trudy\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 06:04:43 | 000,275,496 | ---- | M] () -- C:\Users\Trudy\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 06:04:42 | 002,168,360 | ---- | M] () -- C:\Users\Trudy\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/09/07 06:13:10 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012/09/07 06:13:05 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/09/07 06:13:05 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/09/07 06:13:03 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll
MOD - [2012/09/07 06:13:01 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/09/07 06:12:56 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/09/07 06:12:51 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/09/07 06:12:48 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/09/07 06:12:47 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/09/07 06:12:43 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/08/21 18:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/05/28 16:43:22 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/10/09 06:03:03 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/05 22:15:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/04 00:57:42 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/12 15:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011/07/17 12:04:00 | 004,390,376 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/22 16:34:44 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/14 13:44:33 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/10 17:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/07/13 04:22:10 | 000,077,352 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/07 16:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/07/29 14:36:42 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/01 12:30:54 | 000,622,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl819xp.sys -- (rtl819xpn64)
DRV:64bit: - [2010/01/22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/28 03:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/24 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/08/07 19:49:44 | 000,556,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8190p.sys -- (rtl8190pn64)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/09/22 16:34:44 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/09/22 16:34:42 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/08/15 03:21:57 | 000,397,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys -- (RapportCerberus_42020)
DRV - [2012/02/02 18:50:43 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.maingear.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.maingear.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-06-30 09:44:41&v=11.1.0.12&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 36 DC DC A7 45 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-06-30 09:44:41&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/09 21:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 01:21:23 | 000,000,000 | ---D | M]

[2012/10/09 22:00:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trudy\AppData\Roaming\Mozilla\Extensions
[2012/10/09 21:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/07 01:21:22 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/05 22:15:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/30 09:44:39 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/10/05 22:15:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/05 22:15:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Trudy\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Trudy\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Trudy\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DealCabby = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenicmgjbmpgagkhghjmkikfoljdcbhi\4.0_0\
CHR - Extension: Giant Savings = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\crossrider
CHR - Extension: Giant Savings = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\
CHR - Extension: Gmail = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DealCabby) - {595F0083-DCF6-4BCE-B7D0-6DC17D4B505F} - C:\Users\Trudy\AppData\Local\dealcabby\ie\dealcabby_20121009095001.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Trudy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7974F00-B76C-4A3A-97AC-F87E3D1DF6FB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/16 17:11:56 | 000,000,027 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1ad8a5e6-0c5b-11e1-9205-bcaec503a02e}\Shell - "" = AutoRun
O33 - MountPoints2\{1ad8a5e6-0c5b-11e1-9205-bcaec503a02e}\Shell\AutoRun\command - "" = I:\autorun.exe -auto
O33 - MountPoints2\{cdb7f05b-1065-11e0-ae7f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cdb7f05b-1065-11e0-ae7f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe -- [2006/01/17 18:45:48 | 000,878,648 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/11 04:59:02 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/10/11 04:18:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Trudy\Desktop\OTL.exe
[2012/10/11 04:09:50 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Trudy\Desktop\OTM.exe
[2012/10/11 03:38:54 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/10/11 03:28:49 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/10/09 22:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/10/09 21:59:29 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\dealcabby
[2012/10/08 06:42:37 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\six-zsync
[2012/10/08 06:42:27 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Play withSIX
[2012/10/08 06:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIX Networks
[2012/10/08 06:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Networks
[2012/10/08 06:40:11 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\Downloaded Installations
[2012/10/06 20:01:26 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\DayZCommander
[2012/10/06 20:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2012/10/06 19:34:46 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\ArmA 2 OA
[2012/10/06 04:27:12 | 000,000,000 | ---D | C] -- C:\Users\Trudy\Documents\ArmA 2 Other Profiles
[2012/10/06 04:11:22 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\ArmA 2 Free
[2012/10/06 04:11:22 | 000,000,000 | ---D | C] -- C:\Users\Trudy\Documents\ArmA 2
[2012/10/06 04:10:33 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/10/06 04:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/10/06 04:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive
[2012/10/06 03:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/09/28 20:27:15 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\GQWeb
[2012/09/28 20:15:20 | 000,000,000 | ---D | C] -- C:\Edline

========== Files - Modified Within 30 Days ==========

[2012/10/11 11:40:04 | 000,020,128 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/11 11:40:04 | 000,020,128 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/11 11:32:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/11 11:32:26 | 1066,725,374 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/11 05:02:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/11 04:49:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1157070670-2083293735-4099382007-1000UA.job
[2012/10/11 04:18:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trudy\Desktop\OTL.exe
[2012/10/11 04:09:54 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Trudy\Desktop\OTM.exe
[2012/10/11 03:28:44 | 721,981,385 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/10/11 03:04:27 | 000,000,129 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[2012/10/11 00:49:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1157070670-2083293735-4099382007-1000Core.job
[2012/10/10 21:39:33 | 000,001,099 | ---- | M] () -- C:\Users\Trudy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/09 22:00:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/09 21:59:30 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2012/10/09 06:35:40 | 000,001,372 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2012/10/06 18:17:09 | 000,000,221 | ---- | M] () -- C:\Users\Trudy\Desktop\ARMA 2 Operation Arrowhead.url
[2012/10/06 03:26:47 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012/10/02 03:00:55 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/10/02 03:00:50 | 000,660,296 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/10/02 03:00:50 | 000,121,224 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/29 13:36:08 | 000,233,901 | ---- | M] () -- C:\Users\Trudy\Desktop\house.jpg
[2012/09/26 22:45:55 | 000,000,033 | ---- | M] () -- C:\windows\GunzLauncher.INI
[2012/09/22 16:34:44 | 000,101,688 | ---- | M] (Trusteer Ltd.) -- C:\windows\SysNative\drivers\RapportKE64.sys
[2012/09/19 22:35:26 | 000,782,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/10/11 03:28:44 | 721,981,385 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/10/11 03:04:27 | 000,000,129 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2012/10/10 21:39:33 | 000,001,099 | ---- | C] () -- C:\Users\Trudy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/09 22:00:08 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/09 22:00:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/09 21:59:30 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/10/06 20:01:07 | 000,001,372 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2012/10/06 18:17:09 | 000,000,221 | ---- | C] () -- C:\Users\Trudy\Desktop\ARMA 2 Operation Arrowhead.url
[2012/10/06 04:05:57 | 1023,856,640 | ---- | C] () -- C:\Users\Trudy\Documents\ARMA2Free_setup.exe
[2012/09/29 13:36:08 | 000,233,901 | ---- | C] () -- C:\Users\Trudy\Desktop\house.jpg
[2012/08/21 00:07:26 | 000,007,597 | ---- | C] () -- C:\Users\Trudy\AppData\Local\Resmon.ResmonCfg
[2012/08/09 13:43:20 | 000,000,033 | ---- | C] () -- C:\windows\GunzLauncher.INI
[2012/02/07 22:27:10 | 000,000,204 | ---- | C] () -- C:\Users\Trudy\.packettracer
[2011/10/23 05:01:52 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/06/03 21:59:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/06/02 19:02:43 | 000,107,229 | ---- | C] () -- C:\Users\Trudy\TaskList-trunk-bin.tgz
[2011/06/02 19:02:28 | 000,030,194 | ---- | C] () -- C:\Users\Trudy\DirtyGutter-trunk-bin.tgz
[2011/06/02 19:02:16 | 000,027,513 | ---- | C] () -- C:\Users\Trudy\BufferTabs-trunk-bin.tgz
[2011/06/02 19:01:56 | 000,632,209 | ---- | C] () -- C:\Users\Trudy\ProjectViewer-trunk-bin.tgz
[2010/12/22 15:19:42 | 000,776,466 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/12/14 00:32:42 | 000,003,972 | ---- | C] () -- C:\windows\SysWow64\drivers\PciBus.sys

========== ZeroAccess Check ==========

[2012/10/11 04:59:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$34ea38edae59d11cf8083b9849b8aaf2\L
[2012/10/11 04:59:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$34ea38edae59d11cf8083b9849b8aaf2\U
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$34ea38edae59d11cf8083b9849b8aaf2\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/02/28 07:48:29 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\.minecraft
[2012/03/15 14:58:04 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\DAEMON Tools Lite
[2011/12/13 11:07:10 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\ijjigame
[2011/12/17 17:37:55 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Kalypso Media
[2011/05/06 12:43:26 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\LolClient
[2012/03/04 03:57:59 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\LOVE
[2012/01/14 02:52:47 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Mumble
[2012/09/06 03:55:08 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Notepad++
[2012/10/08 06:43:21 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Play withSIX
[2011/01/14 17:51:31 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Publish Providers
[2012/07/22 13:25:49 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\runic games
[2012/10/08 06:42:37 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\six-zsync
[2011/12/13 01:42:35 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Sony
[2012/01/24 00:47:35 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\SplitMediaLabs
[2012/03/13 18:35:43 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Tropico 4
[2011/04/18 11:17:26 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Trusteer
[2012/08/23 23:11:18 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\TS3Client
[2012/10/06 05:33:39 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\uTorrent
[2012/01/07 22:38:45 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\W Photo Studio Viewer

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\Windows\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >

OTL Extra
---------------------
OTL Extras logfile created on: 10/11/2012 11:41:20 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trudy\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 9.86 Gb Available Physical Memory | 82.22% Memory free
23.98 Gb Paging File | 21.64 Gb Available in Paging File | 90.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 925.16 Gb Total Space | 726.23 Gb Free Space | 78.50% Space Free | Partition Type: NTFS
Drive D: | 196.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WAFFLES | User Name: Trudy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{314DDDC0-E935-11E0-8F9F-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{33C19CDE-E935-11E0-A0DA-F04DA23A5C58}" = MSVCRT Redists
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"UDK-ca2fc6cc-961e-4b9f-b609-2558d56abfda" = Unreal Development Kit: 2012-07
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}" = GradeQuick Web Plugin
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37491A3D-B2A6-402D-898E-5C4EF3984C29}" = Adobe Flash Media Live Encoder 3.1
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E634921-4547-4CA9-AF79-08B735431C12}" = Play withSIX
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C684A01-7F9C-40E7-AF94-BFE24BC89C97}" = XSplit
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{CA328CDF-A284-445E-AAE7-B24A11E97201}" = MechWarrior Online
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E26BD696-7CB8-46F1-A2FE-86814CEF40AA}" = DayZ Commander
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE3CB3AB-9914-4FD3-8FFF-9775C964BD25}" = Path of Exile
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ArmA 2" = ArmA 2 Free Uninstall
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Cisco Packet Tracer 5.3.2_is1" = Cisco Packet Tracer 5.3.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"DealCabby" = DealCabby
"Diablo III" = Diablo III
"Fraps" = Fraps (remove only)
"hon" = Heroes of Newerth
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 16.0 (x86 en-US)" = Mozilla Firefox 16.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Rapport_msi" = Rapport
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 16830" = Sid Meier's Civilization V SDK
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 41500" = Torchlight
"Steam App 570" = Dota 2
"Steam App 8930" = Sid Meier's Civilization V
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4f004f4a-1930-4b55-83e6-61660211787f}" = MechWarrior Online
"Akamai" = Akamai NetSession Interface
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
"Tropico 4" = Tropico 4 1.00

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/19/2012 11:57:11 AM | Computer Name = Waffles | Source = Application Hang | ID = 1002
Description = The program dota.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: e90 Start Time:
01cd7e0b06a38490 Termination Time: 740 Application Path: C:\Program Files (x86)\Steam\steamapps\common\dota
2 beta\dota.exe Report Id:

Error - 8/23/2012 3:31:44 PM | Computer Name = Waffles | Source = Application Hang | ID = 1002
Description = The program dota.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1090 Start Time:
01cd8160361a90a3 Termination Time: 52 Application Path: C:\Program Files (x86)\Steam\steamapps\common\dota
2 beta\dota.exe Report Id:

Error - 9/4/2012 2:54:57 AM | Computer Name = Waffles | Source = Application Hang | ID = 1002
Description = The program dota.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: f00 Start Time:
01cd8a636e0db20f Termination Time: 604 Application Path: C:\Program Files (x86)\Steam\steamapps\common\dota
2 beta\dota.exe Report Id:

Error - 9/6/2012 4:02:05 AM | Computer Name = Waffles | Source = IAStorDataMgrSvc | ID = 0
Description = Service cannot be started. The service process could not connect to
the service controller

Error - 9/8/2012 4:38:26 AM | Computer Name = Waffles | Source = Application Hang | ID = 1002
Description = The program dota.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 740 Start Time:
01cd8d91a560339e Termination Time: 582 Application Path: C:\Program Files (x86)\Steam\steamapps\common\dota
2 beta\dota.exe Report Id:

Error - 9/8/2012 11:26:50 PM | Computer Name = Waffles | Source = Application Hang | ID = 1002
Description = The program dota.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: b78 Start Time:
01cd8e14b4f07b3b Termination Time: 671 Application Path: C:\Program Files (x86)\Steam\steamapps\common\dota
2 beta\dota.exe Report Id:

Error - 9/21/2012 11:10:28 PM | Computer Name = Waffles | Source = Application Hang | ID = 1002
Description = The program dota.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1344 Start Time:
01cd986f15648630 Termination Time: 248 Application Path: C:\Program Files (x86)\Steam\steamapps\common\dota
2 beta\dota.exe Report Id:

Error - 9/23/2012 1:42:36 AM | Computer Name = Waffles | Source = Application Hang | ID = 1002
Description = The program dota.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 11e0 Start Time:
01cd994b8a541d9b Termination Time: 351 Application Path: C:\Program Files (x86)\Steam\steamapps\common\dota
2 beta\dota.exe Report Id:

Error - 9/24/2012 12:42:37 AM | Computer Name = Waffles | Source = Application Hang | ID = 1002
Description = The program dota.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 103c Start Time:
01cd99ff7ef0d44c Termination Time: 45 Application Path: C:\Program Files (x86)\Steam\steamapps\common\dota
2 beta\dota.exe Report Id:

Error - 9/26/2012 1:11:00 AM | Computer Name = Waffles | Source = Application Hang | ID = 1002
Description = The program hon.exe version 0.1.54.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 17c4 Start Time:
01cd9ba4f7c01bfd Termination Time: 2 Application Path: C:\Program Files (x86)\Heroes
of Newerth\hon.exe Report Id: 8d343e60-0798-11e2-99d6-bcaec503a02e

[ Media Center Events ]
Error - 1/7/2012 11:06:36 PM | Computer Name = Waffles | Source = MCUpdate | ID = 0
Description = 10:06:36 PM - Error connecting to the internet. 10:06:36 PM - Unable
to contact server..

Error - 1/7/2012 11:06:45 PM | Computer Name = Waffles | Source = MCUpdate | ID = 0
Description = 10:06:41 PM - Error connecting to the internet. 10:06:41 PM - Unable
to contact server..

Error - 1/8/2012 12:06:50 AM | Computer Name = Waffles | Source = MCUpdate | ID = 0
Description = 11:06:50 PM - Error connecting to the internet. 11:06:50 PM - Unable
to contact server..

Error - 1/8/2012 12:06:55 AM | Computer Name = Waffles | Source = MCUpdate | ID = 0
Description = 11:06:55 PM - Error connecting to the internet. 11:06:55 PM - Unable
to contact server..

Error - 1/12/2012 11:15:32 PM | Computer Name = Waffles | Source = MCUpdate | ID = 0
Description = 10:15:32 PM - Error connecting to the internet. 10:15:32 PM - Unable
to contact server..

Error - 1/12/2012 11:15:40 PM | Computer Name = Waffles | Source = MCUpdate | ID = 0
Description = 10:15:37 PM - Error connecting to the internet. 10:15:37 PM - Unable
to contact server..

Error - 1/14/2012 11:51:54 AM | Computer Name = Waffles | Source = MCUpdate | ID = 0
Description = 10:51:50 AM - Error connecting to the internet. 10:51:50 AM - Unable
to contact server..

Error - 1/14/2012 12:51:59 PM | Computer Name = Waffles | Source = MCUpdate | ID = 0
Description = 11:51:59 AM - Error connecting to the internet. 11:51:59 AM - Unable
to contact server..

Error - 1/16/2012 11:51:29 AM | Computer Name = Waffles | Source = MCUpdate | ID = 0
Description = 10:51:25 AM - Error connecting to the internet. 10:51:25 AM - Unable
to contact server..

Error - 1/16/2012 12:51:34 PM | Computer Name = Waffles | Source = MCUpdate | ID = 0
Description = 11:51:34 AM - Error connecting to the internet. 11:51:34 AM - Unable
to contact server..

[ System Events ]
Error - 10/11/2012 5:30:29 AM | Computer Name = Waffles | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NisSrv service.

Error - 10/11/2012 11:32:55 AM | Computer Name = Waffles | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 10/11/2012 11:32:57 AM | Computer Name = Waffles | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 10/11/2012 11:32:58 AM | Computer Name = Waffles | Source = Service Control Manager | ID = 7003
Description = The Microsoft Network Inspection System service depends the following
service: BFE. This service might not be installed.

Error - 10/11/2012 11:32:58 AM | Computer Name = Waffles | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 10/11/2012 11:33:01 AM | Computer Name = Waffles | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x8007042c Error description: The dependency service or group failed
to start. Reason: %%892

Error - 10/11/2012 11:33:00 AM | Computer Name = Waffles | Source = Service Control Manager | ID = 7003
Description = The Microsoft Network Inspection System service depends the following
service: BFE. This service might not be installed.

Error - 10/11/2012 11:33:00 AM | Computer Name = Waffles | Source = Service Control Manager | ID = 7001
Description = The Microsoft Network Inspection service depends on the Microsoft
Network Inspection System service which failed to start because of the following
error: %%1075

Error - 10/11/2012 11:33:32 AM | Computer Name = Waffles | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 10/11/2012 11:33:32 AM | Computer Name = Waffles | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891


< End of report >
  • 0

#4
yumito

yumito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
GMER
--------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-11 12:08:33
Windows 6.1.7600
Running: 0r3tz9wr.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272d4d6c8
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272d4d6c8 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CTDH9IFW.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\D5XN1K9W.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1VWQVRIV.txt 104 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\22TO6UDQ.txt 87 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2SO3BL34.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\N9XTDDKF.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Q0Z8VZCI.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\QIMKWTWZ.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JBBLX8BH.txt 2573 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6GR0V501.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VFUEUQDH.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\O2AQU6HM.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OW48KD6A.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\U34YDH80.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\U909O3Z2.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\V620AQWG.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VFQPHXA5.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\HKOM0LYX.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\HVEE3I0R.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\B8S8NWUI.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6WEFRY06.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6ZYM9K1P.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7CAIDEHI.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7YMPVUUT.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YKA9BJZU.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\07YXDULS.txt 183 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\132L2UVM.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4YC3WX0C.txt 145 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5JIXVFQG.txt 933 bytes

---- EOF - GMER 1.0.15 ----
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Looks like we have work to do...

Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.


Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Loaded modules

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Make sure to check:

    • Services and drivers
    • Boot sectors
    • Loaded modules
    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
  • TDSSKiller log

It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#6
yumito

yumito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
AFTER THE REBOOT:
-------------------------
21:10:08.0799 3440 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:10:09.0204 3440 ============================================================
21:10:09.0204 3440 Current date / time: 2012/10/11 21:10:09.0204
21:10:09.0204 3440 SystemInfo:
21:10:09.0204 3440
21:10:09.0204 3440 OS Version: 6.1.7600 ServicePack: 0.0
21:10:09.0204 3440 Product type: Workstation
21:10:09.0204 3440 ComputerName: WAFFLES
21:10:09.0204 3440 UserName: Trudy
21:10:09.0204 3440 Windows directory: C:\windows
21:10:09.0204 3440 System windows directory: C:\windows
21:10:09.0204 3440 Running under WOW64
21:10:09.0204 3440 Processor architecture: Intel x64
21:10:09.0204 3440 Number of processors: 8
21:10:09.0204 3440 Page size: 0x1000
21:10:09.0204 3440 Boot type: Normal boot
21:10:09.0204 3440 ============================================================
21:10:11.0950 3440 BG loaded
21:10:14.0040 3440 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:10:14.0087 3440 ============================================================
21:10:14.0087 3440 \Device\Harddisk0\DR0:
21:10:14.0087 3440 MBR partitions:
21:10:14.0087 3440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFA000
21:10:14.0087 3440 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCB2800, BlocksNum 0x73A52800
21:10:14.0087 3440 ============================================================
21:10:14.0212 3440 C: <-> \Device\Harddisk0\DR0\Partition2
21:10:14.0212 3440 ============================================================
21:10:14.0212 3440 Initialize success
21:10:14.0212 3440 ============================================================
21:10:23.0354 2580 ============================================================
21:10:23.0354 2580 Scan started
21:10:23.0354 2580 Mode: Manual;
21:10:23.0354 2580 ============================================================
21:10:26.0973 2580 ================ Scan system memory ========================
21:10:26.0973 2580 System memory - ok
21:10:26.0988 2580 ================ Scan services =============================
21:10:27.0644 2580 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
21:10:27.0644 2580 1394ohci - ok
21:10:27.0784 2580 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
21:10:27.0831 2580 ACPI - ok
21:10:27.0940 2580 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
21:10:27.0956 2580 AcpiPmi - ok
21:10:28.0236 2580 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:10:28.0236 2580 AdobeARMservice - ok
21:10:29.0625 2580 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:10:29.0672 2580 AdobeFlashPlayerUpdateSvc - ok
21:10:29.0828 2580 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
21:10:29.0843 2580 adp94xx - ok
21:10:30.0015 2580 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
21:10:30.0046 2580 adpahci - ok
21:10:30.0171 2580 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
21:10:30.0202 2580 adpu320 - ok
21:10:30.0296 2580 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
21:10:30.0296 2580 AeLookupSvc - ok
21:10:30.0561 2580 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\windows\system32\drivers\afd.sys
21:10:30.0576 2580 AFD - ok
21:10:30.0654 2580 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
21:10:30.0670 2580 agp440 - ok
21:10:30.0701 2580 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
21:10:30.0732 2580 ALG - ok
21:10:30.0810 2580 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\DRIVERS\aliide.sys
21:10:30.0826 2580 aliide - ok
21:10:30.0873 2580 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\DRIVERS\amdide.sys
21:10:30.0888 2580 amdide - ok
21:10:30.0966 2580 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
21:10:30.0966 2580 AmdK8 - ok
21:10:31.0029 2580 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
21:10:31.0044 2580 AmdPPM - ok
21:10:31.0185 2580 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\windows\system32\drivers\amdsata.sys
21:10:31.0232 2580 amdsata - ok
21:10:31.0388 2580 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
21:10:31.0434 2580 amdsbs - ok
21:10:31.0590 2580 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\windows\system32\drivers\amdxata.sys
21:10:31.0622 2580 amdxata - ok
21:10:31.0715 2580 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\windows\system32\drivers\appid.sys
21:10:31.0731 2580 AppID - ok
21:10:31.0793 2580 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
21:10:31.0856 2580 AppIDSvc - ok
21:10:32.0027 2580 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\windows\System32\appinfo.dll
21:10:32.0027 2580 Appinfo - ok
21:10:32.0214 2580 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
21:10:32.0230 2580 arc - ok
21:10:32.0261 2580 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
21:10:32.0277 2580 arcsas - ok
21:10:32.0636 2580 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:10:32.0745 2580 aspnet_state - ok
21:10:33.0041 2580 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
21:10:33.0072 2580 AsyncMac - ok
21:10:33.0119 2580 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\DRIVERS\atapi.sys
21:10:33.0119 2580 atapi - ok
21:10:33.0322 2580 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
21:10:33.0322 2580 AudioEndpointBuilder - ok
21:10:33.0338 2580 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\windows\System32\Audiosrv.dll
21:10:33.0353 2580 AudioSrv - ok
21:10:33.0681 2580 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\windows\System32\AxInstSV.dll
21:10:33.0696 2580 AxInstSV - ok
21:10:33.0899 2580 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
21:10:33.0915 2580 b06bdrv - ok
21:10:34.0008 2580 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
21:10:34.0008 2580 b57nd60a - ok
21:10:34.0149 2580 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
21:10:34.0164 2580 BDESVC - ok
21:10:34.0242 2580 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
21:10:34.0242 2580 Beep - ok
21:10:34.0492 2580 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\windows\System32\bfe.dll
21:10:34.0492 2580 BFE - ok
21:10:34.0632 2580 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\windows\system32\qmgr.dll
21:10:34.0632 2580 BITS - ok
21:10:34.0679 2580 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
21:10:34.0679 2580 blbdrive - ok
21:10:34.0742 2580 [ 19D20159708E152267E53B66677A4995 ] bowser C:\windows\system32\DRIVERS\bowser.sys
21:10:34.0757 2580 bowser - ok
21:10:35.0085 2580 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
21:10:35.0163 2580 BrFiltLo - ok
21:10:35.0210 2580 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
21:10:35.0225 2580 BrFiltUp - ok
21:10:35.0475 2580 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
21:10:35.0568 2580 BridgeMP - ok
21:10:35.0600 2580 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\windows\System32\browser.dll
21:10:35.0600 2580 Browser - ok
21:10:35.0818 2580 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
21:10:35.0849 2580 Brserid - ok
21:10:35.0865 2580 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
21:10:35.0880 2580 BrSerWdm - ok
21:10:36.0177 2580 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
21:10:36.0192 2580 BrUsbMdm - ok
21:10:36.0224 2580 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
21:10:36.0255 2580 BrUsbSer - ok
21:10:36.0395 2580 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
21:10:36.0411 2580 BthEnum - ok
21:10:36.0504 2580 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
21:10:36.0520 2580 BTHMODEM - ok
21:10:36.0692 2580 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
21:10:36.0707 2580 BthPan - ok
21:10:36.0879 2580 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
21:10:36.0910 2580 BTHPORT - ok
21:10:36.0957 2580 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
21:10:36.0972 2580 bthserv - ok
21:10:37.0004 2580 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
21:10:37.0004 2580 BTHUSB - ok
21:10:37.0035 2580 catchme - ok
21:10:37.0082 2580 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
21:10:37.0082 2580 cdfs - ok
21:10:37.0175 2580 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
21:10:37.0175 2580 cdrom - ok
21:10:37.0238 2580 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\windows\System32\certprop.dll
21:10:37.0269 2580 CertPropSvc - ok
21:10:37.0347 2580 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
21:10:37.0347 2580 circlass - ok
21:10:37.0409 2580 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
21:10:37.0425 2580 CLFS - ok
21:10:37.0628 2580 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:10:37.0643 2580 clr_optimization_v2.0.50727_32 - ok
21:10:37.0862 2580 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:10:37.0893 2580 clr_optimization_v2.0.50727_64 - ok
21:10:38.0298 2580 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:10:39.0000 2580 clr_optimization_v4.0.30319_32 - ok
21:10:39.0078 2580 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:10:39.0172 2580 clr_optimization_v4.0.30319_64 - ok
21:10:39.0266 2580 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
21:10:39.0281 2580 CmBatt - ok
21:10:39.0297 2580 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
21:10:39.0297 2580 cmdide - ok
21:10:39.0390 2580 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\windows\system32\Drivers\cng.sys
21:10:39.0406 2580 CNG - ok
21:10:39.0624 2580 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
21:10:39.0640 2580 Compbatt - ok
21:10:39.0734 2580 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
21:10:39.0734 2580 CompositeBus - ok
21:10:39.0765 2580 COMSysApp - ok
21:10:39.0780 2580 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
21:10:39.0796 2580 crcdisk - ok
21:10:39.0874 2580 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\windows\system32\cryptsvc.dll
21:10:39.0905 2580 CryptSvc - ok
21:10:39.0968 2580 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
21:10:40.0030 2580 dc3d - ok
21:10:40.0186 2580 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\windows\system32\rpcss.dll
21:10:40.0186 2580 DcomLaunch - ok
21:10:40.0295 2580 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
21:10:40.0326 2580 defragsvc - ok
21:10:40.0404 2580 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\windows\system32\Drivers\dfsc.sys
21:10:40.0404 2580 DfsC - ok
21:10:40.0670 2580 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\windows\system32\dhcpcore.dll
21:10:40.0670 2580 Dhcp - ok
21:10:40.0716 2580 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
21:10:40.0716 2580 discache - ok
21:10:40.0888 2580 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
21:10:40.0904 2580 Disk - ok
21:10:40.0966 2580 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\windows\System32\dnsrslvr.dll
21:10:40.0966 2580 Dnscache - ok
21:10:41.0060 2580 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\windows\System32\dot3svc.dll
21:10:41.0122 2580 dot3svc - ok
21:10:41.0184 2580 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\windows\system32\dps.dll
21:10:41.0184 2580 DPS - ok
21:10:41.0262 2580 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
21:10:41.0262 2580 drmkaud - ok
21:10:41.0418 2580 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\windows\system32\DRIVERS\dtsoftbus01.sys
21:10:41.0434 2580 dtsoftbus01 - ok
21:10:41.0808 2580 dump_wmimmc - ok
21:10:42.0011 2580 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
21:10:42.0011 2580 DXGKrnl - ok
21:10:42.0152 2580 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\windows\system32\DRIVERS\e1y60x64.sys
21:10:42.0183 2580 e1yexpress - ok
21:10:42.0292 2580 EagleX64 - ok
21:10:42.0354 2580 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
21:10:42.0354 2580 EapHost - ok
21:10:42.0838 2580 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
21:10:42.0900 2580 ebdrv - ok
21:10:42.0963 2580 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\windows\System32\lsass.exe
21:10:42.0963 2580 EFS - ok
21:10:43.0290 2580 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\windows\ehome\ehRecvr.exe
21:10:43.0322 2580 ehRecvr - ok
21:10:43.0400 2580 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
21:10:43.0415 2580 ehSched - ok
21:10:43.0540 2580 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
21:10:43.0556 2580 elxstor - ok
21:10:43.0587 2580 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
21:10:43.0587 2580 ErrDev - ok
21:10:43.0680 2580 [ 3184759434D6BA5031AC221DF6765B86 ] EuMusDesignVirtualAudioCableWdm C:\windows\system32\DRIVERS\vrtaucbl.sys
21:10:44.0117 2580 EuMusDesignVirtualAudioCableWdm - ok
21:10:44.0242 2580 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
21:10:44.0258 2580 EventSystem - ok
21:10:44.0320 2580 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
21:10:44.0336 2580 exfat - ok
21:10:44.0398 2580 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
21:10:44.0414 2580 fastfat - ok
21:10:44.0694 2580 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\windows\system32\fxssvc.exe
21:10:44.0710 2580 Fax - ok
21:10:44.0772 2580 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
21:10:44.0772 2580 fdc - ok
21:10:44.0866 2580 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
21:10:44.0882 2580 fdPHost - ok
21:10:44.0913 2580 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
21:10:44.0913 2580 FDResPub - ok
21:10:44.0944 2580 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
21:10:44.0944 2580 FileInfo - ok
21:10:44.0960 2580 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
21:10:44.0991 2580 Filetrace - ok
21:10:45.0069 2580 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
21:10:45.0084 2580 flpydisk - ok
21:10:45.0178 2580 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
21:10:45.0178 2580 FltMgr - ok
21:10:45.0474 2580 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\windows\system32\FntCache.dll
21:10:45.0506 2580 FontCache - ok
21:10:45.0833 2580 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:10:45.0849 2580 FontCache3.0.0.0 - ok
21:10:45.0880 2580 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
21:10:45.0896 2580 FsDepends - ok
21:10:45.0942 2580 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
21:10:45.0974 2580 Fs_Rec - ok
21:10:46.0052 2580 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
21:10:46.0067 2580 fvevol - ok
21:10:46.0161 2580 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
21:10:46.0176 2580 gagp30kx - ok
21:10:46.0410 2580 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\windows\System32\gpsvc.dll
21:10:46.0410 2580 gpsvc - ok
21:10:46.0520 2580 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
21:10:46.0535 2580 hcw85cir - ok
21:10:46.0660 2580 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
21:10:46.0676 2580 HdAudAddService - ok
21:10:46.0722 2580 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
21:10:46.0722 2580 HDAudBus - ok
21:10:46.0769 2580 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
21:10:46.0769 2580 HidBatt - ok
21:10:46.0894 2580 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
21:10:46.0910 2580 HidBth - ok
21:10:47.0159 2580 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
21:10:47.0175 2580 HidIr - ok
21:10:47.0206 2580 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
21:10:47.0206 2580 hidserv - ok
21:10:47.0300 2580 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
21:10:47.0300 2580 HidUsb - ok
21:10:47.0690 2580 [ 8D1F00F4254C3EF428B715484940427C ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
21:10:47.0690 2580 HiPatchService - ok
21:10:47.0768 2580 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\windows\system32\kmsvc.dll
21:10:47.0768 2580 hkmsvc - ok
21:10:47.0799 2580 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\windows\system32\ListSvc.dll
21:10:47.0814 2580 HomeGroupListener - ok
21:10:47.0924 2580 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\windows\system32\provsvc.dll
21:10:47.0924 2580 HomeGroupProvider - ok
21:10:47.0970 2580 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
21:10:47.0986 2580 HpSAMD - ok
21:10:48.0173 2580 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\windows\system32\drivers\HTTP.sys
21:10:48.0173 2580 HTTP - ok
21:10:48.0220 2580 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
21:10:48.0236 2580 hwpolicy - ok
21:10:48.0298 2580 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
21:10:48.0314 2580 i8042prt - ok
21:10:48.0454 2580 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
21:10:48.0454 2580 iaStor - ok
21:10:48.0610 2580 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
21:10:48.0688 2580 IAStorDataMgrSvc - ok
21:10:48.0782 2580 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\windows\system32\drivers\iaStorV.sys
21:10:48.0813 2580 iaStorV - ok
21:10:48.0969 2580 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:10:49.0203 2580 idsvc - ok
21:10:49.0296 2580 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
21:10:49.0312 2580 iirsp - ok
21:10:49.0499 2580 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\windows\System32\ikeext.dll
21:10:49.0515 2580 IKEEXT - ok
21:10:49.0530 2580 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\DRIVERS\intelide.sys
21:10:49.0530 2580 intelide - ok
21:10:49.0546 2580 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
21:10:49.0546 2580 intelppm - ok
21:10:49.0577 2580 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
21:10:49.0608 2580 IPBusEnum - ok
21:10:49.0640 2580 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
21:10:49.0671 2580 IpFilterDriver - ok
21:10:49.0905 2580 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
21:10:49.0920 2580 iphlpsvc - ok
21:10:49.0936 2580 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
21:10:49.0967 2580 IPMIDRV - ok
21:10:50.0045 2580 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
21:10:50.0061 2580 IPNAT - ok
21:10:50.0170 2580 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
21:10:50.0186 2580 IRENUM - ok
21:10:50.0217 2580 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
21:10:50.0232 2580 isapnp - ok
21:10:50.0310 2580 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
21:10:50.0326 2580 iScsiPrt - ok
21:10:50.0388 2580 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
21:10:50.0388 2580 kbdclass - ok
21:10:50.0435 2580 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
21:10:50.0435 2580 kbdhid - ok
21:10:50.0498 2580 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\windows\system32\lsass.exe
21:10:50.0498 2580 KeyIso - ok
21:10:50.0529 2580 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
21:10:50.0544 2580 KSecDD - ok
21:10:50.0607 2580 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
21:10:50.0622 2580 KSecPkg - ok
21:10:50.0841 2580 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
21:10:50.0841 2580 ksthunk - ok
21:10:50.0934 2580 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
21:10:50.0966 2580 KtmRm - ok
21:10:51.0028 2580 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\windows\System32\srvsvc.dll
21:10:51.0044 2580 LanmanServer - ok
21:10:51.0075 2580 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
21:10:51.0075 2580 LanmanWorkstation - ok
21:10:51.0137 2580 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
21:10:51.0137 2580 lltdio - ok
21:10:51.0215 2580 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
21:10:51.0231 2580 lltdsvc - ok
21:10:51.0262 2580 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
21:10:51.0262 2580 lmhosts - ok
21:10:51.0293 2580 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
21:10:51.0309 2580 LSI_FC - ok
21:10:51.0356 2580 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
21:10:51.0402 2580 LSI_SAS - ok
21:10:51.0434 2580 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
21:10:51.0449 2580 LSI_SAS2 - ok
21:10:51.0496 2580 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
21:10:51.0512 2580 LSI_SCSI - ok
21:10:51.0574 2580 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
21:10:51.0574 2580 luafv - ok
21:10:51.0668 2580 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
21:10:51.0668 2580 MBAMProtector - ok
21:10:51.0917 2580 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:10:51.0933 2580 MBAMScheduler - ok
21:10:52.0011 2580 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:10:52.0011 2580 MBAMService - ok
21:10:52.0058 2580 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
21:10:52.0073 2580 Mcx2Svc - ok
21:10:52.0104 2580 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
21:10:52.0120 2580 megasas - ok
21:10:52.0182 2580 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
21:10:52.0214 2580 MegaSR - ok
21:10:52.0323 2580 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
21:10:52.0323 2580 MMCSS - ok
21:10:52.0338 2580 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
21:10:52.0354 2580 Modem - ok
21:10:52.0401 2580 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
21:10:52.0401 2580 monitor - ok
21:10:52.0448 2580 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
21:10:52.0448 2580 mouclass - ok
21:10:52.0463 2580 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
21:10:52.0463 2580 mouhid - ok
21:10:52.0510 2580 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
21:10:52.0510 2580 mountmgr - ok
21:10:52.0713 2580 [ 0D265CCCCEB68C43C595C03150F0BFD0 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:10:52.0806 2580 MozillaMaintenance - ok
21:10:52.0978 2580 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
21:10:52.0994 2580 MpFilter - ok
21:10:52.0994 2580 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\windows\system32\DRIVERS\mpio.sys
21:10:53.0025 2580 mpio - ok
21:10:53.0087 2580 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
21:10:53.0087 2580 mpsdrv - ok
21:10:53.0493 2580 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\windows\system32\mpssvc.dll
21:10:53.0508 2580 MpsSvc - ok
21:10:53.0571 2580 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
21:10:53.0602 2580 MRxDAV - ok
21:10:53.0664 2580 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
21:10:53.0664 2580 mrxsmb - ok
21:10:53.0727 2580 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
21:10:53.0727 2580 mrxsmb10 - ok
21:10:53.0789 2580 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
21:10:53.0789 2580 mrxsmb20 - ok
21:10:53.0805 2580 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\windows\system32\DRIVERS\msahci.sys
21:10:53.0836 2580 msahci - ok
21:10:53.0898 2580 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
21:10:53.0914 2580 msdsm - ok
21:10:53.0945 2580 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
21:10:53.0961 2580 MSDTC - ok
21:10:54.0023 2580 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
21:10:54.0023 2580 Msfs - ok
21:10:54.0039 2580 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
21:10:54.0164 2580 mshidkmdf - ok
21:10:54.0304 2580 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
21:10:54.0304 2580 msisadrv - ok
21:10:54.0382 2580 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
21:10:54.0413 2580 MSiSCSI - ok
21:10:54.0413 2580 msiserver - ok
21:10:54.0476 2580 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
21:10:54.0522 2580 MSKSSRV - ok
21:10:54.0710 2580 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:10:54.0710 2580 MsMpSvc - ok
21:10:54.0756 2580 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
21:10:54.0756 2580 MSPCLOCK - ok
21:10:54.0788 2580 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
21:10:54.0788 2580 MSPQM - ok
21:10:54.0897 2580 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
21:10:54.0912 2580 MsRPC - ok
21:10:54.0975 2580 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
21:10:54.0975 2580 mssmbios - ok
21:10:55.0006 2580 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
21:10:55.0006 2580 MSTEE - ok
21:10:55.0037 2580 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
21:10:55.0037 2580 MTConfig - ok
21:10:55.0224 2580 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\windows\system32\DRIVERS\ASACPI.sys
21:10:56.0207 2580 MTsensor - ok
21:10:56.0238 2580 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
21:10:56.0254 2580 Mup - ok
21:10:56.0363 2580 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\windows\system32\qagentRT.dll
21:10:56.0379 2580 napagent - ok
21:10:56.0504 2580 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
21:10:56.0504 2580 NativeWifiP - ok
21:10:56.0816 2580 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\windows\system32\drivers\ndis.sys
21:10:56.0831 2580 NDIS - ok
21:10:56.0862 2580 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
21:10:56.0878 2580 NdisCap - ok
21:10:56.0894 2580 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
21:10:56.0894 2580 NdisTapi - ok
21:10:56.0940 2580 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
21:10:56.0940 2580 Ndisuio - ok
21:10:56.0987 2580 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
21:10:56.0987 2580 NdisWan - ok
21:10:57.0003 2580 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\windows\system32\drivers\NDProxy.sys
21:10:57.0003 2580 NDProxy - ok
21:10:57.0050 2580 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
21:10:57.0050 2580 NetBIOS - ok
21:10:57.0112 2580 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\windows\system32\DRIVERS\netbt.sys
21:10:57.0128 2580 NetBT - ok
21:10:57.0159 2580 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\windows\system32\lsass.exe
21:10:57.0159 2580 Netlogon - ok
21:10:57.0299 2580 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
21:10:57.0299 2580 Netman - ok
21:10:57.0346 2580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:10:57.0440 2580 NetMsmqActivator - ok
21:10:57.0455 2580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:10:57.0455 2580 NetPipeActivator - ok
21:10:57.0596 2580 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
21:10:57.0596 2580 netprofm - ok
21:10:57.0705 2580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:10:57.0705 2580 NetTcpActivator - ok
21:10:57.0705 2580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:10:57.0720 2580 NetTcpPortSharing - ok
21:10:57.0954 2580 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
21:10:58.0220 2580 nfrd960 - ok
21:10:58.0391 2580 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
21:10:58.0391 2580 NisDrv - ok
21:10:58.0516 2580 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:10:58.0516 2580 NisSrv - ok
21:10:58.0610 2580 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\windows\System32\nlasvc.dll
21:10:58.0610 2580 NlaSvc - ok
21:10:58.0641 2580 nosGetPlusHelper - ok
21:10:58.0719 2580 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
21:10:58.0719 2580 Npfs - ok
21:10:59.0000 2580 npggsvc - ok
21:10:59.0000 2580 NPPTNT2 - ok
21:10:59.0078 2580 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
21:10:59.0078 2580 nsi - ok
21:10:59.0093 2580 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
21:10:59.0093 2580 nsiproxy - ok
21:10:59.0374 2580 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
21:10:59.0421 2580 Ntfs - ok
21:10:59.0795 2580 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\windows\system32\DRIVERS\NuidFltr.sys
21:10:59.0795 2580 NuidFltr - ok
21:10:59.0826 2580 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
21:10:59.0826 2580 Null - ok
21:10:59.0904 2580 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
21:10:59.0904 2580 nusb3hub - ok
21:10:59.0982 2580 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
21:10:59.0982 2580 nusb3xhc - ok
21:11:00.0341 2580 [ ED9380F201C8126425C09BED96DBE1E5 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
21:11:00.0341 2580 NVHDA - ok
21:11:02.0884 2580 [ BBE872A814B00798C2D568D46C42A71B ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
21:11:02.0931 2580 nvlddmkm - ok
21:11:03.0056 2580 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\windows\system32\drivers\nvraid.sys
21:11:03.0087 2580 nvraid - ok
21:11:03.0227 2580 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\windows\system32\drivers\nvstor.sys
21:11:03.0258 2580 nvstor - ok
21:11:03.0539 2580 [ 0393E59488C67F704336F3FF06E2B7BD ] NVSvc C:\windows\system32\nvvsvc.exe
21:11:03.0539 2580 NVSvc - ok
21:11:03.0648 2580 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
21:11:03.0695 2580 nv_agp - ok
21:11:03.0711 2580 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
21:11:03.0758 2580 ohci1394 - ok
21:11:04.0023 2580 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
21:11:04.0023 2580 p2pimsvc - ok
21:11:04.0070 2580 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
21:11:04.0101 2580 p2psvc - ok
21:11:04.0132 2580 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
21:11:04.0179 2580 Parport - ok
21:11:04.0226 2580 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\windows\system32\drivers\partmgr.sys
21:11:04.0241 2580 partmgr - ok
21:11:04.0428 2580 [ 55223EEFABFDB84A926515FEBAB50D9A ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
21:11:04.0600 2580 pbfilter - ok
21:11:04.0631 2580 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
21:11:04.0631 2580 PcaSvc - ok
21:11:04.0662 2580 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\windows\system32\DRIVERS\pci.sys
21:11:04.0740 2580 pci - ok
21:11:04.0803 2580 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
21:11:04.0803 2580 pciide - ok
21:11:05.0021 2580 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
21:11:05.0037 2580 pcmcia - ok
21:11:05.0068 2580 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
21:11:05.0084 2580 pcw - ok
21:11:05.0193 2580 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
21:11:05.0193 2580 PEAUTH - ok
21:11:06.0612 2580 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
21:11:06.0628 2580 PerfHost - ok
21:11:07.0049 2580 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\windows\system32\pla.dll
21:11:07.0080 2580 pla - ok
21:11:07.0314 2580 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\windows\system32\umpnpmgr.dll
21:11:07.0314 2580 PlugPlay - ok
21:11:07.0424 2580 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
21:11:07.0439 2580 PNRPAutoReg - ok
21:11:07.0486 2580 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
21:11:07.0486 2580 PNRPsvc - ok
21:11:07.0689 2580 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\windows\system32\DRIVERS\point64.sys
21:11:07.0704 2580 Point64 - ok
21:11:07.0938 2580 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
21:11:07.0938 2580 PolicyAgent - ok
21:11:08.0048 2580 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
21:11:08.0048 2580 Power - ok
21:11:08.0126 2580 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
21:11:08.0126 2580 PptpMiniport - ok
21:11:08.0360 2580 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
21:11:08.0375 2580 Processor - ok
21:11:08.0422 2580 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\windows\system32\profsvc.dll
21:11:08.0422 2580 ProfSvc - ok
21:11:08.0438 2580 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\windows\system32\lsass.exe
21:11:08.0438 2580 ProtectedStorage - ok
21:11:08.0594 2580 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\windows\system32\DRIVERS\pacer.sys
21:11:08.0594 2580 Psched - ok
21:11:09.0249 2580 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
21:11:09.0296 2580 ql2300 - ok
21:11:09.0374 2580 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
21:11:09.0374 2580 ql40xx - ok
21:11:09.0436 2580 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
21:11:09.0436 2580 QWAVE - ok
21:11:09.0483 2580 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
21:11:09.0514 2580 QWAVEdrv - ok
21:11:10.0232 2580 [ 00935D8DA2DCD34017544CFEBA97D1E7 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys
21:11:10.0247 2580 RapportCerberus_42020 - ok
21:11:10.0388 2580 [ 9E0FFC5EEEA5FEC75560F394B63022BE ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
21:11:10.0388 2580 RapportEI64 - ok
21:11:10.0497 2580 [ 842041C4B15BAEE2CA37B727CE57334A ] RapportKE64 C:\windows\system32\Drivers\RapportKE64.sys
21:11:10.0512 2580 RapportKE64 - ok
21:11:10.0793 2580 [ 65AA99CB303BA21F9ACC8C1374A14798 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
21:11:10.0809 2580 RapportMgmtService - ok
21:11:10.0965 2580 [ 14FF58FE8D19FA3AA577F1E74F1F7D55 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
21:11:10.0980 2580 RapportPG64 - ok
21:11:11.0027 2580 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
21:11:11.0043 2580 RasAcd - ok
21:11:11.0214 2580 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
21:11:11.0214 2580 RasAgileVpn - ok
21:11:11.0308 2580 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
21:11:11.0402 2580 RasAuto - ok
21:11:11.0480 2580 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
21:11:11.0495 2580 Rasl2tp - ok
21:11:11.0651 2580 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\windows\System32\rasmans.dll
21:11:11.0651 2580 RasMan - ok
21:11:11.0698 2580 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
21:11:11.0698 2580 RasPppoe - ok
21:11:11.0729 2580 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
21:11:11.0729 2580 RasSstp - ok
21:11:11.0823 2580 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
21:11:11.0823 2580 rdbss - ok
21:11:11.0870 2580 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
21:11:11.0870 2580 rdpbus - ok
21:11:11.0901 2580 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
21:11:11.0901 2580 RDPCDD - ok
21:11:12.0197 2580 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
21:11:12.0197 2580 RDPENCDD - ok
21:11:12.0213 2580 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
21:11:12.0213 2580 RDPREFMP - ok
21:11:12.0369 2580 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
21:11:12.0400 2580 RDPWD - ok
21:11:12.0447 2580 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\windows\system32\drivers\rdyboost.sys
21:11:12.0462 2580 rdyboost - ok
21:11:12.0525 2580 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
21:11:12.0556 2580 RemoteAccess - ok
21:11:12.0618 2580 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
21:11:12.0634 2580 RemoteRegistry - ok
21:11:12.0821 2580 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
21:11:12.0837 2580 RFCOMM - ok
21:11:12.0915 2580 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
21:11:12.0915 2580 RpcEptMapper - ok
21:11:12.0993 2580 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
21:11:13.0008 2580 RpcLocator - ok
21:11:13.0071 2580 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\windows\System32\rpcss.dll
21:11:13.0086 2580 RpcSs - ok
21:11:13.0149 2580 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
21:11:13.0149 2580 rspndr - ok
21:11:13.0258 2580 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
21:11:13.0258 2580 RTL8167 - ok
21:11:13.0414 2580 [ A052FEC0974FA649DAB1F01CF96F45D7 ] rtl8190pn64 C:\windows\system32\DRIVERS\rtl8190p.sys
21:11:13.0601 2580 rtl8190pn64 - ok
21:11:13.0757 2580 [ 2362226743449C713E1CD3210595F9AB ] rtl819xpn64 C:\windows\system32\DRIVERS\rtl819xp.sys
21:11:13.0757 2580 rtl819xpn64 - ok
21:11:13.0788 2580 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\windows\system32\lsass.exe
21:11:13.0788 2580 SamSs - ok
21:11:13.0851 2580 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
21:11:13.0866 2580 sbp2port - ok
21:11:13.0944 2580 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
21:11:13.0960 2580 SCardSvr - ok
21:11:14.0007 2580 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
21:11:14.0022 2580 scfilter - ok
21:11:14.0272 2580 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\windows\system32\schedsvc.dll
21:11:14.0272 2580 Schedule - ok
21:11:14.0303 2580 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\windows\System32\certprop.dll
21:11:14.0319 2580 SCPolicySvc - ok
21:11:14.0350 2580 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\windows\System32\SDRSVC.dll
21:11:14.0366 2580 SDRSVC - ok
21:11:14.0397 2580 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
21:11:14.0397 2580 secdrv - ok
21:11:14.0506 2580 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\windows\system32\seclogon.dll
21:11:14.0506 2580 seclogon - ok
21:11:14.0631 2580 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
21:11:14.0631 2580 SENS - ok
21:11:14.0927 2580 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
21:11:14.0943 2580 SensrSvc - ok
21:11:15.0114 2580 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
21:11:15.0114 2580 Serenum - ok
21:11:15.0161 2580 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
21:11:15.0161 2580 Serial - ok
21:11:15.0224 2580 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
21:11:15.0224 2580 sermouse - ok
21:11:15.0286 2580 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\windows\system32\sessenv.dll
21:11:15.0317 2580 SessionEnv - ok
21:11:15.0364 2580 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
21:11:15.0426 2580 sffdisk - ok
21:11:15.0520 2580 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
21:11:15.0536 2580 sffp_mmc - ok
21:11:15.0536 2580 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
21:11:15.0567 2580 sffp_sd - ok
21:11:15.0723 2580 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
21:11:15.0754 2580 sfloppy - ok
21:11:16.0082 2580 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
21:11:16.0082 2580 SharedAccess - ok
21:11:16.0300 2580 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\windows\System32\shsvcs.dll
21:11:16.0316 2580 ShellHWDetection - ok
21:11:16.0394 2580 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
21:11:16.0394 2580 SiSRaid2 - ok
21:11:16.0440 2580 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
21:11:16.0456 2580 SiSRaid4 - ok
21:11:17.0220 2580 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:11:17.0236 2580 SkypeUpdate - ok
21:11:17.0657 2580 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
21:11:17.0657 2580 Smb - ok
21:11:17.0720 2580 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
21:11:17.0720 2580 SNMPTRAP - ok
21:11:17.0735 2580 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
21:11:17.0766 2580 spldr - ok
21:11:17.0985 2580 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\windows\System32\spoolsv.exe
21:11:17.0985 2580 Spooler - ok
21:11:18.0687 2580 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\windows\system32\sppsvc.exe
21:11:18.0718 2580 sppsvc - ok
21:11:18.0734 2580 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
21:11:18.0749 2580 sppuinotify - ok
21:11:18.0812 2580 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\windows\system32\DRIVERS\srv.sys
21:11:18.0812 2580 srv - ok
21:11:18.0874 2580 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
21:11:18.0874 2580 srv2 - ok
21:11:18.0936 2580 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
21:11:18.0936 2580 srvnet - ok
21:11:19.0077 2580 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
21:11:19.0092 2580 SSDPSRV - ok
21:11:19.0124 2580 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
21:11:19.0124 2580 SstpSvc - ok
21:11:19.0436 2580 Steam Client Service - ok
21:11:19.0685 2580 [ 8D01686AE82B466F4CD074F31F2942CA ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:11:19.0701 2580 Stereo Service - ok
21:11:19.0732 2580 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
21:11:19.0841 2580 stexstor - ok
21:11:19.0966 2580 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\windows\System32\wiaservc.dll
21:11:19.0982 2580 stisvc - ok
21:11:20.0013 2580 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
21:11:20.0013 2580 swenum - ok
21:11:20.0138 2580 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
21:11:20.0169 2580 swprv - ok
21:11:20.0450 2580 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\windows\system32\sysmain.dll
21:11:20.0465 2580 SysMain - ok
21:11:20.0512 2580 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\windows\System32\TabSvc.dll
21:11:20.0528 2580 TabletInputService - ok
21:11:20.0574 2580 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\windows\System32\tapisrv.dll
21:11:20.0574 2580 TapiSrv - ok
21:11:20.0621 2580 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
21:11:20.0621 2580 TBS - ok
21:11:20.0964 2580 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
21:11:21.0027 2580 Tcpip - ok
21:11:21.0058 2580 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
21:11:21.0058 2580 TCPIP6 - ok
21:11:21.0167 2580 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
21:11:21.0183 2580 tcpipreg - ok
21:11:21.0292 2580 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
21:11:21.0386 2580 TDPIPE - ok
21:11:21.0479 2580 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
21:11:21.0495 2580 TDTCP - ok
21:11:21.0526 2580 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\windows\system32\DRIVERS\tdx.sys
21:11:21.0526 2580 tdx - ok
21:11:21.0557 2580 [ C448651339196C0E869A355171875522 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
21:11:21.0557 2580 TermDD - ok
21:11:21.0604 2580 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\windows\System32\termsrv.dll
21:11:21.0620 2580 TermService - ok
21:11:21.0651 2580 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
21:11:21.0651 2580 Themes - ok
21:11:21.0698 2580 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
21:11:21.0713 2580 THREADORDER - ok
21:11:21.0760 2580 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
21:11:21.0760 2580 TrkWks - ok
21:11:21.0854 2580 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
21:11:21.0869 2580 TrustedInstaller - ok
21:11:21.0963 2580 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
21:11:22.0010 2580 tssecsrv - ok
21:11:22.0025 2580 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
21:11:22.0025 2580 tunnel - ok
21:11:22.0088 2580 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
21:11:22.0103 2580 uagp35 - ok
21:11:22.0212 2580 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\windows\system32\DRIVERS\udfs.sys
21:11:22.0244 2580 udfs - ok
21:11:22.0259 2580 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
21:11:22.0275 2580 UI0Detect - ok
21:11:22.0353 2580 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
21:11:22.0368 2580 uliagpkx - ok
21:11:22.0478 2580 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\windows\system32\DRIVERS\umbus.sys
21:11:22.0478 2580 umbus - ok
21:11:22.0556 2580 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
21:11:22.0556 2580 UmPass - ok
21:11:22.0774 2580 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
21:11:22.0805 2580 upnphost - ok
21:11:22.0852 2580 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\windows\system32\drivers\usbaudio.sys
21:11:22.0868 2580 usbaudio - ok
21:11:23.0226 2580 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
21:11:23.0226 2580 usbccgp - ok
21:11:23.0289 2580 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
21:11:23.0304 2580 usbcir - ok
21:11:23.0382 2580 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
21:11:23.0382 2580 usbehci - ok
21:11:23.0476 2580 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
21:11:23.0476 2580 usbhub - ok
21:11:23.0554 2580 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\windows\system32\drivers\usbohci.sys
21:11:23.0570 2580 usbohci - ok
21:11:23.0648 2580 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
21:11:23.0679 2580 usbprint - ok
21:11:23.0788 2580 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
21:11:23.0804 2580 usbscan - ok
21:11:23.0897 2580 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
21:11:23.0897 2580 USBSTOR - ok
21:11:23.0928 2580 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
21:11:23.0944 2580 usbuhci - ok
21:11:23.0975 2580 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
21:11:23.0991 2580 UxSms - ok
21:11:24.0038 2580 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\windows\system32\lsass.exe
21:11:24.0053 2580 VaultSvc - ok
21:11:24.0178 2580 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
21:11:24.0350 2580 vdrvroot - ok
21:11:24.0412 2580 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\windows\System32\vds.exe
21:11:24.0428 2580 vds - ok
21:11:24.0506 2580 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
21:11:24.0552 2580 vga - ok
21:11:24.0568 2580 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
21:11:24.0568 2580 VgaSave - ok
21:11:24.0677 2580 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
21:11:24.0771 2580 vhdmp - ok
21:11:24.0864 2580 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\DRIVERS\viaide.sys
21:11:24.0896 2580 viaide - ok
21:11:24.0927 2580 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
21:11:24.0927 2580 volmgr - ok
21:11:24.0989 2580 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\windows\system32\drivers\volmgrx.sys
21:11:25.0005 2580 volmgrx - ok
21:11:25.0192 2580 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
21:11:25.0208 2580 volsnap - ok
21:11:25.0270 2580 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
21:11:25.0286 2580 vsmraid - ok
21:11:25.0644 2580 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\windows\system32\vssvc.exe
21:11:25.0676 2580 VSS - ok
21:11:25.0769 2580 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
21:11:25.0769 2580 vwifibus - ok
21:11:25.0816 2580 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
21:11:25.0816 2580 vwififlt - ok
21:11:25.0910 2580 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
21:11:25.0925 2580 W32Time - ok
21:11:25.0956 2580 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
21:11:25.0988 2580 WacomPen - ok
21:11:26.0066 2580 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
21:11:26.0066 2580 WANARP - ok
21:11:26.0159 2580 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
21:11:26.0159 2580 Wanarpv6 - ok
21:11:26.0596 2580 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
21:11:26.0627 2580 WatAdminSvc - ok
21:11:26.0970 2580 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\windows\system32\wbengine.exe
21:11:27.0033 2580 wbengine - ok
21:11:27.0064 2580 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
21:11:27.0095 2580 WbioSrvc - ok
21:11:27.0173 2580 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\windows\System32\wcncsvc.dll
21:11:27.0189 2580 wcncsvc - ok
21:11:27.0220 2580 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
21:11:27.0282 2580 WcsPlugInService - ok
21:11:27.0298 2580 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
21:11:27.0314 2580 Wd - ok
21:11:27.0376 2580 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\windows\system32\DRIVERS\wdcsam64.sys
21:11:27.0392 2580 WDC_SAM - ok
21:11:27.0735 2580 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
21:11:27.0750 2580 Wdf01000 - ok
21:11:27.0828 2580 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
21:11:27.0828 2580 WdiServiceHost - ok
21:11:27.0828 2580 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
21:11:27.0828 2580 WdiSystemHost - ok
21:11:27.0860 2580 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\windows\System32\webclnt.dll
21:11:27.0875 2580 WebClient - ok
21:11:27.0906 2580 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
21:11:27.0922 2580 Wecsvc - ok
21:11:27.0953 2580 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
21:11:27.0969 2580 wercplsupport - ok
21:11:27.0984 2580 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
21:11:28.0000 2580 WerSvc - ok
21:11:28.0234 2580 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
21:11:28.0234 2580 WfpLwf - ok
21:11:28.0250 2580 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
21:11:28.0250 2580 WIMMount - ok
21:11:28.0328 2580 WinDefend - ok
21:11:28.0343 2580 WinHttpAutoProxySvc - ok
21:11:28.0546 2580 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
21:11:28.0546 2580 Winmgmt - ok
21:11:28.0874 2580 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\windows\system32\WsmSvc.dll
21:11:28.0920 2580 WinRM - ok
21:11:29.0014 2580 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
21:11:29.0014 2580 WinUsb - ok
21:11:29.0232 2580 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
21:11:29.0248 2580 Wlansvc - ok
21:11:29.0856 2580 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:11:29.0872 2580 wlidsvc - ok
21:11:29.0934 2580 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
21:11:29.0934 2580 WmiAcpi - ok
21:11:30.0153 2580 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
21:11:30.0153 2580 wmiApSrv - ok
21:11:30.0246 2580 WMPNetworkSvc - ok
21:11:30.0356 2580 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
21:11:30.0371 2580 WPCSvc - ok
21:11:30.0418 2580 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
21:11:30.0418 2580 WPDBusEnum - ok
21:11:30.0480 2580 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
21:11:30.0480 2580 ws2ifsl - ok
21:11:30.0605 2580 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\windows\system32\wscsvc.dll
21:11:30.0605 2580 wscsvc - ok
21:11:30.0621 2580 WSearch - ok
21:11:31.0245 2580 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
21:11:31.0260 2580 wuauserv - ok
21:11:31.0307 2580 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
21:11:31.0307 2580 WudfPf - ok
21:11:31.0401 2580 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
21:11:31.0401 2580 WUDFRd - ok
21:11:31.0479 2580 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\windows\System32\WUDFSvc.dll
21:11:31.0479 2580 wudfsvc - ok
21:11:31.0557 2580 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
21:11:31.0557 2580 WwanSvc - ok
21:11:31.0682 2580 ================ Scan global ===============================
21:11:31.0760 2580 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
21:11:31.0822 2580 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\windows\system32\winsrv.dll
21:11:31.0884 2580 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\windows\system32\winsrv.dll
21:11:31.0931 2580 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
21:11:32.0025 2580 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
21:11:32.0025 2580 [Global] - ok
21:11:32.0025 2580 ================ Scan MBR ==================================
21:11:32.0056 2580 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:11:34.0053 2580 \Device\Harddisk0\DR0 - ok
21:11:34.0068 2580 ================ Scan VBR ==================================
21:11:34.0068 2580 [ 022A47CAA1198EA728D63C5BE38EF15E ] \Device\Harddisk0\DR0\Partition1
21:11:34.0068 2580 \Device\Harddisk0\DR0\Partition1 - ok
21:11:34.0068 2580 [ 4F015FA36BA38C32444EFCFEFA545E24 ] \Device\Harddisk0\DR0\Partition2
21:11:34.0084 2580 \Device\Harddisk0\DR0\Partition2 - ok
21:11:34.0084 2580 ================ Scan active images ========================
21:11:34.0084 2580 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
21:11:34.0084 2580 C:\Windows\System32\drivers\crashdmp.sys - ok
21:11:34.0084 2580 [ ABBF174CB394F5C437410A788B7E404A ] C:\Windows\System32\drivers\iaStor.sys
21:11:34.0084 2580 C:\Windows\System32\drivers\iaStor.sys - ok
21:11:34.0100 2580 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
21:11:34.0100 2580 C:\Windows\System32\drivers\dumpfve.sys - ok
21:11:34.0100 2580 [ 400582B09E0BB557D0EC28A945150EEB ] C:\Windows\System32\drivers\dtsoftbus01.sys
21:11:34.0100 2580 C:\Windows\System32\drivers\dtsoftbus01.sys - ok
21:11:34.0100 2580 [ 83D2D75E1EFB81B3450C18131443F7DB ] C:\Windows\System32\drivers\cdrom.sys
21:11:34.0100 2580 C:\Windows\System32\drivers\cdrom.sys - ok
21:11:34.0115 2580 [ 00935D8DA2DCD34017544CFEBA97D1E7 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys
21:11:34.0115 2580 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys - ok
21:11:34.0115 2580 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
21:11:34.0115 2580 C:\Windows\System32\drivers\beep.sys - ok
21:11:34.0115 2580 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
21:11:34.0115 2580 C:\Windows\System32\drivers\null.sys - ok
21:11:34.0115 2580 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
21:11:34.0115 2580 C:\Windows\System32\drivers\RDPCDD.sys - ok
21:11:34.0131 2580 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
21:11:34.0131 2580 C:\Windows\System32\drivers\vga.sys - ok
21:11:34.0131 2580 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
21:11:34.0131 2580 C:\Windows\System32\drivers\videoprt.sys - ok
21:11:34.0131 2580 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
21:11:34.0131 2580 C:\Windows\System32\drivers\watchdog.sys - ok
21:11:34.0131 2580 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
21:11:34.0131 2580 C:\Windows\System32\drivers\RDPENCDD.sys - ok
21:11:34.0131 2580 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
21:11:34.0131 2580 C:\Windows\System32\drivers\RDPREFMP.sys - ok
21:11:34.0131 2580 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
21:11:34.0131 2580 C:\Windows\System32\drivers\msfs.sys - ok
21:11:34.0146 2580 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
21:11:34.0146 2580 C:\Windows\System32\drivers\npfs.sys - ok
21:11:34.0146 2580 [ 0CA6FE26ACC7FFEE1BD0463F40835F32 ] C:\Windows\System32\drivers\tdi.sys
21:11:34.0146 2580 C:\Windows\System32\drivers\tdi.sys - ok
21:11:34.0146 2580 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] C:\Windows\System32\drivers\tdx.sys
21:11:34.0146 2580 C:\Windows\System32\drivers\tdx.sys - ok
21:11:34.0146 2580 [ DB9D6C6B2CD95A9CA414D045B627422E ] C:\Windows\System32\drivers\afd.sys
21:11:34.0146 2580 C:\Windows\System32\drivers\afd.sys - ok
21:11:34.0146 2580 [ 9162B273A44AB9DCE5B44362731D062A ] C:\Windows\System32\drivers\netbt.sys
21:11:34.0146 2580 C:\Windows\System32\drivers\netbt.sys - ok
21:11:34.0146 2580 [ EE992183BD8EAEFD9973F352E587A299 ] C:\Windows\System32\drivers\pacer.sys
21:11:34.0146 2580 C:\Windows\System32\drivers\pacer.sys - ok
21:11:34.0146 2580 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
21:11:34.0146 2580 C:\Windows\System32\drivers\wfplwf.sys - ok
21:11:34.0162 2580 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
21:11:34.0162 2580 C:\Windows\System32\drivers\ws2ifsl.sys - ok
21:11:34.0162 2580 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
21:11:34.0162 2580 C:\Windows\System32\drivers\netbios.sys - ok
21:11:34.0162 2580 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
21:11:34.0162 2580 C:\Windows\System32\drivers\vwififlt.sys - ok
21:11:34.0162 2580 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] C:\Windows\System32\drivers\serial.sys
21:11:34.0162 2580 C:\Windows\System32\drivers\serial.sys - ok
21:11:34.0162 2580 [ 47CA49400643EFFD3F1C9A27E1D69324 ] C:\Windows\System32\drivers\wanarp.sys
21:11:34.0162 2580 C:\Windows\System32\drivers\wanarp.sys - ok
21:11:34.0162 2580 [ C448651339196C0E869A355171875522 ] C:\Windows\System32\drivers\termdd.sys
21:11:34.0162 2580 C:\Windows\System32\drivers\termdd.sys - ok
21:11:34.0162 2580 [ 3BAC8142102C15D59A87757C1D41DCE5 ] C:\Windows\System32\drivers\rdbss.sys
21:11:34.0162 2580 C:\Windows\System32\drivers\rdbss.sys - ok
21:11:34.0178 2580 [ 9E0FFC5EEEA5FEC75560F394B63022BE ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
21:11:34.0178 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys - ok
21:11:34.0178 2580 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
21:11:34.0178 2580 C:\Windows\System32\drivers\mssmbios.sys - ok
21:11:34.0178 2580 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
21:11:34.0178 2580 C:\Windows\System32\drivers\nsiproxy.sys - ok
21:11:34.0178 2580 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
21:11:34.0178 2580 C:\Windows\System32\drivers\blbdrive.sys - ok
21:11:34.0178 2580 [ 9C253CE7311CA60FC11C774692A13208 ] C:\Windows\System32\drivers\dfsc.sys
21:11:34.0178 2580 C:\Windows\System32\drivers\dfsc.sys - ok
21:11:34.0178 2580 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
21:11:34.0178 2580 C:\Windows\System32\drivers\discache.sys - ok
21:11:34.0193 2580 [ 3836171A2CDF3AF8EF10856DB9835A70 ] C:\Windows\System32\drivers\tunnel.sys
21:11:34.0193 2580 C:\Windows\System32\drivers\tunnel.sys - ok
21:11:34.0193 2580 [ 68DB778AC4FD7896CE2F153353BA15C8 ] C:\Windows\System32\ntdll.dll
21:11:34.0193 2580 C:\Windows\System32\ntdll.dll - ok
21:11:34.0193 2580 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
21:11:34.0193 2580 C:\Windows\System32\smss.exe - ok
21:11:34.0193 2580 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
21:11:34.0193 2580 C:\Windows\System32\drivers\intelppm.sys - ok
21:11:34.0193 2580 [ 8B7F8E882A649D81CEA1EDE9BBB68FFF ] C:\Windows\System32\autochk.exe
21:11:34.0193 2580 C:\Windows\System32\autochk.exe - ok
21:11:34.0193 2580 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] C:\Windows\System32\drivers\nusb3xhc.sys
21:11:34.0193 2580 C:\Windows\System32\drivers\nusb3xhc.sys - ok
21:11:34.0193 2580 [ 70B5A5A7E0DDD5EBAF6E35B7257A6B9D ] C:\Windows\System32\drivers\usbd.sys
21:11:34.0193 2580 C:\Windows\System32\drivers\usbd.sys - ok
21:11:34.0209 2580 [ 6A4EA4C29FBF78112AE20013FB71E9C1 ] C:\Windows\System32\setupapi.dll
21:11:34.0209 2580 C:\Windows\System32\setupapi.dll - ok
21:11:34.0209 2580 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
21:11:34.0209 2580 C:\Windows\System32\difxapi.dll - ok
21:11:34.0209 2580 [ 5CAEAB8A2CA3D8715448F3BA9FF35D87 ] C:\Windows\System32\drivers\nvBridge.kmd
21:11:34.0209 2580 C:\Windows\System32\drivers\nvBridge.kmd - ok
21:11:34.0209 2580 [ BBE872A814B00798C2D568D46C42A71B ] C:\Windows\System32\drivers\nvlddmkm.sys
21:11:34.0209 2580 C:\Windows\System32\drivers\nvlddmkm.sys - ok
21:11:34.0209 2580 [ 1633B9ABF52784A1331476397A48CBEF ] C:\Windows\System32\drivers\dxgkrnl.sys
21:11:34.0209 2580 C:\Windows\System32\drivers\dxgkrnl.sys - ok
21:11:34.0209 2580 [ 3238B9078E0766AB5E62DC737A809ADB ] C:\Windows\System32\drivers\dxgmms1.sys
21:11:34.0209 2580 C:\Windows\System32\drivers\dxgmms1.sys - ok
21:11:34.0224 2580 [ 0A49913402747A0B67DE940FB42CBDBB ] C:\Windows\System32\drivers\hdaudbus.sys
21:11:34.0224 2580 C:\Windows\System32\drivers\hdaudbus.sys - ok
21:11:34.0224 2580 [ BBF36EB7117F6B976975C9D8D877DF18 ] C:\Windows\System32\drivers\usbport.sys
21:11:34.0224 2580 C:\Windows\System32\drivers\usbport.sys - ok
21:11:34.0224 2580 [ BC3070350A491D84B518D7CCA9ABD36F ] C:\Windows\System32\drivers\usbuhci.sys
21:11:34.0224 2580 C:\Windows\System32\drivers\usbuhci.sys - ok
21:11:34.0224 2580 [ 92969BA5AC44E229C55A332864F79677 ] C:\Windows\System32\drivers\usbehci.sys
21:11:34.0224 2580 C:\Windows\System32\drivers\usbehci.sys - ok
21:11:34.0224 2580 [ 2362226743449C713E1CD3210595F9AB ] C:\Windows\System32\drivers\rtl819xp.sys
21:11:34.0224 2580 C:\Windows\System32\drivers\rtl819xp.sys - ok
21:11:34.0224 2580 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
21:11:34.0224 2580 C:\Windows\System32\drivers\vwifibus.sys - ok
21:11:34.0224 2580 [ 1B00662092F9F9568B995902F0CC40D5 ] C:\Windows\System32\drivers\1394ohci.sys
21:11:34.0224 2580 C:\Windows\System32\drivers\1394ohci.sys - ok
21:11:34.0240 2580 [ B49DC435AE3695BAC5623DD94B05732D ] C:\Windows\System32\drivers\Rt64win7.sys
21:11:34.0240 2580 C:\Windows\System32\drivers\Rt64win7.sys - ok
21:11:34.0240 2580 [ 2219A3D695405E7BA2186BA6B9EDE14A ] C:\Windows\System32\drivers\ASACPI.sys
21:11:34.0240 2580 C:\Windows\System32\drivers\ASACPI.sys - ok
21:11:34.0240 2580 [ CB624C0035412AF0DEBEC78C41F5CA1B ] C:\Windows\System32\drivers\serenum.sys
21:11:34.0240 2580 C:\Windows\System32\drivers\serenum.sys - ok
21:11:34.0240 2580 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
21:11:34.0240 2580 C:\Windows\System32\drivers\wmiacpi.sys - ok
21:11:34.0240 2580 [ F26B3A86F6FA87CA360B879581AB4123 ] C:\Windows\System32\drivers\CompositeBus.sys
21:11:34.0240 2580 C:\Windows\System32\drivers\CompositeBus.sys - ok
21:11:34.0240 2580 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
21:11:34.0240 2580 C:\Windows\System32\drivers\drmk.sys - ok
21:11:34.0240 2580 [ 5C7AF4A20F5BF67042B2E613D123D111 ] C:\Windows\System32\drivers\ks.sys
21:11:34.0240 2580 C:\Windows\System32\drivers\ks.sys - ok
21:11:34.0256 2580 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
21:11:34.0256 2580 C:\Windows\System32\drivers\portcls.sys - ok
21:11:34.0256 2580 [ 3184759434D6BA5031AC221DF6765B86 ] C:\Windows\System32\drivers\vrtaucbl.sys
21:11:34.0256 2580 C:\Windows\System32\drivers\vrtaucbl.sys - ok
21:11:34.0256 2580 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
21:11:34.0256 2580 C:\Windows\System32\drivers\agilevpn.sys - ok
21:11:34.0256 2580 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
21:11:34.0256 2580 C:\Windows\System32\drivers\ksthunk.sys - ok
21:11:34.0256 2580 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
21:11:34.0256 2580 C:\Windows\System32\drivers\ndistapi.sys - ok
21:11:34.0256 2580 [ 87A6E852A22991580D6D39ADC4790463 ] C:\Windows\System32\drivers\rasl2tp.sys
21:11:34.0256 2580 C:\Windows\System32\drivers\rasl2tp.sys - ok
21:11:34.0271 2580 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] C:\Windows\System32\drivers\ndiswan.sys
21:11:34.0271 2580 C:\Windows\System32\drivers\ndiswan.sys - ok
21:11:34.0271 2580 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
21:11:34.0271 2580 C:\Windows\System32\drivers\raspppoe.sys - ok
21:11:34.0271 2580 [ 27CC19E81BA5E3403C48302127BDA717 ] C:\Windows\System32\drivers\raspptp.sys
21:11:34.0271 2580 C:\Windows\System32\drivers\raspptp.sys - ok
21:11:34.0271 2580 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
21:11:34.0271 2580 C:\Windows\System32\drivers\rassstp.sys - ok
21:11:34.0271 2580 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
21:11:34.0271 2580 C:\Windows\System32\drivers\kbdclass.sys - ok
21:11:34.0271 2580 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
21:11:34.0271 2580 C:\Windows\System32\drivers\mouclass.sys - ok
21:11:34.0271 2580 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
21:11:34.0271 2580 C:\Windows\System32\drivers\swenum.sys - ok
21:11:34.0287 2580 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] C:\Windows\System32\drivers\umbus.sys
21:11:34.0287 2580 C:\Windows\System32\drivers\umbus.sys - ok
21:11:34.0287 2580 [ 8EBCB9165EE7F1571842F4D9D624A74C ] C:\Windows\System32\drivers\nusb3hub.sys
21:11:34.0287 2580 C:\Windows\System32\drivers\nusb3hub.sys - ok
21:11:34.0287 2580 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
21:11:34.0287 2580 C:\Windows\System32\sechost.dll - ok
21:11:34.0287 2580 [ 5F2BDCA5FA0F20A6F452CF0EE2A2B18C ] C:\Windows\System32\usp10.dll
21:11:34.0287 2580 C:\Windows\System32\usp10.dll - ok
21:11:34.0287 2580 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] C:\Windows\System32\drivers\usbhub.sys
21:11:34.0287 2580 C:\Windows\System32\drivers\usbhub.sys - ok
21:11:34.0287 2580 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
21:11:34.0287 2580 C:\Windows\System32\psapi.dll - ok
21:11:34.0302 2580 [ 3D165C53E40236A68B7102D1A622D4E0 ] C:\Windows\System32\wininet.dll
21:11:34.0302 2580 C:\Windows\System32\wininet.dll - ok
21:11:34.0302 2580 [ E1B1255D3A4B3367FE4E9C71E62E3B5A ] C:\Windows\System32\gdi32.dll
21:11:34.0302 2580 C:\Windows\System32\gdi32.dll - ok
21:11:34.0302 2580 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
21:11:34.0302 2580 C:\Windows\System32\imm32.dll - ok
21:11:34.0302 2580 [ 72D7B3EA16946E8F0CF7458150031CC6 ] C:\Windows\System32\user32.dll
21:11:34.0302 2580 C:\Windows\System32\user32.dll - ok
21:11:34.0302 2580 [ 579F6AFC6A6561951FA2202EFC3FE485 ] C:\Windows\System32\msvcrt.dll
21:11:34.0302 2580 C:\Windows\System32\msvcrt.dll - ok
21:11:34.0302 2580 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
21:11:34.0302 2580 C:\Windows\System32\nsi.dll - ok
21:11:34.0302 2580 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
21:11:34.0302 2580 C:\Windows\System32\clbcatq.dll - ok
21:11:34.0318 2580 [ F94B8644F3AFE040EC6E1B6FBC9EFAA9 ] C:\Windows\System32\comdlg32.dll
21:11:34.0318 2580 C:\Windows\System32\comdlg32.dll - ok
21:11:34.0318 2580 [ 15BDC173EB5FA4F92B67D9FFB269A6EA ] C:\Windows\System32\shlwapi.dll
21:11:34.0318 2580 C:\Windows\System32\shlwapi.dll - ok
21:11:34.0318 2580 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
21:11:34.0318 2580 C:\Windows\System32\normaliz.dll - ok
21:11:34.0318 2580 [ E5CBF5F8623BBD1DB7B8148A66F6EBA4 ] C:\Windows\System32\Wldap32.dll
21:11:34.0318 2580 C:\Windows\System32\Wldap32.dll - ok
21:11:34.0318 2580 [ 8E7F88A62E1AA28F15C0D6784E4C78B6 ] C:\Windows\System32\kernel32.dll
21:11:34.0318 2580 C:\Windows\System32\kernel32.dll - ok
21:11:34.0318 2580 [ 15A54626213EBF003F7D4C9D8380A656 ] C:\Windows\System32\imagehlp.dll
21:11:34.0318 2580 C:\Windows\System32\imagehlp.dll - ok
21:11:34.0318 2580 [ 2A46451EE42BCD2C842D8AA4923FAC16 ] C:\Windows\System32\oleaut32.dll
21:11:34.0318 2580 C:\Windows\System32\oleaut32.dll - ok
21:11:34.0334 2580 [ 7083F463788CB34FCC42F565D56F89E8 ] C:\Windows\System32\ws2_32.dll
21:11:34.0334 2580 C:\Windows\System32\ws2_32.dll - ok
21:11:34.0334 2580 [ 48C903068B6BDAB5EF650B9CBEE85295 ] C:\Windows\System32\rpcrt4.dll
21:11:34.0334 2580 C:\Windows\System32\rpcrt4.dll - ok
21:11:34.0334 2580 [ AC8F79017C5C1FB316930EDEAD0AF517 ] C:\Windows\System32\ole32.dll
21:11:34.0334 2580 C:\Windows\System32\ole32.dll - ok
21:11:34.0334 2580 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
21:11:34.0334 2580 C:\Windows\System32\msctf.dll - ok
21:11:34.0334 2580 [ 48CC125A6AB6C72A13E3D3E9C39AD9D9 ] C:\Windows\System32\shell32.dll
21:11:34.0334 2580 C:\Windows\System32\shell32.dll - ok
21:11:34.0334 2580 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
21:11:34.0334 2580 C:\Windows\System32\advapi32.dll - ok
21:11:34.0334 2580 [ D841F7629505EE542E26E5F0A4D20101 ] C:\Windows\System32\iertutil.dll
21:11:34.0334 2580 C:\Windows\System32\iertutil.dll - ok
21:11:34.0349 2580 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
21:11:34.0349 2580 C:\Windows\System32\lpk.dll - ok
21:11:34.0349 2580 [ 2885A3C3148F725CDA0B4C593BA8F7CE ] C:\Windows\System32\urlmon.dll
21:11:34.0349 2580 C:\Windows\System32\urlmon.dll - ok
21:11:34.0349 2580 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\System32\comctl32.dll
21:11:34.0349 2580 C:\Windows\System32\comctl32.dll - ok
21:11:34.0349 2580 [ D05E03C1B2824236531F5E37334B6A8A ] C:\Windows\System32\cfgmgr32.dll
21:11:34.0349 2580 C:\Windows\System32\cfgmgr32.dll - ok
21:11:34.0349 2580 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
21:11:34.0349 2580 C:\Windows\System32\devobj.dll - ok
21:11:34.0349 2580 [ 140A25BE1A1D2F6B17A019B305611A02 ] C:\Windows\System32\KernelBase.dll
21:11:34.0349 2580 C:\Windows\System32\KernelBase.dll - ok
21:11:34.0365 2580 [ D256EB74BF77026FC9A3D7193861C7AD ] C:\Windows\System32\crypt32.dll
21:11:34.0365 2580 C:\Windows\System32\crypt32.dll - ok
21:11:34.0365 2580 [ 659B74FB74B86228D6338D643CD3E3CF ] C:\Windows\System32\drivers\ndproxy.sys
21:11:34.0365 2580 C:\Windows\System32\drivers\ndproxy.sys - ok
21:11:34.0365 2580 [ ED9380F201C8126425C09BED96DBE1E5 ] C:\Windows\System32\drivers\nvhda64v.sys
21:11:34.0365 2580 C:\Windows\System32\drivers\nvhda64v.sys - ok
21:11:34.0365 2580 [ 6410F6F415B2A5A9037224C41DA8BF12 ] C:\Windows\System32\drivers\HdAudio.sys
21:11:34.0365 2580 C:\Windows\System32\drivers\HdAudio.sys - ok
21:11:34.0365 2580 [ 987508ED06FC097E754A91BA8A8AAD0E ] C:\Windows\System32\wintrust.dll
21:11:34.0365 2580 C:\Windows\System32\wintrust.dll - ok
21:11:34.0365 2580 [ 98FB7DD3B28A92E3C0E5B4BD9D63EF01 ] C:\Windows\System32\msasn1.dll
21:11:34.0365 2580 C:\Windows\System32\msasn1.dll - ok
21:11:34.0365 2580 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
21:11:34.0365 2580 C:\Windows\SysWOW64\normaliz.dll - ok
21:11:34.0380 2580 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
21:11:34.0380 2580 C:\Windows\System32\drivers\dxapi.sys - ok
21:11:34.0380 2580 [ E37C71EA972AD883E7841D07BC6D5F1C ] C:\Windows\System32\win32k.sys
21:11:34.0380 2580 C:\Windows\System32\win32k.sys - ok
21:11:34.0380 2580 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
21:11:34.0380 2580 C:\Windows\System32\basesrv.dll - ok
21:11:34.0380 2580 [ E730EADB8F176DB06A378435BEB2E823 ] C:\Windows\System32\csrsrv.dll
21:11:34.0380 2580 C:\Windows\System32\csrsrv.dll - ok
21:11:34.0380 2580 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
21:11:34.0380 2580 C:\Windows\System32\csrss.exe - ok
21:11:34.0380 2580 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\System32\winsrv.dll
21:11:34.0380 2580 C:\Windows\System32\winsrv.dll - ok
21:11:34.0396 2580 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] C:\Windows\System32\drivers\usbccgp.sys
21:11:34.0396 2580 C:\Windows\System32\drivers\usbccgp.sys - ok
21:11:34.0396 2580 [ 685FEC2407FC121EB937CB658B3C0F35 ] C:\Windows\System32\drivers\hidclass.sys
21:11:34.0396 2580 C:\Windows\System32\drivers\hidclass.sys - ok
21:11:34.0396 2580 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
21:11:34.0396 2580 C:\Windows\System32\drivers\hidparse.sys - ok
21:11:34.0396 2580 [ B3BF6B5B50006DEF50B66306D99FCF6F ] C:\Windows\System32\drivers\hidusb.sys
21:11:34.0396 2580 C:\Windows\System32\drivers\hidusb.sys - ok
21:11:34.0396 2580 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] C:\Windows\System32\drivers\kbdhid.sys
21:11:34.0396 2580 C:\Windows\System32\drivers\kbdhid.sys - ok
21:11:34.0396 2580 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
21:11:34.0396 2580 C:\Windows\System32\drivers\monitor.sys - ok
21:11:34.0396 2580 [ F39983647BC1F3E6100778DDFE9DCE29 ] C:\Windows\System32\drivers\USBSTOR.SYS
21:11:34.0396 2580 C:\Windows\System32\drivers\USBSTOR.SYS - ok
21:11:34.0412 2580 [ B8BD2BB284668C84865658C77574381A ] C:\Windows\System32\drivers\cdfs.sys
21:11:34.0412 2580 C:\Windows\System32\drivers\cdfs.sys - ok
21:11:34.0412 2580 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
21:11:34.0412 2580 C:\Windows\System32\drivers\mouhid.sys - ok
21:11:34.0412 2580 [ 77B01BC848298223A95D4EC23E1785A1 ] C:\Windows\System32\drivers\USBAUDIO.sys
21:11:34.0412 2580 C:\Windows\System32\drivers\USBAUDIO.sys - ok
21:11:34.0412 2580 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
21:11:34.0412 2580 C:\Windows\System32\tsddd.dll - ok
21:11:34.0412 2580 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
21:11:34.0412 2580 C:\Windows\System32\sxssrv.dll - ok
21:11:34.0412 2580 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
21:11:34.0412 2580 C:\Windows\System32\wininit.exe - ok
21:11:34.0427 2580 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
21:11:34.0427 2580 C:\Windows\System32\profapi.dll - ok
21:11:34.0427 2580 [ B9A047D231D32FDF5AF2F281E4326A9D ] C:\Windows\System32\KBDUS.DLL
21:11:34.0427 2580 C:\Windows\System32\KBDUS.DLL - ok
21:11:34.0427 2580 [ F4389DA7DBDA2E7D292D360CF8E400C7 ] C:\Windows\System32\RpcRtRemote.dll
21:11:34.0427 2580 C:\Windows\System32\RpcRtRemote.dll - ok
21:11:34.0427 2580 [ 100BDF2F89D6056CEE900BB6156DA737 ] C:\Windows\System32\cdd.dll
21:11:34.0427 2580 C:\Windows\System32\cdd.dll - ok
21:11:34.0427 2580 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
21:11:34.0427 2580 C:\Windows\System32\WlS0WndH.dll - ok
21:11:34.0427 2580 [ DA3E2A6FA9660CC75B471530CE88453A ] C:\Windows\System32\winlogon.exe
21:11:34.0427 2580 C:\Windows\System32\winlogon.exe - ok
21:11:34.0427 2580 [ D8C88512BA9544AE1CC2034F50ECFA12 ] C:\Windows\System32\winsta.dll
21:11:34.0427 2580 C:\Windows\System32\winsta.dll - ok
21:11:34.0443 2580 [ 456C92A9D8DB51B9938A6234BBC65FC9 ] C:\Windows\System32\sxs.dll
21:11:34.0443 2580 C:\Windows\System32\sxs.dll - ok
21:11:34.0443 2580 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
21:11:34.0443 2580 C:\Windows\System32\cryptbase.dll - ok
21:11:34.0443 2580 [ 01A465AC251BCCF6037DF2EF28AA4292 ] C:\Windows\System32\apphelp.dll
21:11:34.0443 2580 C:\Windows\System32\apphelp.dll - ok
21:11:34.0443 2580 [ 156F6159457D0AA7E59B62681B56EB90 ] C:\Windows\System32\lsass.exe
21:11:34.0443 2580 C:\Windows\System32\lsass.exe - ok
21:11:34.0443 2580 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
21:11:34.0443 2580 C:\Windows\System32\services.exe - ok
21:11:34.0443 2580 [ BFA69408620587AFDEC2E8C12CA60492 ] C:\Windows\System32\lsasrv.dll
21:11:34.0443 2580 C:\Windows\System32\lsasrv.dll - ok
21:11:34.0443 2580 [ 04FCA22B77A2E37332CC8226187AF87B ] C:\Windows\System32\lsm.exe
21:11:34.0443 2580 C:\Windows\System32\lsm.exe - ok
21:11:34.0458 2580 [ 1F582C6C84D5243692F9C3E04D0A663F ] C:\Windows\System32\sspicli.dll
21:11:34.0458 2580 C:\Windows\System32\sspicli.dll - ok
21:11:34.0458 2580 [ 68EA2513CA68AD8F741FF4F5B8D8590C ] C:\Windows\System32\sspisrv.dll
21:11:34.0458 2580 C:\Windows\System32\sspisrv.dll - ok
21:11:34.0458 2580 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
21:11:34.0458 2580 C:\Windows\System32\scext.dll - ok
21:11:34.0458 2580 [ 941AF3C8B0DE1B359BE22DD3288A8C8E ] C:\Windows\System32\scesrv.dll
21:11:34.0458 2580 C:\Windows\System32\scesrv.dll - ok
21:11:34.0458 2580 [ 74A0871810BF0F2AA3EB6681E9BECDD3 ] C:\Windows\System32\secur32.dll
21:11:34.0458 2580 C:\Windows\System32\secur32.dll - ok
21:11:34.0458 2580 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
21:11:34.0458 2580 C:\Windows\System32\sysntfy.dll - ok
21:11:34.0458 2580 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
21:11:34.0458 2580 C:\Windows\System32\wmsgapi.dll - ok
21:11:34.0474 2580 [ B160ADAEFC76031D92C4FBAC0918B033 ] C:\Windows\System32\samsrv.dll
21:11:34.0474 2580 C:\Windows\System32\samsrv.dll - ok
21:11:34.0474 2580 [ D23371AB9607651937C7641A38CD52BC ] C:\Windows\System32\srvcli.dll
21:11:34.0474 2580 C:\Windows\System32\srvcli.dll - ok
21:11:34.0474 2580 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
21:11:34.0474 2580 C:\Windows\System32\cryptdll.dll - ok
21:11:34.0474 2580 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
21:11:34.0474 2580 C:\Windows\System32\wevtapi.dll - ok
21:11:34.0474 2580 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
21:11:34.0474 2580 C:\Windows\System32\authz.dll - ok
21:11:34.0474 2580 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
21:11:34.0474 2580 C:\Windows\System32\cngaudit.dll - ok
21:11:34.0490 2580 [ E08926B4E52F92FF8852BECC0E2F358A ] C:\Windows\System32\ncrypt.dll
21:11:34.0490 2580 C:\Windows\System32\ncrypt.dll - ok
21:11:34.0490 2580 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
21:11:34.0490 2580 C:\Windows\System32\bcrypt.dll - ok
21:11:34.0490 2580 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
21:11:34.0490 2580 C:\Windows\System32\msprivs.dll - ok
21:11:34.0490 2580 [ B561B451320B0B40908A8BFD81705262 ] C:\Windows\System32\netjoin.dll
21:11:34.0490 2580 C:\Windows\System32\netjoin.dll - ok
21:11:34.0490 2580 [ EFC5353E4F513DEF55ED7B7872363957 ] C:\Windows\System32\atmfd.dll
21:11:34.0490 2580 C:\Windows\System32\atmfd.dll - ok
21:11:34.0490 2580 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
21:11:34.0490 2580 C:\Windows\System32\negoexts.dll - ok
21:11:34.0490 2580 [ 00B40A10E3DB79E4D3E127B9C2233A6B ] C:\Windows\System32\kerberos.dll
21:11:34.0490 2580 C:\Windows\System32\kerberos.dll - ok
21:11:34.0505 2580 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
21:11:34.0505 2580 C:\Windows\System32\cryptsp.dll - ok
21:11:34.0505 2580 [ FC76FE3C1E1FDB761244D4F74EF560FD ] C:\Windows\System32\mswsock.dll
21:11:34.0505 2580 C:\Windows\System32\mswsock.dll - ok
21:11:34.0505 2580 [ FA4DB05923DDDEDE3196ABD09AE0F1E9 ] C:\Windows\System32\msv1_0.dll
21:11:34.0505 2580 C:\Windows\System32\msv1_0.dll - ok
21:11:34.0505 2580 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
21:11:34.0505 2580 C:\Windows\System32\wship6.dll - ok
21:11:34.0505 2580 [ 956D030D375F207B22FB111E06EF9C35 ] C:\Windows\System32\netlogon.dll
21:11:34.0505 2580 C:\Windows\System32\netlogon.dll - ok
21:11:34.0505 2580 [ E247E7DEB20C0CF0801A8AC39E9CE1DF ] C:\Windows\System32\dnsapi.dll
21:11:34.0505 2580 C:\Windows\System32\dnsapi.dll - ok
21:11:34.0505 2580 [ 8CE22E63F08613036DF8C7B00FBDF36B ] C:\Windows\System32\logoncli.dll
21:11:34.0505 2580 C:\Windows\System32\logoncli.dll - ok
21:11:34.0521 2580 [ 90B780886BD813882CB382FF3E90E092 ] C:\Windows\System32\schannel.dll
21:11:34.0521 2580 C:\Windows\System32\schannel.dll - ok
21:11:34.0521 2580 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
21:11:34.0521 2580 C:\Windows\System32\wdigest.dll - ok
21:11:34.0521 2580 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
21:11:34.0521 2580 C:\Windows\System32\rsaenh.dll - ok
21:11:34.0521 2580 [ 0DEFD5FBF801DD8F83BC0ED09861A8EC ] C:\Windows\System32\TSpkg.dll
21:11:34.0521 2580 C:\Windows\System32\TSpkg.dll - ok
21:11:34.0521 2580 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
21:11:34.0521 2580 C:\Windows\System32\pku2u.dll - ok
21:11:34.0521 2580 [ 918434C02A5A8ED1DD1B16A2FF16409C ] C:\Windows\System32\LIVESSP.DLL
21:11:34.0521 2580 C:\Windows\System32\LIVESSP.DLL - ok
21:11:34.0536 2580 [ DA090E97E57DCB48888015B5D3C749CD ] C:\Windows\System32\bcryptprimitives.dll
21:11:34.0536 2580 C:\Windows\System32\bcryptprimitives.dll - ok
21:11:34.0536 2580 [ 9301B8810B2DA4EB6AD55DB75FC1E339 ] C:\Windows\System32\credssp.dll
21:11:34.0536 2580 C:\Windows\System32\credssp.dll - ok
21:11:34.0536 2580 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
21:11:34.0536 2580 C:\Windows\System32\efslsaext.dll - ok
21:11:34.0536 2580 [ 398712DDDAEFB85EDF61DF6A07B65C79 ] C:\Windows\System32\scecli.dll
21:11:34.0536 2580 C:\Windows\System32\scecli.dll - ok
21:11:34.0536 2580 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
21:11:34.0536 2580 C:\Windows\System32\ubpm.dll - ok
21:11:34.0536 2580 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
21:11:34.0536 2580 C:\Windows\System32\svchost.exe - ok
21:11:34.0536 2580 [ 98B1721B8718164293B9701B98C52D77 ] C:\Windows\System32\umpnpmgr.dll
21:11:34.0536 2580 C:\Windows\System32\umpnpmgr.dll - ok
21:11:34.0552 2580 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
21:11:34.0552 2580 C:\Windows\System32\SPInf.dll - ok
21:11:34.0552 2580 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
21:11:34.0552 2580 C:\Windows\System32\devrtl.dll - ok
21:11:34.0552 2580 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
21:11:34.0552 2580 C:\Windows\System32\gpapi.dll - ok
21:11:34.0552 2580 [ 0776CF79590BDEF0A2728B0B9A813B96 ] C:\Windows\System32\userenv.dll
21:11:34.0552 2580 C:\Windows\System32\userenv.dll - ok
21:11:34.0552 2580 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
21:11:34.0552 2580 C:\Windows\System32\umpo.dll - ok
21:11:34.0552 2580 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
21:11:34.0552 2580 C:\Windows\System32\pcwum.dll - ok
21:11:34.0552 2580 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
21:11:34.0552 2580 C:\Windows\System32\powrprof.dll - ok
21:11:34.0568 2580 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
21:11:34.0568 2580 C:\Windows\System32\drivers\luafv.sys - ok
21:11:34.0568 2580 [ B9FC4CCE5758B816F27DD4D1EED11841 ] C:\Windows\System32\drivers\mbam.sys
21:11:34.0568 2580 C:\Windows\System32\drivers\mbam.sys - ok
21:11:34.0568 2580 [ 7CADC74271DD6461C452C271B30BD378 ] C:\Windows\System32\drivers\WUDFPf.sys
21:11:34.0568 2580 C:\Windows\System32\drivers\WUDFPf.sys - ok
21:11:34.0568 2580 [ 0393E59488C67F704336F3FF06E2B7BD ] C:\Windows\System32\nvvsvc.exe
21:11:34.0568 2580 C:\Windows\System32\nvvsvc.exe - ok
21:11:34.0568 2580 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
21:11:34.0568 2580 C:\Windows\System32\wtsapi32.dll - ok
21:11:34.0568 2580 [ 7266972E86890E2B30C0C322E906B027 ] C:\Windows\System32\rpcss.dll
21:11:34.0568 2580 C:\Windows\System32\rpcss.dll - ok
21:11:34.0583 2580 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
21:11:34.0583 2580 C:\Windows\System32\RpcEpMap.dll - ok
21:11:34.0583 2580 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
21:11:34.0583 2580 C:\Windows\System32\wshqos.dll - ok
21:11:34.0583 2580 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
21:11:34.0583 2580 C:\Windows\System32\WSHTCPIP.DLL - ok
21:11:34.0583 2580 [ BCF8F2758AA5C451F8E366C66A98BBFE ] C:\Program Files\Microsoft Security Client\MpSvc.dll
21:11:34.0583 2580 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
21:11:34.0583 2580 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:11:34.0583 2580 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
21:11:34.0583 2580 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
21:11:34.0583 2580 C:\Windows\System32\FirewallAPI.dll - ok
21:11:34.0583 2580 [ 93E6A39B1DB898F7C949FA5567E774CF ] C:\Windows\System32\LogonUI.exe
21:11:34.0583 2580 C:\Windows\System32\LogonUI.exe - ok
21:11:34.0599 2580 [ BCF0A980D21711E47D0803BDB0E99CAD ] C:\Windows\System32\authui.dll
21:11:34.0599 2580 C:\Windows\System32\authui.dll - ok
21:11:34.0599 2580 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
21:11:34.0599 2580 C:\Windows\System32\version.dll - ok
21:11:34.0599 2580 [ 2F67DEE6452EBC9F4A6C97A1CCC232FE ] C:\Program Files\Microsoft Security Client\MpClient.dll
21:11:34.0599 2580 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
21:11:34.0599 2580 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
21:11:34.0599 2580 C:\Windows\System32\ntmarta.dll - ok
21:11:34.0599 2580 [ DBA90306A721FB922FDACED9E9728C28 ] C:\Windows\System32\cryptui.dll
21:11:34.0599 2580 C:\Windows\System32\cryptui.dll - ok
21:11:34.0599 2580 [ 113921FC4A80A3DDF646852998B836D0 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
21:11:34.0599 2580 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll - ok
21:11:34.0614 2580 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
21:11:34.0614 2580 C:\Windows\System32\samlib.dll - ok
21:11:34.0614 2580 [ 84F8C8B9FB1F12532999D25F5DD7E77C ] C:\Windows\System32\shacct.dll
21:11:34.0614 2580 C:\Windows\System32\shacct.dll - ok
21:11:34.0614 2580 [ B27EA141A7E748B607600A8551A44D5A ] C:\Windows\System32\propsys.dll
21:11:34.0614 2580 C:\Windows\System32\propsys.dll - ok
21:11:34.0614 2580 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
21:11:34.0614 2580 C:\Windows\System32\uxtheme.dll - ok
21:11:34.0614 2580 [ DD0701DE0AAA010E6EBD0F53B672DCEE ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll
21:11:34.0614 2580 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll - ok
21:11:34.0614 2580 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
21:11:34.0614 2580 C:\Windows\System32\dui70.dll - ok
21:11:34.0614 2580 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
21:11:34.0614 2580 C:\Windows\System32\duser.dll - ok
21:11:34.0630 2580 [ B2E3D4BB3389817FB5E4CD9378BC8791 ] C:\Windows\System32\SndVolSSO.dll
21:11:34.0630 2580 C:\Windows\System32\SndVolSSO.dll - ok
21:11:34.0630 2580 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
21:11:34.0630 2580 C:\Windows\System32\hid.dll - ok
21:11:34.0630 2580 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
21:11:34.0630 2580 C:\Windows\System32\MMDevAPI.dll - ok
21:11:34.0630 2580 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
21:11:34.0630 2580 C:\Windows\System32\dwmapi.dll - ok
21:11:34.0630 2580 [ 5F10310A5A9273475AA04930DFE16742 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
21:11:34.0630 2580 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
21:11:34.0630 2580 [ 39F91A948E6017B732C4A0B3086A8E32 ] C:\Windows\System32\xmllite.dll
21:11:34.0630 2580 C:\Windows\System32\xmllite.dll - ok
21:11:34.0630 2580 [ EA99F234843BBDDA1ABD2767111ADE25 ] C:\Windows\System32\WindowsCodecs.dll
21:11:34.0630 2580 C:\Windows\System32\WindowsCodecs.dll - ok
21:11:34.0646 2580 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
21:11:34.0646 2580 C:\Windows\System32\winbrand.dll - ok
21:11:34.0646 2580 [ 65AA99CB303BA21F9ACC8C1374A14798 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
21:11:34.0646 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe - ok
21:11:34.0646 2580 [ DB6DD54A93522CA3572D04B56C5DB890 ] C:\Windows\SysWOW64\ntdll.dll
21:11:34.0646 2580 C:\Windows\SysWOW64\ntdll.dll - ok
21:11:34.0646 2580 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
21:11:34.0646 2580 C:\Windows\System32\VaultCredProvider.dll - ok
21:11:34.0646 2580 [ 2A381A9740165D7A1405148B6DFB3E38 ] C:\Windows\System32\SmartcardCredentialProvider.dll
21:11:34.0646 2580 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
21:11:34.0646 2580 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
21:11:34.0646 2580 C:\Windows\System32\BioCredProv.dll - ok
21:11:34.0661 2580 [ 97D38371502AA797DB14EB1FA5FCE4CD ] C:\Windows\System32\credui.dll
21:11:34.0661 2580 C:\Windows\System32\credui.dll - ok
21:11:34.0661 2580 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
21:11:34.0661 2580 C:\Windows\System32\winbio.dll - ok
21:11:34.0661 2580 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
21:11:34.0661 2580 C:\Windows\System32\vaultcli.dll - ok
21:11:34.0661 2580 [ 3C27B50BC43D5FED43081A784DD17190 ] C:\Windows\System32\netapi32.dll
21:11:34.0661 2580 C:\Windows\System32\netapi32.dll - ok
21:11:34.0661 2580 [ 4C8C2F987FC397DCE98874D6C9C0736A ] C:\Windows\System32\netutils.dll
21:11:34.0661 2580 C:\Windows\System32\netutils.dll - ok
21:11:34.0661 2580 [ A87205FE194B239D8D96E4972B779CC1 ] C:\Windows\System32\samcli.dll
21:11:34.0661 2580 C:\Windows\System32\samcli.dll - ok
21:11:34.0661 2580 [ B33CBD1A8C2A33121321D0FEBD7DD870 ] C:\Windows\System32\wkscli.dll
21:11:34.0661 2580 C:\Windows\System32\wkscli.dll - ok
21:11:34.0677 2580 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
21:11:34.0677 2580 C:\Windows\System32\certCredProvider.dll - ok
21:11:34.0677 2580 [ FB25067C233B686B50F29ABD688B2A6D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
21:11:34.0677 2580 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
21:11:34.0677 2580 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
21:11:34.0677 2580 C:\Windows\System32\rasplap.dll - ok
21:11:34.0677 2580 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
21:11:34.0677 2580 C:\Windows\System32\rasapi32.dll - ok
21:11:34.0677 2580 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
21:11:34.0677 2580 C:\Windows\System32\rasman.dll - ok
21:11:34.0677 2580 [ F5A61F0A0030C80DF319B0C14A4C8885 ] C:\Windows\System32\rtutils.dll
21:11:34.0677 2580 C:\Windows\System32\rtutils.dll - ok
21:11:34.0692 2580 [ C823A6F302D12FFE5DA305041F5213C7 ] C:\Windows\System32\wow64.dll
21:11:34.0692 2580 C:\Windows\System32\wow64.dll - ok
21:11:34.0692 2580 [ CA6CEE750AFE37BF90044774B7FE8DAD ] C:\Windows\System32\wow64win.dll
21:11:34.0692 2580 C:\Windows\System32\wow64win.dll - ok
21:11:34.0692 2580 [ 4E89D6A7571545F09F1234E7F6618099 ] C:\Windows\System32\wow64cpu.dll
21:11:34.0692 2580 C:\Windows\System32\wow64cpu.dll - ok
21:11:34.0692 2580 [ 33616DACC75C9E105DAE944120DB4274 ] C:\Windows\SysWOW64\kernel32.dll
21:11:34.0692 2580 C:\Windows\SysWOW64\kernel32.dll - ok
21:11:34.0692 2580 [ 0223642C49CF1B7BBF0B2CCC6FEA707C ] C:\Windows\SysWOW64\KernelBase.dll
21:11:34.0692 2580 C:\Windows\SysWOW64\KernelBase.dll - ok
21:11:34.0692 2580 [ 5C31F49A1D09ED34C59F4EF77972D878 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll
21:11:34.0692 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll - ok
21:11:34.0692 2580 [ 0470997A5ADC2FCDDCB3461D92073FAA ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\GdiPlus.dll
21:11:34.0692 2580 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\GdiPlus.dll - ok
21:11:34.0708 2580 [ F8A61B2E713309B4616D107919BDAB6E ] C:\Windows\SysWOW64\msvcrt.dll
21:11:34.0708 2580 C:\Windows\SysWOW64\msvcrt.dll - ok
21:11:34.0708 2580 [ 0C65FA8214D6F8378D1D3BA1CA46AF0A ] C:\Windows\SysWOW64\advapi32.dll
21:11:34.0708 2580 C:\Windows\SysWOW64\advapi32.dll - ok
21:11:34.0708 2580 [ FBE1E0B9EF53B5BB7C36763AA6A685CF ] C:\Windows\SysWOW64\gdi32.dll
21:11:34.0708 2580 C:\Windows\SysWOW64\gdi32.dll - ok
21:11:34.0708 2580 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
21:11:34.0708 2580 C:\Windows\SysWOW64\lpk.dll - ok
21:11:34.0708 2580 [ 90385551B6B3793E949DF310A11D64E7 ] C:\Windows\SysWOW64\rpcrt4.dll
21:11:34.0708 2580 C:\Windows\SysWOW64\rpcrt4.dll - ok
21:11:34.0708 2580 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
21:11:34.0708 2580 C:\Windows\SysWOW64\sechost.dll - ok
21:11:34.0708 2580 [ E8B0FFC209E504CB7E79FC24E6C085F0 ] C:\Windows\SysWOW64\user32.dll
21:11:34.0708 2580 C:\Windows\SysWOW64\user32.dll - ok
21:11:34.0724 2580 [ 0BA19F3198C40AC4E8CC66EE02EDA6C6 ] C:\Windows\SysWOW64\usp10.dll
21:11:34.0724 2580 C:\Windows\SysWOW64\usp10.dll - ok
21:11:34.0724 2580 [ BF62F3BC1BE0700804EC394BB77F02C4 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
21:11:34.0724 2580 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
21:11:34.0724 2580 [ FF7E814CBFEC3C27922C13BB94667416 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
21:11:34.0724 2580 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
21:11:34.0724 2580 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] C:\Windows\System32\drivers\MpFilter.sys
21:11:34.0724 2580 C:\Windows\System32\drivers\MpFilter.sys - ok
21:11:34.0724 2580 [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
21:11:34.0724 2580 C:\Windows\System32\fltLib.dll - ok
21:11:34.0724 2580 [ 12FD09889C8A6141C8D10F7AE48BBAC8 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
21:11:34.0724 2580 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
21:11:34.0739 2580 [ 78555E35CD15785B9EE62B8C8167A861 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{793BE632-8822-4EFF-ADF0-A1AF9D3F85A6}\mpengine.dll
21:11:34.0739 2580 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{793BE632-8822-4EFF-ADF0-A1AF9D3F85A6}\mpengine.dll - ok
21:11:34.0739 2580 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
21:11:34.0739 2580 C:\Windows\SysWOW64\cryptbase.dll - ok
21:11:34.0739 2580 [ E2C2D8C982316C8ABF800C6CE3F28FAB ] C:\Windows\SysWOW64\ole32.dll
21:11:34.0739 2580 C:\Windows\SysWOW64\ole32.dll - ok
21:11:34.0739 2580 [ 351F62085F1D007533B4BB159C9EFDE3 ] C:\Windows\SysWOW64\sspicli.dll
21:11:34.0739 2580 C:\Windows\SysWOW64\sspicli.dll - ok
21:11:34.0739 2580 [ 0E7045E24F78351E021D3C01566DBBA3 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
21:11:34.0739 2580 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
21:11:34.0739 2580 [ 5B8580B819BE32EEC18CE1FEC52A4BCE ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
21:11:34.0739 2580 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
21:11:34.0739 2580 [ 22FF251AE6A780960B02A6DEADFEA7FB ] C:\Windows\System32\conhost.exe
21:11:34.0739 2580 C:\Windows\System32\conhost.exe - ok
21:11:34.0755 2580 [ 64E6A44177ACF348D68255A37F4723DA ] C:\Windows\System32\cabinet.dll
21:11:34.0755 2580 C:\Windows\System32\cabinet.dll - ok
21:11:34.0755 2580 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
21:11:34.0755 2580 C:\Windows\SysWOW64\nsi.dll - ok
21:11:34.0755 2580 [ DAAE8A9B8C0ACC7F858454132553C30D ] C:\Windows\SysWOW64\ws2_32.dll
21:11:34.0755 2580 C:\Windows\SysWOW64\ws2_32.dll - ok
21:11:34.0755 2580 [ E30E5BB0DBA49EFE5BBBAFEA440CFBD9 ] C:\Windows\SysWOW64\wtsapi32.dll
21:11:34.0755 2580 C:\Windows\SysWOW64\wtsapi32.dll - ok
21:11:34.0755 2580 [ 7DA089C75B1E92032D0CBE4ADE7C32BC ] C:\Windows\SysWOW64\crypt32.dll
21:11:34.0755 2580 C:\Windows\SysWOW64\crypt32.dll - ok
21:11:34.0755 2580 [ 4C04900AA8C323F5D4C316A89E976849 ] C:\Windows\SysWOW64\msasn1.dll
21:11:34.0755 2580 C:\Windows\SysWOW64\msasn1.dll - ok
21:11:34.0755 2580 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
21:11:34.0770 2580 C:\Windows\SysWOW64\psapi.dll - ok
21:11:34.0770 2580 [ 2CBC35E872BA9B46474890135B56DD66 ] C:\Windows\SysWOW64\shell32.dll
21:11:34.0770 2580 C:\Windows\SysWOW64\shell32.dll - ok
21:11:34.0770 2580 [ 85409DCE247D97E4D6958B7C5916BE4A ] C:\Windows\System32\wscapi.dll
21:11:34.0770 2580 C:\Windows\System32\wscapi.dll - ok
21:11:34.0770 2580 [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\Program Files (x86)\Trusteer\Rapport\bin\msvcp80.dll
21:11:34.0770 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\msvcp80.dll - ok
21:11:34.0770 2580 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\Program Files (x86)\Trusteer\Rapport\bin\msvcr80.dll
21:11:34.0770 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\msvcr80.dll - ok
21:11:34.0770 2580 [ 705C210EFC5564BE49EB026BD7AFF27A ] C:\Windows\SysWOW64\oleaut32.dll
21:11:34.0770 2580 C:\Windows\SysWOW64\oleaut32.dll - ok
21:11:34.0770 2580 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
21:11:34.0770 2580 C:\Windows\SysWOW64\profapi.dll - ok
21:11:34.0786 2580 [ F037DB14CF6165C62F4A64D12A25B07C ] C:\Windows\SysWOW64\shlwapi.dll
21:11:34.0786 2580 C:\Windows\SysWOW64\shlwapi.dll - ok
21:11:34.0786 2580 [ 9C0DC1DAAD14D443DD5A0D1EE78D775E ] C:\Windows\SysWOW64\userenv.dll
21:11:34.0786 2580 C:\Windows\SysWOW64\userenv.dll - ok
21:11:34.0786 2580 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
21:11:34.0786 2580 C:\Windows\SysWOW64\version.dll - ok
21:11:34.0786 2580 [ 5553611E2F9EA6F613079177F1233068 ] C:\Windows\SysWOW64\wininet.dll
21:11:34.0786 2580 C:\Windows\SysWOW64\wininet.dll - ok
21:11:34.0786 2580 [ EB8A00E8E9931A7EC04F920B09D880D8 ] C:\Windows\SysWOW64\iertutil.dll
21:11:34.0786 2580 C:\Windows\SysWOW64\iertutil.dll - ok
21:11:34.0786 2580 [ 0DE3069D6E09BA262856EF31C941BEFE ] C:\Windows\SysWOW64\imm32.dll
21:11:34.0786 2580 C:\Windows\SysWOW64\imm32.dll - ok
21:11:34.0786 2580 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
21:11:34.0786 2580 C:\Windows\SysWOW64\msctf.dll - ok
21:11:34.0802 2580 [ 9FAC0F6D5F3D922DB294E30CD3F62369 ] C:\Windows\SysWOW64\urlmon.dll
21:11:34.0802 2580 C:\Windows\SysWOW64\urlmon.dll - ok
21:11:34.0802 2580 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
21:11:34.0802 2580 C:\Windows\SysWOW64\wsock32.dll - ok
21:11:34.0802 2580 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
21:11:34.0802 2580 C:\Windows\System32\p2pcollab.dll - ok
21:11:34.0802 2580 [ 4987E079A4530FA737A128BE54B63B12 ] C:\Windows\System32\QAGENTRT.DLL
21:11:34.0802 2580 C:\Windows\System32\QAGENTRT.DLL - ok
21:11:34.0802 2580 [ F1317678AC2FBA9F640279290B2E2988 ] C:\Windows\SysWOW64\msi.dll
21:11:34.0802 2580 C:\Windows\SysWOW64\msi.dll - ok
21:11:34.0817 2580 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
21:11:34.0817 2580 C:\Windows\SysWOW64\cryptsp.dll - ok
21:11:34.0817 2580 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
21:11:34.0817 2580 C:\Windows\SysWOW64\rsaenh.dll - ok
21:11:34.0817 2580 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
21:11:34.0817 2580 C:\Windows\SysWOW64\ntmarta.dll - ok
21:11:34.0817 2580 [ BFA70A99AD1434263F2DFBBA103BDEF8 ] C:\Windows\SysWOW64\Wldap32.dll
21:11:34.0817 2580 C:\Windows\SysWOW64\Wldap32.dll - ok
21:11:34.0817 2580 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
21:11:34.0817 2580 C:\Windows\System32\fveui.dll - ok
21:11:34.0817 2580 [ CA9E3BD4752FA2C084F5CD35FD8D0025 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
21:11:34.0817 2580 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
21:11:34.0817 2580 [ B7213E92B270761B88B313B62BA0E13B ] C:\Windows\System32\slwga.dll
21:11:34.0817 2580 C:\Windows\System32\slwga.dll - ok
21:11:34.0833 2580 [ 64856DFE10FC7B429E6999380BC3BB62 ] C:\Windows\System32\sppc.dll
21:11:34.0833 2580 C:\Windows\System32\sppc.dll - ok
21:11:34.0833 2580 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
21:11:34.0833 2580 C:\Windows\System32\slc.dll - ok
21:11:34.0833 2580 [ 5DE691884C240227B733CC18BBFCA3D8 ] C:\Windows\SysWOW64\netapi32.dll
21:11:34.0833 2580 C:\Windows\SysWOW64\netapi32.dll - ok
21:11:34.0833 2580 [ C6BB27D9A8AC13D4A44486F528B5C884 ] C:\Windows\SysWOW64\netutils.dll
21:11:34.0833 2580 C:\Windows\SysWOW64\netutils.dll - ok
21:11:34.0833 2580 [ 89D840773C9C4358A5031DCC860449EC ] C:\Windows\SysWOW64\srvcli.dll
21:11:34.0833 2580 C:\Windows\SysWOW64\srvcli.dll - ok
21:11:34.0833 2580 [ AE5FF948400A51B040F999BF04290373 ] C:\Windows\SysWOW64\winsta.dll
21:11:34.0833 2580 C:\Windows\SysWOW64\winsta.dll - ok
21:11:34.0848 2580 [ 7AD12703039056D2A0815F85960E1FA1 ] C:\Windows\SysWOW64\wkscli.dll
21:11:34.0848 2580 C:\Windows\SysWOW64\wkscli.dll - ok
21:11:34.0848 2580 [ 3F58067E7D3B00E27B34BBD76089F962 ] C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll.data
21:11:34.0848 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll.data - ok
21:11:34.0848 2580 [ 4C089FA7CE5FF366E32BE3B3AEA71ED1 ] C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll
21:11:34.0848 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll - ok
21:11:34.0848 2580 [ 4FB0959C9F7CE6FE72C04D546AB880FB ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll.data
21:11:34.0848 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll.data - ok
21:11:34.0848 2580 [ AB892F8545DCEC70487446E7CBCFDFA6 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll
21:11:34.0848 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksbas_x64.dll - ok
21:11:34.0848 2580 [ B4A20CB7ED000397E60E21C1CA393C09 ] C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll
21:11:34.0848 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll - ok
21:11:34.0848 2580 [ 8DA5A78317A51900930559E4937B169A ] C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll.data
21:11:34.0848 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll.data - ok
21:11:34.0864 2580 [ 7B31C3823A4DB58F069842F888139C8F ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rookscom_x64.dll.data
21:11:34.0864 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rookscom_x64.dll.data - ok
21:11:34.0864 2580 [ 68CC7FA1E1CCFDD779A2B548540AB3B5 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rookscom_x64.dll
21:11:34.0864 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rookscom_x64.dll - ok
21:11:34.0864 2580 [ 381B78593AE1749344701AD79D79F617 ] C:\Program Files (x86)\Trusteer\Rapport\bin\rooksdol.dll.data
21:11:34.0864 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\rooksdol.dll.data - ok
21:11:34.0864 2580 [ 6037EEF7EB7EA12608EAE2CA92AED509 ] C:\Program Files (x86)\Trusteer\Rapport\bin\rooksdol.dll
21:11:34.0864 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\rooksdol.dll - ok
21:11:34.0864 2580 [ 7FD600D963AC7CF5DF13A2ED6EBD7187 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksdol_x64.dll.data
21:11:34.0864 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksdol_x64.dll.data - ok
21:11:34.0864 2580 [ 401CBCBF83C6B233B57C5FD4B1317B0F ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksdol_x64.dll
21:11:34.0864 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\rooksdol_x64.dll - ok
21:11:34.0880 2580 [ 5DB99BBD7A50F2A45A5118D9532064C4 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight.dll
21:11:34.0880 2580 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\KoanLight.dll - ok
21:11:34.0880 2580 [ 4D59A5B6EF0AF6F9FDF3D157534380AF ] C:\Windows\SysWOW64\oleacc.dll
21:11:34.0880 2580 C:\Windows\SysWOW64\oleacc.dll - ok
21:11:34.0880 2580 [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcp80.dll
21:11:34.0880 2580 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcp80.dll - ok
21:11:34.0880 2580 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcr80.dll
21:11:34.0880 2580 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\msvcr80.dll - ok
21:11:34.0880 2580 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\atl80.dll
21:11:34.0880 2580 C:\ProgramData\Trusteer\Rapport\store\exts\KoanLight\baseline\atl80.dll - ok
21:11:34.0880 2580 [ 29820425D7B6407793C8C0ACB9622FF0 ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight.dll
21:11:34.0880 2580 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\NikkoLight.dll - ok
21:11:34.0895 2580 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcr80.dll
21:11:34.0895 2580 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcr80.dll - ok
21:11:34.0895 2580 [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcp80.dll
21:11:34.0895 2580 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\msvcp80.dll - ok
21:11:34.0895 2580 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\atl80.dll
21:11:34.0895 2580 C:\ProgramData\Trusteer\Rapport\store\exts\NikkoLight\baseline\atl80.dll - ok
21:11:34.0895 2580 [ AD943A91BC85D44792F2EF32F436216B ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus.dll
21:11:34.0895 2580 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus.dll - ok
21:11:34.0895 2580 [ 334A663962618F7A136FA1F80F773C5F ] C:\Windows\SysWOW64\wintrust.dll
21:11:34.0895 2580 C:\Windows\SysWOW64\wintrust.dll - ok
21:11:34.0895 2580 [ B076A8C175D93FBB569DD9B10307CDE2 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll
21:11:34.0895 2580 C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll - ok
21:11:34.0911 2580 [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcp80.dll
21:11:34.0911 2580 C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcp80.dll - ok
21:11:34.0911 2580 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcr80.dll
21:11:34.0911 2580 C:\ProgramData\Trusteer\Rapport\store\exts\RapportGP\baseline\msvcr80.dll - ok
21:11:34.0911 2580 [ 5BEB722294C6A21BBE79E816F4E933DA ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
21:11:34.0911 2580 C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll - ok
21:11:34.0911 2580 [ B7AB636643F405839CB3D1684145651C ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight.dll
21:11:34.0911 2580 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\TanzanLight.dll - ok
21:11:34.0911 2580 [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcp80.dll
21:11:34.0911 2580 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcp80.dll - ok
21:11:34.0911 2580 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcr80.dll
21:11:34.0911 2580 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\msvcr80.dll - ok
21:11:34.0926 2580 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\atl80.dll
21:11:34.0926 2580 C:\ProgramData\Trusteer\Rapport\store\exts\TanzanLight\baseline\atl80.dll - ok
21:11:34.0926 2580 [ 99ABDA9C92EC76CBAF52F00239D909C9 ] C:\Windows\System32\wevtsvc.dll
21:11:34.0926 2580 C:\Windows\System32\wevtsvc.dll - ok
21:11:34.0926 2580 [ 07721A77180EDD4D39CCB865BF63C7FD ] C:\Windows\System32\audiosrv.dll
21:11:34.0926 2580 C:\Windows\System32\audiosrv.dll - ok
21:11:34.0926 2580 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
21:11:34.0926 2580 C:\Windows\System32\netprofm.dll - ok
21:11:34.0926 2580 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
21:11:34.0926 2580 C:\Windows\System32\avrt.dll - ok
21:11:34.0926 2580 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
21:11:34.0926 2580 C:\Windows\System32\mmcss.dll - ok
21:11:34.0942 2580 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
21:11:34.0942 2580 C:\Windows\System32\adtschema.dll - ok
21:11:34.0942 2580 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
21:11:34.0942 2580 C:\Windows\System32\wlansvc.dll - ok
21:11:34.0942 2580 [ AECAB449567D1846DAD63ECE49E893E3 ] C:\Windows\System32\MPSSVC.dll
21:11:34.0942 2580 C:\Windows\System32\MPSSVC.dll - ok
21:11:34.0942 2580 [ D152EBC32A23069F8AA1D1F24B15E3F9 ] C:\Windows\System32\audiodg.exe
21:11:34.0942 2580 C:\Windows\System32\audiodg.exe - ok
21:11:34.0942 2580 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
21:11:34.0942 2580 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
21:11:34.0942 2580 [ 37B68E458C0BC255DF2FB7454D0798D3 ] C:\Windows\System32\WUDFPlatform.dll
21:11:34.0942 2580 C:\Windows\System32\WUDFPlatform.dll - ok
21:11:34.0942 2580 [ F7866AF72ABBAF84B1FA5AA195378C59 ] C:\Windows\System32\drivers\fltMgr.sys
21:11:34.0942 2580 C:\Windows\System32\drivers\fltMgr.sys - ok
21:11:34.0958 2580 [ FE5AB4525BC2EC68B9119A6E5D40128B ] C:\Windows\System32\gpsvc.dll
21:11:34.0958 2580 C:\Windows\System32\gpsvc.dll - ok
21:11:34.0958 2580 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
21:11:34.0958 2580 C:\Windows\System32\PSHED.DLL - ok
21:11:34.0958 2580 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
21:11:34.0958 2580 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
21:11:34.0958 2580 [ 86E3822A34D454032D8E88C72AE8CF2D ] C:\Windows\System32\nlaapi.dll
21:11:34.0958 2580 C:\Windows\System32\nlaapi.dll - ok
21:11:34.0958 2580 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
21:11:34.0958 2580 C:\Windows\System32\themeservice.dll - ok
21:11:34.0958 2580 [ 97293447431311C06703368AD0F6C4BE ] C:\Windows\System32\profsvc.dll
21:11:34.0958 2580 C:\Windows\System32\profsvc.dll - ok
21:11:34.0958 2580 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
21:11:34.0958 2580 C:\Windows\System32\atl.dll - ok
21:11:34.0973 2580 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
21:11:34.0973 2580 C:\Windows\System32\dsrole.dll - ok
21:11:34.0973 2580 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
21:11:34.0973 2580 C:\Windows\System32\es.dll - ok
21:11:34.0973 2580 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
21:11:34.0973 2580 C:\Windows\System32\Sens.dll - ok
21:11:34.0973 2580 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
21:11:34.0973 2580 C:\Windows\System32\uxsms.dll - ok
21:11:34.0973 2580 [ B551D6637AA0E132C18AC6E504F7B79B ] C:\Windows\System32\WUDFSvc.dll
21:11:34.0973 2580 C:\Windows\System32\WUDFSvc.dll - ok
21:11:34.0973 2580 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
21:11:34.0973 2580 C:\Windows\System32\drivers\lltdio.sys - ok
21:11:34.0989 2580 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] C:\Windows\System32\drivers\ndisuio.sys
21:11:34.0989 2580 C:\Windows\System32\drivers\ndisuio.sys - ok
21:11:34.0989 2580 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
21:11:34.0989 2580 C:\Windows\System32\drivers\nwifi.sys - ok
21:11:34.0989 2580 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
21:11:34.0989 2580 C:\Windows\System32\drivers\rspndr.sys - ok
21:11:34.0989 2580 [ CE3B9562D997F69B330D181A8875960F ] C:\Windows\System32\dhcpcore.dll
21:11:34.0989 2580 C:\Windows\System32\dhcpcore.dll - ok
21:11:34.0989 2580 [ 57FE2CFC2F25C200499D5D934EA24EB5 ] C:\Windows\System32\IPHLPAPI.DLL
21:11:34.0989 2580 C:\Windows\System32\IPHLPAPI.DLL - ok
21:11:34.0989 2580 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
21:11:34.0989 2580 C:\Windows\System32\keyiso.dll - ok
21:11:34.0989 2580 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
21:11:34.0989 2580 C:\Windows\System32\lmhsvc.dll - ok
21:11:35.0004 2580 [ FD5BA198F7190DFE9BE1947EB8710396 ] C:\Windows\System32\nrpsrv.dll
21:11:35.0004 2580 C:\Windows\System32\nrpsrv.dll - ok
21:11:35.0004 2580 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
21:11:35.0004 2580 C:\Windows\System32\nsisvc.dll - ok
21:11:35.0004 2580 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
21:11:35.0004 2580 C:\Windows\System32\winnsi.dll - ok
21:11:35.0004 2580 [ 71C7B65B6557B75B99907E76956AE4B8 ] C:\Windows\System32\dhcpcore6.dll
21:11:35.0004 2580 C:\Windows\System32\dhcpcore6.dll - ok
21:11:35.0004 2580 [ 85CF424C74A1D5EC33533E1DBFF9920A ] C:\Windows\System32\dnsrslvr.dll
21:11:35.0004 2580 C:\Windows\System32\dnsrslvr.dll - ok
21:11:35.0004 2580 [ 982F5395AD181179320083A4FA7E7CA8 ] C:\Windows\System32\eapphost.dll
21:11:35.0004 2580 C:\Windows\System32\eapphost.dll - ok
21:11:35.0004 2580 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
21:11:35.0004 2580 C:\Windows\System32\eapsvc.dll - ok
21:11:35.0020 2580 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
21:11:35.0020 2580 C:\Windows\System32\FWPUCLNT.DLL - ok
21:11:35.0020 2580 [ 2017BFE87CAB3D7EF632CFD2AA08D3F0 ] C:\Windows\System32\umb.dll
21:11:35.0020 2580 C:\Windows\System32\umb.dll - ok
21:11:35.0020 2580 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
21:11:35.0020 2580 C:\Windows\System32\UXInit.dll - ok
21:11:35.0020 2580 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
21:11:35.0020 2580 C:\Windows\System32\dhcpcsvc.dll - ok
21:11:35.0020 2580 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
21:11:35.0020 2580 C:\Windows\System32\dnsext.dll - ok
21:11:35.0020 2580 [ 4CBCC37856EA2039C27A2FB661DDA0E5 ] C:\Windows\System32\dhcpcsvc6.dll
21:11:35.0020 2580 C:\Windows\System32\dhcpcsvc6.dll - ok
21:11:35.0020 2580 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
21:11:35.0020 2580 C:\Windows\System32\imageres.dll - ok
21:11:35.0036 2580 [ 6CC10D9FD128069DBFE476222F097616 ] C:\Windows\SysWOW64\secur32.dll
21:11:35.0036 2580 C:\Windows\SysWOW64\secur32.dll - ok
21:11:35.0036 2580 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
21:11:35.0036 2580 C:\Windows\System32\comres.dll - ok
21:11:35.0036 2580 [ 48A31B7CF046702059A86836DC21D786 ] C:\Windows\System32\wlanmsm.dll
21:11:35.0036 2580 C:\Windows\System32\wlanmsm.dll - ok
21:11:35.0036 2580 [ 4B8DD8541C0E26602005DD0137333615 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
21:11:35.0036 2580 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll - ok
21:11:35.0036 2580 [ 62390F4ACE9E2B63E3CA26B7F7497897 ] C:\Windows\SysWOW64\dnsapi.dll
21:11:35.0036 2580 C:\Windows\SysWOW64\dnsapi.dll - ok
21:11:35.0036 2580 [ 6095266CAAF5E75F394CFD4844CC4C25 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
21:11:35.0036 2580 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
21:11:35.0051 2580 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
21:11:35.0051 2580 C:\Windows\SysWOW64\winnsi.dll - ok
21:11:35.0051 2580 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
21:11:35.0051 2580 C:\Windows\SysWOW64\rasapi32.dll - ok
21:11:35.0051 2580 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
21:11:35.0051 2580 C:\Windows\SysWOW64\rasman.dll - ok
21:11:35.0051 2580 [ 406F7B9C71B99872670EE9A8D52E2FE5 ] C:\Windows\SysWOW64\rtutils.dll
21:11:35.0051 2580 C:\Windows\SysWOW64\rtutils.dll - ok
21:11:35.0051 2580 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
21:11:35.0051 2580 C:\Windows\SysWOW64\SensApi.dll - ok
21:11:35.0051 2580 [ 3D58BF0B376A9968B70B9EB293BE3739 ] C:\Windows\SysWOW64\ntoskrnl.exe
21:11:35.0051 2580 C:\Windows\SysWOW64\ntoskrnl.exe - ok
21:11:35.0051 2580 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
21:11:35.0051 2580 C:\Windows\System32\wlansec.dll - ok
21:11:35.0067 2580 [ D2B0D1C2BE5ECA80387F7CB8626DCAFE ] C:\Windows\System32\onex.dll
21:11:35.0067 2580 C:\Windows\System32\onex.dll - ok
21:11:35.0067 2580 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
21:11:35.0067 2580 C:\Windows\System32\eappprxy.dll - ok
21:11:35.0067 2580 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
21:11:35.0067 2580 C:\Windows\System32\eappcfg.dll - ok
21:11:35.0067 2580 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
21:11:35.0067 2580 C:\Windows\System32\l2gpstore.dll - ok
21:11:35.0067 2580 [ 22E7431E7DAE8463AF94A79A054276E5 ] C:\Windows\System32\WinSCard.dll
21:11:35.0067 2580 C:\Windows\System32\WinSCard.dll - ok
21:11:35.0067 2580 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
21:11:35.0067 2580 C:\Windows\System32\wlanutil.dll - ok
21:11:35.0082 2580 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
21:11:35.0082 2580 C:\Windows\System32\wlgpclnt.dll - ok
21:11:35.0082 2580 [ 60F783D040843B579471E4AFFB9C5437 ] C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
21:11:35.0082 2580 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe - ok
21:11:35.0082 2580 [ BCEA786686877281E8DAD5A920BB2B67 ] C:\Windows\System32\nvsvc64.dll
21:11:35.0082 2580 C:\Windows\System32\nvsvc64.dll - ok
21:11:35.0082 2580 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
21:11:35.0082 2580 C:\Windows\System32\winmm.dll - ok
21:11:35.0082 2580 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
21:11:35.0082 2580 C:\Windows\System32\msimg32.dll - ok
21:11:35.0082 2580 [ D0858871E6C09AF8A7EB7534D5794C76 ] C:\Windows\System32\nvapi64.dll
21:11:35.0082 2580 C:\Windows\System32\nvapi64.dll - ok
21:11:35.0082 2580 [ 72D3D64526765C34DBFC7D895B4FBDF6 ] C:\Windows\System32\msxml6.dll
21:11:35.0082 2580 C:\Windows\System32\msxml6.dll - ok
21:11:35.0098 2580 [ 113AB5682C8B915F303EF341EBDBA9A5 ] C:\Windows\System32\nvcpl.dll
21:11:35.0098 2580 C:\Windows\System32\nvcpl.dll - ok
21:11:35.0098 2580 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] C:\Windows\System32\shsvcs.dll
21:11:35.0098 2580 C:\Windows\System32\shsvcs.dll - ok
21:11:35.0098 2580 [ 624D0F5FF99428BB90A5B8A4123E918E ] C:\Windows\System32\schedsvc.dll
21:11:35.0098 2580 C:\Windows\System32\schedsvc.dll - ok
21:11:35.0098 2580 [ 8F6D9A20F1FB06F0602A7D5A82840DBF ] C:\Windows\System32\netcfgx.dll
21:11:35.0098 2580 C:\Windows\System32\netcfgx.dll - ok
21:11:35.0098 2580 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
21:11:35.0098 2580 C:\Windows\System32\ktmw32.dll - ok
21:11:35.0098 2580 [ 1B38A0F123FCF1546FACEAF1EFAFAA00 ] C:\Windows\System32\fveapi.dll
21:11:35.0098 2580 C:\Windows\System32\fveapi.dll - ok
21:11:35.0114 2580 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
21:11:35.0114 2580 C:\Windows\System32\fvecerts.dll - ok
21:11:35.0114 2580 [ 1B547066D0A6CD40EB3BAAC6A9C7E7A9 ] C:\Windows\System32\taskcomp.dll
21:11:35.0114 2580 C:\Windows\System32\taskcomp.dll - ok
21:11:35.0114 2580 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
21:11:35.0114 2580 C:\Windows\System32\tbs.dll - ok
21:11:35.0114 2580 [ 9607E7435AA609163460B82809526FAF ] C:\Program Files\NVIDIA Corporation\Display\NVXDApiX.dll
21:11:35.0114 2580 C:\Program Files\NVIDIA Corporation\Display\NVXDApiX.dll - ok
21:11:35.0114 2580 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] C:\Windows\System32\drivers\http.sys
21:11:35.0114 2580 C:\Windows\System32\drivers\http.sys - ok
21:11:35.0114 2580 [ 567977DC43CC13C4C35ED7084C0B84D5 ] C:\Windows\System32\spoolsv.exe
21:11:35.0114 2580 C:\Windows\System32\spoolsv.exe - ok
21:11:35.0114 2580 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
21:11:35.0114 2580 C:\Windows\System32\wiarpc.dll - ok
21:11:35.0129 2580 [ 46F3D9B4C003354CAA35580979E46AAA ] C:\Program Files\NVIDIA Corporation\Display\nvui.dll
21:11:35.0129 2580 C:\Program Files\NVIDIA Corporation\Display\nvui.dll - ok
21:11:35.0129 2580 [ 02CDEB5D8B3DD5F6770DEFFBBC0CFAD0 ] C:\Windows\System32\winspool.drv
21:11:35.0129 2580 C:\Windows\System32\winspool.drv - ok
21:11:35.0129 2580 [ A4FFCD2D52DF3BC0FB927000D60E6C24 ] C:\Program Files\NVIDIA Corporation\Display\NVXDBat.dll
21:11:35.0129 2580 C:\Program Files\NVIDIA Corporation\Display\NVXDBat.dll - ok
21:11:35.0129 2580 [ 05A9CD4247DA932C5D0F6F80E55D9E92 ] C:\Program Files\NVIDIA Corporation\Display\NVXDPlcy.dll
21:11:35.0129 2580 C:\Program Files\NVIDIA Corporation\Display\NVXDPlcy.dll - ok
21:11:35.0129 2580 [ 4992C609A6315671463E30F6512BC022 ] C:\Windows\System32\BFE.DLL
21:11:35.0129 2580 C:\Windows\System32\BFE.DLL - ok
21:11:35.0129 2580 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] C:\Windows\System32\drivers\srvnet.sys
21:11:35.0129 2580 C:\Windows\System32\drivers\srvnet.sys - ok
21:11:35.0145 2580 [ 19D20159708E152267E53B66677A4995 ] C:\Windows\System32\drivers\bowser.sys
21:11:35.0145 2580 C:\Windows\System32\drivers\bowser.sys - ok
21:11:35.0145 2580 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
21:11:35.0145 2580 C:\Windows\System32\drivers\mpsdrv.sys - ok
21:11:35.0145 2580 [ 040D62A9D8AD28922632137ACDD984F2 ] C:\Windows\System32\drivers\mrxsmb.sys
21:11:35.0145 2580 C:\Windows\System32\drivers\mrxsmb.sys - ok
21:11:35.0145 2580 [ F0067552F8F9B33D7C59403AB808A3CB ] C:\Windows\System32\drivers\mrxsmb10.sys
21:11:35.0145 2580 C:\Windows\System32\drivers\mrxsmb10.sys - ok
21:11:35.0145 2580 [ 3C142D31DE9F2F193218A53FE2632051 ] C:\Windows\System32\drivers\mrxsmb20.sys
21:11:35.0145 2580 C:\Windows\System32\drivers\mrxsmb20.sys - ok
21:11:35.0145 2580 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] C:\Windows\System32\drivers\srv2.sys
21:11:35.0145 2580 C:\Windows\System32\drivers\srv2.sys - ok
21:11:35.0145 2580 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
21:11:35.0145 2580 C:\Windows\System32\wfapigp.dll - ok
21:11:35.0160 2580 [ 6B054C67AAA87843504E8E3C09102009 ] C:\Windows\System32\browser.dll
21:11:35.0160 2580 C:\Windows\System32\browser.dll - ok
21:11:35.0160 2580 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] C:\Windows\System32\drivers\srv.sys
21:11:35.0160 2580 C:\Windows\System32\drivers\srv.sys - ok
21:11:35.0160 2580 [ 81F1D04D4D0E433099365127375FD501 ] C:\Windows\System32\srvsvc.dll
21:11:35.0160 2580 C:\Windows\System32\srvsvc.dll - ok
21:11:35.0160 2580 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] C:\Windows\System32\wkssvc.dll
21:11:35.0160 2580 C:\Windows\System32\wkssvc.dll - ok
21:11:35.0160 2580 [ 4EAE37133B78A26A84EA1649D9B21A1E ] C:\Windows\System32\clusapi.dll
21:11:35.0160 2580 C:\Windows\System32\clusapi.dll - ok
21:11:35.0160 2580 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
21:11:35.0160 2580 C:\Windows\System32\netmsg.dll - ok
21:11:35.0176 2580 [ 836892094209E5D9CF403B4CF2829B5C ] C:\Windows\System32\sscore.dll
21:11:35.0176 2580 C:\Windows\System32\sscore.dll - ok
21:11:35.0176 2580 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
21:11:35.0176 2580 C:\Windows\System32\resutils.dll - ok
21:11:35.0176 2580 [ 961036B3C6282C646B9ADBC8BB32C983 ] C:\Windows\System32\mscms.dll
21:11:35.0176 2580 C:\Windows\System32\mscms.dll - ok
21:11:35.0176 2580 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
21:11:35.0176 2580 C:\Windows\System32\pcasvc.dll - ok
21:11:35.0176 2580 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
21:11:35.0176 2580 C:\Windows\System32\snmptrap.exe - ok
21:11:35.0176 2580 [ 06A7422224D9865A5613710A089987DF ] C:\Windows\System32\provsvc.dll
21:11:35.0176 2580 C:\Windows\System32\provsvc.dll - ok
21:11:35.0176 2580 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
21:11:35.0176 2580 C:\Windows\System32\sstpsvc.dll - ok
21:11:35.0192 2580 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:11:35.0192 2580 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
21:11:35.0192 2580 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] C:\Windows\System32\dps.dll
21:11:35.0192 2580 C:\Windows\System32\dps.dll - ok
21:11:35.0192 2580 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
21:11:35.0192 2580 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
21:11:35.0192 2580 [ BAF19B633933A9FB4883D27D66C39E9A ] C:\Windows\System32\cryptsvc.dll
21:11:35.0192 2580 C:\Windows\System32\cryptsvc.dll - ok
21:11:35.0192 2580 [ DC57BAF15064ECB79F6D2CCF352E1D88 ] C:\Windows\System32\taskschd.dll
21:11:35.0192 2580 C:\Windows\System32\taskschd.dll - ok
21:11:35.0192 2580 [ 4FAC55936209B4F3EB78532181C9ED5E ] C:\Windows\System32\cryptnet.dll
21:11:35.0192 2580 C:\Windows\System32\cryptnet.dll - ok
21:11:35.0207 2580 [ A261AD1FDC6D6A658A82B81AF81B215F ] C:\Windows\System32\vssapi.dll
21:11:35.0207 2580 C:\Windows\System32\vssapi.dll - ok
21:11:35.0207 2580 [ 8D1F00F4254C3EF428B715484940427C ] C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
21:11:35.0207 2580 C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe - ok
21:11:35.0207 2580 [ 72AB6633E9B39EC7FEBEDF083A9061E5 ] C:\Windows\System32\mscoree.dll
21:11:35.0207 2580 C:\Windows\System32\mscoree.dll - ok
21:11:35.0207 2580 [ 3CA4ADDA47D97DDF412893F1D03EA6F6 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
21:11:35.0207 2580 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
21:11:35.0207 2580 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
21:11:35.0207 2580 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
21:11:35.0207 2580 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
21:11:35.0207 2580 C:\Windows\System32\vsstrace.dll - ok
21:11:35.0207 2580 [ 7B8F7848D3C65DD9589A4898CFF3757D ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf\msvcr80.dll
21:11:35.0207 2580 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_88dce9872fb18caf\msvcr80.dll - ok
21:11:35.0223 2580 [ 0A888754C63C3A5D8CD8F7492C62B40D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
21:11:35.0223 2580 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
21:11:35.0223 2580 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
21:11:35.0223 2580 C:\Windows\System32\rasadhlp.dll - ok
21:11:35.0223 2580 [ D3C8C6B6DB123B0E51ECFFF0F6DF145E ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a7b48ad2929bc93362ec42cd4573f87\mscorlib.ni.dll
21:11:35.0223 2580 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a7b48ad2929bc93362ec42cd4573f87\mscorlib.ni.dll - ok
21:11:35.0223 2580 [ 3A2F5C8666F08B31C61DBAE9C297551C ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
21:11:35.0223 2580 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
21:11:35.0223 2580 [ 2C64AF297F12582BD95D7D94C18E464C ] C:\Windows\System32\esent.dll
21:11:35.0223 2580 C:\Windows\System32\esent.dll - ok
21:11:35.0223 2580 [ C8FE465986FE1E242C92B6B76CDFEC6F ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6ec488b702c100ad5d3e712db0e88554\System.ni.dll
21:11:35.0223 2580 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6ec488b702c100ad5d3e712db0e88554\System.ni.dll - ok
21:11:35.0238 2580 [ 2E40E4502A92A02B31D3BBBB8F5FB773 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\993018172a83c2431adeb6a309aa27cf\System.ServiceProcess.ni.dll
21:11:35.0238 2580 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\993018172a83c2431adeb6a309aa27cf\System.ServiceProcess.ni.dll - ok
21:11:35.0238 2580 [ C5B4683680DF085B57BC53E5EF34861F ] C:\Windows\System32\IKEEXT.DLL
21:11:35.0238 2580 C:\Windows\System32\IKEEXT.DLL - ok
21:11:35.0238 2580 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
21:11:35.0238 2580 C:\Windows\System32\shfolder.dll - ok
21:11:35.0238 2580 [ A0C69A8661CCEB20DB60A4FA35A2FBE4 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\c40cbbdf7af03daedb16f4d9ef1b6f5f\System.Xml.ni.dll
21:11:35.0238 2580 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\c40cbbdf7af03daedb16f4d9ef1b6f5f\System.Xml.ni.dll - ok
21:11:35.0238 2580 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
21:11:35.0238 2580 C:\Windows\System32\dllhost.exe - ok
21:11:35.0238 2580 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll
21:11:35.0238 2580 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll - ok
21:11:35.0238 2580 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
21:11:35.0238 2580 C:\Windows\System32\IDStore.dll - ok
21:11:35.0254 2580 [ 3EEFB971D61EF9638FD21F14C703CA11 ] C:\Windows\System32\taskhost.exe
21:11:35.0254 2580 C:\Windows\System32\taskhost.exe - ok
21:11:35.0254 2580 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
21:11:35.0254 2580 C:\Windows\System32\AtBroker.exe - ok
21:11:35.0254 2580 [ 8CFACC72081C21519676BF4AAA1A88A9 ] C:\Windows\System32\localspl.dll
21:11:35.0254 2580 C:\Windows\System32\localspl.dll - ok
21:11:35.0254 2580 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
21:11:35.0254 2580 C:\Windows\System32\mpr.dll - ok
21:11:35.0254 2580 [ 6F8F1376A13114CC10C0E69274F5A4DE ] C:\Windows\System32\userinit.exe
21:11:35.0254 2580 C:\Windows\System32\userinit.exe - ok
21:11:35.0254 2580 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
21:11:35.0254 2580 C:\Windows\System32\dwm.exe - ok
21:11:35.0270 2580 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
21:11:35.0270 2580 C:\Windows\System32\PlaySndSrv.dll - ok
21:11:35.0270 2580 [ EF184066A851E7838D5BF8C8FAE66CC4 ] C:\Windows\System32\dwmredir.dll
21:11:35.0270 2580 C:\Windows\System32\dwmredir.dll - ok
21:11:35.0270 2580 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
21:11:35.0270 2580 C:\Windows\System32\MsCtfMonitor.dll - ok
21:11:35.0270 2580 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
21:11:35.0270 2580 C:\Windows\System32\msutb.dll - ok
21:11:35.0270 2580 [ B918311A8E59FB8CCF613A110024DEBA ] C:\Windows\System32\osk.exe
21:11:35.0270 2580 C:\Windows\System32\osk.exe - ok
21:11:35.0270 2580 [ 7F37322A489E285CFBCC02F6A53B3F1B ] C:\Windows\System32\HotStartUserAgent.dll
21:11:35.0270 2580 C:\Windows\System32\HotStartUserAgent.dll - ok
21:11:35.0270 2580 [ 9D8AB964CE511AF81207DF0E1205184C ] C:\Windows\System32\dwmcore.dll
21:11:35.0270 2580 C:\Windows\System32\dwmcore.dll - ok
21:11:35.0285 2580 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
21:11:35.0285 2580 C:\Windows\System32\spoolss.dll - ok
21:11:35.0285 2580 [ 20BEB8C403C6E28C9B13644787F5177D ] C:\Windows\System32\FXSMON.dll
21:11:35.0285 2580 C:\Windows\System32\FXSMON.dll - ok
21:11:35.0285 2580 [ 33CC7FFA41F6157592E1578BD253F30E ] C:\Windows\System32\PrintIsolationProxy.dll
21:11:35.0285 2580 C:\Windows\System32\PrintIsolationProxy.dll - ok
21:11:35.0285 2580 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
21:11:35.0285 2580 C:\Windows\System32\tcpmon.dll - ok
21:11:35.0285 2580 [ 0862495E0C825893DB75EF44FAEA8E93 ] C:\Windows\explorer.exe
21:11:35.0285 2580 C:\Windows\explorer.exe - ok
21:11:35.0285 2580 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
21:11:35.0285 2580 C:\Windows\System32\snmpapi.dll - ok
21:11:35.0301 2580 [ AD7C70077D4C81558E909D34EF6B995E ] C:\Windows\System32\wsnmp32.dll
21:11:35.0301 2580 C:\Windows\System32\wsnmp32.dll - ok
21:11:35.0301 2580 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
21:11:35.0301 2580 C:\Windows\System32\usbmon.dll - ok
21:11:35.0301 2580 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
21:11:35.0301 2580 C:\Windows\System32\WSDMon.dll - ok
21:11:35.0301 2580 [ 05FE4A30177E858B51F5E1E970FE9925 ] C:\Windows\System32\WSDApi.dll
21:11:35.0301 2580 C:\Windows\System32\WSDApi.dll - ok
21:11:35.0301 2580 [ C02E3CE20E7776C922B5C8938350B5F1 ] C:\Windows\SysWOW64\apphelp.dll
21:11:35.0301 2580 C:\Windows\SysWOW64\apphelp.dll - ok
21:11:35.0301 2580 [ B3B93095AC132481F7EC951DD9D14B8D ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
21:11:35.0301 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe - ok
21:11:35.0301 2580 [ 0DCF16B1449811EFA47AB52CAC84093C ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:11:35.0301 2580 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
21:11:35.0316 2580 [ 923BB61D913C37EAB1570F236CCDCE41 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
21:11:35.0316 2580 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll - ok
21:11:35.0316 2580 [ 1C27E145EC99F20BC1B13FD98165A83F ] C:\Windows\System32\ExplorerFrame.dll
21:11:35.0316 2580 C:\Windows\System32\ExplorerFrame.dll - ok
21:11:35.0316 2580 [ 58A0C212ED2ABE462B3A9626F5B96261 ] C:\Windows\System32\d3d10_1.dll
21:11:35.0316 2580 C:\Windows\System32\d3d10_1.dll - ok
21:11:35.0316 2580 [ A3EA403D2B74C5F71B7E8B3DAE92DE1E ] C:\Windows\System32\webservices.dll
21:11:35.0316 2580 C:\Windows\System32\webservices.dll - ok
21:11:35.0316 2580 [ AEBDB652D9273AD61E10C5D8F51C86FB ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
21:11:35.0316 2580 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll - ok
21:11:35.0316 2580 [ AFBBC34687FA48A4928B99AF097C1EC0 ] C:\Windows\System32\d3d10_1core.dll
21:11:35.0316 2580 C:\Windows\System32\d3d10_1core.dll - ok
21:11:35.0332 2580 [ D95DB5C915C001F78709C17285109BDC ] C:\Windows\System32\dxgi.dll
21:11:35.0332 2580 C:\Windows\System32\dxgi.dll - ok
21:11:35.0332 2580 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
21:11:35.0332 2580 C:\Windows\System32\fundisc.dll - ok
21:11:35.0332 2580 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:11:35.0332 2580 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe - ok
21:11:35.0332 2580 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
21:11:35.0332 2580 C:\Windows\System32\fdPnp.dll - ok
21:11:35.0332 2580 [ 7EDB2BF840ECB14D6E6B11C035708719 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
21:11:35.0332 2580 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
21:11:35.0332 2580 [ 420E9BF21339F51B31DF4194D5A0E12E ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll
21:11:35.0332 2580 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll - ok
21:11:35.0332 2580 [ 2332BACC2AB09119A14637DE0CB30147 ] C:\Windows\System32\win32spl.dll
21:11:35.0332 2580 C:\Windows\System32\win32spl.dll - ok
21:11:35.0348 2580 [ 7A33259FBEEBF118C9C2E95C4AA1127A ] C:\Windows\System32\nvwgf2umx.dll
21:11:35.0348 2580 C:\Windows\System32\nvwgf2umx.dll - ok
21:11:35.0348 2580 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
21:11:35.0348 2580 C:\Windows\SysWOW64\mpr.dll - ok
21:11:35.0348 2580 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] C:\Windows\System32\drivers\NisDrvWFP.sys
21:11:35.0348 2580 C:\Windows\System32\drivers\NisDrvWFP.sys - ok
21:11:35.0348 2580 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
21:11:35.0348 2580 C:\Windows\System32\EhStorShell.dll - ok
21:11:35.0348 2580 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
21:11:35.0348 2580 C:\Windows\System32\netman.dll - ok
21:11:35.0348 2580 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] C:\Windows\System32\nlasvc.dll
21:11:35.0348 2580 C:\Windows\System32\nlasvc.dll - ok
21:11:35.0348 2580 [ 17EAB1AEA937EFFCD107EFBA94FEDB34 ] C:\Windows\System32\inetpp.dll
21:11:35.0348 2580 C:\Windows\System32\inetpp.dll - ok
21:11:35.0363 2580 [ 107F279517E2A04DB4AC1B1FAF1D573B ] C:\Windows\System32\ncsi.dll
21:11:35.0363 2580 C:\Windows\System32\ncsi.dll - ok
21:11:35.0363 2580 [ 5F917AEEEA363B8A5DC8624795CB1D60 ] C:\Windows\System32\ntshrui.dll
21:11:35.0363 2580 C:\Windows\System32\ntshrui.dll - ok
21:11:35.0363 2580 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
21:11:35.0363 2580 C:\Windows\System32\aepic.dll - ok
21:11:35.0363 2580 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
21:11:35.0363 2580 C:\Windows\System32\drivers\PEAuth.sys - ok
21:11:35.0363 2580 [ 0BF0C2A72F2CB0BA4382C392D3E331AF ] C:\Windows\System32\winhttp.dll
21:11:35.0363 2580 C:\Windows\System32\winhttp.dll - ok
21:11:35.0363 2580 [ F07AF60B152221472FBDB2FECEC4896D ] C:\Program Files (x86)\Skype\Updater\Updater.exe
21:11:35.0363 2580 C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
21:11:35.0379 2580 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
21:11:35.0379 2580 C:\Windows\System32\drivers\secdrv.sys - ok
21:11:35.0379 2580 [ BFEBE1E4B301F44CEA7C1B4021BD0264 ] C:\Windows\System32\cscapi.dll
21:11:35.0379 2580 C:\Windows\System32\cscapi.dll - ok
21:11:35.0379 2580 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
21:11:35.0379 2580 C:\Windows\System32\sfc.dll - ok
21:11:35.0379 2580 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
21:11:35.0379 2580 C:\Windows\System32\sfc_os.dll - ok
21:11:35.0379 2580 [ 8D01686AE82B466F4CD074F31F2942CA ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:11:35.0379 2580 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe - ok
21:11:35.0379 2580 [ 4509387963DF66A6401752A0C631F6E8 ] C:\Windows\System32\httpapi.dll
21:11:35.0379 2580 C:\Windows\System32\httpapi.dll - ok
21:11:35.0379 2580 [ 2196CDBFA4B99BEEDAE300FA21DFE718 ] C:\Windows\System32\webio.dll
21:11:35.0379 2580 C:\Windows\System32\webio.dll - ok
21:11:35.0394 2580 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
21:11:35.0394 2580 C:\Windows\SysWOW64\clbcatq.dll - ok
21:11:35.0394 2580 [ 6C0BD9D59C7E97DEE2FB3407D17BF697 ] C:\Windows\SysWOW64\RpcRtRemote.dll
21:11:35.0394 2580 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
21:11:35.0394 2580 [ 41323AB614A2B66AD77B1121D24AC895 ] C:\Windows\SysWOW64\setupapi.dll
21:11:35.0394 2580 C:\Windows\SysWOW64\setupapi.dll - ok
21:11:35.0394 2580 [ 463B386EBC70F98DA5DFF85F7E654346 ] C:\Windows\System32\seclogon.dll
21:11:35.0394 2580 C:\Windows\System32\seclogon.dll - ok
21:11:35.0394 2580 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
21:11:35.0394 2580 C:\Windows\System32\ssdpapi.dll - ok
21:11:35.0394 2580 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
21:11:35.0394 2580 C:\Windows\System32\IconCodecService.dll - ok
21:11:35.0394 2580 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] C:\Windows\System32\IPSECSVC.DLL
21:11:35.0394 2580 C:\Windows\System32\IPSECSVC.DLL - ok
21:11:35.0410 2580 [ E0D2F6BF46E6053193FAA3E294D657FF ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
21:11:35.0410 2580 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe - ok
21:11:35.0410 2580 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
21:11:35.0410 2580 C:\Windows\System32\FwRemoteSvr.dll - ok
21:11:35.0410 2580 [ 893E0152D1EA2748E1B0772FBE8127D0 ] C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
21:11:35.0410 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll - ok
21:11:35.0410 2580 [ E702ED19C332C1F12C1403D100E2F4F3 ] C:\Windows\SysWOW64\cfgmgr32.dll
21:11:35.0410 2580 C:\Windows\SysWOW64\cfgmgr32.dll - ok
21:11:35.0410 2580 [ 6C9C05D5344B9AB80E9180FC859BC45A ] C:\Windows\SysWOW64\devobj.dll
21:11:35.0410 2580 C:\Windows\SysWOW64\devobj.dll - ok
21:11:35.0410 2580 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
21:11:35.0410 2580 C:\Windows\SysWOW64\uxtheme.dll - ok
21:11:35.0426 2580 [ 26A634B2E0FD87F23541AD13A503CA72 ] C:\Windows\SysWOW64\winmm.dll
21:11:35.0426 2580 C:\Windows\SysWOW64\winmm.dll - ok
21:11:35.0426 2580 [ 61E02CC3184B63FAFE0B83EAC8B3B8EF ] C:\Windows\SysWOW64\winspool.drv
21:11:35.0426 2580 C:\Windows\SysWOW64\winspool.drv - ok
21:11:35.0426 2580 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
21:11:35.0426 2580 C:\Windows\SysWOW64\dwmapi.dll - ok
21:11:35.0426 2580 [ 44683B4BD0700934A62AA445C20E3C55 ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstres.dll
21:11:35.0426 2580 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstres.dll - ok
21:11:35.0426 2580 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
21:11:35.0426 2580 C:\Windows\System32\aeevts.dll - ok
21:11:35.0426 2580 [ 70708CB0E18C4602A53E7287BB4FB23A ] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvwl.dll
21:11:35.0426 2580 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvwl.dll - ok
21:11:35.0426 2580 [ 3C1284516A62078FB68F768DE4F1A7BE ] C:\Windows\System32\sysmain.dll
21:11:35.0426 2580 C:\Windows\System32\sysmain.dll - ok
21:11:35.0441 2580 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] C:\Windows\System32\wiaservc.dll
21:11:35.0441 2580 C:\Windows\System32\wiaservc.dll - ok
21:11:35.0441 2580 [ 884264AC597B690C5707C89723BB8E7B ] C:\Windows\System32\tapisrv.dll
21:11:35.0441 2580 C:\Windows\System32\tapisrv.dll - ok
21:11:35.0441 2580 [ 76D078AF6F587B162D50210F761EB9ED ] C:\Windows\System32\drivers\tcpipreg.sys
21:11:35.0441 2580 C:\Windows\System32\drivers\tcpipreg.sys - ok
21:11:35.0441 2580 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
21:11:35.0441 2580 C:\Windows\System32\wiatrace.dll - ok
21:11:35.0441 2580 [ E5AC1CC5378C37D2E6C7AAA6F4922A4E ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
21:11:35.0441 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe - ok
21:11:35.0441 2580 [ 77834C4EF6876D69A56E754C666F3D26 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportUtil_x64.dll
21:11:35.0441 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportUtil_x64.dll - ok
21:11:35.0457 2580 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
21:11:35.0457 2580 C:\Windows\System32\wbem\WMIsvc.dll - ok
21:11:35.0457 2580 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
21:11:35.0457 2580 C:\Windows\System32\trkwks.dll - ok
21:11:35.0457 2580 [ FAF9BA81FB0543CB4B7EFFD24CFA815F ] C:\Windows\System32\wbemcomn.dll
21:11:35.0457 2580 C:\Windows\System32\wbemcomn.dll - ok
21:11:35.0457 2580 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
21:11:35.0457 2580 C:\Windows\System32\wbem\WinMgmtR.dll - ok
21:11:35.0457 2580 [ A7582A70802D5B9F28ED3940F6A3E9ED ] C:\Windows\System32\wbem\WmiDcPrv.dll
21:11:35.0457 2580 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
21:11:35.0457 2580 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
21:11:35.0457 2580 C:\Windows\System32\wbem\fastprox.dll - ok
21:11:35.0457 2580 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
21:11:35.0457 2580 C:\Windows\System32\uDWM.dll - ok
21:11:35.0472 2580 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
21:11:35.0472 2580 C:\Windows\System32\ntdsapi.dll - ok
21:11:35.0472 2580 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
21:11:35.0472 2580 C:\Windows\System32\wbem\wbemprox.dll - ok
21:11:35.0472 2580 [ 3B9665D4B8C587A6014B9B8DFF5974A0 ] C:\Windows\System32\wbem\wbemcore.dll
21:11:35.0472 2580 C:\Windows\System32\wbem\wbemcore.dll - ok
21:11:35.0472 2580 [ 4D89F6191DB56CFA659388378F3DD688 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\msvcr80.dll
21:11:35.0472 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\msvcr80.dll - ok
21:11:35.0472 2580 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
21:11:35.0472 2580 C:\Windows\System32\wbem\esscli.dll - ok
21:11:35.0472 2580 [ C332DB81197E6E5D4A67D3789DBEB02A ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\msvcp80.dll
21:11:35.0472 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\msvcp80.dll - ok
21:11:35.0488 2580 [ 98F138897EF4246381D197CB81846D62 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:11:35.0488 2580 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
21:11:35.0488 2580 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
21:11:35.0488 2580 C:\Windows\System32\wbem\wbemsvc.dll - ok
21:11:35.0488 2580 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
21:11:35.0488 2580 C:\Windows\System32\wbem\wmiutils.dll - ok
21:11:35.0488 2580 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
21:11:35.0488 2580 C:\Windows\System32\wbem\repdrvfs.dll - ok
21:11:35.0488 2580 [ AC0E465A91BE7ADC6713ED96A20F70D3 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKoan.dll
21:11:35.0488 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKoan.dll - ok
21:11:35.0488 2580 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\Program Files (x86)\Trusteer\Rapport\bin\atl80.dll
21:11:35.0488 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\atl80.dll - ok
21:11:35.0488 2580 [ 79C7CFAEA6879A8C1A1E8B5FFE8983AA ] C:\Windows\SysWOW64\dbghelp.dll
21:11:35.0488 2580 C:\Windows\SysWOW64\dbghelp.dll - ok
21:11:35.0504 2580 [ 158117F3CF278F01C6F24E89E2141E81 ] C:\Windows\SysWOW64\FWPUCLNT.DLL
21:11:35.0504 2580 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
21:11:35.0504 2580 [ 427CA7B04BB736B8C316F6A77AE53E1B ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan3.dll
21:11:35.0504 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan3.dll - ok
21:11:35.0504 2580 [ 11CDF138552BFEC115B60ED6DC3ACEB6 ] C:\Windows\SysWOW64\devrtl.dll
21:11:35.0504 2580 C:\Windows\SysWOW64\devrtl.dll - ok
21:11:35.0504 2580 [ 16AA294947C12F5B6D814F009622C581 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\bc4eb71543857d07a7401eab3a93d412\System.Management.ni.dll
21:11:35.0504 2580 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\bc4eb71543857d07a7401eab3a93d412\System.Management.ni.dll - ok
21:11:35.0504 2580 [ 4F36622EB39FCD56F6948D1015DEDCB8 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan35.dll
21:11:35.0504 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan35.dll - ok
21:11:35.0504 2580 [ D4FCD2BD4B09CD3568BDA48C939211A3 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan36.dll
21:11:35.0504 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan36.dll - ok
21:11:35.0519 2580 [ DEEDAB3B3F1395AFE9067F930E26BA13 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan4.dll
21:11:35.0519 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan4.dll - ok
21:11:35.0519 2580 [ BF574123981FA82C8AAA08B282640C4C ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan5.dll
21:11:35.0519 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan5.dll - ok
21:11:35.0519 2580 [ A9254BD52DE9DBA0B2B41536D09B4064 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan6.dll
21:11:35.0519 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan6.dll - ok
21:11:35.0519 2580 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
21:11:35.0519 2580 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
21:11:35.0519 2580 [ 6C08967F4502F7041CB2242FBF33D510 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan7.dll
21:11:35.0519 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan7.dll - ok
21:11:35.0519 2580 [ CB8929900D2F9377D5EA84465C8607CF ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan8.dll
21:11:35.0519 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan8.dll - ok
21:11:35.0535 2580 [ 49B43D68855C9769FBE54275B6EC1EC0 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan9.dll
21:11:35.0535 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan9.dll - ok
21:11:35.0535 2580 [ A4254E4DFA1CD6AD98CC3F38A4B4D575 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan10.dll
21:11:35.0535 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan10.dll - ok
21:11:35.0535 2580 [ D1F40F9BC7B073E41EE3FC20AA97A995 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan11.dll
21:11:35.0535 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan11.dll - ok
21:11:35.0535 2580 [ E9BADD209616E7A4EE3FE1E60455710B ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan12.dll
21:11:35.0535 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan12.dll - ok
21:11:35.0535 2580 [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\SysWOW64\SPInf.dll
21:11:35.0535 2580 C:\Windows\SysWOW64\SPInf.dll - ok
21:11:35.0535 2580 [ B1A16E6C1000A8F9DB60676CCDF5F7C2 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan13.dll
21:11:35.0535 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan13.dll - ok
21:11:35.0535 2580 [ 78788C4281C193D8B5572B7EED5FA7B7 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan14.dll
21:11:35.0535 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan14.dll - ok
21:11:35.0550 2580 [ 7CB894A7618BF374F8CC4E58DC220E8E ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan15.dll
21:11:35.0550 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan15.dll - ok
21:11:35.0550 2580 [ F6FFF810A7DFD6517738E12F49686638 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan16.dll
21:11:35.0550 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportTanzan16.dll - ok
21:11:35.0550 2580 [ ADC30166FB29034F28AC13F2F078D115 ] C:\Program Files (x86)\Trusteer\Rapport\bin\RapportNikko.dll
21:11:35.0550 2580 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportNikko.dll - ok
21:11:35.0550 2580 [ BFEB59D2C6A56F0C13BFA40CDF4B8668 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\17bf0932e5c6cb8ba59046456f13328d\System.Runtime.Remoting.ni.dll
21:11:35.0550 2580 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\17bf0932e5c6cb8ba59046456f13328d\System.Runtime.Remoting.ni.dll - ok
21:11:35.0550 2580 [ 11A41F17527ED75D6B758FDD7F4FD00D ] C:\Windows\SysWOW64\mswsock.dll
21:11:35.0550 2580 C:\Windows\SysWOW64\mswsock.dll - ok
21:11:35.0550 2580 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
21:11:35.0550 2580 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
21:11:35.0566 2580 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
21:11:35.0566 2580 C:\Windows\SysWOW64\wship6.dll - ok
21:11:35.0566 2580 [ 8541447303958819ADB46B557ADD3750 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\dcadcfb938ccdd3f70859fdcdd329ec5\System.Configuration.ni.dll
21:11:35.0566 2580 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\dcadcfb938ccdd3f70859fdcdd329ec5\System.Configuration.ni.dll - ok
21:11:35.0566 2580 [ 045DB4EAB4FBD23210E85ECC3F464A2E ] C:\Windows\SysWOW64\nlaapi.dll
21:11:35.0566 2580 C:\Windows\SysWOW64\nlaapi.dll - ok
21:11:35.0566 2580 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
21:11:35.0566 2580 C:\Windows\SysWOW64\winrnr.dll - ok
21:11:35.0566 2580 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
21:11:35.0566 2580 C:\Windows\System32\winrnr.dll - ok
21:11:35.0566 2580 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
21:11:35.0566 2580 C:\Windows\SysWOW64\NapiNSP.dll - ok
21:11:35.0582 2580 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
21:11:35.0582 2580 C:\Windows\System32\NapiNSP.dll - ok
21:11:35.0582 2580 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
21:11:35.0582 2580 C:\Windows\SysWOW64\pnrpnsp.dll - ok
21:11:35.0582 2580 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
21:11:35.0582 2580 C:\Windows\System32\pnrpnsp.dll - ok
21:11:35.0582 2580 [ 3A2BB97D54A2189C9900A735C0531B59 ] C:\Windows\SysWOW64\wshbth.dll
21:11:35.0582 2580 C:\Windows\SysWOW64\wshbth.dll - ok
21:11:35.0582 2580 [ E3E2E9A96E6BA95D0CF0F026C7B18654 ] C:\Windows\System32\wshbth.dll
21:11:35.0582 2580 C:\Windows\System32\wshbth.dll - ok
21:11:35.0582 2580 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
21:11:35.0582 2580 C:\Windows\SysWOW64\rasadhlp.dll - ok
21:11:35.0582 2580 [ 374B26395852A9092BDE2E4C8D4D0C8D ] C:\Windows\SysWOW64\wscapi.dll
21:11:35.0582 2580 C:\Windows\SysWOW64\wscapi.dll - ok
21:11:35.0597 2580 [ C5413BC4F10CEB4C3070BBF04D324117 ] C:\Windows\SysWOW64\msisip.dll
21:11:35.0597 2580 C:\Windows\SysWOW64\msisip.dll - ok
21:11:35.0597 2580 [ EF4248D28C2940AE6D46470AC2479A4F ] C:\Windows\System32\msisip.dll
21:11:35.0597 2580 C:\Windows\System32\msisip.dll - ok
21:11:35.0597 2580 [ E8F6851E4600CD3674422487EE240941 ] C:\Windows\SysWOW64\wshext.dll
21:11:35.0597 2580 C:\Windows\SysWOW64\wshext.dll - ok
21:11:35.0597 2580 [ BA0ED7AA3C36A8DA27DED1D6B3508158 ] C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
21:11:35.0597 2580 C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - ok
21:11:35.0597 2580 [ 0BA3F31E2B4D8D99DF8DD19E81155374 ] C:\Windows\SysWOW64\ieframe.dll
21:11:35.0597 2580 C:\Windows\SysWOW64\ieframe.dll - ok
21:11:35.0597 2580 [ 82BC97E5793DEF69691AAD5AB953A200 ] C:\Windows\System32\wbem\WmiPrvSD.dll
21:11:35.0597 2580 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
21:11:35.0613 2580 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
21:11:35.0613 2580 C:\Windows\System32\SensApi.dll - ok
21:11:35.0613 2580 [ DBDD79684A3FBB9F3227BFA41C7068AF ] C:\Users\Trudy\AppData\Local\dealcabby\ie\dealcabby_20121009095001.dll
21:11:35.0613 2580 C:\Users\Trudy\AppData\Local\dealcabby\ie\dealcabby_20121009095001.dll - ok
21:11:35.0613 2580 [ D46ED7D33E847CD9E78E9F02910536B5 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
21:11:35.0613 2580 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll - ok
21:11:35.0613 2580 [ 344F1DCA40AF0304619D32F9569427DC ] C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
21:11:35.0613 2580 C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll - ok
21:11:35.0613 2580 [ DC365B6E595683F67BC21A203432E336 ] C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
21:11:35.0613 2580 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll - ok
21:11:35.0613 2580 [ 57B736E990BA15568FAFAE9262C0AE6B ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
21:11:35.0613 2580 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
21:11:35.0613 2580 [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\SysWOW64\ncobjapi.dll
21:11:35.0613 2580 C:\Windows\SysWOW64\ncobjapi.dll - ok
21:11:35.0628 2580 [ 6E74D0AE00231D87CD213CD7BDC27E37 ] C:\Windows\System32\wshext.dll
21:11:35.0628 2580 C:\Windows\System32\wshext.dll - ok
21:11:35.0628 2580 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
21:11:35.0628 2580 C:\Windows\System32\ncobjapi.dll - ok
21:11:35.0628 2580 [ 742AA02BD9FA3492C9E525BBD427D87D ] C:\Windows\SysWOW64\samcli.dll
21:11:35.0628 2580 C:\Windows\SysWOW64\samcli.dll - ok
21:11:35.0628 2580 [ CC9BBCFC715FBEDF7AE476106FE653E9 ] C:\Windows\SysWOW64\winhttp.dll
21:11:35.0628 2580 C:\Windows\SysWOW64\winhttp.dll - ok
21:11:35.0628 2580 [ B6E671C5245A1B1435B999035F2F9C33 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
21:11:35.0628 2580 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - ok
21:11:35.0628 2580 [ 2875B386B45B8A77E2343C5E129AE50C ] C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll
21:11:35.0628 2580 C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll - ok
21:11:35.0644 2580 [ 1908FFADF1D45F0EEB0FFA541B677AEB ] C:\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll
21:11:35.0644 2580 C:\Windows\System32\WindowsPowerShell\v1.0\pwrshsip.dll - ok
21:11:35.0644 2580 [ A86A1C5DF1C662D1C75815BF4794F16D ] C:\Windows\SysWOW64\webio.dll
21:11:35.0644 2580 C:\Windows\SysWOW64\webio.dll - ok
21:11:35.0644 2580 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
21:11:35.0644 2580 C:\Windows\SysWOW64\ntdsapi.dll - ok
21:11:35.0644 2580 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
21:11:35.0644 2580 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
21:11:35.0644 2580 [ 96F3F676B4D0DF4DA9C4081358C4662F ] C:\Windows\SysWOW64\wbemcomn.dll
21:11:35.0644 2580 C:\Windows\SysWOW64\wbemcomn.dll - ok
21:11:35.0644 2580 [ 2D62FF2B999A0A38E6438691C246481F ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
21:11:35.0644 2580 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
21:11:35.0644 2580 [ A1CF0ED4315C7EBFF0B8E86C36B86FE6 ] C:\ProgramData\Microsoft\IdentityCRL\production\wlidui.dll
21:11:35.0644 2580 C:\ProgramData\Microsoft\IdentityCRL\production\wlidui.dll - ok
21:11:35.0660 2580 [ 00D1F89836927C0F2E37321E6B441FCE ] C:\Windows\SysWOW64\msxml3.dll
21:11:35.0660 2580 C:\Windows\SysWOW64\msxml3.dll - ok
21:11:35.0660 2580 [ CE07AF86AA72F4AE964239DE0DABE738 ] C:\Windows\System32\msxml3.dll
21:11:35.0660 2580 C:\Windows\System32\msxml3.dll - ok
21:11:35.0660 2580 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
21:11:35.0660 2580 C:\Windows\SysWOW64\bcrypt.dll - ok
21:11:35.0660 2580 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
21:11:35.0660 2580 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
21:11:35.0660 2580 [ 26EAEE08CAF82AA7F03C5020F51DA541 ] C:\Windows\SysWOW64\propsys.dll
21:11:35.0660 2580 C:\Windows\SysWOW64\propsys.dll - ok
21:11:35.0660 2580 [ B6C4063297C7D07CD0532BDC3350436C ] C:\Windows\SysWOW64\actxprxy.dll
21:11:35.0660 2580 C:\Windows\SysWOW64\actxprxy.dll - ok
21:11:35.0660 2580 [ 4D7DFDCE8198221DEE8C50ABA2756A95 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{793BE632-8822-4EFF-ADF0-A1AF9D3F85A6}\offreg.dll
21:11:35.0675 2580 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{793BE632-8822-4EFF-ADF0-A1AF9D3F85A6}\offreg.dll - ok
21:11:35.0675 2580 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
21:11:35.0675 2580 C:\Windows\System32\wbem\wbemess.dll - ok
21:11:35.0675 2580 [ F8E058D17363EC580E4B7232778B6CB5 ] C:\Windows\System32\iphlpsvc.dll
21:11:35.0675 2580 C:\Windows\System32\iphlpsvc.dll - ok
21:11:35.0675 2580 [ 6AC23D88F560593F5138F54C751A9979 ] C:\Windows\SysWOW64\sqmapi.dll
21:11:35.0675 2580 C:\Windows\SysWOW64\sqmapi.dll - ok
21:11:35.0675 2580 [ 48A6CA43A5C921C465F70D9B42B3EF1A ] C:\Windows\System32\sqmapi.dll
21:11:35.0675 2580 C:\Windows\System32\sqmapi.dll - ok
21:11:35.0675 2580 [ 36F0BAA49BD0EBB5E8DBDED3EC75806C ] C:\Windows\SysWOW64\wdscore.dll
21:11:35.0675 2580 C:\Windows\SysWOW64\wdscore.dll - ok
21:11:35.0675 2580 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
21:11:35.0675 2580 C:\Windows\System32\wdscore.dll - ok
21:11:35.0691 2580 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
21:11:35.0691 2580 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
21:11:35.0691 2580 [ 47394ED3D16D053F5906EFE5AB51CC83 ] C:\Windows\System32\rasmans.dll
21:11:35.0691 2580 C:\Windows\System32\rasmans.dll - ok
21:11:35.0691 2580 [ 1CEDFE91F527858CACA1B08B04666BC0 ] C:\Windows\SysWOW64\wbem\fastprox.dll
21:11:35.0691 2580 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
21:11:35.0691 2580 [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\SysWOW64\eappprxy.dll
21:11:35.0691 2580 C:\Windows\SysWOW64\eappprxy.dll - ok
21:11:35.0691 2580 [ B5C452BAF3A3914EF87628252EA12FEB ] C:\Windows\SysWOW64\rastapi.dll
21:11:35.0691 2580 C:\Windows\SysWOW64\rastapi.dll - ok
21:11:35.0691 2580 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
21:11:35.0691 2580 C:\Windows\System32\rastapi.dll - ok
21:11:35.0691 2580 [ BA32509D9B340162327B341013DE6522 ] C:\Windows\SysWOW64\tapi32.dll
21:11:35.0691 2580 C:\Windows\SysWOW64\tapi32.dll - ok
21:11:35.0706 2580 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
21:11:35.0706 2580 C:\Windows\System32\tapi32.dll - ok
21:11:35.0706 2580 [ C5B5CCDBF8ED1475240313ED88234E3F ] C:\Windows\SysWOW64\netcfgx.dll
21:11:35.0706 2580 C:\Windows\SysWOW64\netcfgx.dll - ok
21:11:35.0706 2580 [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\SysWOW64\hnetcfg.dll
21:11:35.0706 2580 C:\Windows\SysWOW64\hnetcfg.dll - ok
21:11:35.0706 2580 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
21:11:35.0706 2580 C:\Windows\System32\hnetcfg.dll - ok
21:11:35.0706 2580 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\SysWOW64\wbem\wmiutils.dll
21:11:35.0706 2580 C:\Windows\SysWOW64\wbem\wmiutils.dll - ok
21:11:35.0706 2580 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
21:11:35.0706 2580 C:\Windows\SysWOW64\netprofm.dll - ok
21:11:35.0722 2580 [ F45330F0364BC8223EF835EA5E3EBB8E ] C:\Windows\SysWOW64\unimdm.tsp
21:11:35.0722 2580 C:\Windows\SysWOW64\unimdm.tsp - ok
21:11:35.0722 2580 [ EE25B470C39126B08055A7CB71A67A58 ] C:\Windows\System32\unimdm.tsp
21:11:35.0722 2580 C:\Windows\System32\unimdm.tsp - ok
21:11:35.0722 2580 [ 5F610783FBF01F9885D80A1DB1A2F220 ] C:\Windows\SysWOW64\nci.dll
21:11:35.0722 2580 C:\Windows\SysWOW64\nci.dll - ok
21:11:35.0722 2580 [ 6E03C9E362389A768E6C240933352D11 ] C:\Windows\System32\nci.dll
21:11:35.0722 2580 C:\Windows\System32\nci.dll - ok
21:11:35.0722 2580 [ E675DE8CF57D8814218733B3DAE896D7 ] C:\Windows\SysWOW64\uniplat.dll
21:11:35.0722 2580 C:\Windows\SysWOW64\uniplat.dll - ok
21:11:35.0722 2580 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
21:11:35.0722 2580 C:\Windows\System32\uniplat.dll - ok
21:11:35.0722 2580 [ F3FB146CDBDD26FCD0CF7941C547BEE4 ] C:\Windows\SysWOW64\kmddsp.tsp
21:11:35.0722 2580 C:\Windows\SysWOW64\kmddsp.tsp - ok
21:11:35.0738 2580 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
21:11:35.0738 2580 C:\Windows\System32\kmddsp.tsp - ok
21:11:35.0738 2580 [ AA11A26692E0DB2996CAEFE9EC61F61F ] C:\Windows\SysWOW64\ndptsp.tsp
21:11:35.0738 2580 C:\Windows\SysWOW64\ndptsp.tsp - ok
21:11:35.0738 2580 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
21:11:35.0738 2580 C:\Windows\System32\ndptsp.tsp - ok
21:11:35.0738 2580 [ E2F6CC0D191361EE94FEA3957653F531 ] C:\Windows\SysWOW64\hidphone.tsp
21:11:35.0738 2580 C:\Windows\SysWOW64\hidphone.tsp - ok
21:11:35.0738 2580 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
21:11:35.0738 2580 C:\Windows\System32\hidphone.tsp - ok
21:11:35.0738 2580 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\SysWOW64\hid.dll
21:11:35.0738 2580 C:\Windows\SysWOW64\hid.dll - ok
21:11:35.0738 2580 [ 98963BD29723A373009B017E87BE9CE8 ] C:\Windows\SysWOW64\rasppp.dll
21:11:35.0738 2580 C:\Windows\SysWOW64\rasppp.dll - ok
21:11:35.0753 2580 [ DF627325D25191236BABA895D5A51EF6 ] C:\Windows\System32\rasppp.dll
21:11:35.0753 2580 C:\Windows\System32\rasppp.dll - ok
21:11:35.0753 2580 [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\SysWOW64\eappcfg.dll
21:11:35.0753 2580 C:\Windows\SysWOW64\eappcfg.dll - ok
21:11:35.0753 2580 [ E3DA135D4DD0D34512D4FEBCB6ED760E ] C:\Windows\System32\vpnike.dll
21:11:35.0753 2580 C:\Windows\System32\vpnike.dll - ok
21:11:35.0753 2580 [ 056B0E466AD1C99D9892F9C7DD4A8449 ] C:\Windows\SysWOW64\kerberos.dll
21:11:35.0753 2580 C:\Windows\SysWOW64\kerberos.dll - ok
21:11:35.0753 2580 [ 75DD1448B57D1F9382A8B59ED8E3790B ] C:\Windows\SysWOW64\raschap.dll
21:11:35.0753 2580 C:\Windows\SysWOW64\raschap.dll - ok
21:11:35.0753 2580 [ 1482CC99F7E2DA2FECF59C6A774FED0A ] C:\Windows\System32\raschap.dll
21:11:35.0753 2580 C:\Windows\System32\raschap.dll - ok
21:11:35.0753 2580 [ 702A13ED6F2B4740FA77A7A19B382348 ] C:\Windows\SysWOW64\credui.dll
21:11:35.0753 2580 C:\Windows\SysWOW64\credui.dll - ok
21:11:35.0769 2580 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
21:11:35.0769 2580 C:\Windows\System32\ipnathlp.dll - ok
21:11:35.0769 2580 [ E8D0FA821AAA7DF5EE42E1AA4D7E4193 ] C:\Windows\SysWOW64\mprapi.dll
21:11:35.0769 2580 C:\Windows\SysWOW64\mprapi.dll - ok
21:11:35.0769 2580 [ 114429A77D935053E13A9BF98A8B8CA1 ] C:\Windows\System32\mprapi.dll
21:11:35.0769 2580 C:\Windows\System32\mprapi.dll - ok
21:11:35.0769 2580 [ F7611E0F05B4EB272102CA9883CA98A7 ] C:\Windows\SysWOW64\netshell.dll
21:11:35.0769 2580 C:\Windows\SysWOW64\netshell.dll - ok
21:11:35.0769 2580 [ 66920354B984D4A3848A84B4E66745EA ] C:\Windows\System32\netshell.dll
21:11:35.0769 2580 C:\Windows\System32\netshell.dll - ok
21:11:35.0769 2580 [ D065BE66822847B7F127D1F90158376E ] C:\Windows\System32\appinfo.dll
21:11:35.0769 2580 C:\Windows\System32\appinfo.dll - ok
21:11:35.0784 2580 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
21:11:35.0784 2580 C:\Windows\System32\npmproxy.dll - ok
21:11:35.0784 2580 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
21:11:35.0784 2580 C:\Windows\SysWOW64\npmproxy.dll - ok
21:11:35.0784 2580 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
21:11:35.0784 2580 C:\Windows\SysWOW64\gpapi.dll - ok
21:11:35.0784 2580 [ 79E80B10FE8F6662E0C9162A68C43444 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
21:11:35.0784 2580 C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
21:11:35.0784 2580 [ 132045285DCC8654C14F1CFB4A8DCDA1 ] C:\Program Files\Microsoft Security Client\NisLog.dll
21:11:35.0784 2580 C:\Program Files\Microsoft Security Client\NisLog.dll - ok
21:11:35.0784 2580 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] C:\Windows\SysWOW64\hidserv.dll
21:11:35.0784 2580 C:\Windows\SysWOW64\hidserv.dll - ok
21:11:35.0784 2580 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
21:11:35.0784 2580 C:\Windows\System32\hidserv.dll - ok
21:11:35.0800 2580 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] C:\Windows\SysWOW64\wdi.dll
21:11:35.0800 2580 C:\Windows\SysWOW64\wdi.dll - ok
21:11:35.0800 2580 [ D32EE82DA63D39D337D5AEEA2928B1DE ] C:\Windows\System32\consent.exe
21:11:35.0800 2580 C:\Windows\System32\consent.exe - ok
21:11:35.0800 2580 [ 203C3380A744CA5B9B1A9CAEB57F7D57 ] C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
21:11:35.0800 2580 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe - ok
21:11:35.0800 2580 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
21:11:35.0800 2580 C:\Windows\System32\wdi.dll - ok
21:11:35.0800 2580 [ 2E57DDF2880A7E52E76F41C7E96D327B ] C:\Windows\System32\wpdbusenum.dll
21:11:35.0800 2580 C:\Windows\System32\wpdbusenum.dll - ok
21:11:35.0800 2580 [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\SysWOW64\dllhost.exe
21:11:35.0800 2580 C:\Windows\SysWOW64\dllhost.exe - ok
21:11:35.0816 2580 [ 64D757051B5B273E55C93E4503EA4F3E ] C:\Windows\System32\wbem\WmiPrvSE.exe
21:11:35.0816 2580 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
21:11:35.0816 2580 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
21:11:35.0816 2580 C:\Windows\System32\perftrack.dll - ok
21:11:35.0816 2580 [ 36060A75D9EDB1AEF0825988C7DD8511 ] C:\Windows\SysWOW64\PortableDeviceApi.dll
21:11:35.0816 2580 C:\Windows\SysWOW64\PortableDeviceApi.dll - ok
21:11:35.0816 2580 [ D891293880F2F00AB7BA959910300EF7 ] C:\Windows\System32\diagperf.dll
21:11:35.0816 2580 C:\Windows\System32\diagperf.dll - ok
21:11:35.0816 2580 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
21:11:35.0816 2580 C:\Windows\System32\pnpts.dll - ok
21:11:35.0816 2580 [ 5DA7D8934F7AB0884A6A8FC02E8B2AA7 ] C:\Windows\System32\PortableDeviceApi.dll
21:11:35.0816 2580 C:\Windows\System32\PortableDeviceApi.dll - ok
21:11:35.0816 2580 [ F7FE730CE31B54145DEE1F1482BCCDD7 ] C:\Windows\SysWOW64\ndiscapCfg.dll
21:11:35.0816 2580 C:\Windows\SysWOW64\ndiscapCfg.dll - ok
21:11:35.0831 2580 [ 2F03490092C032392FB6FF635222B9B2 ] C:\Windows\SysWOW64\apisetschema.dll
21:11:35.0831 2580 C:\Windows\SysWOW64\apisetschema.dll - ok
21:11:35.0831 2580 [ 8019A904EBB6F8CFBA9E41A76A99604A ] C:\Windows\SysWOW64\wer.dll
21:11:35.0831 2580 C:\Windows\SysWOW64\wer.dll - ok
21:11:35.0831 2580 [ 65AF044B5570D355124DCD1E099AA98F ] C:\Windows\System32\wdiasqmmodule.dll
21:11:35.0831 2580 C:\Windows\System32\wdiasqmmodule.dll - ok
21:11:35.0831 2580 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
21:11:35.0831 2580 C:\Windows\System32\ndiscapCfg.dll - ok
21:11:35.0831 2580 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
21:11:35.0831 2580 C:\Windows\System32\wer.dll - ok
21:11:35.0831 2580 [ 761A3A4038C1FD4F5795427907C28484 ] C:\Windows\SysWOW64\rascfg.dll
21:11:35.0831 2580 C:\Windows\SysWOW64\rascfg.dll - ok
21:11:35.0847 2580 [ 7FFD52D73352806969D424EF327D10A7 ] C:\Windows\SysWOW64\radardt.dll
21:11:35.0847 2580 C:\Windows\SysWOW64\radardt.dll - ok
21:11:35.0847 2580 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
21:11:35.0847 2580 C:\Windows\System32\rascfg.dll - ok
21:11:35.0847 2580 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
21:11:35.0847 2580 C:\Windows\System32\radardt.dll - ok
21:11:35.0847 2580 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
21:11:35.0847 2580 C:\Windows\System32\wbem\NCProv.dll - ok
21:11:35.0847 2580 [ F24F083224944042B1F3CF5B7A1BA1EE ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3DC3869-F89A-4394-9AB3-67645472D7F0}\gapaengine.dll
21:11:35.0847 2580 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3DC3869-F89A-4394-9AB3-67645472D7F0}\gapaengine.dll - ok
21:11:35.0847 2580 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
21:11:35.0847 2580 C:\Windows\SysWOW64\msimg32.dll - ok
21:11:35.0847 2580 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
21:11:35.0847 2580 C:\Windows\SysWOW64\sfc.dll - ok
21:11:35.0862 2580 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
21:11:35.0862 2580 C:\Windows\SysWOW64\sfc_os.dll - ok
21:11:35.0862 2580 [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\SysWOW64\wmsgapi.dll
21:11:35.0862 2580 C:\Windows\SysWOW64\wmsgapi.dll - ok
21:11:35.0862 2580 [ 9A7B54D57594233EEB17892BAD309970 ] C:\Windows\SysWOW64\mprmsg.dll
21:11:35.0862 2580 C:\Windows\SysWOW64\mprmsg.dll - ok
21:11:35.0862 2580 [ D99621C0735B21DCC8BC4FEF02F379EF ] C:\Windows\SysWOW64\Apphlpdm.dll
21:11:35.0862 2580 C:\Windows\SysWOW64\Apphlpdm.dll - ok
21:11:35.0862 2580 [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
21:11:35.0862 2580 C:\Windows\System32\mprmsg.dll - ok
21:11:35.0862 2580 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
21:11:35.0862 2580 C:\Windows\System32\Apphlpdm.dll - ok
21:11:35.0878 2580 [ D6415224AD96840153E283A0268DE384 ] C:\Windows\SysWOW64\shacct.dll
21:11:35.0878 2580 C:\Windows\SysWOW64\shacct.dll - ok
21:11:35.0878 2580 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
21:11:35.0878 2580 C:\Windows\SysWOW64\atl.dll - ok
21:11:35.0878 2580 [ A6AB92DEBE2D8F08D3452D09FBAF73AE ] C:\Windows\SysWOW64\tcpipcfg.dll
21:11:35.0878 2580 C:\Windows\SysWOW64\tcpipcfg.dll - ok
21:11:35.0878 2580 [ BB3A49A23E53107D692F0D736473CEFE ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3DC3869-F89A-4394-9AB3-67645472D7F0}\nisfull.vdm
21:11:35.0878 2580 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3DC3869-F89A-4394-9AB3-67645472D7F0}\nisfull.vdm - ok
21:11:35.0878 2580 [ C693E642ACFBDD76433AF6BE3C3EEE6F ] C:\Windows\SysWOW64\PortableDeviceConnectApi.dll
21:11:35.0878 2580 C:\Windows\SysWOW64\PortableDeviceConnectApi.dll - ok
21:11:35.0894 2580 [ 0B31464B7B2D616BD5F7036673588EC1 ] C:\Windows\SysWOW64\IDStore.dll
21:11:35.0894 2580 C:\Windows\SysWOW64\IDStore.dll - ok
21:11:35.0894 2580 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
21:11:35.0894 2580 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
21:11:35.0894 2580 [ 52FFC8A7AA3EABC2602195CF14E9B80C ] C:\Windows\SysWOW64\RacEngn.dll
21:11:35.0894 2580 C:\Windows\SysWOW64\RacEngn.dll - ok
21:11:35.0894 2580 [ B43687C534A49700BF4B3C9898763752 ] C:\Windows\SysWOW64\MsCtfMonitor.dll
21:11:35.0894 2580 C:\Windows\SysWOW64\MsCtfMonitor.dll - ok
21:11:35.0894 2580 [ DEF30CBEA881149C2AFFDF9A059FB759 ] C:\Windows\SysWOW64\cabinet.dll
21:11:35.0894 2580 C:\Windows\SysWOW64\cabinet.dll - ok
21:11:35.0894 2580 [ 3989BB6998C32753FDD5493879C1835A ] C:\Windows\SysWOW64\ncrypt.dll
21:11:35.0894 2580 C:\Windows\SysWOW64\ncrypt.dll - ok
21:11:35.0894 2580 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\SysWOW64\wevtapi.dll
21:11:35.0894 2580 C:\Windows\SysWOW64\wevtapi.dll - ok
21:11:35.0909 2580 [ 415132079EAF93D6E90D9CA1B641F068 ] C:\Windows\SysWOW64\msutb.dll
21:11:35.0909 2580 C:\Windows\SysWOW64\msutb.dll - ok
21:11:35.0909 2580 [ 1B0EC94520CAB89A9CE1B2DA405166AF ] C:\Windows\SysWOW64\p2pcollab.dll
21:11:35.0909 2580 C:\Windows\SysWOW64\p2pcollab.dll - ok
21:11:35.0909 2580 [ 17F9F7ECF75616D7C165047DE54002C2 ] C:\Windows\SysWOW64\en-US\crypt32.dll.mui
21:11:35.0909 2580 C:\Windows\SysWOW64\en-US\crypt32.dll.mui - ok
21:11:35.0909 2580 [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\SysWOW64\dsrole.dll
21:11:35.0909 2580 C:\Windows\SysWOW64\dsrole.dll - ok
21:11:35.0909 2580 [ B6C756FA661C5EB7B3547E60647F87A7 ] C:\Windows\SysWOW64\sqlceoledb30.dll
21:11:35.0909 2580 C:\Windows\SysWOW64\sqlceoledb30.dll - ok
21:11:35.0909 2580 [ 97CCB4D737B426B200E5EF90C877DF32 ] C:\Windows\SysWOW64\imagehlp.dll
21:11:35.0909 2580 C:\Windows\SysWOW64\imagehlp.dll - ok
21:11:35.0909 2580 [ D7ECD7E3D9E2AD7635BE244916C272BF ] C:\Windows\SysWOW64\sqlcese30.dll
21:11:35.0909 2580 C:\Windows\SysWOW64\sqlcese30.dll - ok
21:11:35.0925 2580 [ 426701A2483D01948084AEB6C6664B09 ] C:\Program Files\Microsoft Security Client\MpCommu.dll
21:11:35.0925 2580 C:\Program Files\Microsoft Security Client\MpCommu.dll - ok
21:11:35.0925 2580 [ 60236C8C3B8C2D8B9A59326890533EB8 ] C:\Windows\SysWOW64\sqlceqp30.dll
21:11:35.0925 2580 C:\Windows\SysWOW64\sqlceqp30.dll - ok
21:11:35.0925 2580 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
21:11:35.0925 2580 C:\Windows\SysWOW64\imageres.dll - ok
21:11:35.0925 2580 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
21:11:35.0925 2580 C:\Windows\SysWOW64\powrprof.dll - ok
21:11:35.0925 2580 [ 62D6C0C69ADFB00C3EB9A0CC81F39EE6 ] C:\Windows\SysWOW64\WinSATAPI.dll
21:11:35.0925 2580 C:\Windows\SysWOW64\WinSATAPI.dll - ok
21:11:35.0925 2580 [ DD76301614636306414EFA94A9AC5A03 ] C:\Windows\SysWOW64\dxgi.dll
21:11:35.0925 2580 C:\Windows\SysWOW64\dxgi.dll - ok
21:11:35.0940 2580 [ 4DBC81CEFE9DB36856880BFB3491C100 ] C:\Windows\SysWOW64\msxml6.dll
21:11:35.0940 2580 C:\Windows\SysWOW64\msxml6.dll - ok
21:11:35.0940 2580 [ 1E4BDDBD5A63059A97063339B4F8986F ] C:\Windows\System32\actxprxy.dll
21:11:35.0940 2580 C:\Windows\System32\actxprxy.dll - ok
21:11:35.0940 2580 [ BF591B5C2CC38314518467E883AE37C5 ] C:\Windows\SysWOW64\credssp.dll
21:11:35.0940 2580 C:\Windows\SysWOW64\credssp.dll - ok
21:11:35.0940 2580 [ 1FCD619D8542A248D4E1FF72FFB0E56B ] C:\Windows\System32\tcpipcfg.dll
21:11:35.0940 2580 C:\Windows\System32\tcpipcfg.dll - ok
21:11:35.0940 2580 [ 169F916EFEAA44487E65305B7D2D754B ] C:\Windows\SysWOW64\runonce.exe
21:11:35.0940 2580 C:\Windows\SysWOW64\runonce.exe - ok
21:11:35.0940 2580 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] C:\Windows\System32\drivers\WUDFRd.sys
21:11:35.0940 2580 C:\Windows\System32\drivers\WUDFRd.sys - ok
21:11:35.0940 2580 [ C2A9093E56551AACD417926F14F848E8 ] C:\Windows\SysWOW64\msxml6r.dll
21:11:35.0940 2580 C:\Windows\SysWOW64\msxml6r.dll - ok
21:11:35.0956 2580 [ 6AB6D4DF10EC784CF4A66CBFAF417A11 ] C:\Windows\System32\runonce.exe
21:11:35.0956 2580 C:\Windows\System32\runonce.exe - ok
21:11:35.0956 2580 [ AC0C9CEA1218DAB1994AF8B28E680BD9 ] C:\Windows\System32\wlaninst.dll
21:11:35.0956 2580 C:\Windows\System32\wlaninst.dll - ok
21:11:35.0956 2580 [ 95D498927F74ACA3593D653D42099915 ] C:\Windows\System32\WUDFHost.exe
21:11:35.0956 2580 C:\Windows\System32\WUDFHost.exe - ok
21:11:35.0956 2580 [ 9E6AF823733C70E207D9FB6731A63B3D ] C:\Windows\SysWOW64\wlaninst.dll
21:11:35.0956 2580 C:\Windows\SysWOW64\wlaninst.dll - ok
21:11:35.0956 2580 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
21:11:35.0956 2580 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
21:11:35.0956 2580 [ 29CA5974FAB0E8AE4AA7814FE05CF832 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
21:11:35.0956 2580 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
21:11:35.0972 2580 [ 330A6E9A4A6FA657EBB094FCD82EFA9D ] C:\Windows\SysWOW64\en-US\WinSATAPI.dll.mui
21:11:35.0972 2580 C:\Windows\SysWOW64\en-US\WinSATAPI.dll.mui - ok
21:11:35.0972 2580 [ EE24C42561D40F7AD7C2A7A460287090 ] C:\Windows\System32\wbem\cimwin32.dll
21:11:35.0972 2580 C:\Windows\System32\wbem\cimwin32.dll - ok
21:11:35.0972 2580 [ 518A0FD2A0E7BE84589659A948B1FBD6 ] C:\Windows\System32\WUDFx.dll
21:11:35.0972 2580 C:\Windows\System32\WUDFx.dll - ok
21:11:35.0972 2580 [ 173ACF6C35627AF10D8A449AB8D61C0E ] C:\Windows\SysWOW64\framedynos.dll
21:11:35.0972 2580 C:\Windows\SysWOW64\framedynos.dll - ok
21:11:35.0972 2580 [ 21012407E8C74AA72BBB485B0FC197FE ] C:\Windows\SysWOW64\taskschd.dll
21:11:35.0972 2580 C:\Windows\SysWOW64\taskschd.dll - ok
21:11:35.0972 2580 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
21:11:35.0972 2580 C:\Windows\SysWOW64\winbrand.dll - ok
21:11:35.0972 2580 [ 5A406C9C8E0880D3EABADC5DFD1ACDAE ] C:\Windows\System32\wwaninst.dll
21:11:35.0972 2580 C:\Windows\System32\wwaninst.dll - ok
21:11:35.0987 2580 [ 0C2AE180D8C35F723BA13A16AA9AC453 ] C:\Windows\SysWOW64\xmllite.dll
21:11:35.0987 2580 C:\Windows\SysWOW64\xmllite.dll - ok
21:11:35.0987 2580 [ E6E271C5BCEADA7DE47B83B08B765A17 ] C:\Windows\Branding\Basebrd\basebrd.dll
21:11:35.0987 2580 C:\Windows\Branding\Basebrd\basebrd.dll - ok
21:11:35.0987 2580 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
21:11:35.0987 2580 C:\Program Files\Windows Defender\MpClient.dll - ok
21:11:35.0987 2580 [ A53F077BCA87A68D5FD280AD93121BA6 ] C:\Windows\SysWOW64\tzres.dll
21:11:35.0987 2580 C:\Windows\SysWOW64\tzres.dll - ok
21:11:35.0987 2580 [ 1F778C34C751E1B585E4FC66659BA904 ] C:\Windows\SysWOW64\cryptnet.dll
21:11:35.0987 2580 C:\Windows\SysWOW64\cryptnet.dll - ok
21:11:35.0987 2580 [ 91D6F0AB79AA36FFB932157865206F35 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
21:11:35.0987 2580 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
21:11:36.0003 2580 [ AFF03EAADAB9BE41A98B76332B980283 ] C:\Windows\SysWOW64\wmi.dll
21:11:36.0003 2580 C:\Windows\SysWOW64\wmi.dll - ok
21:11:36.0003 2580 [ C5C867CD7EFAC60D5021223E374DEEC5 ] C:\Windows\SysWOW64\dimsjob.dll
21:11:36.0003 2580 C:\Windows\SysWOW64\dimsjob.dll - ok
21:11:36.0003 2580 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
21:11:36.0003 2580 C:\Windows\System32\dimsjob.dll - ok
21:11:36.0003 2580 [ E6EE5019E84F23C9FFFF7B6E2A5158D0 ] C:\Windows\SysWOW64\WMVCORE.DLL
21:11:36.0003 2580 C:\Windows\SysWOW64\WMVCORE.DLL - ok
21:11:36.0003 2580 [ D8ECA7A87AAA3AE308B5277411666622 ] C:\Windows\SysWOW64\logoncli.dll
21:11:36.0003 2580 C:\Windows\SysWOW64\logoncli.dll - ok
21:11:36.0003 2580 [ 9141FE8D904CE682A3BDCFAE96BB04EF ] C:\Windows\SysWOW64\ntshrui.dll
21:11:36.0003 2580 C:\Windows\SysWOW64\ntshrui.dll - ok
21:11:36.0003 2580 [ A81AF063D965A321D577AE3C24ADA449 ] C:\Windows\SysWOW64\browcli.dll
21:11:36.0003 2580 C:\Windows\SysWOW64\browcli.dll - ok
21:11:36.0018 2580 [ ADD9D33D685DFADDFAD5AFB42CF31A70 ] C:\Windows\SysWOW64\cscapi.dll
21:11:36.0018 2580 C:\Windows\SysWOW64\cscapi.dll - ok
21:11:36.0018 2580 [ 7F87FEBFBCEE844A080A76C83A1B013F ] C:\Windows\SysWOW64\schedcli.dll
21:11:36.0018 2580 C:\Windows\SysWOW64\schedcli.dll - ok
21:11:36.0018 2580 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
21:11:36.0018 2580 C:\Windows\SysWOW64\slc.dll - ok
21:11:36.0018 2580 [ 14486EB6AF542F2BD3239F7FC3E713F7 ] C:\Windows\SysWOW64\pautoenr.dll
21:11:36.0018 2580 C:\Windows\SysWOW64\pautoenr.dll - ok
21:11:36.0018 2580 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
21:11:36.0018 2580 C:\Windows\System32\pnrpsvc.dll - ok
21:11:36.0018 2580 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
21:11:36.0018 2580 C:\Windows\System32\pautoenr.dll - ok
21:11:36.0018 2580 [ 0174C3636D001197F10A52DB8BBF960D ] C:\Windows\SysWOW64\certcli.dll
21:11:36.0018 2580 C:\Windows\SysWOW64\certcli.dll - ok
21:11:36.0034 2580 [ 71402C7923F6B7F8ACB48E50F35463E7 ] C:\Windows\SysWOW64\SearchIndexer.exe
21:11:36.0034 2580 C:\Windows\SysWOW64\SearchIndexer.exe - ok
21:11:36.0034 2580 [ 5702F1ADE092E922D9E9093DEE34E997 ] C:\Windows\SysWOW64\azroles.dll
21:11:36.0034 2580 C:\Windows\SysWOW64\azroles.dll - ok
21:11:36.0034 2580 [ 8CD2A697B18069A62A035E756E51E934 ] C:\Windows\System32\SearchIndexer.exe
21:11:36.0034 2580 C:\Windows\System32\SearchIndexer.exe - ok
21:11:36.0034 2580 [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\SysWOW64\FXSRESM.dll
21:11:36.0034 2580 C:\Windows\SysWOW64\FXSRESM.dll - ok
21:11:36.0034 2580 [ 8AE6DD9A6D246004DA047F704F0CC487 ] C:\Windows\SysWOW64\cmd.exe
21:11:36.0034 2580 C:\Windows\SysWOW64\cmd.exe - ok
21:11:36.0034 2580 [ F0CE586AEAF318BDDD443651A2E672E7 ] C:\Windows\SysWOW64\osk.exe
21:11:36.0034 2580 C:\Windows\SysWOW64\osk.exe - ok
21:11:36.0034 2580 [ 7271B48B193C9624416BD5006CD8B92F ] C:\Windows\SysWOW64\tquery.dll
21:11:36.0034 2580 C:\Windows\SysWOW64\tquery.dll - ok
21:11:36.0050 2580 [ 499147F015E87AC2C2EBAA368F6BFE96 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
21:11:36.0050 2580 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
21:11:36.0050 2580 [ F8F532C7509C3238C9827BAE861A48D7 ] C:\Windows\System32\tquery.dll
21:11:36.0050 2580 C:\Windows\System32\tquery.dll - ok
21:11:36.0050 2580 [ 76C48F0CD8A526858AB9A4886586942A ] C:\Windows\SysWOW64\schannel.dll
21:11:36.0050 2580 C:\Windows\SysWOW64\schannel.dll - ok
21:11:36.0050 2580 [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\SysWOW64\dssenh.dll
21:11:36.0050 2580 C:\Windows\SysWOW64\dssenh.dll - ok
21:11:36.0050 2580 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
21:11:36.0050 2580 C:\Windows\System32\dssenh.dll - ok
21:11:36.0050 2580 [ AAA6D0DF7356BBA706BD67385A103AAB ] C:\Windows\System32\certcli.dll
21:11:36.0050 2580 C:\Windows\System32\certcli.dll - ok
21:11:36.0065 2580 [ 9D37CF187096B79ACD1C343F7C382352 ] C:\Windows\SysWOW64\CertEnroll.dll
21:11:36.0065 2580 C:\Windows\SysWOW64\CertEnroll.dll - ok
21:11:36.0065 2580 [ E296AF841E6A8DBE59E41BDD2E4331EB ] C:\Windows\SysWOW64\en-US\FXSRESM.dll.mui
21:11:36.0065 2580 C:\Windows\SysWOW64\en-US\FXSRESM.dll.mui - ok
21:11:36.0065 2580 [ BA2CF067FDB95903964A2349DCFEB251 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelPerformanceCounters.dll
21:11:36.0065 2580 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelPerformanceCounters.dll - ok
21:11:36.0065 2580 [ F60B556C2E1892C57939C0897949EF7D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelPerformanceCounters.dll.mui
21:11:36.0065 2580 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelPerformanceCounters.dll.mui - ok
21:11:36.0065 2580 [ D76ADFFFC61C29AC83C1CEC84CFD3C55 ] C:\Windows\SysWOW64\en-US\umpo.dll.mui
21:11:36.0065 2580 C:\Windows\SysWOW64\en-US\umpo.dll.mui - ok
21:11:36.0065 2580 [ 8E33E2B24306C5249154322BC99493F5 ] C:\Windows\SysWOW64\httpapi.dll
21:11:36.0065 2580 C:\Windows\SysWOW64\httpapi.dll - ok
21:11:36.0081 2580 [ 7430934549463F8F5C92E9A2A04E2A7C ] C:\Windows\SysWOW64\msswch.dll
21:11:36.0081 2580 C:\Windows\SysWOW64\msswch.dll - ok
21:11:36.0081 2580 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
21:11:36.0081 2580 C:\Windows\SysWOW64\duser.dll - ok
21:11:36.0081 2580 [ 9967BCE6CF289223ADC2FBF311C6A78F ] C:\Windows\SysWOW64\wmp.dll
21:11:36.0081 2580 C:\Windows\SysWOW64\wmp.dll - ok
21:11:36.0081 2580 [ 9AA6F803C9BD4A0EC2B0BF1EB458C821 ] C:\Windows\System32\WMVCORE.DLL
21:11:36.0081 2580 C:\Windows\System32\WMVCORE.DLL - ok
21:11:36.0081 2580 [ CD98542C4648C49B0FF21269E2DA8A62 ] C:\Windows\SysWOW64\en-US\osk.exe.mui
21:11:36.0081 2580 C:\Windows\SysWOW64\en-US\osk.exe.mui - ok
21:11:36.0081 2580 [ 90FB1802D488FFA9029854A77D4F3F27 ] C:\Windows\SysWOW64\oleaccrc.dll
21:11:36.0081 2580 C:\Windows\SysWOW64\oleaccrc.dll - ok
21:11:36.0081 2580 [ E07B77C3BDC82A024E294FB67ABFEDA0 ] C:\Windows\SysWOW64\shdocvw.dll
21:11:36.0081 2580 C:\Windows\SysWOW64\shdocvw.dll - ok
21:11:36.0096 2580 [ EAA75D9000B71F10EEC04D2AE6C60E81 ] C:\Windows\SysWOW64\netlogon.dll
21:11:36.0096 2580 C:\Windows\SysWOW64\netlogon.dll - ok
21:11:36.0096 2580 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
21:11:36.0096 2580 C:\Windows\SysWOW64\dui70.dll - ok
21:11:36.0096 2580 [ AF7B90272B5A4E4B3D347B39702435CC ] C:\Windows\SysWOW64\mssrch.dll
21:11:36.0096 2580 C:\Windows\SysWOW64\mssrch.dll - ok
21:11:36.0096 2580 [ 522BD073F617060AFCB9CC5707778DB1 ] C:\Windows\System32\CertEnroll.dll
21:11:36.0096 2580 C:\Windows\System32\CertEnroll.dll - ok
21:11:36.0096 2580 [ BA4A19DE93FBDFE6DB5F0EBC99732A06 ] C:\Windows\System32\mssrch.dll
21:11:36.0096 2580 C:\Windows\System32\mssrch.dll - ok
21:11:36.0096 2580 [ B9F1F6D606A9835028B3FCA1130AC9D5 ] C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
21:11:36.0096 2580 C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll - ok
21:11:36.0096 2580 [ D69A9ABBB0D795F21995C2F48C1EB560 ] C:\Windows\SysWOW64\reg.exe
21:11:36.0096 2580 C:\Windows\SysWOW64\reg.exe - ok
21:11:36.0112 2580 [ EE29FCC244C8033E2F748D863DCBF378 ] C:\Windows\SysWOW64\drt.dll
21:11:36.0112 2580 C:\Windows\SysWOW64\drt.dll - ok
21:11:36.0112 2580 [ CAD515DBD07D082BB317D9928CE8962C ] C:\Windows\System32\drivers\ndis.sys
21:11:36.0112 2580 C:\Windows\System32\drivers\ndis.sys - ok
21:11:36.0112 2580 [ 72854A70D02507F21DBA4FE079618A0D ] C:\Windows\SysWOW64\en-US\cmd.exe.mui
21:11:36.0112 2580 C:\Windows\SysWOW64\en-US\cmd.exe.mui - ok
21:11:36.0112 2580 [ D720800C2AA3C6889B538011ED6C6B1B ] C:\Windows\SysWOW64\esent.dll
21:11:36.0112 2580 C:\Windows\SysWOW64\esent.dll - ok
21:11:36.0112 2580 [ 0DF34F7EF3BD18DC00C3E03E6E1CA315 ] C:\Windows\SysWOW64\WsmRes.dll
21:11:36.0112 2580 C:\Windows\SysWOW64\WsmRes.dll - ok
21:11:36.0112 2580 [ AFAFD74780A0BB4EBE76CDE10C9CCE43 ] C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
21:11:36.0112 2580 C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll - ok
21:11:36.0128 2580 [ 1BE03AC720F4D302EA01D40F588162F6 ] C:\Windows\System32\tbssvc.dll
21:11:36.0128 2580 C:\Windows\System32\tbssvc.dll - ok
21:11:36.0128 2580 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
21:11:36.0128 2580 C:\Windows\System32\aelupsvc.dll - ok
21:11:36.0128 2580 [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\SysWOW64\msidle.dll
21:11:36.0128 2580 C:\Windows\SysWOW64\msidle.dll - ok
21:11:36.0128 2580 [ 8F1BAE0A35F3ED80C0859BF05E4EF6ED ] C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll
21:11:36.0128 2580 C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll - ok
21:11:36.0128 2580 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
21:11:36.0128 2580 C:\Windows\System32\msidle.dll - ok
21:11:36.0128 2580 [ 4F2595A7F283A8DCC86007FB24B77AB9 ] C:\Windows\SysWOW64\KBDUS.DLL
21:11:36.0128 2580 C:\Windows\SysWOW64\KBDUS.DLL - ok
21:11:36.0128 2580 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\SysWOW64\mssprxy.dll
21:11:36.0128 2580 C:\Windows\SysWOW64\mssprxy.dll - ok
21:11:36.0143 2580 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
21:11:36.0143 2580 C:\Windows\System32\mssprxy.dll - ok
21:11:36.0143 2580 [ C79F5A24C0B125F56268AA6E2A3AE81B ] C:\Windows\System32\msswch.dll
21:11:36.0143 2580 C:\Windows\System32\msswch.dll - ok
21:11:36.0143 2580 [ AF28348ED585539C4A33A4341FF23696 ] C:\Windows\System32\oleacc.dll
21:11:36.0143 2580 C:\Windows\System32\oleacc.dll - ok
21:11:36.0143 2580 [ B63E24E9271E99FD4540E3CA22A937DA ] C:\Windows\SysWOW64\en-US\tquery.dll.mui
21:11:36.0143 2580 C:\Windows\SysWOW64\en-US\tquery.dll.mui - ok
21:11:36.0143 2580 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
21:11:36.0143 2580 C:\Windows\System32\en-US\tquery.dll.mui - ok
21:11:36.0143 2580 [ 5D89D063A4CB036C258685C8E057E768 ] C:\Windows\System32\framedynos.dll
21:11:36.0143 2580 C:\Windows\System32\framedynos.dll - ok
21:11:36.0159 2580 [ 14C6A59904D397C6D85DADA9ACBB6FAB ] C:\Windows\System32\browcli.dll
21:11:36.0159 2580 C:\Windows\System32\browcli.dll - ok
21:11:36.0159 2580 [ 76DC9F4FE66BC3867615F142766B4C50 ] C:\Windows\System32\wmi.dll
21:11:36.0159 2580 C:\Windows\System32\wmi.dll - ok
21:11:36.0159 2580 [ 28142AAF1565736CE0E5D7EFCE3CC0F8 ] C:\Windows\System32\schedcli.dll
21:11:36.0159 2580 C:\Windows\System32\schedcli.dll - ok
21:11:36.0159 2580 [ FD049C25A168D3DE310D9207B7B6367B ] C:\Windows\SysWOW64\UIAutomationCore.dll
21:11:36.0159 2580 C:\Windows\SysWOW64\UIAutomationCore.dll - ok
21:11:36.0159 2580 [ 019BDD35DE269CB98B22DE8923C2AA3B ] C:\Windows\System32\UIAutomationCore.dll
21:11:36.0159 2580 C:\Windows\System32\UIAutomationCore.dll - ok
21:11:36.0159 2580 [ 6FA41E0C86EF049A12C05CA4BBA8F9AF ] C:\Windows\SysWOW64\perfos.dll
21:11:36.0159 2580 C:\Windows\SysWOW64\perfos.dll - ok
21:11:36.0159 2580 [ E601860AA04CE2198DBC6AC2AF80AFF7 ] C:\Windows\System32\perfos.dll
21:11:36.0159 2580 C:\Windows\System32\perfos.dll - ok
21:11:36.0174 2580 [ 691C8DFB208227F0CBB5C0897C742ACE ] C:\Windows\SysWOW64\WindowsCodecs.dll
21:11:36.0174 2580 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
21:11:36.0174 2580 [ E36431CA70B26EE1D3CFEA8C8F7CE307 ] C:\Windows\System32\srwmi.dll
21:11:36.0174 2580 C:\Windows\System32\srwmi.dll - ok
21:11:36.0174 2580 [ D71267C3EE4DCA543D3913FF211DF586 ] C:\Windows\SysWOW64\srclient.dll
21:11:36.0174 2580 C:\Windows\SysWOW64\srclient.dll - ok
21:11:36.0174 2580 [ FC6C5D860CDB82411DA626821201BDF0 ] C:\Windows\System32\srclient.dll
21:11:36.0174 2580 C:\Windows\System32\srclient.dll - ok
21:11:36.0174 2580 [ ADC312A0C102713D41BC2924848577DE ] C:\Windows\SysWOW64\spp.dll
21:11:36.0174 2580 C:\Windows\SysWOW64\spp.dll - ok
21:11:36.0174 2580 [ 57193858CCEA03BD038FCFE7E396AEC4 ] C:\Windows\System32\spp.dll
21:11:36.0174 2580 C:\Windows\System32\spp.dll - ok
21:11:36.0174 2580 [ EFBC1DD333C99CA52A1371C74D4BA7A7 ] C:\Windows\SysWOW64\vssapi.dll
21:11:36.0174 2580 C:\Windows\SysWOW64\vssapi.dll - ok
21:11:36.0190 2580 [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\SysWOW64\vsstrace.dll
21:11:36.0190 2580 C:\Windows\SysWOW64\vsstrace.dll - ok
21:11:36.0190 2580 [ DD4400813589985677A363F8A589CD02 ] C:\Windows\SysWOW64\wuapi.dll
21:11:36.0190 2580 C:\Windows\SysWOW64\wuapi.dll - ok
21:11:36.0190 2580 [ 9ED9F21D73F9D71E30EAB71835E656EB ] C:\Users\Trudy\AppData\Local\Temp\37C3D519-81CF-4E8B-8319-ABEB81D9C3A4.exe
21:11:36.0190 2580 C:\Users\Trudy\AppData\Local\Temp\37C3D519-81CF-4E8B-8319-ABEB81D9C3A4.exe - ok
21:11:36.0190 2580 [ 2EA045FDD715FB03F65F6915B7FE8916 ] C:\Windows\SysWOW64\wups.dll
21:11:36.0190 2580 C:\Windows\SysWOW64\wups.dll - ok
21:11:36.0190 2580 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
21:11:36.0190 2580 C:\Windows\System32\wuaueng.dll - ok
21:11:36.0190 2580 [ A7DD56261518373F70F23079EB3CD0A2 ] C:\Windows\SysWOW64\WMASF.DLL
21:11:36.0190 2580 C:\Windows\SysWOW64\WMASF.DLL - ok
21:11:36.0206 2580 [ 387A8A473ECC5BA02CF453277C1F3274 ] C:\Windows\SysWOW64\mspatcha.dll
21:11:36.0206 2580 C:\Windows\SysWOW64\mspatcha.dll - ok
21:11:36.0206 2580 [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll
21:11:36.0206 2580 C:\Windows\System32\mspatcha.dll - ok
21:11:36.0206 2580 [ AACC48FE239F0DF126DA2F28930A5B83 ] C:\Windows\System32\WMASF.DLL
21:11:36.0206 2580 C:\Windows\System32\WMASF.DLL - ok
21:11:36.0206 2580 [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
21:11:36.0206 2580 C:\Windows\System32\wups.dll - ok
21:11:36.0206 2580 [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll
21:11:36.0206 2580 C:\Windows\System32\wups2.dll - ok
21:11:36.0206 2580 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\SysWOW64\samlib.dll
21:11:36.0206 2580 C:\Windows\SysWOW64\samlib.dll - ok
21:11:36.0206 2580 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
21:11:36.0206 2580 C:\Windows\SysWOW64\EhStorShell.dll - ok
21:11:36.0221 2580 [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\SysWOW64\security.dll
21:11:36.0221 2580 C:\Windows\SysWOW64\security.dll - ok
21:11:36.0221 2580 [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll
21:11:36.0221 2580 C:\Windows\System32\security.dll - ok
21:11:36.0221 2580 [ 5EA9A0950F322BFA382AF277801C0307 ] C:\Windows\System32\wbem\wmipcima.dll
21:11:36.0221 2580 C:\Windows\System32\wbem\wmipcima.dll - ok
21:11:36.0221 2580 [ 7BD82EC8C664C636DCAFC7F0EE11CE3B ] C:\Windows\SysWOW64\oleacchooks.dll
21:11:36.0221 2580 C:\Windows\SysWOW64\oleacchooks.dll - ok
21:11:36.0221 2580 [ C4897015260CB38A10D4A0258BD4B7F4 ] C:\Windows\System32\oleacchooks.dll
21:11:36.0221 2580 C:\Windows\System32\oleacchooks.dll - ok
21:11:36.0221 2580 [ 835BFF67EBD89BCE0B13460B2A56C53E ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
21:11:36.0221 2580 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
21:11:36.0237 2580 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\SysWOW64\es.dll
21:11:36.0237 2580 C:\Windows\SysWOW64\es.dll - ok
21:11:36.0237 2580 [ 81490FDAE27F0082E5CC2DC78DCA96FA ] C:\Windows\SysWOW64\PortableDeviceClassExtension.dll
21:11:36.0237 2580 C:\Windows\SysWOW64\PortableDeviceClassExtension.dll - ok
21:11:36.0237 2580 [ 5D66CBCDA60ECCE893B8E69BD5F23F92 ] C:\Windows\SysWOW64\SearchProtocolHost.exe
21:11:36.0237 2580 C:\Windows\SysWOW64\SearchProtocolHost.exe - ok
21:11:36.0237 2580 [ 389CA818132C1D7DCF0C791E8D9035DE ] C:\Windows\System32\PortableDeviceClassExtension.dll
21:11:36.0237 2580 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
21:11:36.0237 2580 [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\SysWOW64\PortableDeviceTypes.dll
21:11:36.0237 2580 C:\Windows\SysWOW64\PortableDeviceTypes.dll - ok
21:11:36.0237 2580 [ BDDCD13F341CBA21775FF66A5C27F59E ] C:\Windows\System32\SearchProtocolHost.exe
21:11:36.0237 2580 C:\Windows\System32\SearchProtocolHost.exe - ok
21:11:36.0237 2580 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
21:11:36.0237 2580 C:\Windows\System32\PortableDeviceTypes.dll - ok
21:11:36.0252 2580 [ ACCBA604D34842844133A731F8045B32 ] C:\Windows\SysWOW64\sxs.dll
21:11:36.0252 2580 C:\Windows\SysWOW64\sxs.dll - ok
21:11:36.0252 2580 [ A5D237B8673025B052C0E6FDB6A883E8 ] C:\Windows\SysWOW64\msshooks.dll
21:11:36.0252 2580 C:\Windows\SysWOW64\msshooks.dll - ok
21:11:36.0252 2580 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
21:11:36.0252 2580 C:\Windows\System32\msshooks.dll - ok
21:11:36.0252 2580 [ 86BE3CBF1AAD18F426380C9417FB3E8B ] C:\Windows\SysWOW64\en-US\tzres.dll.mui
21:11:36.0252 2580 C:\Windows\SysWOW64\en-US\tzres.dll.mui - ok
21:11:36.0252 2580 [ 7FFE38A9BCE22AED21A0CEA1E6EAD1B5 ] C:\Windows\SysWOW64\SearchFilterHost.exe
21:11:36.0252 2580 C:\Windows\SysWOW64\SearchFilterHost.exe - ok
21:11:36.0252 2580 [ 89F4D0DD6606A2FE15931E6888DBBC8D ] C:\Windows\SysWOW64\stdole2.tlb
21:11:36.0252 2580 C:\Windows\SysWOW64\stdole2.tlb - ok
21:11:36.0268 2580 [ F024058C391B99397EC3CCF6F77B7189 ] C:\Windows\System32\SearchFilterHost.exe
21:11:36.0268 2580 C:\Windows\System32\SearchFilterHost.exe - ok
21:11:36.0268 2580 [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\SysWOW64\mscoree.dll
21:11:36.0268 2580 C:\Windows\SysWOW64\mscoree.dll - ok
21:11:36.0268 2580 [ B657FD73A04B8D7BA8E0B4A6CDDF18D2 ] C:\Windows\SysWOW64\Query.dll
21:11:36.0268 2580 C:\Windows\SysWOW64\Query.dll - ok
21:11:36.0268 2580 [ 0F0EE7DE3436E6F8F0E19DACAC7B5730 ] C:\Windows\SysWOW64\mf.dll
21:11:36.0268 2580 C:\Windows\SysWOW64\mf.dll - ok
21:11:36.0268 2580 [ 347AAE83C7C7B787CED89544532AA47D ] C:\Windows\SysWOW64\PhotoMetadataHandler.dll
21:11:36.0268 2580 C:\Windows\SysWOW64\PhotoMetadataHandler.dll - ok
21:11:36.0268 2580 [ 39E9AACC4C5FB3C3C0B12DE6D491553D ] C:\Windows\SysWOW64\WindowsCodecsExt.dll
21:11:36.0268 2580 C:\Windows\SysWOW64\WindowsCodecsExt.dll - ok
21:11:36.0268 2580 [ 3DD5EB724DF7287B5DEEEC33B13A23BF ] C:\Windows\SysWOW64\mssph.dll
21:11:36.0268 2580 C:\Windows\SysWOW64\mssph.dll - ok
21:11:36.0284 2580 [ 58FAE29A82984E817BBA70D0144E52ED ] C:\Windows\System32\mssph.dll
21:11:36.0284 2580 C:\Windows\System32\mssph.dll - ok
21:11:36.0284 2580 [ 000B3A704234C202D4D788A171B02243 ] C:\Windows\SysWOW64\mapi32.dll
21:11:36.0284 2580 C:\Windows\SysWOW64\mapi32.dll - ok
21:11:36.0284 2580 [ 2A556E2D703DED03186C596B90AC6869 ] C:\Windows\System32\mapi32.dll
21:11:36.0284 2580 C:\Windows\System32\mapi32.dll - ok
21:11:36.0284 2580 [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\SysWOW64\authz.dll
21:11:36.0284 2580 C:\Windows\SysWOW64\authz.dll - ok
21:11:36.0284 2580 [ 4B9E4CE667DF26ADA061AA81E9AA841D ] C:\Windows\SysWOW64\spfileq.dll
21:11:36.0284 2580 C:\Windows\SysWOW64\spfileq.dll - ok
21:11:36.0284 2580 [ 198803E5E93E29967DFB0BCFD0186151 ] C:\Windows\System32\spfileq.dll
21:11:36.0284 2580 C:\Windows\System32\spfileq.dll - ok
21:11:36.0284 2580 [ 5E1F3187E0E21163C48EE173746DAF9E ] C:\Program Files (x86)\Mozilla Firefox\firefox.exe
21:11:36.0284 2580 C:\Program Files (x86)\Mozilla Firefox\firefox.exe - ok
21:11:36.0299 2580 [ 2008845B41D561FB77B77BBE0045099E ] C:\Windows\SysWOW64\slwga.dll
21:11:36.0299 2580 C:\Windows\SysWOW64\slwga.dll - ok
21:11:36.0299 2580 [ 72BEB251B4655C640B2A3674027E5A74 ] C:\Windows\SysWOW64\sppc.dll
21:11:36.0299 2580 C:\Windows\SysWOW64\sppc.dll - ok
21:11:36.0299 2580 [ C1C03EA437EDDA8A7D4D8786E5AE6751 ] C:\Windows\System32\wuauclt.exe
21:11:36.0299 2580 C:\Windows\System32\wuauclt.exe - ok
21:11:36.0299 2580 [ 50EBD31C3527366FAFA468BD609F7352 ] C:\Windows\System32\wucltux.dll
21:11:36.0299 2580 C:\Windows\System32\wucltux.dll - ok
21:11:36.0299 2580 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
21:11:36.0299 2580 C:\Windows\System32\ie4uinit.exe - ok
21:11:36.0299 2580 [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
21:11:36.0299 2580 C:\Windows\System32\iedkcs32.dll - ok
21:11:36.0315 2580 [ 6B18F23108E6FA70B9F62B4D89668ED8 ] C:\Windows\SysWOW64\SndVolSSO.dll
21:11:36.0315 2580 C:\Windows\SysWOW64\SndVolSSO.dll - ok
21:11:36.0315 2580 [ 8C680C0E6B3D6711B2B88AC82FE1804E ] C:\Windows\SysWOW64\MMDevAPI.dll
21:11:36.0315 2580 C:\Windows\SysWOW64\MMDevAPI.dll - ok
21:11:36.0315 2580 [ C338915320CBEBFDB6DA3F0E6B069754 ] C:\Windows\SysWOW64\timedate.cpl
21:11:36.0315 2580 C:\Windows\SysWOW64\timedate.cpl - ok
21:11:36.0315 2580 [ 18245DC72B65D488A8B2D75A8FE088EA ] C:\Windows\System32\timedate.cpl
21:11:36.0315 2580 C:\Windows\System32\timedate.cpl - ok
21:11:36.0315 2580 [ 7B9602D3475967F149C1A2C3E2B75A79 ] C:\Windows\SysWOW64\Utilman.exe
21:11:36.0315 2580 C:\Windows\SysWOW64\Utilman.exe - ok
21:11:36.0315 2580 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\12315518.sys
21:11:36.0315 2580 C:\Windows\System32\drivers\12315518.sys - ok
21:11:36.0315 2580 [ 32C5EE55EADFC071E57851E26AC98477 ] C:\Windows\System32\Utilman.exe
21:11:36.0315 2580 C:\Windows\System32\Utilman.exe - ok
21:11:36.0330 2580 [ FBE8EBF528DC49B3DEB186CA9545D97E ] C:\Windows\System32\shdocvw.dll
21:11:36.0330 2580 C:\Windows\System32\shdocvw.dll - ok
21:11:36.0330 2580 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\SysWOW64\linkinfo.dll
21:11:36.0330 2580 C:\Windows\SysWOW64\linkinfo.dll - ok
21:11:36.0330 2580 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
21:11:36.0330 2580 C:\Windows\System32\linkinfo.dll - ok
21:11:36.0330 2580 [ 6EC594AB7EFA45EACDE65FD4040F53D9 ] C:\Windows\SysWOW64\riched20.dll
21:11:36.0330 2580 C:\Windows\SysWOW64\riched20.dll - ok
21:11:36.0330 2580 [ 8898C95862D03D16B2A06DB4DB6BB6B2 ] C:\Windows\SysWOW64\ExplorerFrame.dll
21:11:36.0330 2580 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
21:11:36.0330 2580 [ FBE9BC55CF7ED9CC1452F7AF02C31864 ] C:\Windows\SysWOW64\msftedit.dll
21:11:36.0330 2580 C:\Windows\SysWOW64\msftedit.dll - ok
21:11:36.0346 2580 [ 46EDD0A6B42BA5D2044FA0909BE4BE95 ] C:\Windows\System32\msftedit.dll
21:11:36.0346 2580 C:\Windows\System32\msftedit.dll - ok
21:11:36.0346 2580 [ 98C25F59EA677D140A579881C9344543 ] C:\Windows\SysWOW64\en-US\Utilman.exe.mui
21:11:36.0346 2580 C:\Windows\SysWOW64\en-US\Utilman.exe.mui - ok
21:11:36.0346 2580 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\SysWOW64\msls31.dll
21:11:36.0346 2580 C:\Windows\SysWOW64\msls31.dll - ok
21:11:36.0346 2580 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
21:11:36.0346 2580 C:\Windows\System32\msls31.dll - ok
21:11:36.0346 2580 [ 17A7998CB5DA92020A291B85FF7B3681 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
21:11:36.0346 2580 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
21:11:36.0346 2580 [ C01A5E602E827FD00240370C1B617608 ] C:\Windows\SysWOW64\gameux.dll
21:11:36.0346 2580 C:\Windows\SysWOW64\gameux.dll - ok
21:11:36.0346 2580 [ 14F5C0DB4B2C47874D6C937A5A1B367C ] C:\Windows\System32\gameux.dll
21:11:36.0346 2580 C:\Windows\System32\gameux.dll - ok
21:11:36.0362 2580 [ FABFC817547EABB19B74849CEF410622 ] C:\Windows\SysWOW64\authui.dll
21:11:36.0362 2580 C:\Windows\SysWOW64\authui.dll - ok
21:11:36.0362 2580 [ E8132FB3BAC7C0CDBD581485B8BA947F ] C:\Windows\SysWOW64\cryptui.dll
21:11:36.0362 2580 C:\Windows\SysWOW64\cryptui.dll - ok
21:11:36.0362 2580 [ 88CA0FFA894AF4B0D90B93FAA2A0A0D9 ] C:\Program Files\Microsoft IntelliType Pro\itype.exe
21:11:36.0362 2580 C:\Program Files\Microsoft IntelliType Pro\itype.exe - ok
21:11:36.0362 2580 [ DD76912E8D165C68659D9875256710A3 ] C:\Windows\System32\DeviceCenter.dll
21:11:36.0362 2580 C:\Windows\System32\DeviceCenter.dll - ok
21:11:36.0362 2580 ============================================================
21:11:36.0362 2580 Scan finished
21:11:36.0362 2580 ============================================================
21:11:36.0362 1008 Detected object count: 0
21:11:36.0362 1008 Actual detected object count: 0
  • 0

#7
yumito

yumito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 12-10-11.03 - Trudy 10/11/2012 20:36:44.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.12279.9536 [GMT -4:00]
Running from: c:\users\Trudy\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Trudy\AppData\Roaming\Love
c:\users\Trudy\AppData\Roaming\Love\mari0\options.txt
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 )))))))))))))))))))))))))))))))
.
.
2012-10-12 00:43 . 2012-10-12 00:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-11 08:59 . 2012-10-11 08:59 -------- d-----w- c:\windows\Sun
2012-10-10 23:50 . 2012-10-10 23:50 5632 ----a-w- c:\programdata\Microsoft\Windows\DRM\6F2D.tmp
2012-10-10 23:50 . 2012-10-10 23:50 5632 ----a-w- c:\programdata\Microsoft\Windows\DRM\6F2C.tmp
2012-10-10 20:39 . 2012-08-30 04:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05677C46-2619-4846-805B-35BE6E5170D5}\mpengine.dll
2012-10-10 11:10 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 11:10 . 2012-09-14 19:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 11:10 . 2012-09-14 18:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 11:10 . 2012-08-11 00:53 714752 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 11:10 . 2012-08-10 23:54 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 11:10 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 11:10 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 11:10 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 11:10 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 11:10 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 11:10 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-10 02:00 . 2012-10-10 02:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-09 20:39 . 2012-08-30 04:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-08 10:42 . 2012-10-08 10:42 -------- d-----w- c:\users\Trudy\AppData\Roaming\six-zsync
2012-10-08 10:42 . 2012-10-08 10:43 -------- d-----w- c:\users\Trudy\AppData\Roaming\Play withSIX
2012-10-08 10:42 . 2012-10-08 10:42 -------- d-----w- c:\program files (x86)\SIX Networks
2012-10-08 10:40 . 2012-10-08 10:40 -------- d-----w- c:\users\Trudy\AppData\Local\Downloaded Installations
2012-10-07 00:01 . 2012-10-07 00:01 -------- d-----w- c:\users\Trudy\AppData\Local\DayZCommander
2012-10-07 00:01 . 2012-10-07 00:01 -------- d-----w- c:\program files (x86)\Dotjosh Studios
2012-10-06 23:34 . 2012-10-11 19:53 -------- d-----w- c:\users\Trudy\AppData\Local\ArmA 2 OA
2012-10-06 08:11 . 2012-10-06 09:26 -------- d-----w- c:\users\Trudy\AppData\Local\ArmA 2 Free
2012-10-06 08:08 . 2012-10-06 08:08 -------- d-----w- c:\program files (x86)\Bohemia Interactive
2012-10-05 20:39 . 2012-10-02 08:31 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3DC3869-F89A-4394-9AB3-67645472D7F0}\gapaengine.dll
2012-09-29 00:27 . 2012-09-29 01:07 -------- d-----w- c:\users\Trudy\AppData\Local\GQWeb
2012-09-29 00:15 . 2012-09-29 00:15 58648 ----a-r- c:\users\Trudy\AppData\Roaming\Microsoft\Installer\{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}\ARPPRODUCTICON.exe
2012-09-29 00:15 . 2012-09-29 00:15 -------- d-----w- C:\Edline
2012-09-12 07:57 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 07:57 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 07:02 . 2010-12-14 03:53 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 10:03 . 2012-07-25 21:11 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 10:03 . 2011-11-04 19:00 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-02 08:31 . 2011-03-25 23:39 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-22 20:34 . 2011-04-18 15:17 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-09-07 21:04 . 2012-08-21 04:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2010-10-25 02:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-18 11:19 . 2012-10-10 11:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-07-18 17:31 . 2012-08-15 05:06 3146752 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{595F0083-DCF6-4BCE-B7D0-6DC17D4B505F}]
2012-10-10 01:59 77624 ----a-w- c:\users\Trudy\AppData\Local\dealcabby\ie\dealcabby_20121009095001.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
"Akamai NetSession Interface"="c:\users\Trudy\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-06 115168]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys [2012-09-22 101688]
R3 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-09-22 297240]
R3 rtl8190pn64;Realtek RTL8190 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl8190p.sys [2008-08-07 556544]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-14 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-14 279616]
S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-15 397720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-09-22 55096]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-09-22 976728]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2011-07-13 77352]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-24 215040]
S3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2010-02-01 622624]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 10:03]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157070670-2083293735-4099382007-1000Core.job
- c:\users\Trudy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 01:25]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157070670-2083293735-4099382007-1000UA.job
- c:\users\Trudy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 01:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={510D57D2-3C73-4530-A60B-D3862402A4CC}&mid=e24644eef4c847d0a4326de783e749dd-f8018c7003de28c623bff265b4fc95014cc9c77e&lang=en&ds=ft011&pr=sa&d=2012-06-30 09:44&v=11.1.0.12&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Trudy\AppData\Roaming\Mozilla\Firefox\Profiles\k252trzg.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-{8833FFB6-5B0C-4764-81AA-06DFEED9A476} - c:\program files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-10-11 20:49:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-12 00:49
.
Pre-Run: 777,555,877,888 bytes free
Post-Run: 778,293,563,392 bytes free
.
- - End Of File - - E2D864A0C39EDA6952FC2CD25719DB11
  • 0

#8
yumito

yumito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
opened over 50 web pages on 3 different browsers. so far its clean of all redirects
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi yumito,

Glad to hear that. Let's remove all leftovers from your system.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#10
yumito

yumito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
After a reboot of my computer last night, redirects are back. :upset:

Status: Quarantined (events: 2)
10/12/2012 3:25:07 AM Quarantined Trojan program HEUR:Exploit.Script.Generic C:\Documents and Settings\Trudy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KYPPRVME\index[3].htm High
10/12/2012 4:39:57 PM Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\TDSSKiller_Quarantine\11.10.2012_20.55.27\mbr0000\tdlfs0000\tsk0000.dta High
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi yumito,

Step 1

Please run Combofix one more time and post fresh log.

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
  • New OTL scan log

It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#12
yumito

yumito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 12-10-11.03 - Trudy 10/13/2012 13:39:06.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.12279.9328 [GMT -4:00]
Running from: c:\users\Trudy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
J:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 )))))))))))))))))))))))))))))))
.
.
2012-10-13 17:48 . 2012-10-13 17:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-13 17:22 . 2012-10-13 17:24 -------- d-----w- C:\Warcraft III
2012-10-13 11:29 . 2012-08-30 04:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB15508C-DF4F-4D01-A3F9-CC77792A66BE}\mpengine.dll
2012-10-12 06:50 . 2012-10-12 06:50 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-12 06:49 . 2012-10-12 09:14 460888 ----a-w- c:\windows\system32\drivers\16370498.sys
2012-10-12 01:05 . 2012-10-12 01:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-12 01:05 . 2012-08-30 04:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-11 08:59 . 2012-10-11 08:59 -------- d-----w- c:\windows\Sun
2012-10-10 23:50 . 2012-10-10 23:50 5632 ----a-w- c:\programdata\Microsoft\Windows\DRM\6F2D.tmp
2012-10-10 23:50 . 2012-10-10 23:50 5632 ----a-w- c:\programdata\Microsoft\Windows\DRM\6F2C.tmp
2012-10-10 11:10 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 11:10 . 2012-09-14 19:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 11:10 . 2012-09-14 18:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 11:10 . 2012-08-11 00:53 714752 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 11:10 . 2012-08-10 23:54 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 11:10 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 11:10 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 11:10 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 11:10 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 11:10 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 11:10 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-10 02:00 . 2012-10-10 02:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-08 10:42 . 2012-10-08 10:42 -------- d-----w- c:\users\Trudy\AppData\Roaming\six-zsync
2012-10-08 10:42 . 2012-10-08 10:43 -------- d-----w- c:\users\Trudy\AppData\Roaming\Play withSIX
2012-10-08 10:42 . 2012-10-08 10:42 -------- d-----w- c:\program files (x86)\SIX Networks
2012-10-08 10:40 . 2012-10-08 10:40 -------- d-----w- c:\users\Trudy\AppData\Local\Downloaded Installations
2012-10-07 00:01 . 2012-10-07 00:01 -------- d-----w- c:\users\Trudy\AppData\Local\DayZCommander
2012-10-07 00:01 . 2012-10-07 00:01 -------- d-----w- c:\program files (x86)\Dotjosh Studios
2012-10-06 23:34 . 2012-10-13 17:13 -------- d-----w- c:\users\Trudy\AppData\Local\ArmA 2 OA
2012-10-06 08:11 . 2012-10-12 07:16 -------- d-----w- c:\users\Trudy\AppData\Local\ArmA 2 Free
2012-10-06 08:08 . 2012-10-06 08:08 -------- d-----w- c:\program files (x86)\Bohemia Interactive
2012-10-05 20:39 . 2012-10-02 08:31 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3DC3869-F89A-4394-9AB3-67645472D7F0}\gapaengine.dll
2012-09-29 00:27 . 2012-09-29 01:07 -------- d-----w- c:\users\Trudy\AppData\Local\GQWeb
2012-09-29 00:15 . 2012-09-29 00:15 58648 ----a-r- c:\users\Trudy\AppData\Roaming\Microsoft\Installer\{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}\ARPPRODUCTICON.exe
2012-09-29 00:15 . 2012-09-29 00:15 -------- d-----w- C:\Edline
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 07:02 . 2010-12-14 03:53 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 10:03 . 2012-07-25 21:11 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 10:03 . 2011-11-04 19:00 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-02 08:31 . 2011-03-25 23:39 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-22 20:34 . 2011-04-18 15:17 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-09-07 21:04 . 2012-08-21 04:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2010-10-25 02:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-18 11:19 . 2012-10-10 11:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:55 . 2012-09-12 07:57 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 17:05 . 2012-09-12 07:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-18 17:31 . 2012-08-15 05:06 3146752 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
"Akamai NetSession Interface"="c:\users\Trudy\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_48682769.lnk - c:\users\Trudy\AppData\Local\Temp\_uninst_48682769.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-06 115168]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys [2012-09-22 101688]
R3 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-09-22 297240]
R3 rtl8190pn64;Realtek RTL8190 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl8190p.sys [2008-08-07 556544]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-14 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-14 279616]
S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-15 397720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-09-22 55096]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-09-22 976728]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2011-07-13 77352]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-24 215040]
S3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2010-02-01 622624]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 16370498
*Deregistered* - 48682769
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 10:03]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157070670-2083293735-4099382007-1000Core.job
- c:\users\Trudy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 01:25]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1157070670-2083293735-4099382007-1000UA.job
- c:\users\Trudy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 01:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://isearch.avg.com/?cid={510D57D2-3C73-4530-A60B-D3862402A4CC}&mid=e24644eef4c847d0a4326de783e749dd-f8018c7003de28c623bff265b4fc95014cc9c77e&lang=en&ds=ft011&pr=sa&d=2012-06-30 09:44&v=11.1.0.12&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Trudy\AppData\Roaming\Mozilla\Firefox\Profiles\k252trzg.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-16267650.sys
SafeBoot-73683511.sys
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-{8833FFB6-5B0C-4764-81AA-06DFEED9A476} - c:\program files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-13 13:50:22
ComboFix-quarantined-files.txt 2012-10-13 17:50
ComboFix2.txt 2012-10-12 00:49
.
Pre-Run: 797,378,801,664 bytes free
Post-Run: 797,447,049,216 bytes free
.
- - End Of File - - CFECBF72DDEF17954FEE84113C6F0B42
  • 0

#13
yumito

yumito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL logfile created on: 10/13/2012 1:51:34 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trudy\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 9.12 Gb Available Physical Memory | 76.10% Memory free
23.98 Gb Paging File | 21.17 Gb Available in Paging File | 88.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 925.16 Gb Total Space | 742.78 Gb Free Space | 80.29% Space Free | Partition Type: NTFS
Drive D: | 196.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 931.48 Gb Total Space | 891.33 Gb Free Space | 95.69% Space Free | Partition Type: NTFS

Computer Name: WAFFLES | User Name: Trudy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/11 04:18:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trudy\Desktop\OTL.exe
PRC - [2012/10/04 00:57:42 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/09/22 16:34:24 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/04 18:36:48 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/04 00:57:39 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/10/04 00:57:36 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/10/04 00:57:33 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/10/04 00:57:31 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/10/04 00:57:29 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/09/07 06:13:05 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/09/07 06:13:05 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/09/07 06:13:03 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll
MOD - [2012/09/07 06:13:01 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/09/07 06:12:56 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/09/07 06:12:51 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/09/07 06:12:48 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/09/07 06:12:47 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/09/07 06:12:43 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/08/21 18:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/05/28 16:43:22 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/09 06:03:03 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/05 22:15:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/04 00:57:42 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/12 15:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011/07/17 12:04:00 | 004,390,376 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/12 05:14:21 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\16370498.sys -- (16370498)
DRV:64bit: - [2012/09/22 16:34:44 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/14 13:44:33 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/10 17:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/07/13 04:22:10 | 000,077,352 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/07 16:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/07/29 14:36:42 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/01 12:30:54 | 000,622,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl819xp.sys -- (rtl819xpn64)
DRV:64bit: - [2010/01/22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/28 03:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/24 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/08/07 19:49:44 | 000,556,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8190p.sys -- (rtl8190pn64)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/09/22 16:34:44 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/09/22 16:34:42 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/08/15 03:21:57 | 000,397,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys -- (RapportCerberus_42020)
DRV - [2012/02/02 18:50:43 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.maingear.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...sa&d=2012-06-30 09:44:41&v=11.1.0.12&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 36 DC DC A7 45 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-06-30 09:44:41&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/09 21:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 01:21:23 | 000,000,000 | ---D | M]

[2012/10/09 22:00:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trudy\AppData\Roaming\Mozilla\Extensions
[2012/10/09 21:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/07 01:21:22 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/05 22:15:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/30 09:44:39 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/10/05 22:15:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/05 22:15:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Trudy\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Trudy\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Trudy\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Trudy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Giant Savings = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\crossrider
CHR - Extension: Giant Savings = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.20.42_0\
CHR - Extension: Gmail = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/13 13:48:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Trudy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_48682769.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7974F00-B76C-4A3A-97AC-F87E3D1DF6FB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/16 17:11:56 | 000,000,027 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/13 13:50:26 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/10/13 13:38:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/10/13 13:22:48 | 000,000,000 | ---D | C] -- C:\Warcraft III
[2012/10/12 02:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/12 02:49:48 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\16370498.sys
[2012/10/12 02:23:58 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/10/11 21:05:42 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/11 20:50:55 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Trudy\Desktop\tdsskiller.exe
[2012/10/11 20:35:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/10/11 20:35:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/10/11 20:35:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/10/11 20:35:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/11 20:35:00 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/10/11 20:34:33 | 004,766,830 | R--- | C] (Swearware) -- C:\Users\Trudy\Desktop\ComboFix.exe
[2012/10/11 04:59:02 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/10/11 04:18:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Trudy\Desktop\OTL.exe
[2012/10/11 03:38:54 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/10/11 03:28:49 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/10/09 22:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/10/08 06:42:37 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\six-zsync
[2012/10/08 06:42:27 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Play withSIX
[2012/10/08 06:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIX Networks
[2012/10/08 06:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Networks
[2012/10/08 06:40:11 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\Downloaded Installations
[2012/10/06 20:01:26 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\DayZCommander
[2012/10/06 20:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2012/10/06 19:34:46 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\ArmA 2 OA
[2012/10/06 04:27:12 | 000,000,000 | ---D | C] -- C:\Users\Trudy\Documents\ArmA 2 Other Profiles
[2012/10/06 04:11:22 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\ArmA 2 Free
[2012/10/06 04:11:22 | 000,000,000 | ---D | C] -- C:\Users\Trudy\Documents\ArmA 2
[2012/10/06 04:10:33 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/10/06 04:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/10/06 04:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive
[2012/10/06 03:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/09/28 20:27:15 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\GQWeb
[2012/09/28 20:15:20 | 000,000,000 | ---D | C] -- C:\Edline

========== Files - Modified Within 30 Days ==========

[2012/10/13 13:49:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1157070670-2083293735-4099382007-1000UA.job
[2012/10/13 13:48:31 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/10/13 13:07:27 | 000,779,306 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/10/13 13:07:27 | 000,660,296 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/10/13 13:07:27 | 000,121,224 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/10/13 13:02:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/13 00:58:18 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1157070670-2083293735-4099382007-1000Core.job
[2012/10/12 07:24:48 | 000,020,128 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 07:24:48 | 000,020,128 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 07:17:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/12 07:17:18 | 1066,725,374 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/12 05:14:21 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\windows\SysNative\drivers\16370498.sys
[2012/10/12 02:50:24 | 000,001,013 | ---- | M] () -- C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_48682769.lnk
[2012/10/12 02:49:04 | 139,533,768 | ---- | M] () -- C:\Users\Trudy\Desktop\setup_11.0.0.1245.x01_2012_10_12_05_14.exe
[2012/10/12 02:24:45 | 000,001,296 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2012/10/11 20:51:02 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Trudy\Desktop\tdsskiller.exe
[2012/10/11 20:34:49 | 004,766,830 | R--- | M] (Swearware) -- C:\Users\Trudy\Desktop\ComboFix.exe
[2012/10/11 12:09:29 | 000,001,558 | ---- | M] () -- C:\Users\Trudy\Desktop\mbam.exe - Shortcut.lnk
[2012/10/11 11:42:49 | 000,302,592 | ---- | M] () -- C:\Users\Trudy\Desktop\0r3tz9wr.exe
[2012/10/11 04:18:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trudy\Desktop\OTL.exe
[2012/10/11 03:28:44 | 721,981,385 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/10/11 03:04:27 | 000,000,129 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[2012/10/10 21:39:33 | 000,001,099 | ---- | M] () -- C:\Users\Trudy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/09 22:00:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/09 21:59:30 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2012/10/06 18:17:09 | 000,000,221 | ---- | M] () -- C:\Users\Trudy\Desktop\ARMA 2 Operation Arrowhead.url
[2012/10/06 03:26:47 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012/10/02 03:00:55 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/29 13:36:08 | 000,233,901 | ---- | M] () -- C:\Users\Trudy\Desktop\house.jpg
[2012/09/26 22:45:55 | 000,000,033 | ---- | M] () -- C:\windows\GunzLauncher.INI
[2012/09/22 16:34:44 | 000,101,688 | ---- | M] (Trusteer Ltd.) -- C:\windows\SysNative\drivers\RapportKE64.sys

========== Files Created - No Company Name ==========

[2012/10/12 02:50:24 | 000,001,013 | ---- | C] () -- C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_48682769.lnk
[2012/10/12 02:47:11 | 139,533,768 | ---- | C] () -- C:\Users\Trudy\Desktop\setup_11.0.0.1245.x01_2012_10_12_05_14.exe
[2012/10/12 02:24:45 | 000,001,296 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2012/10/11 20:35:43 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/10/11 20:35:43 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/10/11 20:35:43 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/10/11 20:35:43 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/10/11 20:35:43 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/10/11 12:09:29 | 000,001,558 | ---- | C] () -- C:\Users\Trudy\Desktop\mbam.exe - Shortcut.lnk
[2012/10/11 11:42:48 | 000,302,592 | ---- | C] () -- C:\Users\Trudy\Desktop\0r3tz9wr.exe
[2012/10/11 03:28:44 | 721,981,385 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/10/11 03:04:27 | 000,000,129 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2012/10/10 21:39:33 | 000,001,099 | ---- | C] () -- C:\Users\Trudy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/09 22:00:08 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/09 22:00:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/09 21:59:30 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/10/06 18:17:09 | 000,000,221 | ---- | C] () -- C:\Users\Trudy\Desktop\ARMA 2 Operation Arrowhead.url
[2012/10/06 04:05:57 | 1023,856,640 | ---- | C] () -- C:\Users\Trudy\Documents\ARMA2Free_setup.exe
[2012/09/29 13:36:08 | 000,233,901 | ---- | C] () -- C:\Users\Trudy\Desktop\house.jpg
[2012/08/21 00:07:26 | 000,007,597 | ---- | C] () -- C:\Users\Trudy\AppData\Local\Resmon.ResmonCfg
[2012/08/09 13:43:20 | 000,000,033 | ---- | C] () -- C:\windows\GunzLauncher.INI
[2012/02/07 22:27:10 | 000,000,204 | ---- | C] () -- C:\Users\Trudy\.packettracer
[2011/10/23 05:01:52 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/06/03 21:59:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/06/02 19:02:43 | 000,107,229 | ---- | C] () -- C:\Users\Trudy\TaskList-trunk-bin.tgz
[2011/06/02 19:02:28 | 000,030,194 | ---- | C] () -- C:\Users\Trudy\DirtyGutter-trunk-bin.tgz
[2011/06/02 19:02:16 | 000,027,513 | ---- | C] () -- C:\Users\Trudy\BufferTabs-trunk-bin.tgz
[2011/06/02 19:01:56 | 000,632,209 | ---- | C] () -- C:\Users\Trudy\ProjectViewer-trunk-bin.tgz
[2010/12/22 15:19:42 | 000,776,466 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/12/14 00:32:42 | 000,003,972 | ---- | C] () -- C:\windows\SysWow64\drivers\PciBus.sys

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/02/28 07:48:29 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\.minecraft
[2012/03/15 14:58:04 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\DAEMON Tools Lite
[2011/12/13 11:07:10 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\ijjigame
[2011/12/17 17:37:55 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Kalypso Media
[2011/05/06 12:43:26 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\LolClient
[2012/01/14 02:52:47 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Mumble
[2012/09/06 03:55:08 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Notepad++
[2012/10/08 06:43:21 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Play withSIX
[2011/01/14 17:51:31 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Publish Providers
[2012/07/22 13:25:49 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\runic games
[2012/10/08 06:42:37 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\six-zsync
[2011/12/13 01:42:35 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Sony
[2012/01/24 00:47:35 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\SplitMediaLabs
[2012/03/13 18:35:43 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Tropico 4
[2011/04/18 11:17:26 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Trusteer
[2012/08/23 23:11:18 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\TS3Client
[2012/10/13 13:39:06 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\uTorrent
[2012/01/07 22:38:45 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\W Photo Studio Viewer

========== Purity Check ==========



< End of report >
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Can you please update your Malwarebytes and do Quick Scan. Remove all findings and post log here for me.
  • 0

#15
yumito

yumito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.13.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Trudy :: WAFFLES [administrator]

Protection: Disabled

10/13/2012 5:58:56 PM
mbam-log-2012-10-13 (17-58-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206460
Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP