Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect Virus - Followed prescribed steps - no success [Solved]


  • This topic is locked This topic is locked

#1
alexander4

alexander4

    Member

  • Member
  • PipPip
  • 59 posts
Good evening,

I am trying to assist a friend who has been plauged with the redirect virus for some time now. I followed the automated steps in the "Fix Redirect Virus" page, to no avail.

I've run OTM, Goored, and TDSkiller from Kaspersky.
When I ran OTM, my PC would reboot before I could copy the results from the run, and when I opened the program again the results field was empty. So I apologize, I have no information from that. Goored had nothing that looked pertinent, and Kaspersky did not identify anything malicious.

Any help would be appreciated, just let me know what I need to do.

Thank you,

alexander4

Attached Files


  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello alexander4 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 2

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Thank you,maliprog. OTL scan is in progress, and I have downloaded GMER. I should have results for you shortly.
  • 0

#4
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
OTL.Txt:

OTL logfile created on: 11/16/2012 1:06:14 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ristin\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 62.55% Memory free
7.74 Gb Paging File | 6.18 Gb Available in Paging File | 79.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.62 Gb Total Space | 389.14 Gb Free Space | 85.79% Space Free | Partition Type: NTFS

Computer Name: PLEIADES | User Name: Ristin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/16 01:05:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ristin\Downloads\OTL.exe
PRC - [2012/11/15 21:52:31 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2009/11/19 17:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/08/11 12:37:50 | 002,446,648 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 16:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/04/03 10:44:08 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2009/08/11 17:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/05 15:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 19:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 10:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2012/11/15 21:52:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/08/04 20:04:40 | 002,354,224 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2010/08/04 19:57:36 | 002,024,896 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe -- (ntrtscan)
SRV - [2010/04/24 21:36:10 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/21 12:15:20 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 00:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/04/26 16:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010/04/24 21:36:46 | 000,108,048 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/08/27 09:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/28 19:24:12 | 000,081,408 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 18:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/10 07:45:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/07/07 09:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/07/04 20:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 09:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/06/29 17:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 11:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 20:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/10/20 17:47:06 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2010/10/20 17:46:54 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2010/10/20 17:41:48 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E2113679-890F-4408-A1D7-21E40C09E535}
IE:64bit: - HKLM\..\SearchScopes\{E2113679-890F-4408-A1D7-21E40C09E535}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {BD2F107C-993E-4251-BE3C-C8AB95953EE2}
IE - HKLM\..\SearchScopes\{BD2F107C-993E-4251-BE3C-C8AB95953EE2}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {7A3BBA2C-8B64-4F17-B761-62207C80F346}
IE - HKCU\..\SearchScopes\{7A3BBA2C-8B64-4F17-B761-62207C80F346}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{BD2F107C-993E-4251-BE3C-C8AB95953EE2}: "URL" = http://www.google.co...1I7TSNA_enUS352
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [MyTOSHIBA] C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - HKCU..\Run: [NGZKLNYZ] C:\Users\Ristin\AppData\Roaming\TpmInits.dll ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18D3C069-B0EF-4423-88BE-5733EE930D28}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F02F64FD-F884-49CE-AF12-92E8053AE78C}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{26f886f9-694b-11e0-a99b-fadca0605a9e}\Shell - "" = AutoRun
O33 - MountPoints2\{26f886f9-694b-11e0-a99b-fadca0605a9e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{48702292-fb06-11df-a578-fb589a5af7fa}\Shell - "" = AutoRun
O33 - MountPoints2\{48702292-fb06-11df-a578-fb589a5af7fa}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{dd5400c1-5873-11e0-9c41-abe7f5e125fc}\Shell - "" = AutoRun
O33 - MountPoints2\{dd5400c1-5873-11e0-9c41-abe7f5e125fc}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O33 - MountPoints2\{dd9150a1-bb0a-11e1-b19e-a7b5e9947c81}\Shell - "" = AutoRun
O33 - MountPoints2\{dd9150a1-bb0a-11e1-b19e-a7b5e9947c81}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/15 22:21:44 | 000,000,000 | ---D | C] -- C:\Users\Ristin\Documents\tdsskiller
[2012/11/15 22:16:27 | 000,000,000 | ---D | C] -- C:\Users\Ristin\Desktop\GooredFix Backups
[2012/11/15 22:10:35 | 000,000,000 | ---D | C] -- C:\Users\Ristin\AppData\Local\{B6AC45FE-A863-43B2-AB11-C36082D6ACDB}
[2012/11/15 22:01:34 | 000,000,000 | ---D | C] -- C:\Users\Ristin\AppData\Local\{642F9553-1EF3-4B04-881E-F6639D934AD7}
[2012/11/15 21:59:31 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/11/15 21:41:45 | 000,000,000 | ---D | C] -- C:\Users\Ristin\Desktop\reg backup
[2012/11/15 21:37:57 | 000,000,000 | ---D | C] -- C:\Users\Ristin\Documents\erunt
[2012/11/15 21:14:37 | 000,000,000 | ---D | C] -- C:\Users\Ristin\AppData\Local\{AB21BDE8-B9EE-41F7-87C4-F28BA4F7A606}
[2 C:\Users\Ristin\Documents\*.tmp files -> C:\Users\Ristin\Documents\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/16 01:09:02 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/16 01:08:49 | 000,302,592 | ---- | M] () -- C:\92ytuevt.exe
[2012/11/16 01:05:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2012/11/16 00:52:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/15 23:19:09 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/15 22:16:40 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 22:16:40 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 22:13:57 | 000,742,028 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/15 22:13:57 | 000,635,824 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/15 22:13:57 | 000,110,508 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/15 22:09:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/15 22:09:13 | 3117,404,160 | -HS- | M] () -- C:\hiberfil.sys
[2 C:\Users\Ristin\Documents\*.tmp files -> C:\Users\Ristin\Documents\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/29 05:31:07 | 000,135,168 | RHS- | C] () -- C:\Users\Ristin\AppData\Roaming\TpmInits.dll
[2012/05/15 17:13:33 | 000,007,666 | ---- | C] () -- C:\Users\Ristin\AppData\Local\resmon.resmoncfg
[2011/09/12 10:35:41 | 000,008,855 | ---- | C] () -- C:\windows\cfgall.ini
[2011/04/03 14:00:25 | 000,002,427 | ---- | C] () -- C:\windows\SysWow64\lgAxconfig.ini
[2010/02/08 18:50:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/02 18:25:33 | 000,001,055 | ---- | C] () -- C:\Users\Ristin\Documents - Shortcut.lnk

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 19:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/09/24 13:59:57 | 000,000,000 | ---D | M] -- C:\Users\Ristin\AppData\Roaming\Amazon
[2011/01/05 18:23:35 | 000,000,000 | ---D | M] -- C:\Users\Ristin\AppData\Roaming\AVG10
[2009/11/09 18:35:45 | 000,000,000 | ---D | M] -- C:\Users\Ristin\AppData\Roaming\DriverCure
[2011/09/12 09:43:51 | 000,000,000 | ---D | M] -- C:\Users\Ristin\AppData\Roaming\ICAClient
[2010/01/16 23:29:35 | 000,000,000 | ---D | M] -- C:\Users\Ristin\AppData\Roaming\TOSHIBA
[2010/01/10 08:38:12 | 000,000,000 | ---D | M] -- C:\Users\Ristin\AppData\Roaming\Ulead Systems
[2009/10/29 16:15:41 | 000,000,000 | ---D | M] -- C:\Users\Ristin\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2012/11/16 01:08:49 | 000,302,592 | ---- | M] () -- C:\92ytuevt.exe
[2012/11/16 01:05:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012/09/07 16:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/07 16:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
  • 0

#5
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Extras.txt

OTL Extras logfile created on: 11/16/2012 1:06:14 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ristin\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 62.55% Memory free
7.74 Gb Paging File | 6.18 Gb Available in Paging File | 79.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.62 Gb Total Space | 389.14 Gb Free Space | 85.79% Space Free | Partition Type: NTFS

Computer Name: PLEIADES | User Name: Ristin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059E4052-4277-4315-ABDF-4BEDC2E1834E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{06636A9E-0E81-41BD-9F1C-52A553151361}" = lport=445 | protocol=6 | dir=in | app=system |
"{06ED8212-128C-494A-87C5-1AA3D24A72F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0ACAD906-CB56-417A-B809-581085549307}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11C57AFE-0FD3-4964-8FDD-0C47825604CC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18DA155F-8DE2-4B90-B034-E31CCFDEFADE}" = rport=138 | protocol=17 | dir=out | app=system |
"{18F321E1-C76D-4F2B-9B93-AC8AB881BA36}" = rport=10243 | protocol=6 | dir=out | app=system |
"{18F82181-B169-42DC-9FBE-289FBB9361E5}" = rport=445 | protocol=6 | dir=out | app=system |
"{19F9EF6D-D8D1-46D2-95FE-69401F488CE3}" = lport=139 | protocol=6 | dir=in | app=system |
"{3E2BC49C-73D3-4343-A0C8-3793A9C711A3}" = lport=138 | protocol=17 | dir=in | app=system |
"{3FC407DD-D319-4092-85EB-9ACD399F352B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{482907E6-A2E5-4B06-9136-4CEBDBD07099}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E331384-3621-43F1-BABA-0140DA10B665}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67B6FE93-D617-4AA1-839F-53C8EA9C39E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BF276FD-ACE2-4E6E-934A-5D92ACD21C3D}" = rport=137 | protocol=17 | dir=out | app=system |
"{8257276C-9DBF-4B55-AFE2-48B31976C238}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82B83367-6E05-4D0E-A4CE-7E12E7EC8B20}" = rport=139 | protocol=6 | dir=out | app=system |
"{8334EF36-11EB-4D74-A2FC-CD392993EDFF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8E5323DC-CAD0-4D2F-A5B8-4836A232767F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{992D9F5C-9894-4B7B-BD28-A328CE8F8E95}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6231974-F4CC-42F7-B0BA-395355FB9B4C}" = lport=51859 | protocol=6 | dir=in | name=trend micro officescan listener |
"{A9B72BB6-6D0D-4758-83E3-16A7E8F07B81}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB9FF876-C427-4F1D-9C0E-7922E0B384E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D73F13DD-8C6E-410D-923B-6703023B6622}" = lport=137 | protocol=17 | dir=in | app=system |
"{E13E2B1A-43C8-404A-94B2-45310F34A5E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E15139D6-6FF7-46E7-8E66-91EAD9E100B6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E255A38C-DF11-47B5-8508-EB53F6B01D89}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F28017FF-6066-4A3A-81DC-1ED5A1E8FD65}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6EA74FE-BD56-442F-953D-708485E903BB}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0403CB38-3E4B-4B68-8D6D-F097B7F6E426}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{09572BC9-8610-4B87-89B6-D4205166927C}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{0D3DA98E-6BBA-46AB-B923-007BB17BA794}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{131EC151-0A36-4F30-A72B-3CBF7F924045}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{15D03EC7-626B-4748-99EC-1893016A2C86}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{1DF489E8-A997-4B50-8A58-A3536075D7C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1E77914F-E0EE-444C-B0BA-7EC213420728}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2DFAC310-CA1D-48CC-AF88-43C19F76C652}" = protocol=1 | dir=out | [email protected],-28544 |
"{3531A48F-8FE9-45B7-94D5-92D62936BAA9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{3A8CE8B8-C760-4BFC-983D-91C8D122D4FB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A7A30C4-E6D8-4DEF-BC27-697BAB7E24B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E6513CE-5B81-45F9-A5AD-3CD92F01BFBF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5F950A0B-5684-4447-B5EA-285A1A1FA347}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{61118CDE-EC05-4455-89DD-A13E7B9EE8FE}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{661BD915-398E-473D-AD04-56C20A9768A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{718B0B1B-BF0E-4836-8B65-B5403A3F8838}" = protocol=58 | dir=out | [email protected],-28546 |
"{75BC7579-C855-4BAA-A27D-8A1F6F1F6D9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{794D6D8C-D287-41B5-A9A3-F0E85A25CD30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7B969FDC-EA8B-4CB8-9BAE-6AC7EC642F2D}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{7D4DC7F5-0E95-4F6D-A603-C5DCB1AC282F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{85CA54F6-4023-4112-A6E4-BD7F51280C3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A22228C-B944-488A-861D-440AED8AD3C1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{998D222E-922A-4743-8627-DFF1B553DCD2}" = protocol=1 | dir=in | [email protected],-28543 |
"{9D446199-CF71-412A-90AC-E5B41743E499}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A0302533-6E40-49F2-AD3D-DDF03BD6F47A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0CCB323-570F-4FAB-80C6-F6CBF24E036C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A25EAFEB-E065-4DF2-BDC2-D03B32BA404F}" = protocol=6 | dir=out | app=system |
"{AC5155BF-3997-4A30-B761-570C70C10417}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{B235D85D-ABAF-4925-BF6E-F8CE3787CD85}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{B939F99D-D89F-4B0E-8CF8-413870BBBFA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BEC4675E-3FEE-4996-91F7-6E2FB647F291}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C0F689F1-1340-4945-9C57-9A32803A4EA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C22AF5C2-FF13-4F8A-B4D3-9C8499807D90}" = protocol=58 | dir=in | [email protected],-28545 |
"{D252630B-4A6E-4855-A63A-8177A9260482}" = protocol=17 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{DC57BBC0-69E4-4C10-B22C-F846103F9320}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E22B854A-B88D-4C06-95DE-0E81744698FE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E3DEF40C-2FC3-4A05-A5DB-4C055443A5D4}" = protocol=6 | dir=in | app=c:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{E68BF445-2A7D-4DA6-B378-5B722FEF079F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F089B5F3-FCCA-427A-B5AE-A162C0E83509}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.03.02
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}" = NWZ-S540 WALKMAN Guide
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"OfficeScanNT" = Trend Micro OfficeScan Client
"ScrewDrivers Client v4" = ScrewDrivers Client v4
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/13/2012 7:39:40 AM | Computer Name = Pleiades | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/13/2012 9:56:17 AM | Computer Name = Pleiades | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/13/2012 10:00:25 AM | Computer Name = Pleiades | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/20/2012 3:09:49 PM | Computer Name = Pleiades | Source = Application Hang | ID = 1002
Description = The program MyToshiba.exe version 2.2.0.4 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d64 Start
Time: 01cd4f17bb638835 Termination Time: 0 Application Path: C:\Program Files (x86)\TOSHIBA\My
Toshiba\MyToshiba.exe Report Id: 52857bf5-bb0b-11e1-b19e-a7b5e9947c81

Error - 7/3/2012 4:27:06 PM | Computer Name = Pleiades | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x20737463 Faulting process id:
0x1128 Faulting application start time: 0x01cd595910016411 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 74bb4c55-c54d-11e1-b19e-a7b5e9947c81

Error - 7/14/2012 3:21:51 PM | Computer Name = Pleiades | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Windows Search' could not be shut down.

Error - 7/14/2012 8:47:39 PM | Computer Name = Pleiades | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e64 Start
Time: 01cd62230e338162 Termination Time: 16 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: a5d2e7fe-ce16-11e1-b47b-b1af3c61f2f9

Error - 8/15/2012 5:31:43 PM | Computer Name = Pleiades | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.62.0.87 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 272c Start Time:
01cd7b2c9511762c Termination Time: 10 Application Path: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Report Id: 742e1462-e720-11e1-b47b-b1af3c61f2f9

Error - 9/20/2012 7:59:14 PM | Computer Name = Pleiades | Source = Application Hang | ID = 1002
Description = The program Skype.exe version 5.10.0.116 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 8bc Start
Time: 01cd927f34afe01b Termination Time: 515 Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report
Id:

Error - 9/23/2012 11:05:30 AM | Computer Name = Pleiades | Source = VSS | ID = 12310
Description =

[ System Events ]
Error - 10/4/2012 12:04:40 AM | Computer Name = Pleiades | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/4/2012 12:04:40 AM | Computer Name = Pleiades | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/4/2012 12:04:40 AM | Computer Name = Pleiades | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 10/4/2012 1:00:53 AM | Computer Name = Pleiades | Source = DCOM | ID = 10005
Description =

Error - 10/4/2012 1:00:53 AM | Computer Name = Pleiades | Source = DCOM | ID = 10005
Description =

Error - 10/4/2012 1:00:53 AM | Computer Name = Pleiades | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/15/2012 11:59:31 PM | Computer Name = Pleiades | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/16/2012 12:08:20 AM | Computer Name = Pleiades | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/16/2012 12:37:04 AM | Computer Name = Pleiades | Source = DCOM | ID = 10016
Description =

Error - 11/16/2012 12:37:04 AM | Computer Name = Pleiades | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

#6
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Results.Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-16 02:07:38
Windows 6.1.7600
Running: 92ytuevt.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002258e33c73
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\[email protected] [email protected]\DRIVERS\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,1)?f???j???????????????j??????????????? ???????j???????????j?0?????????????????????????????????.?????j????? ???????j ????j???????0????????????&???????????????????? ??? ???????j?????j???????0?????????????????????j?j????? ???????j???????????j?0?????????????????????????8??6.1.7600.16788???????????????8???????j?????j????? ???????j?????j???????0?????????????????????j?j?????j??? ???????j???????????j?0?????????????????????????????d??_2????t??j???????????j?j????UHCI.Dev?D?????j????? ???????j?????j???????0?????????????????????????????????????j??? ???????j???????????j?0????????t???????????Intel® ICH9 Family USB Universal Host Controller - 2939???????????????? ???????j???8?????????j????? ???????j?????j???????0?????????????????????????j???????????????????8??? ???j?????j????? ???????j???????????j?0????????????????????? ???????h?????j????????????????????(???????????????????????? ???????j???????????j?0????????????????????usbport
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\[email protected] ???i?????????????????????k??????????USB?00??????????????{71a27cdd-812a-11d0-bec7-08002be2092f}??????????????????????????usbhub?4????USB?????????????? f???????????????????N???????????D?????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}????????F??j?????g?????j?j?????????g???????e??TermDD??????DETECTEDInternal\ACPI_HAL?DETECTED\ACPI_HAL???????>????????g????{4d36e97d-e325-11ce-bfc1-08002be10318}?vr.???? ??k???????=??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????DETECTEDInternal\blbdrive?DETECTED\blbdrive?????ROOT\RDP_KBD?????????u???????k???????????????k???F??s3??mouclass????????e???System?exe???????????7??????ROOT\mssmbios????3??????????????????????????CompositeBus??????<????????g?????????e???????e??swenum????????X??????????t???????????????????????h??????????hal.inf:GENDEV_SYS.NTamd64:ACPI_AMD64_HAL:6.1.7600.16385:acpiapic????????????3???????????Z????????????????????????????X??i???????????????????????????t???i?i?h????N??i?????????????????h???h???h?????????j?j????? ???????i?????????????0????????????????????? ???????i?????
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002258e33c73 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\[email protected] ???l???????l?&???????????????????????l???0??????Ndi-Mp-Sstp?st???? ??l??????????ms_sstpminiport??????????????s??t????????????????????????????????????????????/???????????????0???e????:??????r?gra???????????p?? "[email protected]???????????j?u?j???l???????????????l??? ???????l?????l???????0????????????&???????????????????????? ???????l?????l???????0????????????????????? ???????l???????????k?0??????????????????????X??????????????? [email protected]?????????????????????????????l????? ???????l?????l???????0???????????????????????l???l????? ???????j?????l?????k????????????D?????????????tunnel??Ne??????????? ???????l???????????k??????????V?????????????t??????4?g????????????????t??????l?&???????l??????????netsstpa.inf?????????????????????????????????????????k???????????l?l?l???????l???0???????????????K???e?[email protected]??l???S??ve??machine.inf??????k?l?0???????l???l??xx??? ???????j?????l?????k????????????F? ?????????????L??m?????g????????? ???????l???????????k?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\[email protected] ???o?o??????????????????????????????????ed??????????? ???????n??????????????????????`?K??????????????????????????????????p??????p????p?p?p??system32\drivers\HTTP.sys???system32\DRIVERS\iaStor.sys??????o?o?o?o?o?o?o??????????s???RpcSs?????????b??p?????????e???????????????????????????3?????????u?u?u??\SystemRoot\system32\DRIVERS\BrFiltLo.sys???Brother USB Mass-Storage Lower Filter Driver????extended base????o?o?o?o?o?o?o????X??o???????????d??brmfcsto.inf_amd64_neutral_2d7208355536945e?????? ???????o???????????o??????????,??? ?????????????,??o???????????s??/GR=OFF /TO=10 /OW=30???? ???????n???????????o??????????Z?1?????????????????????t?????????????????????????????????????????T??o????????h?????\SystemRoot\system32\DRIVERS\BrFiltUp.sys?????Z??o?????????e????Brother USB Mass-Storage Upper Filter Driver?????????o??????p???extended base????o?o?o?o?o?o?o????X??o???????????d??brmfcsto.inf_amd64_neutral_2d7208355536945e??????p?p?p???o??????????????? ???????n?????o?? [email protected]%syste

---- EOF - GMER 1.0.15 ----
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's begin

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [NGZKLNYZ] C:\Users\Ristin\AppData\Roaming\TpmInits.dll ()
    O33 - MountPoints2\{26f886f9-694b-11e0-a99b-fadca0605a9e}\Shell - "" = AutoRun
    O33 - MountPoints2\{26f886f9-694b-11e0-a99b-fadca0605a9e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{48702292-fb06-11df-a578-fb589a5af7fa}\Shell - "" = AutoRun
    O33 - MountPoints2\{48702292-fb06-11df-a578-fb589a5af7fa}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{dd5400c1-5873-11e0-9c41-abe7f5e125fc}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd5400c1-5873-11e0-9c41-abe7f5e125fc}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
    O33 - MountPoints2\{dd9150a1-bb0a-11e1-b19e-a7b5e9947c81}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd9150a1-bb0a-11e1-b19e-a7b5e9947c81}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
    [2012/11/15 22:10:35 | 000,000,000 | ---D | C] -- C:\Users\Ristin\AppData\Local\{B6AC45FE-A863-43B2-AB11-C36082D6ACDB}
    [2012/11/15 22:01:34 | 000,000,000 | ---D | C] -- C:\Users\Ristin\AppData\Local\{642F9553-1EF3-4B04-881E-F6639D934AD7}
    [2012/11/15 21:14:37 | 000,000,000 | ---D | C] -- C:\Users\Ristin\AppData\Local\{AB21BDE8-B9EE-41F7-87C4-F28BA4F7A606}
    [2012/08/29 05:31:07 | 000,135,168 | RHS- | C] () -- C:\Users\Ristin\AppData\Roaming\TpmInits.dll

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please remove your version of TDSSKiller. After that:

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Loaded modules

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Make sure to check:

    • Services and drivers
    • Boot sectors
    • Loaded modules
    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\\ folder) in the form of \"TDSSKiller.[Version]_[Date]_[Time]_log.txt\". Please copy and paste its contents on your next reply.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#8
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Moved Files:

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NGZKLNYZ deleted successfully.
C:\Users\Ristin\AppData\Roaming\TpmInits.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26f886f9-694b-11e0-a99b-fadca0605a9e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26f886f9-694b-11e0-a99b-fadca0605a9e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26f886f9-694b-11e0-a99b-fadca0605a9e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26f886f9-694b-11e0-a99b-fadca0605a9e}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48702292-fb06-11df-a578-fb589a5af7fa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48702292-fb06-11df-a578-fb589a5af7fa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48702292-fb06-11df-a578-fb589a5af7fa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48702292-fb06-11df-a578-fb589a5af7fa}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd5400c1-5873-11e0-9c41-abe7f5e125fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd5400c1-5873-11e0-9c41-abe7f5e125fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd5400c1-5873-11e0-9c41-abe7f5e125fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd5400c1-5873-11e0-9c41-abe7f5e125fc}\ not found.
File F:\TL_Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd9150a1-bb0a-11e1-b19e-a7b5e9947c81}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd9150a1-bb0a-11e1-b19e-a7b5e9947c81}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd9150a1-bb0a-11e1-b19e-a7b5e9947c81}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd9150a1-bb0a-11e1-b19e-a7b5e9947c81}\ not found.
File F:\TL_Bootstrap.exe not found.
C:\Users\Ristin\AppData\Local\{B6AC45FE-A863-43B2-AB11-C36082D6ACDB} folder moved successfully.
C:\Users\Ristin\AppData\Local\{642F9553-1EF3-4B04-881E-F6639D934AD7} folder moved successfully.
C:\Users\Ristin\AppData\Local\{AB21BDE8-B9EE-41F7-87C4-F28BA4F7A606} folder moved successfully.
File C:\Users\Ristin\AppData\Roaming\TpmInits.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 11162012_022512
  • 0

#9
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
TDSKiller Log - reported one suspicious item - skipped

02:40:00.0434 3444 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
02:40:01.0183 3444 ============================================================
02:40:01.0183 3444 Current date / time: 2012/11/16 02:40:01.0183
02:40:01.0183 3444 SystemInfo:
02:40:01.0183 3444
02:40:01.0183 3444 OS Version: 6.1.7600 ServicePack: 0.0
02:40:01.0183 3444 Product type: Workstation
02:40:01.0183 3444 ComputerName: PLEIADES
02:40:01.0183 3444 UserName: Ristin
02:40:01.0183 3444 Windows directory: C:\windows
02:40:01.0183 3444 System windows directory: C:\windows
02:40:01.0183 3444 Running under WOW64
02:40:01.0183 3444 Processor architecture: Intel x64
02:40:01.0183 3444 Number of processors: 2
02:40:01.0183 3444 Page size: 0x1000
02:40:01.0183 3444 Boot type: Normal boot
02:40:01.0183 3444 ============================================================
02:40:42.0799 3444 BG loaded
02:40:49.0429 3444 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:40:49.0444 3444 ============================================================
02:40:49.0444 3444 \Device\Harddisk0\DR0:
02:40:49.0444 3444 MBR partitions:
02:40:49.0444 3444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38B3B800
02:40:49.0444 3444 ============================================================
02:40:49.0756 3444 C: <-> \Device\Harddisk0\DR0\Partition1
02:40:49.0756 3444 ============================================================
02:40:49.0756 3444 Initialize success
02:40:49.0756 3444 ============================================================
02:41:27.0103 3932 ============================================================
02:41:27.0103 3932 Scan started
02:41:27.0103 3932 Mode: Manual; SigCheck; TDLFS;
02:41:27.0103 3932 ============================================================
02:41:28.0990 3932 ================ Scan system memory ========================
02:41:28.0990 3932 System memory - ok
02:41:28.0990 3932 ================ Scan services =============================
02:41:29.0614 3932 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
02:41:29.0957 3932 1394ohci - ok
02:41:30.0020 3932 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
02:41:30.0067 3932 ACPI - ok
02:41:30.0098 3932 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
02:41:30.0503 3932 AcpiPmi - ok
02:41:30.0737 3932 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:41:30.0784 3932 AdobeFlashPlayerUpdateSvc - ok
02:41:31.0315 3932 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
02:41:31.0985 3932 adp94xx - ok
02:41:32.0032 3932 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
02:41:32.0126 3932 adpahci - ok
02:41:32.0188 3932 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
02:41:32.0251 3932 adpu320 - ok
02:41:32.0282 3932 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
02:41:33.0296 3932 AeLookupSvc - ok
02:41:33.0405 3932 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\windows\system32\drivers\afd.sys
02:41:33.0499 3932 AFD - ok
02:41:33.0623 3932 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
02:41:33.0795 3932 AgereSoftModem - ok
02:41:33.0842 3932 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
02:41:33.0873 3932 agp440 - ok
02:41:33.0935 3932 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
02:41:34.0013 3932 ALG - ok
02:41:34.0076 3932 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\DRIVERS\aliide.sys
02:41:34.0091 3932 aliide - ok
02:41:34.0154 3932 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\DRIVERS\amdide.sys
02:41:34.0201 3932 amdide - ok
02:41:34.0232 3932 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
02:41:34.0357 3932 AmdK8 - ok
02:41:34.0388 3932 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
02:41:34.0481 3932 AmdPPM - ok
02:41:34.0559 3932 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\windows\system32\drivers\amdsata.sys
02:41:34.0591 3932 amdsata - ok
02:41:34.0731 3932 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
02:41:34.0778 3932 amdsbs - ok
02:41:34.0809 3932 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\windows\system32\drivers\amdxata.sys
02:41:34.0856 3932 amdxata - ok
02:41:34.0918 3932 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\windows\system32\drivers\appid.sys
02:41:35.0121 3932 AppID - ok
02:41:35.0168 3932 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
02:41:35.0293 3932 AppIDSvc - ok
02:41:35.0339 3932 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\windows\System32\appinfo.dll
02:41:35.0449 3932 Appinfo - ok
02:41:35.0495 3932 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
02:41:35.0511 3932 arc - ok
02:41:35.0527 3932 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
02:41:35.0573 3932 arcsas - ok
02:41:35.0620 3932 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
02:41:35.0683 3932 AsyncMac - ok
02:41:35.0714 3932 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\DRIVERS\atapi.sys
02:41:35.0745 3932 atapi - ok
02:41:35.0823 3932 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\windows\system32\DRIVERS\athrx.sys
02:41:35.0932 3932 athr - ok
02:41:35.0979 3932 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
02:41:36.0073 3932 AudioEndpointBuilder - ok
02:41:36.0119 3932 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\windows\System32\Audiosrv.dll
02:41:36.0166 3932 AudioSrv - ok
02:41:36.0197 3932 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\windows\System32\AxInstSV.dll
02:41:36.0603 3932 AxInstSV - ok
02:41:36.0697 3932 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
02:41:37.0040 3932 b06bdrv - ok
02:41:37.0118 3932 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
02:41:37.0196 3932 b57nd60a - ok
02:41:37.0243 3932 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
02:41:37.0367 3932 BDESVC - ok
02:41:37.0430 3932 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
02:41:37.0477 3932 Beep - ok
02:41:37.0555 3932 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\windows\System32\bfe.dll
02:41:37.0648 3932 BFE - ok
02:41:37.0695 3932 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\windows\System32\qmgr.dll
02:41:37.0804 3932 BITS - ok
02:41:37.0867 3932 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
02:41:37.0913 3932 blbdrive - ok
02:41:37.0976 3932 [ 19D20159708E152267E53B66677A4995 ] bowser C:\windows\system32\DRIVERS\bowser.sys
02:41:38.0069 3932 bowser - ok
02:41:38.0116 3932 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
02:41:38.0194 3932 BrFiltLo - ok
02:41:38.0210 3932 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
02:41:38.0225 3932 BrFiltUp - ok
02:41:38.0272 3932 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\windows\System32\browser.dll
02:41:38.0335 3932 Browser - ok
02:41:38.0397 3932 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
02:41:38.0444 3932 Brserid - ok
02:41:38.0459 3932 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
02:41:38.0506 3932 BrSerWdm - ok
02:41:38.0522 3932 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
02:41:38.0584 3932 BrUsbMdm - ok
02:41:38.0615 3932 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
02:41:38.0662 3932 BrUsbSer - ok
02:41:38.0818 3932 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
02:41:38.0943 3932 BthEnum - ok
02:41:38.0974 3932 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
02:41:39.0052 3932 BTHMODEM - ok
02:41:39.0099 3932 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
02:41:39.0161 3932 BthPan - ok
02:41:39.0239 3932 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
02:41:39.0380 3932 BTHPORT - ok
02:41:39.0427 3932 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
02:41:39.0520 3932 bthserv - ok
02:41:39.0567 3932 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
02:41:39.0645 3932 BTHUSB - ok
02:41:39.0676 3932 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
02:41:39.0832 3932 cdfs - ok
02:41:39.0895 3932 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
02:41:39.0973 3932 cdrom - ok
02:41:40.0019 3932 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\windows\System32\certprop.dll
02:41:40.0160 3932 CertPropSvc - ok
02:41:40.0269 3932 [ 837FF2D497880198C918E6954DBD170C ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
02:41:40.0269 3932 cfWiMAXService - ok
02:41:40.0316 3932 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
02:41:40.0378 3932 circlass - ok
02:41:40.0425 3932 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
02:41:40.0487 3932 CLFS - ok
02:41:40.0706 3932 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:41:40.0909 3932 clr_optimization_v2.0.50727_32 - ok
02:41:41.0049 3932 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:41:41.0143 3932 clr_optimization_v2.0.50727_64 - ok
02:41:41.0330 3932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:41:41.0564 3932 clr_optimization_v4.0.30319_32 - ok
02:41:41.0735 3932 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:41:41.0751 3932 clr_optimization_v4.0.30319_64 - ok
02:41:41.0813 3932 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
02:41:41.0860 3932 CmBatt - ok
02:41:41.0891 3932 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
02:41:41.0969 3932 cmdide - ok
02:41:42.0001 3932 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\windows\system32\Drivers\cng.sys
02:41:42.0266 3932 CNG - ok
02:41:42.0344 3932 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
02:41:42.0406 3932 Compbatt - ok
02:41:42.0469 3932 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
02:41:42.0531 3932 CompositeBus - ok
02:41:42.0562 3932 COMSysApp - ok
02:41:42.0609 3932 [ D252C53BCDFC199BBA55EEB10CDB266E ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
02:41:42.0625 3932 ConfigFree Gadget Service - ok
02:41:42.0703 3932 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
02:41:42.0718 3932 ConfigFree Service - ok
02:41:42.0796 3932 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
02:41:42.0859 3932 crcdisk - ok
02:41:42.0983 3932 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\windows\system32\cryptsvc.dll
02:41:43.0061 3932 CryptSvc - ok
02:41:43.0124 3932 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\windows\system32\rpcss.dll
02:41:43.0202 3932 DcomLaunch - ok
02:41:43.0311 3932 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
02:41:43.0561 3932 defragsvc - ok
02:41:43.0639 3932 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\windows\system32\Drivers\dfsc.sys
02:41:43.0779 3932 DfsC - ok
02:41:43.0841 3932 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\windows\system32\dhcpcore.dll
02:41:44.0138 3932 Dhcp - ok
02:41:44.0200 3932 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
02:41:44.0325 3932 discache - ok
02:41:44.0387 3932 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
02:41:44.0481 3932 Disk - ok
02:41:44.0559 3932 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\windows\System32\dnsrslvr.dll
02:41:44.0621 3932 Dnscache - ok
02:41:44.0653 3932 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\windows\System32\dot3svc.dll
02:41:44.0902 3932 dot3svc - ok
02:41:44.0933 3932 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\windows\system32\dps.dll
02:41:45.0011 3932 DPS - ok
02:41:45.0089 3932 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
02:41:45.0152 3932 drmkaud - ok
02:41:45.0277 3932 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
02:41:45.0323 3932 DXGKrnl - ok
02:41:45.0386 3932 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
02:41:45.0464 3932 EapHost - ok
02:41:45.0745 3932 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
02:41:46.0166 3932 ebdrv - ok
02:41:46.0228 3932 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\windows\System32\lsass.exe
02:41:46.0322 3932 EFS - ok
02:41:46.0478 3932 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\windows\ehome\ehRecvr.exe
02:41:46.0868 3932 ehRecvr - ok
02:41:46.0915 3932 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
02:41:47.0055 3932 ehSched - ok
02:41:47.0164 3932 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
02:41:47.0289 3932 elxstor - ok
02:41:47.0351 3932 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
02:41:47.0383 3932 ErrDev - ok
02:41:47.0492 3932 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
02:41:47.0570 3932 EventSystem - ok
02:41:47.0648 3932 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
02:41:47.0773 3932 exfat - ok
02:41:47.0804 3932 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
02:41:47.0897 3932 fastfat - ok
02:41:47.0960 3932 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\windows\system32\fxssvc.exe
02:41:48.0053 3932 Fax - ok
02:41:48.0069 3932 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
02:41:48.0116 3932 fdc - ok
02:41:48.0147 3932 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
02:41:48.0209 3932 fdPHost - ok
02:41:48.0225 3932 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
02:41:48.0303 3932 FDResPub - ok
02:41:48.0334 3932 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
02:41:48.0350 3932 FileInfo - ok
02:41:48.0365 3932 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
02:41:48.0428 3932 Filetrace - ok
02:41:48.0459 3932 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
02:41:48.0521 3932 flpydisk - ok
02:41:48.0537 3932 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
02:41:48.0568 3932 FltMgr - ok
02:41:48.0709 3932 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\windows\system32\FntCache.dll
02:41:48.0802 3932 FontCache - ok
02:41:48.0849 3932 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:41:48.0880 3932 FontCache3.0.0.0 - ok
02:41:48.0911 3932 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
02:41:48.0927 3932 FsDepends - ok
02:41:48.0974 3932 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
02:41:48.0989 3932 Fs_Rec - ok
02:41:49.0036 3932 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
02:41:49.0052 3932 fvevol - ok
02:41:49.0099 3932 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
02:41:49.0145 3932 FwLnk - ok
02:41:49.0177 3932 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
02:41:49.0239 3932 gagp30kx - ok
02:41:49.0301 3932 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\windows\System32\gpsvc.dll
02:41:49.0348 3932 gpsvc - ok
02:41:49.0473 3932 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:41:49.0489 3932 gupdate - ok
02:41:49.0504 3932 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:41:49.0520 3932 gupdatem - ok
02:41:49.0582 3932 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:41:49.0645 3932 gusvc - ok
02:41:49.0691 3932 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
02:41:49.0754 3932 hcw85cir - ok
02:41:49.0801 3932 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
02:41:49.0863 3932 HdAudAddService - ok
02:41:49.0910 3932 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
02:41:49.0957 3932 HDAudBus - ok
02:41:49.0988 3932 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
02:41:50.0019 3932 HidBatt - ok
02:41:50.0019 3932 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
02:41:50.0066 3932 HidBth - ok
02:41:50.0066 3932 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
02:41:50.0113 3932 HidIr - ok
02:41:50.0144 3932 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
02:41:50.0222 3932 hidserv - ok
02:41:50.0284 3932 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
02:41:50.0315 3932 HidUsb - ok
02:41:50.0362 3932 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\windows\system32\kmsvc.dll
02:41:50.0425 3932 hkmsvc - ok
02:41:50.0440 3932 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\windows\system32\ListSvc.dll
02:41:50.0487 3932 HomeGroupListener - ok
02:41:50.0518 3932 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\windows\system32\provsvc.dll
02:41:50.0534 3932 HomeGroupProvider - ok
02:41:50.0565 3932 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
02:41:50.0596 3932 HpSAMD - ok
02:41:50.0643 3932 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\windows\system32\drivers\HTTP.sys
02:41:50.0721 3932 HTTP - ok
02:41:50.0737 3932 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
02:41:50.0737 3932 hwpolicy - ok
02:41:50.0768 3932 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
02:41:50.0799 3932 i8042prt - ok
02:41:50.0846 3932 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
02:41:50.0908 3932 iaStor - ok
02:41:50.0971 3932 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\windows\system32\drivers\iaStorV.sys
02:41:51.0033 3932 iaStorV - ok
02:41:51.0080 3932 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:41:51.0127 3932 idsvc - ok
02:41:51.0470 3932 [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
02:41:51.0626 3932 igfx - ok
02:41:51.0657 3932 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
02:41:51.0688 3932 iirsp - ok
02:41:51.0735 3932 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\windows\System32\ikeext.dll
02:41:51.0813 3932 IKEEXT - ok
02:41:51.0891 3932 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
02:41:51.0953 3932 IntcAzAudAddService - ok
02:41:52.0094 3932 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\windows\system32\drivers\IntcHdmi.sys
02:41:52.0156 3932 IntcHdmiAddService - ok
02:41:52.0172 3932 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\DRIVERS\intelide.sys
02:41:52.0187 3932 intelide - ok
02:41:52.0219 3932 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
02:41:52.0250 3932 intelppm - ok
02:41:52.0297 3932 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
02:41:52.0359 3932 IPBusEnum - ok
02:41:52.0390 3932 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
02:41:52.0437 3932 IpFilterDriver - ok
02:41:52.0468 3932 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
02:41:52.0531 3932 iphlpsvc - ok
02:41:52.0546 3932 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
02:41:52.0593 3932 IPMIDRV - ok
02:41:52.0593 3932 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
02:41:52.0655 3932 IPNAT - ok
02:41:52.0702 3932 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
02:41:52.0733 3932 IRENUM - ok
02:41:52.0749 3932 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
02:41:52.0765 3932 isapnp - ok
02:41:52.0796 3932 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
02:41:52.0827 3932 iScsiPrt - ok
02:41:52.0858 3932 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
02:41:52.0874 3932 kbdclass - ok
02:41:52.0905 3932 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
02:41:52.0952 3932 kbdhid - ok
02:41:52.0952 3932 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\windows\system32\lsass.exe
02:41:52.0967 3932 KeyIso - ok
02:41:52.0999 3932 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
02:41:53.0030 3932 KSecDD - ok
02:41:53.0045 3932 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
02:41:53.0077 3932 KSecPkg - ok
02:41:53.0108 3932 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
02:41:53.0170 3932 ksthunk - ok
02:41:53.0201 3932 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
02:41:53.0357 3932 KtmRm - ok
02:41:53.0420 3932 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\windows\system32\srvsvc.dll
02:41:53.0498 3932 LanmanServer - ok
02:41:53.0545 3932 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
02:41:53.0623 3932 LanmanWorkstation - ok
02:41:53.0654 3932 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
02:41:53.0732 3932 lltdio - ok
02:41:53.0763 3932 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
02:41:53.0825 3932 lltdsvc - ok
02:41:53.0857 3932 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
02:41:53.0903 3932 lmhosts - ok
02:41:53.0935 3932 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
02:41:53.0966 3932 LSI_FC - ok
02:41:53.0981 3932 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
02:41:53.0997 3932 LSI_SAS - ok
02:41:54.0013 3932 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
02:41:54.0028 3932 LSI_SAS2 - ok
02:41:54.0044 3932 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
02:41:54.0059 3932 LSI_SCSI - ok
02:41:54.0091 3932 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
02:41:54.0153 3932 luafv - ok
02:41:54.0184 3932 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
02:41:54.0215 3932 Mcx2Svc - ok
02:41:54.0309 3932 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
02:41:54.0371 3932 MDM ( UnsignedFile.Multi.Generic ) - warning
02:41:54.0371 3932 MDM - detected UnsignedFile.Multi.Generic (1)
02:41:54.0403 3932 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
02:41:54.0434 3932 megasas - ok
02:41:54.0434 3932 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
02:41:54.0465 3932 MegaSR - ok
02:41:54.0527 3932 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
02:41:54.0574 3932 Microsoft Office Groove Audit Service - ok
02:41:54.0605 3932 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
02:41:54.0683 3932 MMCSS - ok
02:41:54.0730 3932 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
02:41:54.0793 3932 Modem - ok
02:41:54.0808 3932 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
02:41:54.0855 3932 monitor - ok
02:41:54.0902 3932 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
02:41:54.0933 3932 mouclass - ok
02:41:54.0933 3932 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
02:41:54.0980 3932 mouhid - ok
02:41:55.0011 3932 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
02:41:55.0027 3932 mountmgr - ok
02:41:55.0042 3932 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\windows\system32\DRIVERS\mpio.sys
02:41:55.0073 3932 mpio - ok
02:41:55.0089 3932 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
02:41:55.0136 3932 mpsdrv - ok
02:41:55.0183 3932 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\windows\system32\mpssvc.dll
02:41:55.0245 3932 MpsSvc - ok
02:41:55.0276 3932 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
02:41:55.0323 3932 MRxDAV - ok
02:41:55.0354 3932 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
02:41:55.0417 3932 mrxsmb - ok
02:41:55.0448 3932 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
02:41:55.0495 3932 mrxsmb10 - ok
02:41:55.0526 3932 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
02:41:55.0573 3932 mrxsmb20 - ok
02:41:55.0619 3932 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\windows\system32\DRIVERS\msahci.sys
02:41:55.0635 3932 msahci - ok
02:41:55.0651 3932 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
02:41:55.0682 3932 msdsm - ok
02:41:55.0697 3932 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
02:41:55.0744 3932 MSDTC - ok
02:41:55.0791 3932 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
02:41:55.0838 3932 Msfs - ok
02:41:55.0853 3932 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
02:41:55.0916 3932 mshidkmdf - ok
02:41:55.0931 3932 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
02:41:55.0947 3932 msisadrv - ok
02:41:55.0994 3932 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
02:41:56.0056 3932 MSiSCSI - ok
02:41:56.0056 3932 msiserver - ok
02:41:56.0087 3932 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
02:41:56.0150 3932 MSKSSRV - ok
02:41:56.0150 3932 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
02:41:56.0212 3932 MSPCLOCK - ok
02:41:56.0243 3932 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
02:41:56.0321 3932 MSPQM - ok
02:41:56.0337 3932 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
02:41:56.0368 3932 MsRPC - ok
02:41:56.0399 3932 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
02:41:56.0415 3932 mssmbios - ok
02:41:56.0446 3932 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
02:41:56.0509 3932 MSTEE - ok
02:41:56.0524 3932 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
02:41:56.0555 3932 MTConfig - ok
02:41:56.0587 3932 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
02:41:56.0602 3932 Mup - ok
02:41:56.0649 3932 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\windows\system32\qagentRT.dll
02:41:56.0711 3932 napagent - ok
02:41:56.0774 3932 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
02:41:56.0821 3932 NativeWifiP - ok
02:41:56.0867 3932 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\windows\system32\drivers\ndis.sys
02:41:56.0899 3932 NDIS - ok
02:41:56.0930 3932 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
02:41:56.0977 3932 NdisCap - ok
02:41:57.0008 3932 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
02:41:57.0055 3932 NdisTapi - ok
02:41:57.0086 3932 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
02:41:57.0164 3932 Ndisuio - ok
02:41:57.0195 3932 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
02:41:57.0242 3932 NdisWan - ok
02:41:57.0429 3932 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\windows\system32\drivers\NDProxy.sys
02:41:57.0523 3932 NDProxy - ok
02:41:57.0554 3932 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
02:41:57.0616 3932 NetBIOS - ok
02:41:57.0647 3932 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\windows\system32\DRIVERS\netbt.sys
02:41:57.0725 3932 NetBT - ok
02:41:57.0741 3932 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\windows\system32\lsass.exe
02:41:57.0757 3932 Netlogon - ok
02:41:57.0803 3932 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
02:41:57.0866 3932 Netman - ok
02:41:57.0881 3932 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
02:41:57.0928 3932 netprofm - ok
02:41:57.0959 3932 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:41:57.0991 3932 NetTcpPortSharing - ok
02:41:58.0022 3932 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
02:41:58.0037 3932 nfrd960 - ok
02:41:58.0084 3932 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\windows\System32\nlasvc.dll
02:41:58.0147 3932 NlaSvc - ok
02:41:58.0178 3932 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
02:41:58.0240 3932 Npfs - ok
02:41:58.0256 3932 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
02:41:58.0303 3932 nsi - ok
02:41:58.0334 3932 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
02:41:58.0412 3932 nsiproxy - ok
02:41:58.0490 3932 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\windows\system32\drivers\Ntfs.sys
02:41:58.0552 3932 Ntfs - ok
02:41:58.0646 3932 [ 6C0326F74A9A3AD96CBD7CA4D1B436CC ] ntrtscan C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
02:41:58.0693 3932 ntrtscan - ok
02:41:58.0708 3932 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
02:41:58.0786 3932 Null - ok
02:41:58.0833 3932 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\windows\system32\drivers\nvraid.sys
02:41:58.0880 3932 nvraid - ok
02:41:58.0911 3932 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\windows\system32\drivers\nvstor.sys
02:41:58.0927 3932 nvstor - ok
02:41:58.0973 3932 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
02:41:58.0989 3932 nv_agp - ok
02:41:59.0067 3932 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:41:59.0114 3932 odserv - ok
02:41:59.0161 3932 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
02:41:59.0192 3932 ohci1394 - ok
02:41:59.0285 3932 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:41:59.0301 3932 ose - ok
02:41:59.0348 3932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
02:41:59.0379 3932 p2pimsvc - ok
02:41:59.0410 3932 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
02:41:59.0457 3932 p2psvc - ok
02:41:59.0488 3932 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
02:41:59.0519 3932 Parport - ok
02:41:59.0566 3932 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\windows\system32\drivers\partmgr.sys
02:41:59.0582 3932 partmgr - ok
02:41:59.0613 3932 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
02:41:59.0660 3932 PcaSvc - ok
02:41:59.0691 3932 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\windows\system32\DRIVERS\pci.sys
02:41:59.0722 3932 pci - ok
02:41:59.0753 3932 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
02:41:59.0769 3932 pciide - ok
02:41:59.0785 3932 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
02:41:59.0816 3932 pcmcia - ok
02:41:59.0847 3932 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
02:41:59.0878 3932 pcw - ok
02:41:59.0909 3932 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
02:41:59.0972 3932 PEAUTH - ok
02:42:00.0050 3932 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
02:42:00.0097 3932 PerfHost - ok
02:42:00.0128 3932 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
02:42:00.0143 3932 PGEffect - ok
02:42:00.0253 3932 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\windows\system32\pla.dll
02:42:00.0346 3932 pla - ok
02:42:00.0393 3932 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\windows\system32\umpnpmgr.dll
02:42:00.0440 3932 PlugPlay - ok
02:42:00.0471 3932 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
02:42:00.0502 3932 PNRPAutoReg - ok
02:42:00.0533 3932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
02:42:00.0549 3932 PNRPsvc - ok
02:42:00.0580 3932 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
02:42:00.0643 3932 PolicyAgent - ok
02:42:00.0689 3932 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
02:42:00.0736 3932 Power - ok
02:42:00.0783 3932 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
02:42:00.0845 3932 PptpMiniport - ok
02:42:00.0877 3932 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
02:42:00.0908 3932 Processor - ok
02:42:00.0939 3932 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\windows\system32\profsvc.dll
02:42:00.0986 3932 ProfSvc - ok
02:42:01.0001 3932 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\windows\system32\lsass.exe
02:42:01.0017 3932 ProtectedStorage - ok
02:42:01.0033 3932 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\windows\system32\DRIVERS\pacer.sys
02:42:01.0064 3932 Psched - ok
02:42:01.0142 3932 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
02:42:01.0235 3932 ql2300 - ok
02:42:01.0235 3932 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
02:42:01.0267 3932 ql40xx - ok
02:42:01.0298 3932 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
02:42:01.0345 3932 QWAVE - ok
02:42:01.0360 3932 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
02:42:01.0391 3932 QWAVEdrv - ok
02:42:01.0423 3932 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
02:42:01.0469 3932 RasAcd - ok
02:42:01.0516 3932 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
02:42:01.0563 3932 RasAgileVpn - ok
02:42:01.0594 3932 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
02:42:01.0657 3932 RasAuto - ok
02:42:01.0688 3932 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
02:42:01.0735 3932 Rasl2tp - ok
02:42:01.0766 3932 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\windows\System32\rasmans.dll
02:42:01.0844 3932 RasMan - ok
02:42:01.0875 3932 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
02:42:01.0937 3932 RasPppoe - ok
02:42:01.0953 3932 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
02:42:02.0000 3932 RasSstp - ok
02:42:02.0031 3932 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
02:42:02.0109 3932 rdbss - ok
02:42:02.0140 3932 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
02:42:02.0203 3932 rdpbus - ok
02:42:02.0218 3932 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
02:42:02.0249 3932 RDPCDD - ok
02:42:02.0265 3932 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
02:42:02.0327 3932 RDPENCDD - ok
02:42:02.0343 3932 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
02:42:02.0374 3932 RDPREFMP - ok
02:42:02.0421 3932 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
02:42:02.0483 3932 RDPWD - ok
02:42:02.0515 3932 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\windows\system32\drivers\rdyboost.sys
02:42:02.0546 3932 rdyboost - ok
02:42:02.0577 3932 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
02:42:02.0624 3932 RemoteAccess - ok
02:42:02.0655 3932 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
02:42:02.0717 3932 RemoteRegistry - ok
02:42:02.0749 3932 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
02:42:02.0795 3932 RFCOMM - ok
02:42:02.0827 3932 [ E20B1907FC72A3664ECE21E3C20FC63D ] rimspci C:\windows\system32\DRIVERS\rimspe64.sys
02:42:02.0873 3932 rimspci - ok
02:42:02.0889 3932 [ 7DDA2E5CF452DAD24B1BE704225C18EE ] risdpcie C:\windows\system32\DRIVERS\risdpe64.sys
02:42:02.0920 3932 risdpcie - ok
02:42:02.0951 3932 [ 6A1CD4674505E6791390A1AB71DA1FBE ] rixdpcie C:\windows\system32\DRIVERS\rixdpe64.sys
02:42:02.0998 3932 rixdpcie - ok
02:42:03.0029 3932 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
02:42:03.0076 3932 RpcEptMapper - ok
02:42:03.0123 3932 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
02:42:03.0170 3932 RpcLocator - ok
02:42:03.0217 3932 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\windows\system32\rpcss.dll
02:42:03.0279 3932 RpcSs - ok
02:42:03.0326 3932 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
02:42:03.0388 3932 rspndr - ok
02:42:03.0451 3932 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
02:42:03.0482 3932 RTL8167 - ok
02:42:03.0544 3932 [ 7475548B0BA58EBA4D12414FC9E9DFE6 ] rtl8192se C:\windows\system32\DRIVERS\rtl8192se.sys
02:42:03.0560 3932 rtl8192se - ok
02:42:03.0575 3932 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\windows\system32\lsass.exe
02:42:03.0591 3932 SamSs - ok
02:42:03.0622 3932 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
02:42:03.0653 3932 sbp2port - ok
02:42:03.0669 3932 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
02:42:03.0731 3932 SCardSvr - ok
02:42:03.0763 3932 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
02:42:03.0809 3932 scfilter - ok
02:42:03.0856 3932 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\windows\system32\schedsvc.dll
02:42:03.0919 3932 Schedule - ok
02:42:03.0965 3932 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\windows\System32\certprop.dll
02:42:03.0997 3932 SCPolicySvc - ok
02:42:04.0028 3932 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\windows\system32\DRIVERS\sdbus.sys
02:42:04.0059 3932 sdbus - ok
02:42:04.0106 3932 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\windows\System32\SDRSVC.dll
02:42:04.0153 3932 SDRSVC - ok
02:42:04.0231 3932 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
02:42:04.0277 3932 secdrv - ok
02:42:04.0324 3932 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\windows\system32\seclogon.dll
02:42:04.0387 3932 seclogon - ok
02:42:04.0418 3932 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
02:42:04.0465 3932 SENS - ok
02:42:04.0511 3932 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
02:42:04.0558 3932 SensrSvc - ok
02:42:04.0574 3932 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
02:42:04.0605 3932 Serenum - ok
02:42:04.0621 3932 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
02:42:04.0636 3932 Serial - ok
02:42:04.0652 3932 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
02:42:04.0683 3932 sermouse - ok
02:42:04.0730 3932 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\windows\system32\sessenv.dll
02:42:04.0777 3932 SessionEnv - ok
02:42:04.0808 3932 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
02:42:04.0839 3932 sffdisk - ok
02:42:04.0839 3932 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
02:42:04.0901 3932 sffp_mmc - ok
02:42:04.0917 3932 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
02:42:04.0933 3932 sffp_sd - ok
02:42:04.0933 3932 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
02:42:04.0964 3932 sfloppy - ok
02:42:05.0011 3932 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
02:42:05.0089 3932 SharedAccess - ok
02:42:05.0120 3932 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\windows\System32\shsvcs.dll
02:42:05.0182 3932 ShellHWDetection - ok
02:42:05.0213 3932 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
02:42:05.0260 3932 SiSRaid2 - ok
02:42:05.0260 3932 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
02:42:05.0307 3932 SiSRaid4 - ok
02:42:05.0432 3932 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
02:42:05.0806 3932 SkypeUpdate - ok
02:42:05.0931 3932 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
02:42:06.0056 3932 Smb - ok
02:42:06.0134 3932 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
02:42:06.0196 3932 SNMPTRAP - ok
02:42:06.0227 3932 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
02:42:06.0274 3932 spldr - ok
02:42:06.0305 3932 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\windows\System32\spoolsv.exe
02:42:06.0430 3932 Spooler - ok
02:42:06.0680 3932 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\windows\system32\sppsvc.exe
02:42:06.0773 3932 sppsvc - ok
02:42:06.0836 3932 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
02:42:06.0961 3932 sppuinotify - ok
02:42:07.0085 3932 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\windows\system32\DRIVERS\srv.sys
02:42:07.0195 3932 srv - ok
02:42:07.0257 3932 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
02:42:07.0304 3932 srv2 - ok
02:42:07.0335 3932 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
02:42:07.0413 3932 srvnet - ok
02:42:07.0491 3932 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
02:42:07.0538 3932 SSDPSRV - ok
02:42:07.0585 3932 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
02:42:07.0631 3932 SstpSvc - ok
02:42:07.0678 3932 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
02:42:07.0741 3932 stexstor - ok
02:42:07.0850 3932 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\windows\System32\wiaservc.dll
02:42:07.0897 3932 stisvc - ok
02:42:07.0928 3932 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
02:42:07.0943 3932 swenum - ok
02:42:07.0990 3932 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
02:42:08.0162 3932 swprv - ok
02:42:08.0349 3932 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
02:42:08.0365 3932 SynTP - ok
02:42:08.0942 3932 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\windows\system32\sysmain.dll
02:42:09.0129 3932 SysMain - ok
02:42:09.0488 3932 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\windows\System32\TabSvc.dll
02:42:11.0048 3932 TabletInputService - ok
02:42:11.0173 3932 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\windows\System32\tapisrv.dll
02:42:11.0609 3932 TapiSrv - ok
02:42:11.0797 3932 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
02:42:11.0890 3932 TBS - ok
02:42:12.0733 3932 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
02:42:13.0169 3932 Tcpip - ok
02:42:13.0294 3932 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
02:42:13.0341 3932 TCPIP6 - ok
02:42:13.0419 3932 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
02:42:13.0481 3932 tcpipreg - ok
02:42:13.0575 3932 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
02:42:13.0591 3932 tdcmdpst - ok
02:42:13.0622 3932 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
02:42:13.0715 3932 TDPIPE - ok
02:42:13.0762 3932 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
02:42:13.0809 3932 TDTCP - ok
02:42:13.0856 3932 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\windows\system32\DRIVERS\tdx.sys
02:42:13.0934 3932 tdx - ok
02:42:13.0934 3932 [ C448651339196C0E869A355171875522 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
02:42:13.0949 3932 TermDD - ok
02:42:13.0996 3932 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\windows\System32\termsrv.dll
02:42:14.0090 3932 TermService - ok
02:42:14.0121 3932 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
02:42:14.0152 3932 Themes - ok
02:42:14.0183 3932 [ C013F6ACAA9761F571BD28DADA7C157D ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
02:42:14.0199 3932 Thpdrv - ok
02:42:14.0215 3932 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
02:42:14.0230 3932 Thpevm - ok
02:42:14.0261 3932 [ 6146EAC71AE3C9DA17B0E33632082B7B ] Thpsrv C:\windows\system32\ThpSrv.exe
02:42:14.0277 3932 Thpsrv - ok
02:42:14.0293 3932 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
02:42:14.0339 3932 THREADORDER - ok
02:42:14.0417 3932 [ 0497E8E82332AA94DF04A78439C358CE ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
02:42:14.0433 3932 TMachInfo - ok
02:42:14.0464 3932 [ 7473EE150FF40460166470B59A765091 ] TmFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys
02:42:14.0495 3932 TmFilter - ok
02:42:14.0573 3932 [ 5D480B145E39230352AFB0007C3D3DEA ] tmlisten C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
02:42:14.0620 3932 tmlisten - ok
02:42:14.0667 3932 [ 5E56A8E5436AB08C637C457A88524E87 ] TmPreFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys
02:42:14.0683 3932 TmPreFilter - ok
02:42:14.0745 3932 [ B55961FC9C78290F89538B4F932525B4 ] TmProxy C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
02:42:14.0792 3932 TmProxy - ok
02:42:14.0839 3932 [ 62388E0FF356014FE80FF7F12D93C8A3 ] tmtdi C:\windows\system32\DRIVERS\tmtdi.sys
02:42:14.0854 3932 tmtdi - ok
02:42:14.0901 3932 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
02:42:14.0948 3932 TODDSrv - ok
02:42:15.0026 3932 [ 4DB8C79BCEA76063B83B13410366A1F7 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
02:42:15.0073 3932 TosCoSrv - ok
02:42:15.0135 3932 [ 32FF64D06A91DAA0331C624AFF442679 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
02:42:15.0182 3932 TOSHIBA eco Utility Service - ok
02:42:15.0275 3932 [ DD58E1250F604CBBADDA04575E5E2376 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
02:42:15.0291 3932 TOSHIBA HDD SSD Alert Service - ok
02:42:15.0400 3932 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
02:42:15.0447 3932 tos_sps64 - ok
02:42:15.0509 3932 [ DE64C52BD0671165CF2EEBF2A728A3E2 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
02:42:15.0541 3932 TPCHSrv - ok
02:42:15.0572 3932 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
02:42:15.0634 3932 TrkWks - ok
02:42:15.0681 3932 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
02:42:15.0712 3932 TrustedInstaller - ok
02:42:15.0728 3932 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
02:42:15.0775 3932 tssecsrv - ok
02:42:15.0806 3932 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
02:42:15.0853 3932 tunnel - ok
02:42:15.0884 3932 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
02:42:15.0899 3932 TVALZ - ok
02:42:15.0931 3932 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
02:42:15.0946 3932 TVALZFL - ok
02:42:15.0977 3932 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
02:42:15.0993 3932 uagp35 - ok
02:42:16.0024 3932 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\windows\system32\DRIVERS\udfs.sys
02:42:16.0087 3932 udfs - ok
02:42:16.0118 3932 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
02:42:16.0133 3932 UI0Detect - ok
02:42:16.0165 3932 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
02:42:16.0196 3932 uliagpkx - ok
02:42:16.0227 3932 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\windows\system32\DRIVERS\umbus.sys
02:42:16.0258 3932 umbus - ok
02:42:16.0289 3932 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
02:42:16.0336 3932 UmPass - ok
02:42:16.0367 3932 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
02:42:16.0414 3932 upnphost - ok
02:42:16.0430 3932 usbbus - ok
02:42:16.0477 3932 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
02:42:16.0524 3932 usbccgp - ok
02:42:16.0570 3932 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
02:42:16.0602 3932 usbcir - ok
02:42:16.0633 3932 UsbDiag - ok
02:42:16.0648 3932 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
02:42:16.0680 3932 usbehci - ok
02:42:16.0695 3932 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
02:42:16.0742 3932 usbhub - ok
02:42:16.0758 3932 USBModem - ok
02:42:16.0773 3932 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\windows\system32\drivers\usbohci.sys
02:42:16.0820 3932 usbohci - ok
02:42:16.0851 3932 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
02:42:16.0898 3932 usbprint - ok
02:42:16.0929 3932 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
02:42:16.0960 3932 usbscan - ok
02:42:16.0976 3932 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
02:42:17.0054 3932 USBSTOR - ok
02:42:17.0085 3932 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
02:42:17.0148 3932 usbuhci - ok
02:42:17.0194 3932 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
02:42:17.0241 3932 usbvideo - ok
02:42:17.0272 3932 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
02:42:17.0335 3932 UxSms - ok
02:42:17.0366 3932 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\windows\system32\lsass.exe
02:42:17.0382 3932 VaultSvc - ok
02:42:17.0413 3932 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
02:42:17.0460 3932 vdrvroot - ok
02:42:17.0491 3932 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\windows\System32\vds.exe
02:42:17.0538 3932 vds - ok
02:42:17.0584 3932 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
02:42:17.0616 3932 vga - ok
02:42:17.0631 3932 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
02:42:17.0694 3932 VgaSave - ok
02:42:17.0756 3932 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
02:42:17.0818 3932 vhdmp - ok
02:42:17.0881 3932 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\DRIVERS\viaide.sys
02:42:17.0928 3932 viaide - ok
02:42:17.0990 3932 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
02:42:18.0052 3932 volmgr - ok
02:42:18.0084 3932 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\windows\system32\drivers\volmgrx.sys
02:42:18.0146 3932 volmgrx - ok
02:42:18.0271 3932 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
02:42:18.0333 3932 volsnap - ok
02:42:18.0583 3932 [ B7435B80F795229296D3E1DEFC2A42BE ] VSApiNt C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys
02:42:18.0630 3932 VSApiNt - ok
02:42:18.0708 3932 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
02:42:18.0770 3932 vsmraid - ok
02:42:18.0942 3932 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\windows\system32\vssvc.exe
02:42:19.0222 3932 VSS - ok
02:42:19.0238 3932 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
02:42:19.0300 3932 vwifibus - ok
02:42:19.0363 3932 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
02:42:19.0425 3932 vwififlt - ok
02:42:19.0534 3932 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
02:42:19.0566 3932 vwifimp - ok
02:42:19.0628 3932 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
02:42:19.0706 3932 W32Time - ok
02:42:19.0737 3932 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
02:42:19.0815 3932 WacomPen - ok
02:42:19.0893 3932 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
02:42:19.0987 3932 WANARP - ok
02:42:20.0018 3932 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
02:42:20.0065 3932 Wanarpv6 - ok
02:42:20.0205 3932 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
02:42:20.0268 3932 WatAdminSvc - ok
02:42:20.0408 3932 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\windows\system32\wbengine.exe
02:42:20.0736 3932 wbengine - ok
02:42:20.0767 3932 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
02:42:20.0829 3932 WbioSrvc - ok
02:42:20.0876 3932 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\windows\System32\wcncsvc.dll
02:42:20.0954 3932 wcncsvc - ok
02:42:20.0985 3932 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
02:42:21.0126 3932 WcsPlugInService - ok
02:42:21.0157 3932 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
02:42:21.0188 3932 Wd - ok
02:42:21.0204 3932 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
02:42:21.0250 3932 Wdf01000 - ok
02:42:21.0297 3932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
02:42:21.0360 3932 WdiServiceHost - ok
02:42:21.0360 3932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
02:42:21.0375 3932 WdiSystemHost - ok
02:42:21.0422 3932 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\windows\System32\webclnt.dll
02:42:21.0453 3932 WebClient - ok
02:42:21.0500 3932 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
02:42:21.0562 3932 Wecsvc - ok
02:42:21.0562 3932 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
02:42:21.0609 3932 wercplsupport - ok
02:42:21.0640 3932 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
02:42:21.0703 3932 WerSvc - ok
02:42:21.0734 3932 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
02:42:21.0781 3932 WfpLwf - ok
02:42:21.0812 3932 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
02:42:21.0828 3932 WIMMount - ok
02:42:21.0843 3932 WinDefend - ok
02:42:21.0859 3932 WinHttpAutoProxySvc - ok
02:42:21.0906 3932 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
02:42:21.0968 3932 Winmgmt - ok
02:42:22.0046 3932 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\windows\system32\WsmSvc.dll
02:42:22.0140 3932 WinRM - ok
02:42:22.0186 3932 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
02:42:22.0218 3932 WinUsb - ok
02:42:22.0264 3932 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
02:42:22.0342 3932 Wlansvc - ok
02:42:22.0436 3932 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:42:22.0483 3932 wlidsvc - ok
02:42:22.0498 3932 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
02:42:22.0514 3932 WmiAcpi - ok
02:42:22.0545 3932 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
02:42:22.0592 3932 wmiApSrv - ok
02:42:22.0623 3932 WMPNetworkSvc - ok
02:42:22.0654 3932 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
02:42:22.0686 3932 WPCSvc - ok
02:42:22.0701 3932 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
02:42:22.0732 3932 WPDBusEnum - ok
02:42:22.0764 3932 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
02:42:22.0810 3932 ws2ifsl - ok
02:42:22.0857 3932 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\windows\System32\wscsvc.dll
02:42:22.0904 3932 wscsvc - ok
02:42:22.0904 3932 WSearch - ok
02:42:22.0966 3932 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
02:42:23.0013 3932 wuauserv - ok
02:42:23.0060 3932 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
02:42:23.0154 3932 WudfPf - ok
02:42:23.0200 3932 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
02:42:23.0263 3932 WUDFRd - ok
02:42:23.0310 3932 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\windows\System32\WUDFSvc.dll
02:42:23.0356 3932 wudfsvc - ok
02:42:23.0388 3932 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
02:42:23.0434 3932 WwanSvc - ok
02:42:23.0481 3932 ================ Scan global ===============================
02:42:23.0497 3932 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
02:42:23.0544 3932 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\windows\system32\winsrv.dll
02:42:23.0559 3932 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\windows\system32\winsrv.dll
02:42:23.0590 3932 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
02:42:23.0622 3932 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
02:42:23.0653 3932 [Global] - ok
02:42:23.0653 3932 ================ Scan MBR ==================================
02:42:23.0668 3932 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
02:42:23.0949 3932 \Device\Harddisk0\DR0 - ok
02:42:23.0949 3932 ================ Scan VBR ==================================
02:42:23.0980 3932 [ 110CE1730786A90A038686E37CC0DE26 ] \Device\Harddisk0\DR0\Partition1
02:42:23.0980 3932 \Device\Harddisk0\DR0\Partition1 - ok
02:42:23.0980 3932 ================ Scan active images ========================
02:42:23.0980 3932 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
02:42:23.0980 3932 C:\Windows\System32\drivers\crashdmp.sys - ok
02:42:23.0996 3932 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
02:42:23.0996 3932 C:\Windows\System32\drivers\dumpfve.sys - ok
02:42:23.0996 3932 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] C:\Windows\System32\drivers\iaStor.sys
02:42:23.0996 3932 C:\Windows\System32\drivers\iaStor.sys - ok
02:42:24.0012 3932 [ 83D2D75E1EFB81B3450C18131443F7DB ] C:\Windows\System32\drivers\cdrom.sys
02:42:24.0012 3932 C:\Windows\System32\drivers\cdrom.sys - ok
02:42:24.0012 3932 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
02:42:24.0012 3932 C:\Windows\System32\drivers\beep.sys - ok
02:42:24.0027 3932 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
02:42:24.0027 3932 C:\Windows\System32\drivers\null.sys - ok
02:42:24.0027 3932 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
02:42:24.0027 3932 C:\Windows\System32\drivers\RDPCDD.sys - ok
02:42:24.0027 3932 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
02:42:24.0027 3932 C:\Windows\System32\drivers\RDPENCDD.sys - ok
02:42:24.0043 3932 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
02:42:24.0043 3932 C:\Windows\System32\drivers\RDPREFMP.sys - ok
02:42:24.0043 3932 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
02:42:24.0043 3932 C:\Windows\System32\drivers\vga.sys - ok
02:42:24.0058 3932 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
02:42:24.0058 3932 C:\Windows\System32\drivers\videoprt.sys - ok
02:42:24.0058 3932 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
02:42:24.0058 3932 C:\Windows\System32\drivers\watchdog.sys - ok
02:42:24.0058 3932 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
02:42:24.0058 3932 C:\Windows\System32\drivers\msfs.sys - ok
02:42:24.0058 3932 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
02:42:24.0058 3932 C:\Windows\System32\drivers\npfs.sys - ok
02:42:24.0074 3932 [ 9162B273A44AB9DCE5B44362731D062A ] C:\Windows\System32\drivers\netbt.sys
02:42:24.0074 3932 C:\Windows\System32\drivers\netbt.sys - ok
02:42:24.0074 3932 [ 0CA6FE26ACC7FFEE1BD0463F40835F32 ] C:\Windows\System32\drivers\tdi.sys
02:42:24.0074 3932 C:\Windows\System32\drivers\tdi.sys - ok
02:42:24.0090 3932 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] C:\Windows\System32\drivers\tdx.sys
02:42:24.0090 3932 C:\Windows\System32\drivers\tdx.sys - ok
02:42:24.0090 3932 [ DB9D6C6B2CD95A9CA414D045B627422E ] C:\Windows\System32\drivers\afd.sys
02:42:24.0090 3932 C:\Windows\System32\drivers\afd.sys - ok
02:42:24.0090 3932 [ EE992183BD8EAEFD9973F352E587A299 ] C:\Windows\System32\drivers\pacer.sys
02:42:24.0090 3932 C:\Windows\System32\drivers\pacer.sys - ok
02:42:24.0105 3932 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
02:42:24.0105 3932 C:\Windows\System32\drivers\wfplwf.sys - ok
02:42:24.0105 3932 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
02:42:24.0105 3932 C:\Windows\System32\drivers\vwififlt.sys - ok
02:42:24.0105 3932 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
02:42:24.0105 3932 C:\Windows\System32\drivers\netbios.sys - ok
02:42:24.0121 3932 [ 47CA49400643EFFD3F1C9A27E1D69324 ] C:\Windows\System32\drivers\wanarp.sys
02:42:24.0121 3932 C:\Windows\System32\drivers\wanarp.sys - ok
02:42:24.0121 3932 [ C448651339196C0E869A355171875522 ] C:\Windows\System32\drivers\termdd.sys
02:42:24.0121 3932 C:\Windows\System32\drivers\termdd.sys - ok
02:42:24.0121 3932 [ 62388E0FF356014FE80FF7F12D93C8A3 ] C:\Windows\System32\drivers\tmtdi.sys
02:42:24.0121 3932 C:\Windows\System32\drivers\tmtdi.sys - ok
02:42:24.0136 3932 [ 3BAC8142102C15D59A87757C1D41DCE5 ] C:\Windows\System32\drivers\rdbss.sys
02:42:24.0136 3932 C:\Windows\System32\drivers\rdbss.sys - ok
02:42:24.0136 3932 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
02:42:24.0136 3932 C:\Windows\System32\drivers\nsiproxy.sys - ok
02:42:24.0152 3932 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
02:42:24.0152 3932 C:\Windows\System32\drivers\discache.sys - ok
02:42:24.0152 3932 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
02:42:24.0152 3932 C:\Windows\System32\drivers\mssmbios.sys - ok
02:42:24.0152 3932 [ 9C253CE7311CA60FC11C774692A13208 ] C:\Windows\System32\drivers\dfsc.sys
02:42:24.0152 3932 C:\Windows\System32\drivers\dfsc.sys - ok
02:42:24.0168 3932 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
02:42:24.0168 3932 C:\Windows\System32\drivers\blbdrive.sys - ok
02:42:24.0168 3932 [ 3836171A2CDF3AF8EF10856DB9835A70 ] C:\Windows\System32\drivers\tunnel.sys
02:42:24.0168 3932 C:\Windows\System32\drivers\tunnel.sys - ok
02:42:24.0168 3932 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] C:\Windows\System32\drivers\TVALZFL.sys
02:42:24.0168 3932 C:\Windows\System32\drivers\TVALZFL.sys - ok
02:42:24.0183 3932 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] C:\Windows\System32\drivers\FwLnk.sys
02:42:24.0183 3932 C:\Windows\System32\drivers\FwLnk.sys - ok
02:42:24.0183 3932 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
02:42:24.0183 3932 C:\Windows\System32\drivers\intelppm.sys - ok
02:42:24.0183 3932 [ 68DB778AC4FD7896CE2F153353BA15C8 ] C:\Windows\System32\ntdll.dll
02:42:24.0183 3932 C:\Windows\System32\ntdll.dll - ok
02:42:24.0199 3932 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
02:42:24.0199 3932 C:\Windows\System32\smss.exe - ok
02:42:24.0199 3932 [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
02:42:24.0199 3932 C:\Windows\System32\drivers\CmBatt.sys - ok
02:42:24.0199 3932 [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] C:\Windows\System32\drivers\igdkmd64.sys
02:42:24.0199 3932 C:\Windows\System32\drivers\igdkmd64.sys - ok
02:42:24.0214 3932 [ 8B7F8E882A649D81CEA1EDE9BBB68FFF ] C:\Windows\System32\autochk.exe
02:42:24.0214 3932 C:\Windows\System32\autochk.exe - ok
02:42:24.0214 3932 [ 5F2BDCA5FA0F20A6F452CF0EE2A2B18C ] C:\Windows\System32\usp10.dll
02:42:24.0214 3932 C:\Windows\System32\usp10.dll - ok
02:42:24.0230 3932 [ 1633B9ABF52784A1331476397A48CBEF ] C:\Windows\System32\drivers\dxgkrnl.sys
02:42:24.0230 3932 C:\Windows\System32\drivers\dxgkrnl.sys - ok
02:42:24.0230 3932 [ 3238B9078E0766AB5E62DC737A809ADB ] C:\Windows\System32\drivers\dxgmms1.sys
02:42:24.0230 3932 C:\Windows\System32\drivers\dxgmms1.sys - ok
02:42:24.0230 3932 [ BBF36EB7117F6B976975C9D8D877DF18 ] C:\Windows\System32\drivers\usbport.sys
02:42:24.0230 3932 C:\Windows\System32\drivers\usbport.sys - ok
02:42:24.0246 3932 [ BC3070350A491D84B518D7CCA9ABD36F ] C:\Windows\System32\drivers\usbuhci.sys
02:42:24.0246 3932 C:\Windows\System32\drivers\usbuhci.sys - ok
02:42:24.0246 3932 [ 0A49913402747A0B67DE940FB42CBDBB ] C:\Windows\System32\drivers\hdaudbus.sys
02:42:24.0246 3932 C:\Windows\System32\drivers\hdaudbus.sys - ok
02:42:24.0246 3932 [ 92969BA5AC44E229C55A332864F79677 ] C:\Windows\System32\drivers\usbehci.sys
02:42:24.0246 3932 C:\Windows\System32\drivers\usbehci.sys - ok
02:42:24.0261 3932 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] C:\Windows\System32\drivers\Rt64win7.sys
02:42:24.0261 3932 C:\Windows\System32\drivers\Rt64win7.sys - ok
02:42:24.0261 3932 [ 7475548B0BA58EBA4D12414FC9E9DFE6 ] C:\Windows\System32\drivers\rtl8192se.sys
02:42:24.0261 3932 C:\Windows\System32\drivers\rtl8192se.sys - ok
02:42:24.0261 3932 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
02:42:24.0261 3932 C:\Windows\System32\drivers\vwifibus.sys - ok
02:42:24.0277 3932 [ 7DDA2E5CF452DAD24B1BE704225C18EE ] C:\Windows\System32\drivers\risdpe64.sys
02:42:24.0277 3932 C:\Windows\System32\drivers\risdpe64.sys - ok
02:42:24.0277 3932 [ E20B1907FC72A3664ECE21E3C20FC63D ] C:\Windows\System32\drivers\rimspe64.sys
02:42:24.0277 3932 C:\Windows\System32\drivers\rimspe64.sys - ok
02:42:24.0292 3932 [ 6A1CD4674505E6791390A1AB71DA1FBE ] C:\Windows\System32\drivers\rixdpe64.sys
02:42:24.0292 3932 C:\Windows\System32\drivers\rixdpe64.sys - ok
02:42:24.0292 3932 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
02:42:24.0292 3932 C:\Windows\System32\drivers\i8042prt.sys - ok
02:42:24.0292 3932 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
02:42:24.0292 3932 C:\Windows\System32\drivers\kbdclass.sys - ok
02:42:24.0308 3932 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] C:\Windows\System32\drivers\SynTP.sys
02:42:24.0308 3932 C:\Windows\System32\drivers\SynTP.sys - ok
02:42:24.0308 3932 [ 70B5A5A7E0DDD5EBAF6E35B7257A6B9D ] C:\Windows\System32\drivers\usbd.sys
02:42:24.0308 3932 C:\Windows\System32\drivers\usbd.sys - ok
02:42:24.0308 3932 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
02:42:24.0308 3932 C:\Windows\System32\drivers\agilevpn.sys - ok
02:42:24.0324 3932 [ F26B3A86F6FA87CA360B879581AB4123 ] C:\Windows\System32\drivers\CompositeBus.sys
02:42:24.0324 3932 C:\Windows\System32\drivers\CompositeBus.sys - ok
02:42:24.0324 3932 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
02:42:24.0324 3932 C:\Windows\System32\drivers\mouclass.sys - ok
02:42:24.0324 3932 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
02:42:24.0324 3932 C:\Windows\System32\drivers\ndistapi.sys - ok
02:42:24.0339 3932 [ 87A6E852A22991580D6D39ADC4790463 ] C:\Windows\System32\drivers\rasl2tp.sys
02:42:24.0339 3932 C:\Windows\System32\drivers\rasl2tp.sys - ok
02:42:24.0339 3932 [ FD542B661BD22FA69CA789AD0AC58C29 ] C:\Windows\System32\drivers\tdcmdpst.sys
02:42:24.0339 3932 C:\Windows\System32\drivers\tdcmdpst.sys - ok
02:42:24.0339 3932 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] C:\Windows\System32\drivers\ndiswan.sys
02:42:24.0339 3932 C:\Windows\System32\drivers\ndiswan.sys - ok
02:42:24.0355 3932 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
02:42:24.0355 3932 C:\Windows\System32\drivers\raspppoe.sys - ok
02:42:24.0355 3932 [ 27CC19E81BA5E3403C48302127BDA717 ] C:\Windows\System32\drivers\raspptp.sys
02:42:24.0355 3932 C:\Windows\System32\drivers\raspptp.sys - ok
02:42:24.0370 3932 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
02:42:24.0370 3932 C:\Windows\System32\drivers\rassstp.sys - ok
02:42:24.0370 3932 [ 5C7AF4A20F5BF67042B2E613D123D111 ] C:\Windows\System32\drivers\ks.sys
02:42:24.0370 3932 C:\Windows\System32\drivers\ks.sys - ok
02:42:24.0370 3932 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
02:42:24.0370 3932 C:\Windows\System32\drivers\swenum.sys - ok
02:42:24.0386 3932 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] C:\Windows\System32\drivers\umbus.sys
02:42:24.0386 3932 C:\Windows\System32\drivers\umbus.sys - ok
02:42:24.0386 3932 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] C:\Windows\System32\drivers\usbhub.sys
02:42:24.0386 3932 C:\Windows\System32\drivers\usbhub.sys - ok
02:42:24.0386 3932 [ 15A54626213EBF003F7D4C9D8380A656 ] C:\Windows\System32\imagehlp.dll
02:42:24.0386 3932 C:\Windows\System32\imagehlp.dll - ok
02:42:24.0402 3932 [ 48C903068B6BDAB5EF650B9CBEE85295 ] C:\Windows\System32\rpcrt4.dll
02:42:24.0402 3932 C:\Windows\System32\rpcrt4.dll - ok
02:42:24.0402 3932 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
02:42:24.0402 3932 C:\Windows\System32\difxapi.dll - ok
02:42:24.0402 3932 [ AC8F79017C5C1FB316930EDEAD0AF517 ] C:\Windows\System32\ole32.dll
02:42:24.0402 3932 C:\Windows\System32\ole32.dll - ok
02:42:24.0417 3932 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
02:42:24.0417 3932 C:\Windows\System32\sechost.dll - ok
02:42:24.0417 3932 [ 3D165C53E40236A68B7102D1A622D4E0 ] C:\Windows\System32\wininet.dll
02:42:24.0417 3932 C:\Windows\System32\wininet.dll - ok
02:42:24.0417 3932 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
02:42:24.0417 3932 C:\Windows\System32\clbcatq.dll - ok
02:42:24.0433 3932 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
02:42:24.0433 3932 C:\Windows\System32\psapi.dll - ok
02:42:24.0433 3932 [ E5CBF5F8623BBD1DB7B8148A66F6EBA4 ] C:\Windows\System32\Wldap32.dll
02:42:24.0433 3932 C:\Windows\System32\Wldap32.dll - ok
02:42:24.0433 3932 [ 579F6AFC6A6561951FA2202EFC3FE485 ] C:\Windows\System32\msvcrt.dll
02:42:24.0433 3932 C:\Windows\System32\msvcrt.dll - ok
02:42:24.0448 3932 [ 2885A3C3148F725CDA0B4C593BA8F7CE ] C:\Windows\System32\urlmon.dll
02:42:24.0448 3932 C:\Windows\System32\urlmon.dll - ok
02:42:24.0448 3932 [ 15BDC173EB5FA4F92B67D9FFB269A6EA ] C:\Windows\System32\shlwapi.dll
02:42:24.0448 3932 C:\Windows\System32\shlwapi.dll - ok
02:42:24.0448 3932 [ 72D7B3EA16946E8F0CF7458150031CC6 ] C:\Windows\System32\user32.dll
02:42:24.0448 3932 C:\Windows\System32\user32.dll - ok
02:42:24.0464 3932 [ 2A46451EE42BCD2C842D8AA4923FAC16 ] C:\Windows\System32\oleaut32.dll
02:42:24.0464 3932 C:\Windows\System32\oleaut32.dll - ok
02:42:24.0464 3932 [ DDBD24DC04DA5FD0EDF45CF72B7C01E2 ] C:\Windows\System32\kernel32.dll
02:42:24.0464 3932 C:\Windows\System32\kernel32.dll - ok
02:42:24.0480 3932 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
02:42:24.0480 3932 C:\Windows\System32\nsi.dll - ok
02:42:24.0480 3932 [ 48CC125A6AB6C72A13E3D3E9C39AD9D9 ] C:\Windows\System32\shell32.dll
02:42:24.0480 3932 C:\Windows\System32\shell32.dll - ok
02:42:24.0480 3932 [ F94B8644F3AFE040EC6E1B6FBC9EFAA9 ] C:\Windows\System32\comdlg32.dll
02:42:24.0480 3932 C:\Windows\System32\comdlg32.dll - ok
02:42:24.0495 3932 [ 7083F463788CB34FCC42F565D56F89E8 ] C:\Windows\System32\ws2_32.dll
02:42:24.0495 3932 C:\Windows\System32\ws2_32.dll - ok
02:42:24.0495 3932 [ D841F7629505EE542E26E5F0A4D20101 ] C:\Windows\System32\iertutil.dll
02:42:24.0495 3932 C:\Windows\System32\iertutil.dll - ok
02:42:24.0495 3932 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
02:42:24.0495 3932 C:\Windows\System32\lpk.dll - ok
02:42:24.0511 3932 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
02:42:24.0511 3932 C:\Windows\System32\msctf.dll - ok
02:42:24.0511 3932 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
02:42:24.0511 3932 C:\Windows\System32\imm32.dll - ok
02:42:24.0511 3932 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
02:42:24.0511 3932 C:\Windows\System32\normaliz.dll - ok
02:42:24.0526 3932 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
02:42:24.0526 3932 C:\Windows\System32\advapi32.dll - ok
02:42:24.0526 3932 [ E1B1255D3A4B3367FE4E9C71E62E3B5A ] C:\Windows\System32\gdi32.dll
02:42:24.0526 3932 C:\Windows\System32\gdi32.dll - ok
02:42:24.0526 3932 [ 6A4EA4C29FBF78112AE20013FB71E9C1 ] C:\Windows\System32\setupapi.dll
02:42:24.0526 3932 C:\Windows\System32\setupapi.dll - ok
02:42:24.0542 3932 [ 659B74FB74B86228D6338D643CD3E3CF ] C:\Windows\System32\drivers\ndproxy.sys
02:42:24.0542 3932 C:\Windows\System32\drivers\ndproxy.sys - ok
02:42:24.0542 3932 [ 08B1BDCDF896D38C6E820B9B155E7A17 ] C:\Windows\System32\KernelBase.dll
02:42:24.0542 3932 C:\Windows\System32\KernelBase.dll - ok
02:42:24.0542 3932 [ B0B310037A3A9151735E9952D4395C76 ] C:\Windows\System32\crypt32.dll
02:42:24.0558 3932 C:\Windows\System32\crypt32.dll - ok
02:42:24.0558 3932 [ FEC6244873AB7981326CAEEC5B5FFF11 ] C:\Windows\System32\wintrust.dll
02:42:24.0558 3932 C:\Windows\System32\wintrust.dll - ok
02:42:24.0558 3932 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\System32\comctl32.dll
02:42:24.0558 3932 C:\Windows\System32\comctl32.dll - ok
02:42:24.0573 3932 [ D05E03C1B2824236531F5E37334B6A8A ] C:\Windows\System32\cfgmgr32.dll
02:42:24.0573 3932 C:\Windows\System32\cfgmgr32.dll - ok
02:42:24.0573 3932 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
02:42:24.0573 3932 C:\Windows\System32\devobj.dll - ok
02:42:24.0573 3932 [ 98FB7DD3B28A92E3C0E5B4BD9D63EF01 ] C:\Windows\System32\msasn1.dll
02:42:24.0573 3932 C:\Windows\System32\msasn1.dll - ok
02:42:24.0589 3932 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
02:42:24.0589 3932 C:\Windows\System32\drivers\drmk.sys - ok
02:42:24.0589 3932 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
02:42:24.0589 3932 C:\Windows\System32\drivers\portcls.sys - ok
02:42:24.0589 3932 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] C:\Windows\System32\drivers\RTKVHD64.sys
02:42:24.0589 3932 C:\Windows\System32\drivers\RTKVHD64.sys - ok
02:42:24.0604 3932 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] C:\Windows\System32\drivers\IntcHdmi.sys
02:42:24.0604 3932 C:\Windows\System32\drivers\IntcHdmi.sys - ok
02:42:24.0604 3932 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
02:42:24.0604 3932 C:\Windows\System32\drivers\ksthunk.sys - ok
02:42:24.0604 3932 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
02:42:24.0604 3932 C:\Windows\SysWOW64\normaliz.dll - ok
02:42:24.0620 3932 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
02:42:24.0620 3932 C:\Windows\System32\drivers\dxapi.sys - ok
02:42:24.0620 3932 [ E37C71EA972AD883E7841D07BC6D5F1C ] C:\Windows\System32\win32k.sys
02:42:24.0620 3932 C:\Windows\System32\win32k.sys - ok
02:42:24.0620 3932 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] C:\Windows\System32\drivers\usbccgp.sys
02:42:24.0620 3932 C:\Windows\System32\drivers\usbccgp.sys - ok
02:42:24.0636 3932 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
02:42:24.0636 3932 C:\Windows\System32\basesrv.dll - ok
02:42:24.0636 3932 [ E730EADB8F176DB06A378435BEB2E823 ] C:\Windows\System32\csrsrv.dll
02:42:24.0636 3932 C:\Windows\System32\csrsrv.dll - ok
02:42:24.0636 3932 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
02:42:24.0636 3932 C:\Windows\System32\csrss.exe - ok
02:42:24.0651 3932 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\System32\winsrv.dll
02:42:24.0651 3932 C:\Windows\System32\winsrv.dll - ok
02:42:24.0651 3932 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] C:\Windows\System32\drivers\usbvideo.sys
02:42:24.0651 3932 C:\Windows\System32\drivers\usbvideo.sys - ok
02:42:24.0667 3932 [ 663962900E7FEA522126BA287715BB4A ] C:\Windows\System32\drivers\PGEffect.sys
02:42:24.0667 3932 C:\Windows\System32\drivers\PGEffect.sys - ok
02:42:24.0667 3932 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
02:42:24.0667 3932 C:\Windows\System32\drivers\monitor.sys - ok
02:42:24.0667 3932 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
02:42:24.0667 3932 C:\Windows\System32\tsddd.dll - ok
02:42:24.0682 3932 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
02:42:24.0682 3932 C:\Windows\System32\profapi.dll - ok
02:42:24.0682 3932 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
02:42:24.0682 3932 C:\Windows\System32\sxssrv.dll - ok
02:42:24.0682 3932 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
02:42:24.0682 3932 C:\Windows\System32\wininit.exe - ok
02:42:24.0698 3932 [ B9A047D231D32FDF5AF2F281E4326A9D ] C:\Windows\System32\KBDUS.DLL
02:42:24.0698 3932 C:\Windows\System32\KBDUS.DLL - ok
02:42:24.0698 3932 [ F4389DA7DBDA2E7D292D360CF8E400C7 ] C:\Windows\System32\RpcRtRemote.dll
02:42:24.0698 3932 C:\Windows\System32\RpcRtRemote.dll - ok
02:42:24.0698 3932 [ 100BDF2F89D6056CEE900BB6156DA737 ] C:\Windows\System32\cdd.dll
02:42:24.0698 3932 C:\Windows\System32\cdd.dll - ok
02:42:24.0714 3932 [ 456C92A9D8DB51B9938A6234BBC65FC9 ] C:\Windows\System32\sxs.dll
02:42:24.0714 3932 C:\Windows\System32\sxs.dll - ok
02:42:24.0714 3932 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
02:42:24.0714 3932 C:\Windows\System32\WlS0WndH.dll - ok
02:42:24.0714 3932 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
02:42:24.0714 3932 C:\Windows\System32\cryptbase.dll - ok
02:42:24.0729 3932 [ 01A465AC251BCCF6037DF2EF28AA4292 ] C:\Windows\System32\apphelp.dll
02:42:24.0729 3932 C:\Windows\System32\apphelp.dll - ok
02:42:24.0729 3932 [ BFA69408620587AFDEC2E8C12CA60492 ] C:\Windows\System32\lsasrv.dll
02:42:24.0729 3932 C:\Windows\System32\lsasrv.dll - ok
02:42:24.0745 3932 [ 156F6159457D0AA7E59B62681B56EB90 ] C:\Windows\System32\lsass.exe
02:42:24.0745 3932 C:\Windows\System32\lsass.exe - ok
02:42:24.0745 3932 [ 04FCA22B77A2E37332CC8226187AF87B ] C:\Windows\System32\lsm.exe
02:42:24.0745 3932 C:\Windows\System32\lsm.exe - ok
02:42:24.0745 3932 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
02:42:24.0745 3932 C:\Windows\System32\services.exe - ok
02:42:24.0760 3932 [ 1F582C6C84D5243692F9C3E04D0A663F ] C:\Windows\System32\sspicli.dll
02:42:24.0760 3932 C:\Windows\System32\sspicli.dll - ok
02:42:24.0760 3932 [ 68EA2513CA68AD8F741FF4F5B8D8590C ] C:\Windows\System32\sspisrv.dll
02:42:24.0760 3932 C:\Windows\System32\sspisrv.dll - ok
02:42:24.0760 3932 [ B160ADAEFC76031D92C4FBAC0918B033 ] C:\Windows\System32\samsrv.dll
02:42:24.0760 3932 C:\Windows\System32\samsrv.dll - ok
02:42:24.0776 3932 [ 941AF3C8B0DE1B359BE22DD3288A8C8E ] C:\Windows\System32\scesrv.dll
02:42:24.0776 3932 C:\Windows\System32\scesrv.dll - ok
02:42:24.0776 3932 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
02:42:24.0776 3932 C:\Windows\System32\scext.dll - ok
02:42:24.0776 3932 [ 74A0871810BF0F2AA3EB6681E9BECDD3 ] C:\Windows\System32\secur32.dll
02:42:24.0776 3932 C:\Windows\System32\secur32.dll - ok
02:42:24.0792 3932 [ D23371AB9607651937C7641A38CD52BC ] C:\Windows\System32\srvcli.dll
02:42:24.0792 3932 C:\Windows\System32\srvcli.dll - ok
02:42:24.0792 3932 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
02:42:24.0792 3932 C:\Windows\System32\sysntfy.dll - ok
02:42:24.0792 3932 [ DA3E2A6FA9660CC75B471530CE88453A ] C:\Windows\System32\winlogon.exe
02:42:24.0792 3932 C:\Windows\System32\winlogon.exe - ok
02:42:24.0807 3932 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
02:42:24.0807 3932 C:\Windows\System32\wmsgapi.dll - ok
02:42:24.0807 3932 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
02:42:24.0807 3932 C:\Windows\System32\cryptdll.dll - ok
02:42:24.0807 3932 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
02:42:24.0807 3932 C:\Windows\System32\wevtapi.dll - ok
02:42:24.0823 3932 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
02:42:24.0823 3932 C:\Windows\System32\authz.dll - ok
02:42:24.0823 3932 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
02:42:24.0823 3932 C:\Windows\System32\bcrypt.dll - ok
02:42:24.0838 3932 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
02:42:24.0838 3932 C:\Windows\System32\cngaudit.dll - ok
02:42:24.0838 3932 [ E08926B4E52F92FF8852BECC0E2F358A ] C:\Windows\System32\ncrypt.dll
02:42:24.0838 3932 C:\Windows\System32\ncrypt.dll - ok
02:42:24.0838 3932 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
02:42:24.0838 3932 C:\Windows\System32\msprivs.dll - ok
02:42:24.0854 3932 [ 96772B584BD0E667CD7741EF96284ACB ] C:\Windows\System32\kerberos.dll
02:42:24.0854 3932 C:\Windows\System32\kerberos.dll - ok
02:42:24.0854 3932 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
02:42:24.0854 3932 C:\Windows\System32\negoexts.dll - ok
02:42:24.0854 3932 [ B561B451320B0B40908A8BFD81705262 ] C:\Windows\System32\netjoin.dll
02:42:24.0854 3932 C:\Windows\System32\netjoin.dll - ok
02:42:24.0870 3932 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
02:42:24.0870 3932 C:\Windows\System32\cryptsp.dll - ok
02:42:24.0870 3932 [ FA4DB05923DDDEDE3196ABD09AE0F1E9 ] C:\Windows\System32\msv1_0.dll
02:42:24.0870 3932 C:\Windows\System32\msv1_0.dll - ok
02:42:24.0870 3932 [ FC76FE3C1E1FDB761244D4F74EF560FD ] C:\Windows\System32\mswsock.dll
02:42:24.0870 3932 C:\Windows\System32\mswsock.dll - ok
02:42:24.0885 3932 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
02:42:24.0885 3932 C:\Windows\System32\wship6.dll - ok
02:42:24.0885 3932 [ 956D030D375F207B22FB111E06EF9C35 ] C:\Windows\System32\netlogon.dll
02:42:24.0885 3932 C:\Windows\System32\netlogon.dll - ok
02:42:24.0885 3932 [ E247E7DEB20C0CF0801A8AC39E9CE1DF ] C:\Windows\System32\dnsapi.dll
02:42:24.0885 3932 C:\Windows\System32\dnsapi.dll - ok
02:42:24.0901 3932 [ 8CE22E63F08613036DF8C7B00FBDF36B ] C:\Windows\System32\logoncli.dll
02:42:24.0901 3932 C:\Windows\System32\logoncli.dll - ok
02:42:24.0901 3932 [ 90B780886BD813882CB382FF3E90E092 ] C:\Windows\System32\schannel.dll
02:42:24.0901 3932 C:\Windows\System32\schannel.dll - ok
02:42:24.0901 3932 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
02:42:24.0901 3932 C:\Windows\System32\wdigest.dll - ok
02:42:24.0916 3932 [ DA090E97E57DCB48888015B5D3C749CD ] C:\Windows\System32\bcryptprimitives.dll
02:42:24.0916 3932 C:\Windows\System32\bcryptprimitives.dll - ok
02:42:24.0916 3932 [ 7DBA64AD70C2E2481C68D9E0F7CD7840 ] C:\Windows\System32\LIVESSP.DLL
02:42:24.0916 3932 C:\Windows\System32\LIVESSP.DLL - ok
02:42:24.0916 3932 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
02:42:24.0916 3932 C:\Windows\System32\pku2u.dll - ok
02:42:24.0932 3932 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
02:42:24.0932 3932 C:\Windows\System32\rsaenh.dll - ok
02:42:24.0932 3932 [ 0DEFD5FBF801DD8F83BC0ED09861A8EC ] C:\Windows\System32\TSpkg.dll
02:42:24.0932 3932 C:\Windows\System32\TSpkg.dll - ok
02:42:24.0948 3932 [ 9301B8810B2DA4EB6AD55DB75FC1E339 ] C:\Windows\System32\credssp.dll
02:42:24.0948 3932 C:\Windows\System32\credssp.dll - ok
02:42:24.0948 3932 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
02:42:24.0948 3932 C:\Windows\System32\efslsaext.dll - ok
02:42:24.0948 3932 [ 398712DDDAEFB85EDF61DF6A07B65C79 ] C:\Windows\System32\scecli.dll
02:42:24.0948 3932 C:\Windows\System32\scecli.dll - ok
02:42:24.0963 3932 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
02:42:24.0963 3932 C:\Windows\System32\ubpm.dll - ok
02:42:24.0963 3932 [ D8C88512BA9544AE1CC2034F50ECFA12 ] C:\Windows\System32\winsta.dll
02:42:24.0963 3932 C:\Windows\System32\winsta.dll - ok
02:42:24.0963 3932 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
02:42:24.0963 3932 C:\Windows\System32\svchost.exe - ok
02:42:24.0979 3932 [ 98B1721B8718164293B9701B98C52D77 ] C:\Windows\System32\umpnpmgr.dll
02:42:24.0979 3932 C:\Windows\System32\umpnpmgr.dll - ok
02:42:24.0979 3932 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
02:42:24.0979 3932 C:\Windows\System32\devrtl.dll - ok
02:42:24.0979 3932 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
02:42:24.0979 3932 C:\Windows\System32\SPInf.dll - ok
02:42:24.0994 3932 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
02:42:24.0994 3932 C:\Windows\System32\gpapi.dll - ok
02:42:24.0994 3932 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
02:42:24.0994 3932 C:\Windows\System32\umpo.dll - ok
02:42:24.0994 3932 [ 0776CF79590BDEF0A2728B0B9A813B96 ] C:\Windows\System32\userenv.dll
02:42:24.0994 3932 C:\Windows\System32\userenv.dll - ok
02:42:25.0010 3932 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
02:42:25.0010 3932 C:\Windows\System32\pcwum.dll - ok
02:42:25.0010 3932 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
02:42:25.0010 3932 C:\Windows\System32\powrprof.dll - ok
02:42:25.0010 3932 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
02:42:25.0010 3932 C:\Windows\System32\drivers\luafv.sys - ok
02:42:25.0026 3932 [ 5E56A8E5436AB08C637C457A88524E87 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys
02:42:25.0026 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys - ok
02:42:25.0026 3932 [ B7435B80F795229296D3E1DEFC2A42BE ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys
02:42:25.0026 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys - ok
02:42:25.0041 3932 [ 7473EE150FF40460166470B59A765091 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys
02:42:25.0041 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys - ok
02:42:25.0041 3932 [ 7CADC74271DD6461C452C271B30BD378 ] C:\Windows\System32\drivers\WUDFPf.sys
02:42:25.0041 3932 C:\Windows\System32\drivers\WUDFPf.sys - ok
02:42:25.0041 3932 [ 7266972E86890E2B30C0C322E906B027 ] C:\Windows\System32\rpcss.dll
02:42:25.0041 3932 C:\Windows\System32\rpcss.dll - ok
02:42:25.0057 3932 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
02:42:25.0057 3932 C:\Windows\System32\RpcEpMap.dll - ok
02:42:25.0057 3932 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
02:42:25.0057 3932 C:\Windows\System32\wshqos.dll - ok
02:42:25.0057 3932 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
02:42:25.0057 3932 C:\Windows\System32\WSHTCPIP.DLL - ok
02:42:25.0072 3932 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
02:42:25.0072 3932 C:\Windows\System32\FirewallAPI.dll - ok
02:42:25.0072 3932 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
02:42:25.0072 3932 C:\Windows\System32\version.dll - ok
02:42:25.0072 3932 [ 93E6A39B1DB898F7C949FA5567E774CF ] C:\Windows\System32\LogonUI.exe
02:42:25.0072 3932 C:\Windows\System32\LogonUI.exe - ok
02:42:25.0088 3932 [ BCF0A980D21711E47D0803BDB0E99CAD ] C:\Windows\System32\authui.dll
02:42:25.0088 3932 C:\Windows\System32\authui.dll - ok
02:42:25.0088 3932 [ 99ABDA9C92EC76CBAF52F00239D909C9 ] C:\Windows\System32\wevtsvc.dll
02:42:25.0088 3932 C:\Windows\System32\wevtsvc.dll - ok
02:42:25.0104 3932 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
02:42:25.0104 3932 C:\Windows\System32\mmcss.dll - ok
02:42:25.0104 3932 [ 07721A77180EDD4D39CCB865BF63C7FD ] C:\Windows\System32\audiosrv.dll
02:42:25.0104 3932 C:\Windows\System32\audiosrv.dll - ok
02:42:25.0104 3932 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
02:42:25.0104 3932 C:\Windows\System32\avrt.dll - ok
02:42:25.0119 3932 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
02:42:25.0119 3932 C:\Windows\System32\MMDevAPI.dll - ok
02:42:25.0119 3932 [ B27EA141A7E748B607600A8551A44D5A ] C:\Windows\System32\propsys.dll
02:42:25.0119 3932 C:\Windows\System32\propsys.dll - ok
02:42:25.0119 3932 [ D152EBC32A23069F8AA1D1F24B15E3F9 ] C:\Windows\System32\audiodg.exe
02:42:25.0119 3932 C:\Windows\System32\audiodg.exe - ok
02:42:25.0135 3932 [ DBA90306A721FB922FDACED9E9728C28 ] C:\Windows\System32\cryptui.dll
02:42:25.0135 3932 C:\Windows\System32\cryptui.dll - ok
02:42:25.0135 3932 [ 113921FC4A80A3DDF646852998B836D0 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
02:42:25.0135 3932 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll - ok
02:42:25.0135 3932 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
02:42:25.0135 3932 C:\Windows\System32\samlib.dll - ok
02:42:25.0150 3932 [ 84F8C8B9FB1F12532999D25F5DD7E77C ] C:\Windows\System32\shacct.dll
02:42:25.0150 3932 C:\Windows\System32\shacct.dll - ok
02:42:25.0150 3932 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
02:42:25.0150 3932 C:\Windows\System32\uxtheme.dll - ok
02:42:25.0150 3932 [ DD0701DE0AAA010E6EBD0F53B672DCEE ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll
02:42:25.0150 3932 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_2b47185a719d6182\GdiPlus.dll - ok
02:42:25.0166 3932 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
02:42:25.0166 3932 C:\Windows\System32\dui70.dll - ok
02:42:25.0166 3932 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
02:42:25.0166 3932 C:\Windows\System32\duser.dll - ok
02:42:25.0166 3932 [ B2E3D4BB3389817FB5E4CD9378BC8791 ] C:\Windows\System32\SndVolSSO.dll
02:42:25.0166 3932 C:\Windows\System32\SndVolSSO.dll - ok
02:42:25.0182 3932 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
02:42:25.0182 3932 C:\Windows\System32\dwmapi.dll - ok
02:42:25.0182 3932 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
02:42:25.0182 3932 C:\Windows\System32\hid.dll - ok
02:42:25.0182 3932 [ 39F91A948E6017B732C4A0B3086A8E32 ] C:\Windows\System32\xmllite.dll
02:42:25.0182 3932 C:\Windows\System32\xmllite.dll - ok
02:42:25.0197 3932 [ FE5AB4525BC2EC68B9119A6E5D40128B ] C:\Windows\System32\gpsvc.dll
02:42:25.0197 3932 C:\Windows\System32\gpsvc.dll - ok
02:42:25.0197 3932 [ 86E3822A34D454032D8E88C72AE8CF2D ] C:\Windows\System32\nlaapi.dll
02:42:25.0197 3932 C:\Windows\System32\nlaapi.dll - ok
02:42:25.0197 3932 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
02:42:25.0197 3932 C:\Windows\System32\themeservice.dll - ok
02:42:25.0213 3932 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
02:42:25.0213 3932 C:\Windows\System32\ntmarta.dll - ok
02:42:25.0213 3932 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
02:42:25.0213 3932 C:\Windows\System32\atl.dll - ok
02:42:25.0228 3932 [ 97293447431311C06703368AD0F6C4BE ] C:\Windows\System32\profsvc.dll
02:42:25.0228 3932 C:\Windows\System32\profsvc.dll - ok
02:42:25.0228 3932 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
02:42:25.0228 3932 C:\Windows\System32\dsrole.dll - ok
02:42:25.0228 3932 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
02:42:25.0228 3932 C:\Windows\System32\slc.dll - ok
02:42:25.0244 3932 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
02:42:25.0244 3932 C:\Windows\System32\es.dll - ok
02:42:25.0244 3932 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
02:42:25.0244 3932 C:\Windows\System32\comres.dll - ok
02:42:25.0244 3932 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
02:42:25.0244 3932 C:\Windows\System32\Sens.dll - ok
02:42:25.0260 3932 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
02:42:25.0260 3932 C:\Windows\System32\uxsms.dll - ok
02:42:25.0260 3932 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
02:42:25.0260 3932 C:\Windows\System32\wtsapi32.dll - ok
02:42:25.0260 3932 [ 37B68E458C0BC255DF2FB7454D0798D3 ] C:\Windows\System32\WUDFPlatform.dll
02:42:25.0260 3932 C:\Windows\System32\WUDFPlatform.dll - ok
02:42:25.0275 3932 [ B551D6637AA0E132C18AC6E504F7B79B ] C:\Windows\System32\WUDFSvc.dll
02:42:25.0275 3932 C:\Windows\System32\WUDFSvc.dll - ok
02:42:25.0275 3932 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
02:42:25.0275 3932 C:\Windows\System32\drivers\lltdio.sys - ok
02:42:25.0291 3932 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] C:\Windows\System32\drivers\ndisuio.sys
02:42:25.0291 3932 C:\Windows\System32\drivers\ndisuio.sys - ok
02:42:25.0291 3932 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
02:42:25.0291 3932 C:\Windows\System32\drivers\nwifi.sys - ok
02:42:25.0291 3932 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
02:42:25.0291 3932 C:\Windows\System32\drivers\rspndr.sys - ok
02:42:25.0306 3932 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
02:42:25.0306 3932 C:\Windows\System32\lmhsvc.dll - ok
02:42:25.0306 3932 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
02:42:25.0306 3932 C:\Windows\System32\nsisvc.dll - ok
02:42:25.0306 3932 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
02:42:25.0306 3932 C:\Windows\System32\eapsvc.dll - ok
02:42:25.0322 3932 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
02:42:25.0322 3932 C:\Windows\System32\keyiso.dll - ok
02:42:25.0322 3932 [ 982F5395AD181179320083A4FA7E7CA8 ] C:\Windows\System32\eapphost.dll
02:42:25.0322 3932 C:\Windows\System32\eapphost.dll - ok
02:42:25.0322 3932 [ 57FE2CFC2F25C200499D5D934EA24EB5 ] C:\Windows\System32\IPHLPAPI.DLL
02:42:25.0322 3932 C:\Windows\System32\IPHLPAPI.DLL - ok
02:42:25.0338 3932 [ FD5BA198F7190DFE9BE1947EB8710396 ] C:\Windows\System32\nrpsrv.dll
02:42:25.0338 3932 C:\Windows\System32\nrpsrv.dll - ok
02:42:25.0338 3932 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
02:42:25.0338 3932 C:\Windows\System32\winnsi.dll - ok
02:42:25.0338 3932 [ 85CF424C74A1D5EC33533E1DBFF9920A ] C:\Windows\System32\dnsrslvr.dll
02:42:25.0338 3932 C:\Windows\System32\dnsrslvr.dll - ok
02:42:25.0353 3932 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
02:42:25.0353 3932 C:\Windows\System32\dnsext.dll - ok
02:42:25.0353 3932 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
02:42:25.0353 3932 C:\Windows\System32\FWPUCLNT.DLL - ok
02:42:25.0353 3932 [ CE3B9562D997F69B330D181A8875960F ] C:\Windows\System32\dhcpcore.dll
02:42:25.0353 3932 C:\Windows\System32\dhcpcore.dll - ok
02:42:25.0369 3932 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
02:42:25.0369 3932 C:\Windows\System32\dhcpcsvc.dll - ok
02:42:25.0369 3932 [ 71C7B65B6557B75B99907E76956AE4B8 ] C:\Windows\System32\dhcpcore6.dll
02:42:25.0369 3932 C:\Windows\System32\dhcpcore6.dll - ok
02:42:25.0384 3932 [ 4CBCC37856EA2039C27A2FB661DDA0E5 ] C:\Windows\System32\dhcpcsvc6.dll
02:42:25.0384 3932 C:\Windows\System32\dhcpcsvc6.dll - ok
02:42:25.0384 3932 [ 2017BFE87CAB3D7EF632CFD2AA08D3F0 ] C:\Windows\System32\umb.dll
02:42:25.0384 3932 C:\Windows\System32\umb.dll - ok
02:42:25.0384 3932 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
02:42:25.0384 3932 C:\Windows\System32\wlansvc.dll - ok
02:42:25.0384 3932 [ 48A31B7CF046702059A86836DC21D786 ] C:\Windows\System32\wlanmsm.dll
02:42:25.0384 3932 C:\Windows\System32\wlanmsm.dll - ok
02:42:25.0400 3932 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
02:42:25.0400 3932 C:\Windows\System32\wlansec.dll - ok
02:42:25.0400 3932 [ D2B0D1C2BE5ECA80387F7CB8626DCAFE ] C:\Windows\System32\onex.dll
02:42:25.0400 3932 C:\Windows\System32\onex.dll - ok
02:42:25.0416 3932 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
02:42:25.0416 3932 C:\Windows\System32\eappprxy.dll - ok
02:42:25.0416 3932 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
02:42:25.0416 3932 C:\Windows\System32\eappcfg.dll - ok
02:42:25.0416 3932 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
02:42:25.0416 3932 C:\Windows\System32\wlgpclnt.dll - ok
02:42:25.0431 3932 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
02:42:25.0431 3932 C:\Windows\System32\l2gpstore.dll - ok
02:42:25.0431 3932 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
02:42:25.0431 3932 C:\Windows\System32\wlanutil.dll - ok
02:42:25.0431 3932 [ 22E7431E7DAE8463AF94A79A054276E5 ] C:\Windows\System32\WinSCard.dll
02:42:25.0431 3932 C:\Windows\System32\WinSCard.dll - ok
02:42:25.0447 3932 [ AECAB449567D1846DAD63ECE49E893E3 ] C:\Windows\System32\MPSSVC.dll
02:42:25.0447 3932 C:\Windows\System32\MPSSVC.dll - ok
02:42:25.0447 3932 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
02:42:25.0447 3932 C:\Windows\System32\adtschema.dll - ok
02:42:25.0447 3932 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] C:\Windows\System32\qmgr.dll
02:42:25.0447 3932 C:\Windows\System32\qmgr.dll - ok
02:42:25.0462 3932 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
02:42:25.0462 3932 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
02:42:25.0462 3932 [ F7866AF72ABBAF84B1FA5AA195378C59 ] C:\Windows\System32\drivers\fltMgr.sys
02:42:25.0462 3932 C:\Windows\System32\drivers\fltMgr.sys - ok
02:42:25.0462 3932 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
02:42:25.0462 3932 C:\Windows\System32\PSHED.DLL - ok
02:42:25.0478 3932 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
02:42:25.0478 3932 C:\Windows\System32\netprofm.dll - ok
02:42:25.0478 3932 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
02:42:25.0478 3932 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
02:42:25.0494 3932 [ 3C1284516A62078FB68F768DE4F1A7BE ] C:\Windows\System32\sysmain.dll
02:42:25.0494 3932 C:\Windows\System32\sysmain.dll - ok
02:42:25.0494 3932 [ 72D3D64526765C34DBFC7D895B4FBDF6 ] C:\Windows\System32\msxml6.dll
02:42:25.0494 3932 C:\Windows\System32\msxml6.dll - ok
02:42:25.0494 3932 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] C:\Windows\System32\shsvcs.dll
02:42:25.0494 3932 C:\Windows\System32\shsvcs.dll - ok
02:42:25.0509 3932 [ 624D0F5FF99428BB90A5B8A4123E918E ] C:\Windows\System32\schedsvc.dll
02:42:25.0509 3932 C:\Windows\System32\schedsvc.dll - ok
02:42:25.0509 3932 [ 3C27B50BC43D5FED43081A784DD17190 ] C:\Windows\System32\netapi32.dll
02:42:25.0509 3932 C:\Windows\System32\netapi32.dll - ok
02:42:25.0509 3932 [ 4C8C2F987FC397DCE98874D6C9C0736A ] C:\Windows\System32\netutils.dll
02:42:25.0509 3932 C:\Windows\System32\netutils.dll - ok
02:42:25.0525 3932 [ B33CBD1A8C2A33121321D0FEBD7DD870 ] C:\Windows\System32\wkscli.dll
02:42:25.0525 3932 C:\Windows\System32\wkscli.dll - ok
02:42:25.0525 3932 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
02:42:25.0525 3932 C:\Windows\System32\ktmw32.dll - ok
02:42:25.0525 3932 [ EA99F234843BBDDA1ABD2767111ADE25 ] C:\Windows\System32\WindowsCodecs.dll
02:42:25.0525 3932 C:\Windows\System32\WindowsCodecs.dll - ok
02:42:25.0540 3932 [ 1B38A0F123FCF1546FACEAF1EFAFAA00 ] C:\Windows\System32\fveapi.dll
02:42:25.0540 3932 C:\Windows\System32\fveapi.dll - ok
02:42:25.0540 3932 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
02:42:25.0540 3932 C:\Windows\System32\tbs.dll - ok
02:42:25.0540 3932 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
02:42:25.0540 3932 C:\Windows\System32\fvecerts.dll - ok
02:42:25.0556 3932 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
02:42:25.0556 3932 C:\Windows\System32\winbrand.dll - ok
02:42:25.0556 3932 [ 2A381A9740165D7A1405148B6DFB3E38 ] C:\Windows\System32\SmartcardCredentialProvider.dll
02:42:25.0556 3932 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
02:42:25.0572 3932 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
02:42:25.0572 3932 C:\Windows\System32\VaultCredProvider.dll - ok
02:42:25.0572 3932 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
02:42:25.0572 3932 C:\Windows\System32\BioCredProv.dll - ok
02:42:25.0572 3932 [ 97D38371502AA797DB14EB1FA5FCE4CD ] C:\Windows\System32\credui.dll
02:42:25.0572 3932 C:\Windows\System32\credui.dll - ok
02:42:25.0587 3932 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
02:42:25.0587 3932 C:\Windows\System32\winbio.dll - ok
02:42:25.0587 3932 [ A87205FE194B239D8D96E4972B779CC1 ] C:\Windows\System32\samcli.dll
02:42:25.0587 3932 C:\Windows\System32\samcli.dll - ok
02:42:25.0587 3932 [ 1B547066D0A6CD40EB3BAAC6A9C7E7A9 ] C:\Windows\System32\taskcomp.dll
02:42:25.0587 3932 C:\Windows\System32\taskcomp.dll - ok
02:42:25.0603 3932 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
02:42:25.0603 3932 C:\Windows\System32\vaultcli.dll - ok
02:42:25.0603 3932 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
02:42:25.0603 3932 C:\Windows\System32\wiarpc.dll - ok
02:42:25.0603 3932 [ 4E488009C8C3B00EFCFA67A0C4FB0639 ] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCP.dll
02:42:25.0603 3932 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCP.dll - ok
02:42:25.0618 3932 [ CB04A5D666D89E134DE013A4459C70D1 ] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVHelper.dll
02:42:25.0618 3932 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVHelper.dll - ok
02:42:25.0618 3932 [ A8704A10FFDE468F4AB18EBF82A9A86F ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll
02:42:25.0618 3932 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcp80.dll - ok
02:42:25.0618 3932 [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
02:42:25.0634 3932 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
02:42:25.0634 3932 [ 9AE75388EE2C110216B8319584E8AC34 ] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll
02:42:25.0634 3932 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll - ok
02:42:25.0634 3932 [ 2A9238A326763122424E07EF320D5D3A ] C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll
02:42:25.0634 3932 C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll - ok
02:42:25.0650 3932 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
02:42:25.0650 3932 C:\Windows\System32\winmm.dll - ok
02:42:25.0650 3932 [ 91175B7E997CFAC64F271A15B4217BC7 ] C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll
02:42:25.0650 3932 C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll - ok
02:42:25.0650 3932 [ BA1B90E4F0E5463C7F0DE8D77D21520E ] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVLogOn.dll
02:42:25.0650 3932 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVLogOn.dll - ok
02:42:25.0665 3932 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
02:42:25.0665 3932 C:\Windows\System32\certCredProvider.dll - ok
02:42:25.0665 3932 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
02:42:25.0665 3932 C:\Windows\System32\UXInit.dll - ok
02:42:25.0665 3932 [ 032229246107C5C7211E6D1498B52D3D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
02:42:25.0665 3932 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
02:42:25.0681 3932 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
02:42:25.0681 3932 C:\Windows\System32\rasplap.dll - ok
02:42:25.0681 3932 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
02:42:25.0681 3932 C:\Windows\System32\rasapi32.dll - ok
02:42:25.0681 3932 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
02:42:25.0681 3932 C:\Windows\System32\rasman.dll - ok
02:42:25.0696 3932 [ F5A61F0A0030C80DF319B0C14A4C8885 ] C:\Windows\System32\rtutils.dll
02:42:25.0696 3932 C:\Windows\System32\rtutils.dll - ok
02:42:25.0696 3932 [ 8F6D9A20F1FB06F0602A7D5A82840DBF ] C:\Windows\System32\netcfgx.dll
02:42:25.0696 3932 C:\Windows\System32\netcfgx.dll - ok
02:42:25.0696 3932 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
02:42:25.0696 3932 C:\Windows\System32\imageres.dll - ok
02:42:25.0712 3932 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] C:\Windows\System32\drivers\http.sys
02:42:25.0712 3932 C:\Windows\System32\drivers\http.sys - ok
02:42:25.0712 3932 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] C:\Windows\System32\drivers\vwifimp.sys
02:42:25.0712 3932 C:\Windows\System32\drivers\vwifimp.sys - ok
02:42:25.0712 3932 [ 567977DC43CC13C4C35ED7084C0B84D5 ] C:\Windows\System32\spoolsv.exe
02:42:25.0712 3932 C:\Windows\System32\spoolsv.exe - ok
02:42:25.0728 3932 [ 4992C609A6315671463E30F6512BC022 ] C:\Windows\System32\BFE.DLL
02:42:25.0728 3932 C:\Windows\System32\BFE.DLL - ok
02:42:25.0728 3932 [ 19D20159708E152267E53B66677A4995 ] C:\Windows\System32\drivers\bowser.sys
02:42:25.0728 3932 C:\Windows\System32\drivers\bowser.sys - ok
02:42:25.0743 3932 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
02:42:25.0743 3932 C:\Windows\System32\drivers\mpsdrv.sys - ok
02:42:25.0743 3932 [ 040D62A9D8AD28922632137ACDD984F2 ] C:\Windows\System32\drivers\mrxsmb.sys
02:42:25.0743 3932 C:\Windows\System32\drivers\mrxsmb.sys - ok
02:42:25.0743 3932 [ F0067552F8F9B33D7C59403AB808A3CB ] C:\Windows\System32\drivers\mrxsmb10.sys
02:42:25.0743 3932 C:\Windows\System32\drivers\mrxsmb10.sys - ok
02:42:25.0759 3932 [ 3C142D31DE9F2F193218A53FE2632051 ] C:\Windows\System32\drivers\mrxsmb20.sys
02:42:25.0759 3932 C:\Windows\System32\drivers\mrxsmb20.sys - ok
02:42:25.0759 3932 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] C:\Windows\System32\wkssvc.dll
02:42:25.0759 3932 C:\Windows\System32\wkssvc.dll - ok
02:42:25.0759 3932 [ C6D332ED6A3BD6060C0F0F5A18C1A3C0 ] C:\Windows\System32\cryptnet.dll
02:42:25.0759 3932 C:\Windows\System32\cryptnet.dll - ok
02:42:25.0774 3932 [ F02786B66375292E58C8777082D4396D ] C:\Windows\System32\cryptsvc.dll
02:42:25.0774 3932 C:\Windows\System32\cryptsvc.dll - ok
02:42:25.0774 3932 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
02:42:25.0774 3932 C:\Windows\System32\wfapigp.dll - ok
02:42:25.0774 3932 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] C:\Windows\System32\dps.dll
02:42:25.0774 3932 C:\Windows\System32\dps.dll - ok
02:42:25.0790 3932 [ A261AD1FDC6D6A658A82B81AF81B215F ] C:\Windows\System32\vssapi.dll
02:42:25.0790 3932 C:\Windows\System32\vssapi.dll - ok
02:42:25.0790 3932 [ DC57BAF15064ECB79F6D2CCF352E1D88 ] C:\Windows\System32\taskschd.dll
02:42:25.0790 3932 C:\Windows\System32\taskschd.dll - ok
02:42:25.0806 3932 [ 961036B3C6282C646B9ADBC8BB32C983 ] C:\Windows\System32\mscms.dll
02:42:25.0806 3932 C:\Windows\System32\mscms.dll - ok
02:42:25.0806 3932 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
02:42:25.0806 3932 C:\Windows\System32\pcasvc.dll - ok
02:42:25.0806 3932 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
02:42:25.0806 3932 C:\Windows\System32\snmptrap.exe - ok
02:42:25.0821 3932 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
02:42:25.0821 3932 C:\Windows\System32\vsstrace.dll - ok
02:42:25.0821 3932 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
02:42:25.0821 3932 C:\Windows\System32\wdi.dll - ok
02:42:25.0821 3932 [ 06A7422224D9865A5613710A089987DF ] C:\Windows\System32\provsvc.dll
02:42:25.0821 3932 C:\Windows\System32\provsvc.dll - ok
02:42:25.0837 3932 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
02:42:25.0837 3932 C:\Windows\System32\sstpsvc.dll - ok
02:42:25.0837 3932 [ 7CF1B716372B89568AE4C0FE769F5869 ] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
02:42:25.0837 3932 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe - ok
02:42:25.0837 3932 [ DB6DD54A93522CA3572D04B56C5DB890 ] C:\Windows\SysWOW64\ntdll.dll
02:42:25.0837 3932 C:\Windows\SysWOW64\ntdll.dll - ok
02:42:25.0852 3932 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
02:42:25.0852 3932 C:\Windows\System32\dllhost.exe - ok
02:42:25.0852 3932 [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll
02:42:25.0852 3932 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll - ok
02:42:25.0852 3932 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
02:42:25.0852 3932 C:\Windows\System32\IDStore.dll - ok
02:42:25.0868 3932 [ 3EEFB971D61EF9638FD21F14C703CA11 ] C:\Windows\System32\taskhost.exe
02:42:25.0868 3932 C:\Windows\System32\taskhost.exe - ok
02:42:25.0868 3932 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
02:42:25.0868 3932 C:\Windows\System32\AtBroker.exe - ok
02:42:25.0884 3932 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
02:42:25.0884 3932 C:\Windows\System32\mpr.dll - ok
02:42:25.0884 3932 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
02:42:25.0884 3932 C:\Windows\System32\PlaySndSrv.dll - ok
02:42:25.0884 3932 [ 6F8F1376A13114CC10C0E69274F5A4DE ] C:\Windows\System32\userinit.exe
02:42:25.0884 3932 C:\Windows\System32\userinit.exe - ok
02:42:25.0899 3932 [ AFB5B500AD69E24ED1BC15D1161641EF ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
02:42:25.0899 3932 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
02:42:25.0899 3932 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
02:42:25.0899 3932 C:\Windows\System32\rasadhlp.dll - ok
02:42:25.0899 3932 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
02:42:25.0899 3932 C:\Windows\System32\dwm.exe - ok
02:42:25.0915 3932 [ 8CFACC72081C21519676BF4AAA1A88A9 ] C:\Windows\System32\localspl.dll
02:42:25.0915 3932 C:\Windows\System32\localspl.dll - ok
02:42:25.0915 3932 [ EF184066A851E7838D5BF8C8FAE66CC4 ] C:\Windows\System32\dwmredir.dll
02:42:25.0915 3932 C:\Windows\System32\dwmredir.dll - ok
02:42:25.0915 3932 [ 9D8AB964CE511AF81207DF0E1205184C ] C:\Windows\System32\dwmcore.dll
02:42:25.0915 3932 C:\Windows\System32\dwmcore.dll - ok
02:42:25.0930 3932 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
02:42:25.0930 3932 C:\Windows\System32\spoolss.dll - ok
02:42:25.0930 3932 [ 02CDEB5D8B3DD5F6770DEFFBBC0CFAD0 ] C:\Windows\System32\winspool.drv
02:42:25.0930 3932 C:\Windows\System32\winspool.drv - ok
02:42:25.0930 3932 [ 20BEB8C403C6E28C9B13644787F5177D ] C:\Windows\System32\FXSMON.dll
02:42:25.0930 3932 C:\Windows\System32\FXSMON.dll - ok
02:42:25.0946 3932 [ 62A0ED06E9FF55EEF51B27EC4839EE0B ] C:\Windows\System32\hpz3lw71.dll
02:42:25.0946 3932 C:\Windows\System32\hpz3lw71.dll - ok
02:42:25.0946 3932 [ 33CC7FFA41F6157592E1578BD253F30E ] C:\Windows\System32\PrintIsolationProxy.dll
02:42:25.0946 3932 C:\Windows\System32\PrintIsolationProxy.dll - ok
02:42:25.0946 3932 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
02:42:25.0946 3932 C:\Windows\System32\tcpmon.dll - ok
02:42:25.0962 3932 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
02:42:25.0962 3932 C:\Windows\System32\MsCtfMonitor.dll - ok
02:42:25.0962 3932 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
02:42:25.0962 3932 C:\Windows\System32\msutb.dll - ok
02:42:25.0962 3932 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
02:42:25.0962 3932 C:\Windows\System32\snmpapi.dll - ok
02:42:25.0977 3932 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
02:42:25.0977 3932 C:\Windows\System32\usbmon.dll - ok
02:42:25.0977 3932 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
02:42:25.0977 3932 C:\Windows\System32\WSDMon.dll - ok
02:42:25.0977 3932 [ AD7C70077D4C81558E909D34EF6B995E ] C:\Windows\System32\wsnmp32.dll
02:42:25.0993 3932 C:\Windows\System32\wsnmp32.dll - ok
02:42:25.0993 3932 [ 05FE4A30177E858B51F5E1E970FE9925 ] C:\Windows\System32\WSDApi.dll
02:42:25.0993 3932 C:\Windows\System32\WSDApi.dll - ok
02:42:25.0993 3932 [ 7F37322A489E285CFBCC02F6A53B3F1B ] C:\Windows\System32\HotStartUserAgent.dll
02:42:25.0993 3932 C:\Windows\System32\HotStartUserAgent.dll - ok
02:42:26.0008 3932 [ 58A0C212ED2ABE462B3A9626F5B96261 ] C:\Windows\System32\d3d10_1.dll
02:42:26.0008 3932 C:\Windows\System32\d3d10_1.dll - ok
02:42:26.0008 3932 [ AFBBC34687FA48A4928B99AF097C1EC0 ] C:\Windows\System32\d3d10_1core.dll
02:42:26.0008 3932 C:\Windows\System32\d3d10_1core.dll - ok
02:42:26.0008 3932 [ A3EA403D2B74C5F71B7E8B3DAE92DE1E ] C:\Windows\System32\webservices.dll
02:42:26.0008 3932 C:\Windows\System32\webservices.dll - ok
02:42:26.0024 3932 [ D95DB5C915C001F78709C17285109BDC ] C:\Windows\System32\dxgi.dll
02:42:26.0024 3932 C:\Windows\System32\dxgi.dll - ok
02:42:26.0024 3932 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
02:42:26.0024 3932 C:\Windows\System32\fundisc.dll - ok
02:42:26.0024 3932 [ 0862495E0C825893DB75EF44FAEA8E93 ] C:\Windows\explorer.exe
02:42:26.0024 3932 C:\Windows\explorer.exe - ok
02:42:26.0040 3932 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
02:42:26.0040 3932 C:\Windows\System32\fdPnp.dll - ok
02:42:26.0040 3932 [ 81A5793E17FD3618ACF643B23E56AB3F ] C:\Windows\System32\igd10umd64.dll
02:42:26.0040 3932 C:\Windows\System32\igd10umd64.dll - ok
02:42:26.0040 3932 [ 6FB9BE56891EA4E85B4C9BDD4E9AFA69 ] C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll
02:42:26.0040 3932 C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll - ok
02:42:26.0055 3932 [ 7EDB2BF840ECB14D6E6B11C035708719 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
02:42:26.0055 3932 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
02:42:26.0055 3932 [ 2332BACC2AB09119A14637DE0CB30147 ] C:\Windows\System32\win32spl.dll
02:42:26.0055 3932 C:\Windows\System32\win32spl.dll - ok
02:42:26.0071 3932 [ 1C27E145EC99F20BC1B13FD98165A83F ] C:\Windows\System32\ExplorerFrame.dll
02:42:26.0071 3932 C:\Windows\System32\ExplorerFrame.dll - ok
02:42:26.0071 3932 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
02:42:26.0071 3932 C:\Windows\System32\EhStorShell.dll - ok
02:42:26.0071 3932 [ 5F917AEEEA363B8A5DC8624795CB1D60 ] C:\Windows\System32\ntshrui.dll
02:42:26.0071 3932 C:\Windows\System32\ntshrui.dll - ok
02:42:26.0086 3932 [ BFEBE1E4B301F44CEA7C1B4021BD0264 ] C:\Windows\System32\cscapi.dll
02:42:26.0086 3932 C:\Windows\System32\cscapi.dll - ok
02:42:26.0086 3932 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
02:42:26.0086 3932 C:\Windows\System32\IconCodecService.dll - ok
02:42:26.0086 3932 [ 17EAB1AEA937EFFCD107EFBA94FEDB34 ] C:\Windows\System32\inetpp.dll
02:42:26.0086 3932 C:\Windows\System32\inetpp.dll - ok
02:42:26.0102 3932 [ 60CAE1FA4888ED41B41AEE91C774E4A2 ] C:\Windows\System32\taskeng.exe
02:42:26.0102 3932 C:\Windows\System32\taskeng.exe - ok
02:42:26.0102 3932 [ ADFDF57DC62AE66FE47D5AD1C838131B ] C:\Windows\System32\wow64.dll
02:42:26.0102 3932 C:\Windows\System32\wow64.dll - ok
02:42:26.0102 3932 [ C0A718C7421975E8D25FF78271A8F54A ] C:\Windows\System32\wow64cpu.dll
02:42:26.0102 3932 C:\Windows\System32\wow64cpu.dll - ok
02:42:26.0118 3932 [ E9727C5B096B0722BEBEE269ED841F37 ] C:\Windows\System32\wow64win.dll
02:42:26.0118 3932 C:\Windows\System32\wow64win.dll - ok
02:42:26.0118 3932 [ 4EA99F1644627B1EBAD99D0B93CDEE1C ] C:\Windows\SysWOW64\kernel32.dll
02:42:26.0118 3932 C:\Windows\SysWOW64\kernel32.dll - ok
02:42:26.0118 3932 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
02:42:26.0118 3932 C:\Windows\System32\TSChannel.dll - ok
02:42:26.0133 3932 [ 2BF12696F4AC8AFCFC06EAD6F8D2DB4C ] C:\Windows\SysWOW64\KernelBase.dll
02:42:26.0133 3932 C:\Windows\SysWOW64\KernelBase.dll - ok
02:42:26.0133 3932 [ E2C2D8C982316C8ABF800C6CE3F28FAB ] C:\Windows\SysWOW64\ole32.dll
02:42:26.0133 3932 C:\Windows\SysWOW64\ole32.dll - ok
02:42:26.0133 3932 [ F8A61B2E713309B4616D107919BDAB6E ] C:\Windows\SysWOW64\msvcrt.dll
02:42:26.0133 3932 C:\Windows\SysWOW64\msvcrt.dll - ok
02:42:26.0149 3932 [ FBE1E0B9EF53B5BB7C36763AA6A685CF ] C:\Windows\SysWOW64\gdi32.dll
02:42:26.0149 3932 C:\Windows\SysWOW64\gdi32.dll - ok
02:42:26.0149 3932 [ E8B0FFC209E504CB7E79FC24E6C085F0 ] C:\Windows\SysWOW64\user32.dll
02:42:26.0149 3932 C:\Windows\SysWOW64\user32.dll - ok
02:42:26.0149 3932 [ 0C65FA8214D6F8378D1D3BA1CA46AF0A ] C:\Windows\SysWOW64\advapi32.dll
02:42:26.0149 3932 C:\Windows\SysWOW64\advapi32.dll - ok
02:42:26.0164 3932 [ 90385551B6B3793E949DF310A11D64E7 ] C:\Windows\SysWOW64\rpcrt4.dll
02:42:26.0164 3932 C:\Windows\SysWOW64\rpcrt4.dll - ok
02:42:26.0164 3932 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
02:42:26.0164 3932 C:\Windows\SysWOW64\sechost.dll - ok
02:42:26.0180 3932 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
02:42:26.0180 3932 C:\Windows\SysWOW64\cryptbase.dll - ok
02:42:26.0180 3932 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
02:42:26.0180 3932 C:\Windows\SysWOW64\lpk.dll - ok
02:42:26.0180 3932 [ 351F62085F1D007533B4BB159C9EFDE3 ] C:\Windows\SysWOW64\sspicli.dll
02:42:26.0180 3932 C:\Windows\SysWOW64\sspicli.dll - ok
02:42:26.0180 3932 [ 0BA19F3198C40AC4E8CC66EE02EDA6C6 ] C:\Windows\SysWOW64\usp10.dll
02:42:26.0180 3932 C:\Windows\SysWOW64\usp10.dll - ok
02:42:26.0196 3932 [ 705C210EFC5564BE49EB026BD7AFF27A ] C:\Windows\SysWOW64\oleaut32.dll
02:42:26.0196 3932 C:\Windows\SysWOW64\oleaut32.dll - ok
02:42:26.0196 3932 [ C02E3CE20E7776C922B5C8938350B5F1 ] C:\Windows\SysWOW64\apphelp.dll
02:42:26.0196 3932 C:\Windows\SysWOW64\apphelp.dll - ok
02:42:26.0211 3932 [ F037DB14CF6165C62F4A64D12A25B07C ] C:\Windows\SysWOW64\shlwapi.dll
02:42:26.0211 3932 C:\Windows\SysWOW64\shlwapi.dll - ok
02:42:26.0211 3932 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
02:42:26.0211 3932 C:\Windows\SysWOW64\version.dll - ok
02:42:26.0211 3932 [ 5FDC7034DB23B453C660298D8AB43343 ] C:\Windows\AppPatch\acwow64.dll
02:42:26.0211 3932 C:\Windows\AppPatch\acwow64.dll - ok
02:42:26.0227 3932 [ 0DE3069D6E09BA262856EF31C941BEFE ] C:\Windows\SysWOW64\imm32.dll
02:42:26.0227 3932 C:\Windows\SysWOW64\imm32.dll - ok
02:42:26.0227 3932 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
02:42:26.0227 3932 C:\Windows\SysWOW64\msctf.dll - ok
02:42:26.0227 3932 [ 6C0326F74A9A3AD96CBD7CA4D1B436CC ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe
02:42:26.0227 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe - ok
02:42:26.0242 3932 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
02:42:26.0242 3932 C:\Windows\System32\netman.dll - ok
02:42:26.0242 3932 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] C:\Windows\System32\nlasvc.dll
02:42:26.0242 3932 C:\Windows\System32\nlasvc.dll - ok
02:42:26.0242 3932 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
02:42:26.0242 3932 C:\Windows\SysWOW64\psapi.dll - ok
02:42:26.0258 3932 [ BEC27CF5564827EAB7F08C98EE55B1CC ] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\pdm.dll
02:42:26.0258 3932 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\pdm.dll - ok
02:42:26.0258 3932 [ 94A0142B6AE74333BCCF6502D567CBB6 ] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\msdbg2.dll
02:42:26.0258 3932 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\msdbg2.dll - ok
02:42:26.0274 3932 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
02:42:26.0274 3932 C:\Windows\SysWOW64\clbcatq.dll - ok
02:42:26.0274 3932 [ 107F279517E2A04DB4AC1B1FAF1D573B ] C:\Windows\System32\ncsi.dll
02:42:26.0274 3932 C:\Windows\System32\ncsi.dll - ok
02:42:26.0274 3932 [ 0BF0C2A72F2CB0BA4382C392D3E331AF ] C:\Windows\System32\winhttp.dll
02:42:26.0274 3932 C:\Windows\System32\winhttp.dll - ok
02:42:26.0289 3932 [ 70A72FC276267DBFDB39AC1FD358CFE0 ] C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll
02:42:26.0289 3932 C:\Windows\System32\spool\drivers\x64\3\unidrvui.dll - ok
02:42:26.0289 3932 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
02:42:26.0289 3932 C:\Windows\SysWOW64\cryptsp.dll - ok
02:42:26.0289 3932 [ 647C11534C7AF0C5FF599D930476511F ] C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\csm.dll
02:42:26.0289 3932 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\csm.dll - ok
02:42:26.0305 3932 [ 6C0BD9D59C7E97DEE2FB3407D17BF697 ] C:\Windows\SysWOW64\RpcRtRemote.dll
02:42:26.0305 3932 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
02:42:26.0305 3932 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
02:42:26.0305 3932 C:\Windows\SysWOW64\rsaenh.dll - ok
02:42:26.0305 3932 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
02:42:26.0305 3932 C:\Windows\System32\uDWM.dll - ok
02:42:26.0320 3932 [ 2196CDBFA4B99BEEDAE300FA21DFE718 ] C:\Windows\System32\webio.dll
02:42:26.0320 3932 C:\Windows\System32\webio.dll - ok
02:42:26.0320 3932 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
02:42:26.0320 3932 C:\Windows\System32\ssdpapi.dll - ok
02:42:26.0320 3932 [ 655A3626F78139E86CF05F5D62E3F7EF ] C:\Windows\System32\pdh.dll
02:42:26.0320 3932 C:\Windows\System32\pdh.dll - ok
02:42:26.0336 3932 [ 48A9D10BD2C87876ED611932F2679799 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\perfiCrcPerfMonMgr.dll
02:42:26.0336 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\perfiCrcPerfMonMgr.dll - ok
02:42:26.0336 3932 [ 9FE3ED67345F0FF829A4A53B90E09672 ] C:\Windows\System32\loadperf.dll
02:42:26.0336 3932 C:\Windows\System32\loadperf.dll - ok
02:42:26.0352 3932 [ D68B92B432233712E5ECCF21C8AF9757 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSAPI64.DLL
02:42:26.0352 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSAPI64.DLL - ok
02:42:26.0352 3932 [ 22F020C76E339EB2B2187BA73A7E4173 ] C:\Windows\System32\PrintIsolationHost.exe
02:42:26.0352 3932 C:\Windows\System32\PrintIsolationHost.exe - ok
02:42:26.0352 3932 [ EFEC3847B47CC9357D5C33BBAB59B7EB ] C:\Windows\System32\mgmtapi.dll
02:42:26.0352 3932 C:\Windows\System32\mgmtapi.dll - ok
02:42:26.0367 3932 [ E81F5A2F6D52215C0E84F2849503EBA8 ] C:\Windows\System32\tcpmib.dll
02:42:26.0367 3932 C:\Windows\System32\tcpmib.dll - ok
02:42:26.0367 3932 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:42:26.0367 3932 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
02:42:26.0367 3932 [ 2CBC35E872BA9B46474890135B56DD66 ] C:\Windows\SysWOW64\shell32.dll
02:42:26.0367 3932 C:\Windows\SysWOW64\shell32.dll - ok
02:42:26.0383 3932 [ 10082D5492C7BD118FE703AC6CCB8AFC ] C:\Windows\System32\spool\drivers\x64\3\UNIDRV.DLL
02:42:26.0383 3932 C:\Windows\System32\spool\drivers\x64\3\UNIDRV.DLL - ok
02:42:26.0383 3932 [ E423902B4C0381ADA6FDCDC9A9374965 ] C:\Windows\System32\spool\drivers\x64\3\RIAUI27.DLL
02:42:26.0383 3932 C:\Windows\System32\spool\drivers\x64\3\RIAUI27.DLL - ok
02:42:26.0398 3932 [ B132CA7D385E6D2C08D09DA88AF7CAD5 ] C:\Windows\System32\mfc42.dll
02:42:26.0398 3932 C:\Windows\System32\mfc42.dll - ok
02:42:26.0398 3932 [ DFF4993094A11275601E7ADBF1D1BD25 ] C:\Windows\System32\odbc32.dll
02:42:26.0398 3932 C:\Windows\System32\odbc32.dll - ok
02:42:26.0398 3932 [ 3E466073C3B1033FF92ADE9031E3D4A2 ] C:\Windows\System32\odbcint.dll
02:42:26.0398 3932 C:\Windows\System32\odbcint.dll - ok
02:42:26.0414 3932 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll
02:42:26.0414 3932 C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll - ok
02:42:26.0414 3932 [ 6095266CAAF5E75F394CFD4844CC4C25 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
02:42:26.0414 3932 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
02:42:26.0414 3932 [ 5DE691884C240227B733CC18BBFCA3D8 ] C:\Windows\SysWOW64\netapi32.dll
02:42:26.0414 3932 C:\Windows\SysWOW64\netapi32.dll - ok
02:42:26.0430 3932 [ C6BB27D9A8AC13D4A44486F528B5C884 ] C:\Windows\SysWOW64\netutils.dll
02:42:26.0430 3932 C:\Windows\SysWOW64\netutils.dll - ok
02:42:26.0430 3932 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
02:42:26.0430 3932 C:\Windows\SysWOW64\nsi.dll - ok
02:42:26.0430 3932 [ 89D840773C9C4358A5031DCC860449EC ] C:\Windows\SysWOW64\srvcli.dll
02:42:26.0430 3932 C:\Windows\SysWOW64\srvcli.dll - ok
02:42:26.0445 3932 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
02:42:26.0445 3932 C:\Windows\SysWOW64\winnsi.dll - ok
02:42:26.0445 3932 [ 7AD12703039056D2A0815F85960E1FA1 ] C:\Windows\SysWOW64\wkscli.dll
02:42:26.0445 3932 C:\Windows\SysWOW64\wkscli.dll - ok
02:42:26.0445 3932 [ 4B8DD8541C0E26602005DD0137333615 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
02:42:26.0445 3932 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll - ok
02:42:26.0461 3932 [ 5923DB041C82BD93FE6C54114470CE17 ] C:\Windows\SysWOW64\crypt32.dll
02:42:26.0461 3932 C:\Windows\SysWOW64\crypt32.dll - ok
02:42:26.0461 3932 [ 97CCB4D737B426B200E5EF90C877DF32 ] C:\Windows\SysWOW64\imagehlp.dll
02:42:26.0461 3932 C:\Windows\SysWOW64\imagehlp.dll - ok
02:42:26.0461 3932 [ 4C04900AA8C323F5D4C316A89E976849 ] C:\Windows\SysWOW64\msasn1.dll
02:42:26.0461 3932 C:\Windows\SysWOW64\msasn1.dll - ok
02:42:26.0476 3932 [ F1317678AC2FBA9F640279290B2E2988 ] C:\Windows\SysWOW64\msi.dll
02:42:26.0476 3932 C:\Windows\SysWOW64\msi.dll - ok
02:42:26.0476 3932 [ 5553611E2F9EA6F613079177F1233068 ] C:\Windows\SysWOW64\wininet.dll
02:42:26.0476 3932 C:\Windows\SysWOW64\wininet.dll - ok
02:42:26.0476 3932 [ EB8A00E8E9931A7EC04F920B09D880D8 ] C:\Windows\SysWOW64\iertutil.dll
02:42:26.0476 3932 C:\Windows\SysWOW64\iertutil.dll - ok
02:42:26.0492 3932 [ 9FAC0F6D5F3D922DB294E30CD3F62369 ] C:\Windows\SysWOW64\urlmon.dll
02:42:26.0492 3932 C:\Windows\SysWOW64\urlmon.dll - ok
02:42:26.0492 3932 [ 6380BE4AB7AFA48BAEF321E8CA980ADD ] C:\Windows\SysWOW64\wintrust.dll
02:42:26.0492 3932 C:\Windows\SysWOW64\wintrust.dll - ok
02:42:26.0492 3932 [ ADD9D33D685DFADDFAD5AFB42CF31A70 ] C:\Windows\SysWOW64\cscapi.dll
02:42:26.0492 3932 C:\Windows\SysWOW64\cscapi.dll - ok
02:42:26.0508 3932 [ 79C7CFAEA6879A8C1A1E8B5FFE8983AA ] C:\Windows\SysWOW64\dbghelp.dll
02:42:26.0508 3932 C:\Windows\SysWOW64\dbghelp.dll - ok
02:42:26.0508 3932 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
02:42:26.0508 3932 C:\Windows\SysWOW64\ntmarta.dll - ok
02:42:26.0523 3932 [ BFA70A99AD1434263F2DFBBA103BDEF8 ] C:\Windows\SysWOW64\Wldap32.dll
02:42:26.0523 3932 C:\Windows\SysWOW64\Wldap32.dll - ok
02:42:26.0523 3932 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
02:42:26.0523 3932 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
02:42:26.0523 3932 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
02:42:26.0523 3932 C:\Windows\SysWOW64\profapi.dll - ok
02:42:26.0539 3932 [ 9C0DC1DAAD14D443DD5A0D1EE78D775E ] C:\Windows\SysWOW64\userenv.dll
02:42:26.0539 3932 C:\Windows\SysWOW64\userenv.dll - ok
02:42:26.0539 3932 [ 41938F2C1642459CBBA691B5DBD6395A ] C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
02:42:26.0539 3932 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe - ok
02:42:26.0539 3932 [ 0089563F324FA784DA849D6A636141E0 ] C:\Windows\SysWOW64\mstask.dll
02:42:26.0539 3932 C:\Windows\SysWOW64\mstask.dll - ok
02:42:26.0554 3932 [ A74316B5C28D94AF0825267D8715549F ] C:\Windows\System32\dbghelp.dll
02:42:26.0554 3932 C:\Windows\System32\dbghelp.dll - ok
02:42:26.0554 3932 [ 7D438D4B0BFF4FC5CE4341E2B28B9A8F ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\FlowControl_64x.dll
02:42:26.0554 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\FlowControl_64x.dll - ok
02:42:26.0570 3932 [ 805D97D8AFFD916BA435570A7F8C709C ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\libCNTProdRes_64x.dll
02:42:26.0570 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\libCNTProdRes_64x.dll - ok
02:42:26.0570 3932 [ ABF7F6011E9116D08485C0A6EEED799C ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\OfcPIPC_64x.dll
02:42:26.0570 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\OfcPIPC_64x.dll - ok
02:42:26.0570 3932 [ 143266F083820AA3B664983C3F242723 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\TimeString_64x.dll
02:42:26.0570 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TimeString_64x.dll - ok
02:42:26.0586 3932 [ D62474924973F61A53A6DA2D4F71852E ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\OfcPlugInAPI_64x.dll
02:42:26.0586 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\OfcPlugInAPI_64x.dll - ok
02:42:26.0586 3932 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
02:42:26.0586 3932 C:\Windows\System32\aepic.dll - ok
02:42:26.0586 3932 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
02:42:26.0586 3932 C:\Windows\System32\drivers\PEAuth.sys - ok
02:42:26.0601 3932 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
02:42:26.0601 3932 C:\Windows\System32\sfc.dll - ok
02:42:26.0601 3932 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
02:42:26.0601 3932 C:\Windows\System32\sfc_os.dll - ok
02:42:26.0601 3932 [ F07AF60B152221472FBDB2FECEC4896D ] C:\Program Files (x86)\Skype\Updater\Updater.exe
02:42:26.0601 3932 C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
02:42:26.0617 3932 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
02:42:26.0617 3932 C:\Windows\System32\drivers\secdrv.sys - ok
02:42:26.0617 3932 [ E30E5BB0DBA49EFE5BBBAFEA440CFBD9 ] C:\Windows\SysWOW64\wtsapi32.dll
02:42:26.0617 3932 C:\Windows\SysWOW64\wtsapi32.dll - ok
02:42:26.0632 3932 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] C:\Windows\System32\drivers\srvnet.sys
02:42:26.0632 3932 C:\Windows\System32\drivers\srvnet.sys - ok
02:42:26.0632 3932 [ 76D078AF6F587B162D50210F761EB9ED ] C:\Windows\System32\drivers\tcpipreg.sys
02:42:26.0632 3932 C:\Windows\System32\drivers\tcpipreg.sys - ok
02:42:26.0632 3932 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] C:\Windows\System32\wiaservc.dll
02:42:26.0632 3932 C:\Windows\System32\wiaservc.dll - ok
02:42:26.0648 3932 [ 6146EAC71AE3C9DA17B0E33632082B7B ] C:\Windows\System32\ThpSrv.exe
02:42:26.0648 3932 C:\Windows\System32\ThpSrv.exe - ok
02:42:26.0648 3932 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
02:42:26.0648 3932 C:\Windows\System32\wiatrace.dll - ok
02:42:26.0648 3932 [ ED32035BDFECED1AD66D459FD9CC1140 ] C:\Windows\System32\TODDSrv.exe
02:42:26.0648 3932 C:\Windows\System32\TODDSrv.exe - ok
02:42:26.0664 3932 [ 4DB8C79BCEA76063B83B13410366A1F7 ] C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
02:42:26.0664 3932 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe - ok
02:42:26.0664 3932 [ EA8D611D376717B374C6DDADB619B6BD ] C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll
02:42:26.0664 3932 C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll - ok
02:42:26.0664 3932 [ 8E12520E32EAFC22E6B62631B624290B ] C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll
02:42:26.0664 3932 C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll - ok
02:42:26.0679 3932 [ D06A0B6260D9B6E5C5F6C800E2574267 ] C:\Windows\System32\ntprint.dll
02:42:26.0679 3932 C:\Windows\System32\ntprint.dll - ok
02:42:26.0679 3932 [ 91E79D25A73C48A240AC23AB26EFFB87 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTSvcRes.dll
02:42:26.0679 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTSvcRes.dll - ok
02:42:26.0695 3932 [ CDEDBE238145D51B6BB7E8DCA43F11ED ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\OfcPlugInMain_64x.dll
02:42:26.0695 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\OfcPlugInMain_64x.dll - ok
02:42:26.0695 3932 [ 0C4819EEBAA814A69E4DD1EE36305A07 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\OfcPluginTray_64x.dll
02:42:26.0695 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\OfcPluginTray_64x.dll - ok
02:42:26.0695 3932 [ 71E3C83C0493F03AD6A6211D035677A8 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\TSC64.EXE
02:42:26.0695 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TSC64.EXE - ok
02:42:26.0710 3932 [ E7D340771D46CD4CF8399EEF9B9998D0 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\ICRCHdler.dll
02:42:26.0710 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\ICRCHdler.dll - ok
02:42:26.0710 3932 [ B2A717391D32CF1C00A9D5828FBE2C3D ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\libcurl.dll
02:42:26.0710 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\libcurl.dll - ok
02:42:26.0710 3932 [ 000AFCAD6181385BA5CB70E22435495F ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\libeay32.dll
02:42:26.0710 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\libeay32.dll - ok
02:42:26.0726 3932 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
02:42:26.0726 3932 C:\Windows\System32\wsock32.dll - ok
02:42:26.0726 3932 [ 010EEB312DC0E1330B0FAA9FBBE52E1B ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\ssleay32.dll
02:42:26.0726 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\ssleay32.dll - ok
02:42:26.0726 3932 [ 32FF64D06A91DAA0331C624AFF442679 ] C:\Program Files\TOSHIBA\TECO\TecoService.exe
02:42:26.0726 3932 C:\Program Files\TOSHIBA\TECO\TecoService.exe - ok
02:42:26.0742 3932 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
02:42:26.0742 3932 C:\Windows\System32\aeevts.dll - ok
02:42:26.0742 3932 [ 56384FA9F8EF5F65A8DE4AA43C5E5F3F ] C:\Program Files\TOSHIBA\TECO\TecoHci.dll
02:42:26.0742 3932 C:\Program Files\TOSHIBA\TECO\TecoHci.dll - ok
02:42:26.0757 3932 [ 65E7FCBEDBE4AFF81FD05D19119CCA61 ] C:\Program Files\TOSHIBA\TECO\TecoPower.dll
02:42:26.0757 3932 C:\Program Files\TOSHIBA\TECO\TecoPower.dll - ok
02:42:26.0757 3932 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
02:42:26.0757 3932 C:\Windows\System32\wbem\WMIsvc.dll - ok
02:42:26.0757 3932 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
02:42:26.0773 3932 C:\Windows\System32\trkwks.dll - ok
02:42:26.0773 3932 [ 2BACD71123F42CEA603F4E205E1AE337 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:42:26.0773 3932 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
02:42:26.0773 3932 [ FAF9BA81FB0543CB4B7EFFD24CFA815F ] C:\Windows\System32\wbemcomn.dll
02:42:26.0773 3932 C:\Windows\System32\wbemcomn.dll - ok
02:42:26.0788 3932 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
02:42:26.0788 3932 C:\Windows\System32\wbem\WinMgmtR.dll - ok
02:42:26.0788 3932 [ A7582A70802D5B9F28ED3940F6A3E9ED ] C:\Windows\System32\wbem\WmiDcPrv.dll
02:42:26.0788 3932 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
02:42:26.0788 3932 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
02:42:26.0788 3932 C:\Windows\System32\wbem\fastprox.dll - ok
02:42:26.0804 3932 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
02:42:26.0804 3932 C:\Windows\System32\ntdsapi.dll - ok
02:42:26.0804 3932 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
02:42:26.0804 3932 C:\Windows\System32\wbem\wbemprox.dll - ok
02:42:26.0804 3932 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
02:42:26.0804 3932 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
02:42:26.0820 3932 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
02:42:26.0820 3932 C:\Windows\System32\SensApi.dll - ok
02:42:26.0820 3932 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
02:42:26.0820 3932 C:\Windows\System32\wer.dll - ok
02:42:26.0820 3932 [ 3B9665D4B8C587A6014B9B8DFF5974A0 ] C:\Windows\System32\wbem\wbemcore.dll
02:42:26.0820 3932 C:\Windows\System32\wbem\wbemcore.dll - ok
02:42:26.0835 3932 [ 66C5255881F6F37F5CB22B9C9C777662 ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
02:42:26.0835 3932 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
02:42:26.0835 3932 [ 8CD2A697B18069A62A035E756E51E934 ] C:\Windows\System32\SearchIndexer.exe
02:42:26.0835 3932 C:\Windows\System32\SearchIndexer.exe - ok
02:42:26.0851 3932 [ F8F532C7509C3238C9827BAE861A48D7 ] C:\Windows\System32\tquery.dll
02:42:26.0851 3932 C:\Windows\System32\tquery.dll - ok
02:42:26.0851 3932 [ CE07AF86AA72F4AE964239DE0DABE738 ] C:\Windows\System32\msxml3.dll
02:42:26.0851 3932 C:\Windows\System32\msxml3.dll - ok
02:42:26.0851 3932 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
02:42:26.0851 3932 C:\Windows\System32\wbem\esscli.dll - ok
02:42:26.0866 3932 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
02:42:26.0866 3932 C:\Windows\System32\wbem\wbemsvc.dll - ok
02:42:26.0866 3932 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
02:42:26.0866 3932 C:\Windows\System32\wbem\wmiutils.dll - ok
02:42:26.0866 3932 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
02:42:26.0866 3932 C:\Windows\System32\wbem\repdrvfs.dll - ok
02:42:26.0882 3932 [ BA4A19DE93FBDFE6DB5F0EBC99732A06 ] C:\Windows\System32\mssrch.dll
02:42:26.0882 3932 C:\Windows\System32\mssrch.dll - ok
02:42:26.0882 3932 [ 2C64AF297F12582BD95D7D94C18E464C ] C:\Windows\System32\esent.dll
02:42:26.0882 3932 C:\Windows\System32\esent.dll - ok
02:42:26.0882 3932 [ 2A46FFE841EC43001D5A293A54DB34DE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
02:42:26.0882 3932 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
02:42:26.0898 3932 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
02:42:26.0898 3932 C:\Windows\System32\dssenh.dll - ok
02:42:26.0898 3932 [ F8E058D17363EC580E4B7232778B6CB5 ] C:\Windows\System32\iphlpsvc.dll
02:42:26.0898 3932 C:\Windows\System32\iphlpsvc.dll - ok
02:42:26.0913 3932 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
02:42:26.0913 3932 C:\Windows\System32\msidle.dll - ok
02:42:26.0913 3932 [ 5D480B145E39230352AFB0007C3D3DEA ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe
02:42:26.0913 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe - ok
02:42:26.0913 3932 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] C:\Windows\System32\drivers\srv2.sys
02:42:26.0913 3932 C:\Windows\System32\drivers\srv2.sys - ok
02:42:26.0929 3932 [ 48A6CA43A5C921C465F70D9B42B3EF1A ] C:\Windows\System32\sqmapi.dll
02:42:26.0929 3932 C:\Windows\System32\sqmapi.dll - ok
02:42:26.0929 3932 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
02:42:26.0929 3932 C:\Windows\System32\wdscore.dll - ok
02:42:26.0929 3932 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
02:42:26.0929 3932 C:\Windows\System32\en-US\tquery.dll.mui - ok
02:42:26.0944 3932 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
02:42:26.0944 3932 C:\Windows\System32\hnetcfg.dll - ok
02:42:26.0944 3932 [ 6E03C9E362389A768E6C240933352D11 ] C:\Windows\System32\nci.dll
02:42:26.0944 3932 C:\Windows\System32\nci.dll - ok
02:42:26.0944 3932 [ 7EC8BABB7616872D4E7DCD7BC814EA42 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPac_64x.dll
02:42:26.0944 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPac_64x.dll - ok
02:42:26.0960 3932 [ 25E985CB28DFE1157FD31393E4A9AA78 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmSock_64x.dll
02:42:26.0960 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmSock_64x.dll - ok
02:42:26.0960 3932 [ CF73C101F1F2B9E90F2CD7A7EFB88795 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\libNetCtrl_64x.dll
02:42:26.0960 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\libNetCtrl_64x.dll - ok
02:42:26.0976 3932 [ 573F620B748E31CB183D2272E27A9FC7 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\loadhttp_64x.dll
02:42:26.0976 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\loadhttp_64x.dll - ok
02:42:26.0976 3932 [ 8C3A58563E9B6030EDDBC2CDF960A50D ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccWFWMo_64x.dll
02:42:26.0976 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccWFWMo_64x.dll - ok
02:42:26.0976 3932 [ C8776B7DACE845F338B563C8B418FAD1 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListenShare_64x.dll
02:42:26.0976 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListenShare_64x.dll - ok
02:42:26.0991 3932 [ 8F25D1D4E9E6A554BEEAE75FB2758C08 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\libTmCAV_64x.dll
02:42:26.0991 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\libTmCAV_64x.dll - ok
02:42:26.0991 3932 [ 022B84EE7BA50ED19399983E0B38E1FC ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\OfcPfwCommon_64x.dll
02:42:26.0991 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\OfcPfwCommon_64x.dll - ok
02:42:26.0991 3932 [ 874F87700FA146FBE860EB5A10DEF7F4 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\Pwd_64x.dll
02:42:26.0991 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\Pwd_64x.dll - ok
02:42:27.0007 3932 [ F8541AA8AAE041AD1D22CE1EA79D9F7E ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen_64x.dll
02:42:27.0007 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen_64x.dll - ok
02:42:27.0007 3932 [ DD91E4C7D445C31682EBDD22E732D93D ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\zlibwapi.dll
02:42:27.0007 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\zlibwapi.dll - ok
02:42:27.0022 3932 [ 011F0B067E47612F57C4ECE377D9C9DF ] C:\Windows\System32\activeds.dll
02:42:27.0022 3932 C:\Windows\System32\activeds.dll - ok
02:42:27.0022 3932 [ 05F620B4B2E7DEB9409C0C6A4FEDD2A4 ] C:\Windows\System32\adsldpc.dll
02:42:27.0022 3932 C:\Windows\System32\adsldpc.dll - ok
02:42:27.0022 3932 [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll
02:42:27.0022 3932 C:\Windows\System32\security.dll - ok
02:42:27.0038 3932 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] C:\Windows\System32\drivers\srv.sys
02:42:27.0038 3932 C:\Windows\System32\drivers\srv.sys - ok
02:42:27.0038 3932 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
02:42:27.0038 3932 C:\Windows\System32\winrnr.dll - ok
02:42:27.0038 3932 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
02:42:27.0038 3932 C:\Windows\System32\NapiNSP.dll - ok
02:42:27.0054 3932 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
02:42:27.0054 3932 C:\Windows\System32\pnrpnsp.dll - ok
02:42:27.0054 3932 [ 3E1CE821369DE39E9FFB2E4AEF74840F ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\Tmupdate64.dll
02:42:27.0054 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\Tmupdate64.dll - ok
02:42:27.0054 3932 [ E3E2E9A96E6BA95D0CF0F026C7B18654 ] C:\Windows\System32\wshbth.dll
02:42:27.0054 3932 C:\Windows\System32\wshbth.dll - ok
02:42:27.0069 3932 [ 81F1D04D4D0E433099365127375FD501 ] C:\Windows\System32\srvsvc.dll
02:42:27.0069 3932 C:\Windows\System32\srvsvc.dll - ok
02:42:27.0069 3932 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
02:42:27.0069 3932 C:\Windows\System32\drprov.dll - ok
02:42:27.0069 3932 [ 7273921B6DDFEFF3A8567B9800C5673A ] C:\Windows\System32\ntlanman.dll
02:42:27.0069 3932 C:\Windows\System32\ntlanman.dll - ok
02:42:27.0085 3932 [ 6B054C67AAA87843504E8E3C09102009 ] C:\Windows\System32\browser.dll
02:42:27.0085 3932 C:\Windows\System32\browser.dll - ok
02:42:27.0085 3932 [ 4EAE37133B78A26A84EA1649D9B21A1E ] C:\Windows\System32\clusapi.dll
02:42:27.0085 3932 C:\Windows\System32\clusapi.dll - ok
02:42:27.0100 3932 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
02:42:27.0100 3932 C:\Windows\System32\netmsg.dll - ok
02:42:27.0100 3932 [ 836892094209E5D9CF403B4CF2829B5C ] C:\Windows\System32\sscore.dll
02:42:27.0100 3932 C:\Windows\System32\sscore.dll - ok
02:42:27.0100 3932 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
02:42:27.0100 3932 C:\Windows\System32\resutils.dll - ok
02:42:27.0116 3932 [ 73A1430ABA9119A2C25892EF9C3CB7A1 ] C:\Windows\System32\davclnt.dll
02:42:27.0116 3932 C:\Windows\System32\davclnt.dll - ok
02:42:27.0116 3932 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
02:42:27.0116 3932 C:\Windows\System32\davhlpr.dll - ok
02:42:27.0116 3932 [ 1369DF1AA12A11876B41627099923EDB ] C:\Windows\System32\dfscli.dll
02:42:27.0116 3932 C:\Windows\System32\dfscli.dll - ok
02:42:27.0132 3932 [ B079C2629E54EF8C82F3644CE6C9BFFC ] C:\Windows\System32\adsldp.dll
02:42:27.0132 3932 C:\Windows\System32\adsldp.dll - ok
02:42:27.0132 3932 [ 114429A77D935053E13A9BF98A8B8CA1 ] C:\Windows\System32\mprapi.dll
02:42:27.0132 3932 C:\Windows\System32\mprapi.dll - ok
02:42:27.0132 3932 [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
02:42:27.0132 3932 C:\Windows\System32\mprmsg.dll - ok
02:42:27.0147 3932 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
02:42:27.0147 3932 C:\Windows\System32\ndiscapCfg.dll - ok
02:42:27.0147 3932 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
02:42:27.0147 3932 C:\Windows\System32\rascfg.dll - ok
02:42:27.0147 3932 [ 1FCD619D8542A248D4E1FF72FFB0E56B ] C:\Windows\System32\tcpipcfg.dll
02:42:27.0147 3932 C:\Windows\System32\tcpipcfg.dll - ok
02:42:27.0163 3932 [ D891293880F2F00AB7BA959910300EF7 ] C:\Windows\System32\diagperf.dll
02:42:27.0163 3932 C:\Windows\System32\diagperf.dll - ok
02:42:27.0163 3932 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
02:42:27.0163 3932 C:\Windows\System32\npmproxy.dll - ok
02:42:27.0163 3932 [ BDDCD13F341CBA21775FF66A5C27F59E ] C:\Windows\System32\SearchProtocolHost.exe
02:42:27.0163 3932 C:\Windows\System32\SearchProtocolHost.exe - ok
02:42:27.0178 3932 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
02:42:27.0178 3932 C:\Windows\System32\perftrack.dll - ok
02:42:27.0178 3932 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
02:42:27.0178 3932 C:\Windows\System32\msshooks.dll - ok
02:42:27.0194 3932 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
02:42:27.0194 3932 C:\Windows\System32\pnpts.dll - ok
02:42:27.0194 3932 [ 65AF044B5570D355124DCD1E099AA98F ] C:\Windows\System32\wdiasqmmodule.dll
02:42:27.0194 3932 C:\Windows\System32\wdiasqmmodule.dll - ok
02:42:27.0194 3932 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
02:42:27.0194 3932 C:\Windows\System32\radardt.dll - ok
02:42:27.0210 3932 [ D065BE66822847B7F127D1F90158376E ] C:\Windows\System32\appinfo.dll
02:42:27.0288 3932 C:\Windows\System32\appinfo.dll - ok
02:42:27.0303 3932 [ 2E57DDF2880A7E52E76F41C7E96D327B ] C:\Windows\System32\wpdbusenum.dll
02:42:27.0303 3932 C:\Windows\System32\wpdbusenum.dll - ok
02:42:27.0303 3932 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
02:42:27.0303 3932 C:\Windows\System32\Apphlpdm.dll - ok
02:42:27.0319 3932 [ 5DA7D8934F7AB0884A6A8FC02E8B2AA7 ] C:\Windows\System32\PortableDeviceApi.dll
02:42:27.0319 3932 C:\Windows\System32\PortableDeviceApi.dll - ok
02:42:27.0319 3932 [ F024058C391B99397EC3CCF6F77B7189 ] C:\Windows\System32\SearchFilterHost.exe
02:42:27.0319 3932 C:\Windows\System32\SearchFilterHost.exe - ok
02:42:27.0334 3932 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
02:42:27.0334 3932 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
02:42:27.0334 3932 [ 72AB6633E9B39EC7FEBEDF083A9061E5 ] C:\Windows\System32\mscoree.dll
02:42:27.0334 3932 C:\Windows\System32\mscoree.dll - ok
02:42:27.0334 3932 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
02:42:27.0334 3932 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
02:42:27.0350 3932 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] C:\Windows\System32\IPSECSVC.DLL
02:42:27.0350 3932 C:\Windows\System32\IPSECSVC.DLL - ok
02:42:27.0350 3932 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
02:42:27.0350 3932 C:\Windows\System32\dimsjob.dll - ok
02:42:27.0350 3932 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
02:42:27.0350 3932 C:\Windows\System32\FwRemoteSvr.dll - ok
02:42:27.0366 3932 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
02:42:27.0366 3932 C:\Windows\System32\mssprxy.dll - ok
02:42:27.0366 3932 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
02:42:27.0366 3932 C:\Windows\System32\pautoenr.dll - ok
02:42:27.0366 3932 [ AAA6D0DF7356BBA706BD67385A103AAB ] C:\Windows\System32\certcli.dll
02:42:27.0366 3932 C:\Windows\System32\certcli.dll - ok
02:42:27.0381 3932 [ 522BD073F617060AFCB9CC5707778DB1 ] C:\Windows\System32\CertEnroll.dll
02:42:27.0381 3932 C:\Windows\System32\CertEnroll.dll - ok
02:42:27.0381 3932 [ 6AB6D4DF10EC784CF4A66CBFAF417A11 ] C:\Windows\System32\runonce.exe
02:42:27.0381 3932 C:\Windows\System32\runonce.exe - ok
02:42:27.0397 3932 [ 4ECE12D296ED94CA2C7DD6C383A5AB66 ] C:\Windows\System32\ieframe.dll
02:42:27.0397 3932 C:\Windows\System32\ieframe.dll - ok
02:42:27.0397 3932 [ 169F916EFEAA44487E65305B7D2D754B ] C:\Windows\SysWOW64\runonce.exe
02:42:27.0397 3932 C:\Windows\SysWOW64\runonce.exe - ok
02:42:27.0397 3932 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
02:42:27.0397 3932 C:\Windows\SysWOW64\uxtheme.dll - ok
02:42:27.0412 3932 [ 26EAEE08CAF82AA7F03C5020F51DA541 ] C:\Windows\SysWOW64\propsys.dll
02:42:27.0412 3932 C:\Windows\SysWOW64\propsys.dll - ok
02:42:27.0412 3932 [ 41323AB614A2B66AD77B1121D24AC895 ] C:\Windows\SysWOW64\setupapi.dll
02:42:27.0412 3932 C:\Windows\SysWOW64\setupapi.dll - ok
02:42:27.0412 3932 [ E702ED19C332C1F12C1403D100E2F4F3 ] C:\Windows\SysWOW64\cfgmgr32.dll
02:42:27.0412 3932 C:\Windows\SysWOW64\cfgmgr32.dll - ok
02:42:27.0428 3932 [ 6C9C05D5344B9AB80E9180FC859BC45A ] C:\Windows\SysWOW64\devobj.dll
02:42:27.0428 3932 C:\Windows\SysWOW64\devobj.dll - ok
02:42:27.0428 3932 [ 30DB64D316F502558DB2380F7343C9FD ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
02:42:27.0428 3932 C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll - ok
02:42:27.0428 3932 [ 21944742863E38DBB88909981F21B575 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmfbeng.dll
02:42:27.0428 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmfbeng.dll - ok
02:42:27.0444 3932 [ 207204AF80505AF51271FE164B56F662 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.dll
02:42:27.0444 3932 C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.dll - ok
02:42:27.0444 3932 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
02:42:27.0444 3932 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
02:42:27.0459 3932 [ 30EFEBDC960A482E3E188B9960B286E2 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.dll
02:42:27.0459 3932 C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.dll - ok
02:42:27.0459 3932 [ D5E459BED3DB9CF7FC6CC1455F177D2D ] C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.dll
02:42:27.0459 3932 C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.dll - ok
02:42:27.0459 3932 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
02:42:27.0459 3932 C:\Windows\SysWOW64\msimg32.dll - ok
02:42:27.0475 3932 [ AF28348ED585539C4A33A4341FF23696 ] C:\Windows\System32\oleacc.dll
02:42:27.0475 3932 C:\Windows\System32\oleacc.dll - ok
02:42:27.0475 3932 [ D8C2B95BC2353E1F18850D6B8F5DBA13 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
02:42:27.0475 3932 C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll - ok
02:42:27.0475 3932 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
02:42:27.0475 3932 C:\Windows\System32\mlang.dll - ok
02:42:27.0490 3932 [ 533AECD1B5356870AE2D905B4D3B42B7 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMisc.dll
02:42:27.0490 3932 C:\Program Files (x86)\Microsoft Office\Office12\GrooveMisc.dll - ok
02:42:27.0490 3932 [ 00D1F89836927C0F2E37321E6B441FCE ] C:\Windows\SysWOW64\msxml3.dll
02:42:27.0490 3932 C:\Windows\SysWOW64\msxml3.dll - ok
02:42:27.0506 3932 [ 6CC10D9FD128069DBFE476222F097616 ] C:\Windows\SysWOW64\secur32.dll
02:42:27.0506 3932 C:\Windows\SysWOW64\secur32.dll - ok
02:42:27.0506 3932 [ 8AE6DD9A6D246004DA047F704F0CC487 ] C:\Windows\SysWOW64\cmd.exe
02:42:27.0506 3932 C:\Windows\SysWOW64\cmd.exe - ok
02:42:27.0506 3932 [ F0D1646162FB07476CCCF62EDB034B8B ] C:\Windows\System32\conhost.exe
02:42:27.0506 3932 C:\Windows\System32\conhost.exe - ok
02:42:27.0506 3932 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
02:42:27.0506 3932 C:\Windows\SysWOW64\winbrand.dll - ok
02:42:27.0522 3932 [ 0BA3F31E2B4D8D99DF8DD19E81155374 ] C:\Windows\SysWOW64\ieframe.dll
02:42:27.0522 3932 C:\Windows\SysWOW64\ieframe.dll - ok
02:42:27.0522 3932 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
02:42:27.0522 3932 C:\Windows\System32\aelupsvc.dll - ok
02:42:27.0537 3932 [ 4D59A5B6EF0AF6F9FDF3D157534380AF ] C:\Windows\SysWOW64\oleacc.dll
02:42:27.0537 3932 C:\Windows\SysWOW64\oleacc.dll - ok
02:42:27.0537 3932 [ E07B77C3BDC82A024E294FB67ABFEDA0 ] C:\Windows\SysWOW64\shdocvw.dll
02:42:27.0537 3932 C:\Windows\SysWOW64\shdocvw.dll - ok
02:42:27.0537 3932 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Ristin\AppData\Local\Temp\589C6358-6C82-4C62-8D3C-9DD55DE98ABD.exe
02:42:27.0537 3932 C:\Users\Ristin\AppData\Local\Temp\589C6358-6C82-4C62-8D3C-9DD55DE98ABD.exe - ok
02:42:27.0553 3932 [ 708D7CB043D172A35EDBB5AD27FAAEBD ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\OfcTmProxy_64x.dll
02:42:27.0553 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\OfcTmProxy_64x.dll - ok
02:42:27.0553 3932 [ 3989BB6998C32753FDD5493879C1835A ] C:\Windows\SysWOW64\ncrypt.dll
02:42:27.0553 3932 C:\Windows\SysWOW64\ncrypt.dll - ok
02:42:27.0553 3932 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
02:42:27.0553 3932 C:\Windows\SysWOW64\bcrypt.dll - ok
02:42:27.0568 3932 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
02:42:27.0568 3932 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
02:42:27.0568 3932 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
02:42:27.0568 3932 C:\Windows\SysWOW64\gpapi.dll - ok
02:42:27.0568 3932 [ 506C4E1324ABE11CEC172569F5DDAB06 ] C:\Windows\SysWOW64\cryptnet.dll
02:42:27.0568 3932 C:\Windows\SysWOW64\cryptnet.dll - ok
02:42:27.0584 3932 [ 6AE9C8C978092A7FC8262B477E2E0E2A ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.dll
02:42:27.0584 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.dll - ok
02:42:27.0584 3932 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
02:42:27.0584 3932 C:\Windows\SysWOW64\SensApi.dll - ok
02:42:27.0584 3932 [ 82BC97E5793DEF69691AAD5AB953A200 ] C:\Windows\System32\wbem\WmiPrvSD.dll
02:42:27.0584 3932 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
02:42:27.0600 3932 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
02:42:27.0600 3932 C:\Windows\System32\ncobjapi.dll - ok
02:42:27.0600 3932 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
02:42:27.0600 3932 C:\Windows\System32\wbem\wbemess.dll - ok
02:42:27.0615 3932 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
02:42:27.0615 3932 C:\Windows\SysWOW64\dwmapi.dll - ok
02:42:27.0615 3932 [ 691C8DFB208227F0CBB5C0897C742ACE ] C:\Windows\SysWOW64\WindowsCodecs.dll
02:42:27.0615 3932 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
02:42:27.0615 3932 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
02:42:27.0615 3932 C:\Windows\SysWOW64\EhStorShell.dll - ok
02:42:27.0631 3932 [ D3EAD1CF16BA729A7F7C9A5D94AA7C05 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
02:42:27.0631 3932 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll - ok
02:42:27.0631 3932 [ 9141FE8D904CE682A3BDCFAE96BB04EF ] C:\Windows\SysWOW64\ntshrui.dll
02:42:27.0631 3932 C:\Windows\SysWOW64\ntshrui.dll - ok
02:42:27.0631 3932 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
02:42:27.0631 3932 C:\Windows\SysWOW64\slc.dll - ok
02:42:27.0646 3932 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
02:42:27.0646 3932 C:\Windows\SysWOW64\imageres.dll - ok
02:42:27.0646 3932 [ 0BC1C6B1648882013E3AE864614B0E7F ] C:\PROGRA~2\TRENDM~1\OFFICE~1\tmufeng.dll
02:42:27.0646 3932 C:\PROGRA~2\TRENDM~1\OFFICE~1\tmufeng.dll - ok
02:42:27.0662 3932 [ 2CE5D92D8989FB0047B7A3CDCAEB58AA ] C:\PROGRA~2\TRENDM~1\OFFICE~1\TmpxCfg.dll
02:42:27.0662 3932 C:\PROGRA~2\TRENDM~1\OFFICE~1\TmpxCfg.dll - ok
02:42:27.0662 3932 [ 5AABB156E7971807247CDFC2A56E82E8 ] C:\PROGRA~2\TRENDM~1\OFFICE~1\tmaseng.dll
02:42:27.0662 3932 C:\PROGRA~2\TRENDM~1\OFFICE~1\tmaseng.dll - ok
02:42:27.0662 3932 [ 62388E0FF356014FE80FF7F12D93C8A3 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmtdi.sys
02:42:27.0662 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmtdi.sys - ok
02:42:27.0678 3932 [ 8474F46BA5DF97EEE04297BE69AEBBCE ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll
02:42:27.0678 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll - ok
02:42:27.0678 3932 [ 85409DCE247D97E4D6958B7C5916BE4A ] C:\Windows\System32\wscapi.dll
02:42:27.0678 3932 C:\Windows\System32\wscapi.dll - ok
02:42:27.0678 3932 [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
02:42:27.0678 3932 C:\Windows\System32\wscisvif.dll - ok
02:42:27.0693 3932 [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
02:42:27.0693 3932 C:\Windows\System32\wscproxystub.dll - ok
02:42:27.0693 3932 [ 252EB19B725603F8E8E044E438899B75 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
02:42:27.0693 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe - ok
02:42:27.0693 3932 [ C76B330CC3D1EB5E56091873255244E6 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\TMBMCLI.dll
02:42:27.0693 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TMBMCLI.dll - ok
02:42:27.0709 3932 [ BF638AC103B671A104D8E7CDBD92C587 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmEngDrv.dll
02:42:27.0709 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmEngDrv.dll - ok
02:42:27.0709 3932 [ B9EB6000ED4C25A96DF359D7AF1592AF ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\TMBMSRV.exe
02:42:27.0709 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TMBMSRV.exe - ok
02:42:27.0724 3932 [ 6A0F7F5A32587FDA9D6E097DB2DCEED9 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\ssapi64.dll
02:42:27.0724 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\ssapi64.dll - ok
02:42:27.0724 3932 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
02:42:27.0724 3932 C:\Windows\System32\shfolder.dll - ok
02:42:27.0724 3932 [ 84827B0DCC0A535DB6CB0FC2FADFE38E ] C:\Windows\System32\occache.dll
02:42:27.0724 3932 C:\Windows\System32\occache.dll - ok
02:42:27.0740 3932 [ B55961FC9C78290F89538B4F932525B4 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
02:42:27.0740 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe - ok
02:42:27.0740 3932 [ 1DA1D5F99765E6601860EDB25A6228CC ] C:\PROGRA~2\TRENDM~1\OFFICE~1\TmpxHelp.dll
02:42:27.0740 3932 C:\PROGRA~2\TRENDM~1\OFFICE~1\TmpxHelp.dll - ok
02:42:27.0740 3932 [ 1005E40242152FC7DB9A1CA078087FF0 ] C:\PROGRA~2\TRENDM~1\OFFICE~1\tmtdi.dll
02:42:27.0740 3932 C:\PROGRA~2\TRENDM~1\OFFICE~1\tmtdi.dll - ok
02:42:27.0756 3932 [ F566B3E6D6416B9A9865C0E890F36007 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmpxHash.dll
02:42:27.0756 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmpxHash.dll - ok
02:42:27.0756 3932 [ 062364CFEF171022CF12C3E51098474D ] C:\PROGRA~2\TRENDM~1\OFFICE~1\TmsmHttp.dll
02:42:27.0756 3932 C:\PROGRA~2\TRENDM~1\OFFICE~1\TmsmHttp.dll - ok
02:42:27.0771 3932 [ D41803C335E604A4B45FFFC49190DD13 ] C:\PROGRA~2\TRENDM~1\OFFICE~1\TmpeVS.dll
02:42:27.0771 3932 C:\PROGRA~2\TRENDM~1\OFFICE~1\TmpeVS.dll - ok
02:42:27.0771 3932 [ 7FA5D35034C250F3EF46EF55FF65892E ] C:\PROGRA~2\TRENDM~1\OFFICE~1\TmpeUrlF.dll
02:42:27.0771 3932 C:\PROGRA~2\TRENDM~1\OFFICE~1\TmpeUrlF.dll - ok
02:42:27.0771 3932 [ 3C92F8A3BDCCDFAE9EF25C2F490E0B6D ] C:\PROGRA~2\TRENDM~1\OFFICE~1\TmphHttp.dll
02:42:27.0771 3932 C:\PROGRA~2\TRENDM~1\OFFICE~1\TmphHttp.dll - ok
02:42:27.0787 3932 [ 9D77E8A2EE92E9DAFAC88DEFCF6D777D ] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
02:42:27.0787 3932 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe - ok
02:42:27.0787 3932 [ ADB67488447D0FF271355A4451ED6C73 ] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSParts.dll
02:42:27.0787 3932 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSParts.dll - ok
02:42:27.0787 3932 [ 26A634B2E0FD87F23541AD13A503CA72 ] C:\Windows\SysWOW64\winmm.dll
02:42:27.0787 3932 C:\Windows\SysWOW64\winmm.dll - ok
02:42:27.0802 3932 [ C7F070BDD9700BD4A482401334D3488E ] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSAPI.dll
02:42:27.0802 3932 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSAPI.dll - ok
02:42:27.0802 3932 [ 995DFC3B647849E31942E13FA2017B11 ] C:\Program Files (x86)\TOSHIBA\ConfigFree\CFWlApi.dll
02:42:27.0802 3932 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFWlApi.dll - ok
02:42:27.0802 3932 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\SysWOW64\wlanapi.dll
02:42:27.0802 3932 C:\Windows\SysWOW64\wlanapi.dll - ok
02:42:27.0818 3932 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\SysWOW64\wlanutil.dll
02:42:27.0818 3932 C:\Windows\SysWOW64\wlanutil.dll - ok
02:42:27.0818 3932 [ 1F5AFD468EB5E09E9ED75A087529EAB5 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
02:42:27.0818 3932 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
02:42:27.0818 3932 [ 61E02CC3184B63FAFE0B83EAC8B3B8EF ] C:\Windows\SysWOW64\winspool.drv
02:42:27.0818 3932 C:\Windows\SysWOW64\winspool.drv - ok
02:42:27.0834 3932 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
02:42:27.0834 3932 C:\Windows\SysWOW64\rasapi32.dll - ok
02:42:27.0834 3932 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
02:42:27.0834 3932 C:\Windows\SysWOW64\rasman.dll - ok
02:42:27.0849 3932 [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\SysWOW64\rasdlg.dll
02:42:27.0849 3932 C:\Windows\SysWOW64\rasdlg.dll - ok
02:42:27.0849 3932 [ DAAE8A9B8C0ACC7F858454132553C30D ] C:\Windows\SysWOW64\ws2_32.dll
02:42:27.0849 3932 C:\Windows\SysWOW64\ws2_32.dll - ok
02:42:27.0849 3932 [ E8D0FA821AAA7DF5EE42E1AA4D7E4193 ] C:\Windows\SysWOW64\mprapi.dll
02:42:27.0849 3932 C:\Windows\SysWOW64\mprapi.dll - ok
02:42:27.0865 3932 [ 406F7B9C71B99872670EE9A8D52E2FE5 ] C:\Windows\SysWOW64\rtutils.dll
02:42:27.0865 3932 C:\Windows\SysWOW64\rtutils.dll - ok
02:42:27.0865 3932 [ 15936A348676D246A41A4781E6A34692 ] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSMUI.dll
02:42:27.0865 3932 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSMUI.dll - ok
02:42:27.0865 3932 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll
02:42:27.0865 3932 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll - ok
02:42:27.0880 3932 [ A223CF703E28CBD7E9E7982141FA403C ] C:\Windows\SysWOW64\comdlg32.dll
02:42:27.0880 3932 C:\Windows\SysWOW64\comdlg32.dll - ok
02:42:27.0880 3932 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
02:42:27.0880 3932 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
02:42:27.0880 3932 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
02:42:27.0880 3932 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
02:42:27.0896 3932 [ 96F3F676B4D0DF4DA9C4081358C4662F ] C:\Windows\SysWOW64\wbemcomn.dll
02:42:27.0896 3932 C:\Windows\SysWOW64\wbemcomn.dll - ok
02:42:27.0896 3932 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
02:42:27.0896 3932 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
02:42:27.0912 3932 [ 1CEDFE91F527858CACA1B08B04666BC0 ] C:\Windows\SysWOW64\wbem\fastprox.dll
02:42:27.0912 3932 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
02:42:27.0912 3932 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
02:42:27.0912 3932 C:\Windows\SysWOW64\ntdsapi.dll - ok
02:42:27.0912 3932 [ 64D757051B5B273E55C93E4503EA4F3E ] C:\Windows\System32\wbem\WmiPrvSE.exe
02:42:27.0912 3932 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
02:42:27.0927 3932 [ EE24C42561D40F7AD7C2A7A460287090 ] C:\Windows\System32\wbem\cimwin32.dll
02:42:27.0927 3932 C:\Windows\System32\wbem\cimwin32.dll - ok
02:42:27.0927 3932 [ 5D89D063A4CB036C258685C8E057E768 ] C:\Windows\System32\framedynos.dll
02:42:27.0927 3932 C:\Windows\System32\framedynos.dll - ok
02:42:27.0927 3932 [ 76DC9F4FE66BC3867615F142766B4C50 ] C:\Windows\System32\wmi.dll
02:42:27.0927 3932 C:\Windows\System32\wmi.dll - ok
02:42:27.0943 3932 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
02:42:27.0943 3932 C:\Windows\SysWOW64\sfc.dll - ok
02:42:27.0943 3932 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
02:42:27.0943 3932 C:\Windows\SysWOW64\sfc_os.dll - ok
02:42:27.0943 3932 [ 11CDF138552BFEC115B60ED6DC3ACEB6 ] C:\Windows\SysWOW64\devrtl.dll
02:42:27.0943 3932 C:\Windows\SysWOW64\devrtl.dll - ok
02:42:27.0958 3932 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
02:42:27.0958 3932 C:\Windows\SysWOW64\mpr.dll - ok
02:42:27.0958 3932 [ CC9BBCFC715FBEDF7AE476106FE653E9 ] C:\Windows\SysWOW64\winhttp.dll
02:42:27.0958 3932 C:\Windows\SysWOW64\winhttp.dll - ok
02:42:27.0958 3932 [ A86A1C5DF1C662D1C75815BF4794F16D ] C:\Windows\SysWOW64\webio.dll
02:42:27.0958 3932 C:\Windows\SysWOW64\webio.dll - ok
02:42:27.0974 3932 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
02:42:27.0974 3932 C:\Windows\System32\ie4uinit.exe - ok
02:42:27.0974 3932 [ 18245DC72B65D488A8B2D75A8FE088EA ] C:\Windows\System32\timedate.cpl
02:42:27.0974 3932 C:\Windows\System32\timedate.cpl - ok
02:42:27.0990 3932 [ 1E4BDDBD5A63059A97063339B4F8986F ] C:\Windows\System32\actxprxy.dll
02:42:27.0990 3932 C:\Windows\System32\actxprxy.dll - ok
02:42:27.0990 3932 [ FBE8EBF528DC49B3DEB186CA9545D97E ] C:\Windows\System32\shdocvw.dll
02:42:27.0990 3932 C:\Windows\System32\shdocvw.dll - ok
02:42:27.0990 3932 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
02:42:27.0990 3932 C:\Windows\System32\linkinfo.dll - ok
02:42:28.0005 3932 [ E6DD15E668DAF0A02470CF551B0A0105 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
02:42:28.0005 3932 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
02:42:28.0005 3932 [ 46EDD0A6B42BA5D2044FA0909BE4BE95 ] C:\Windows\System32\msftedit.dll
02:42:28.0005 3932 C:\Windows\System32\msftedit.dll - ok
02:42:28.0005 3932 [ BF591B5C2CC38314518467E883AE37C5 ] C:\Windows\SysWOW64\credssp.dll
02:42:28.0005 3932 C:\Windows\SysWOW64\credssp.dll - ok
02:42:28.0021 3932 [ 11A41F17527ED75D6B758FDD7F4FD00D ] C:\Windows\SysWOW64\mswsock.dll
02:42:28.0021 3932 C:\Windows\SysWOW64\mswsock.dll - ok
02:42:28.0021 3932 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
02:42:28.0021 3932 C:\Windows\SysWOW64\wship6.dll - ok
02:42:28.0021 3932 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
02:42:28.0021 3932 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
02:42:28.0036 3932 [ 62390F4ACE9E2B63E3CA26B7F7497897 ] C:\Windows\SysWOW64\dnsapi.dll
02:42:28.0036 3932 C:\Windows\SysWOW64\dnsapi.dll - ok
02:42:28.0036 3932 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
02:42:28.0036 3932 C:\Windows\System32\msls31.dll - ok
02:42:28.0036 3932 [ 17A7998CB5DA92020A291B85FF7B3681 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
02:42:28.0036 3932 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
02:42:28.0052 3932 [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
02:42:28.0052 3932 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
02:42:28.0052 3932 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
02:42:28.0052 3932 C:\Windows\SysWOW64\rasadhlp.dll - ok
02:42:28.0052 3932 [ 14F5C0DB4B2C47874D6C937A5A1B367C ] C:\Windows\System32\gameux.dll
02:42:28.0052 3932 C:\Windows\System32\gameux.dll - ok
02:42:28.0068 3932 [ 158117F3CF278F01C6F24E89E2141E81 ] C:\Windows\SysWOW64\FWPUCLNT.DLL
02:42:28.0068 3932 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
02:42:28.0068 3932 [ 8B93BAFF4B924ADBF1755132C8DC76D9 ] C:\Windows\System32\igfxtray.exe
02:42:28.0068 3932 C:\Windows\System32\igfxtray.exe - ok
02:42:28.0068 3932 [ DD76912E8D165C68659D9875256710A3 ] C:\Windows\System32\DeviceCenter.dll
02:42:28.0068 3932 C:\Windows\System32\DeviceCenter.dll - ok
02:42:28.0083 3932 [ CED06B680D7D34C636975C87B835033E ] C:\Windows\System32\hkcmd.exe
02:42:28.0083 3932 C:\Windows\System32\hkcmd.exe - ok
02:42:28.0083 3932 [ D680826B0C2412FF10F75D9F843016C1 ] C:\Windows\System32\igfxpers.exe
02:42:28.0083 3932 C:\Windows\System32\igfxpers.exe - ok
02:42:28.0099 3932 [ F468C806267D46B68DB7EB32FBF0A103 ] C:\Windows\System32\thumbcache.dll
02:42:28.0099 3932 C:\Windows\System32\thumbcache.dll - ok
02:42:28.0099 3932 [ 910AFE116ADE17C93E892C38452075F9 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
02:42:28.0099 3932 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - ok
02:42:28.0099 3932 [ 8BC7AE7E16458355508ECF5EC3A04E72 ] C:\Windows\System32\networkexplorer.dll
02:42:28.0099 3932 C:\Windows\System32\networkexplorer.dll - ok
02:42:28.0114 3932 [ E9097004922D4D57A9220433E4FE485B ] C:\Windows\System32\hccutils.dll
02:42:28.0114 3932 C:\Windows\System32\hccutils.dll - ok
02:42:28.0114 3932 [ C4CA084C01136236B7E296F41E4D943D ] C:\Windows\System32\igfxsrvc.exe
02:42:28.0114 3932 C:\Windows\System32\igfxsrvc.exe - ok
02:42:28.0114 3932 [ FCAE7ED173941270A7AB9E838074C072 ] C:\Windows\System32\igfxsrvc.dll
02:42:28.0114 3932 C:\Windows\System32\igfxsrvc.dll - ok
02:42:28.0130 3932 [ 25389C8387943751DABF6826A8B6D008 ] C:\Windows\System32\igfxdev.dll
02:42:28.0130 3932 C:\Windows\System32\igfxdev.dll - ok
02:42:28.0130 3932 [ DEC2AE60ADC0CC7B050ADAA8808C8796 ] C:\Windows\System32\igfxrenu.lrc
02:42:28.0130 3932 C:\Windows\System32\igfxrenu.lrc - ok
02:42:28.0130 3932 [ 1114015C1C59C6FAC501CD4E06FF0AD5 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
02:42:28.0130 3932 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
02:42:28.0146 3932 [ A728C8E3B8BF95E536D076A2B7C68653 ] C:\Windows\System32\igfxress.dll
02:42:28.0146 3932 C:\Windows\System32\igfxress.dll - ok
02:42:28.0146 3932 [ 3169497C4A93597AE7E2ED9F0A108063 ] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
02:42:28.0146 3932 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe - ok
02:42:28.0161 3932 [ 599EBE6C7EA52B5FF9603F203E8EC080 ] C:\Windows\System32\msi.dll
02:42:28.0161 3932 C:\Windows\System32\msi.dll - ok
02:42:28.0161 3932 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
02:42:28.0161 3932 C:\Windows\System32\msiltcfg.dll - ok
02:42:28.0161 3932 [ 52FF4F739A37C834C53977AA949C8DE7 ] C:\Windows\System32\SynCOM.dll
02:42:28.0161 3932 C:\Windows\System32\SynCOM.dll - ok
02:42:28.0177 3932 [ DAB0A2CCDCB846CCA56ADCDCB19FA57F ] C:\Windows\System32\SynTPAPI.dll
02:42:28.0177 3932 C:\Windows\System32\SynTPAPI.dll - ok
02:42:28.0177 3932 [ 0D9AC59CFBA1AF2910452DFCC491D3C9 ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
02:42:28.0177 3932 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
02:42:28.0177 3932 [ D32EE82DA63D39D337D5AEEA2928B1DE ] C:\Windows\System32\consent.exe
02:42:28.0177 3932 C:\Windows\System32\consent.exe - ok
02:42:28.0192 3932 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
02:42:28.0192 3932 C:\Windows\System32\msimg32.dll - ok
02:42:28.0192 3932 [ 30F9BACA07F8251D7DD1805A9E919CE0 ] C:\Windows\System32\wdmaud.drv
02:42:28.0192 3932 C:\Windows\System32\wdmaud.drv - ok
02:42:28.0192 3932 [ A62882F40163F1262808E380DB5FED69 ] C:\Program Files\TOSHIBA\TBS\HSON.exe
02:42:28.0192 3932 C:\Program Files\TOSHIBA\TBS\HSON.exe - ok
02:42:28.0208 3932 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
02:42:28.0208 3932 C:\Windows\System32\ksuser.dll - ok
02:42:28.0208 3932 [ 81D64E8D70E5FBF9F7ABF2D41154F54D ] C:\Windows\System32\AudioSes.dll
02:42:28.0208 3932 C:\Windows\System32\AudioSes.dll - ok
02:42:28.0208 3932 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
02:42:28.0208 3932 C:\Windows\System32\msacm32.dll - ok
02:42:28.0224 3932 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
02:42:28.0224 3932 C:\Windows\System32\msacm32.drv - ok
02:42:28.0224 3932 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
02:42:28.0224 3932 C:\Windows\System32\midimap.dll - ok
02:42:28.0239 3932 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
02:42:28.0239 3932 C:\Windows\System32\AudioEng.dll - ok
02:42:28.0239 3932 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
02:42:28.0239 3932 C:\Windows\System32\AUDIOKSE.dll - ok
02:42:28.0239 3932 [ D1B28927486DAA1AD226E1A4691EF3AD ] C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll
02:42:28.0239 3932 C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll - ok
02:42:28.0255 3932 [ 3A6C8001E421CE7794739510B5616AD1 ] C:\Windows\System32\RtkAPO64.dll
02:42:28.0255 3932 C:\Windows\System32\RtkAPO64.dll - ok
02:42:28.0255 3932 [ EE441911AC7F45FAA899E9A747E132E6 ] C:\Program Files\TOSHIBA\Power Saver\TCooling.dll
02:42:28.0255 3932 C:\Program Files\TOSHIBA\Power Saver\TCooling.dll - ok
02:42:28.0255 3932 [ 92575343489C25C791C44D1D23BA5C9C ] C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll
02:42:28.0255 3932 C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll - ok
02:42:28.0270 3932 [ 39EBE849C49A4DCA5264C48F96F68F49 ] C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll
02:42:28.0270 3932 C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll - ok
02:42:28.0270 3932 [ C812810009DA1C253CBDD937522567BF ] C:\Program Files\TOSHIBA\Power Saver\T1394Pwr.dll
02:42:28.0270 3932 C:\Program Files\TOSHIBA\Power Saver\T1394Pwr.dll - ok
02:42:28.0270 3932 [ 8862AB5887A4679BF868A315086C8A2A ] C:\Program Files\TOSHIBA\Power Saver\TKBLEDPwr.dll
02:42:28.0270 3932 C:\Program Files\TOSHIBA\Power Saver\TKBLEDPwr.dll - ok
02:42:28.0286 3932 [ 6AC68F9C5EA59E51B8610B7A5216DF73 ] C:\Program Files\TOSHIBA\Power Saver\TSDPwr.dll
02:42:28.0286 3932 C:\Program Files\TOSHIBA\Power Saver\TSDPwr.dll - ok
02:42:28.0286 3932 [ 7131E149F0DB0BB16AD17B93A63E01BF ] C:\Program Files\TOSHIBA\Power Saver\TPCIePwr.dll
02:42:28.0286 3932 C:\Program Files\TOSHIBA\Power Saver\TPCIePwr.dll - ok
02:42:28.0302 3932 [ 7577CACC4F6C07175062C03CD1B7B763 ] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
02:42:28.0302 3932 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe - ok
02:42:28.0302 3932 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
02:42:28.0302 3932 C:\Windows\System32\WMALFXGFXDSP.dll - ok
02:42:28.0302 3932 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
02:42:28.0302 3932 C:\Windows\System32\mfplat.dll - ok
02:42:28.0317 3932 [ EA169D84B21E90790778B300E7ED1B17 ] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
02:42:28.0317 3932 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe - ok
02:42:28.0317 3932 [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
02:42:28.0317 3932 C:\Windows\System32\dsound.dll - ok
02:42:28.0317 3932 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
02:42:28.0317 3932 C:\Windows\System32\oledlg.dll - ok
02:42:28.0333 3932 [ 29DEDCF40DD3137FD927DE4518DB737D ] C:\Windows\System32\RtkCfg64.dll
02:42:28.0333 3932 C:\Windows\System32\RtkCfg64.dll - ok
02:42:28.0333 3932 [ 747D5B7D8743FF77F646E084AEBA129A ] C:\Program Files\TOSHIBA\TECO\Teco.exe
02:42:28.0333 3932 C:\Program Files\TOSHIBA\TECO\Teco.exe - ok
02:42:28.0333 3932 [ 68F71973BB04E8E0D34068B206CB21AA ] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
02:42:28.0333 3932 C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe - ok
02:42:28.0348 3932 [ C60870CF129B03E214785368B56A07FE ] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
02:42:28.0348 3932 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe - ok
02:42:28.0348 3932 [ 815CBBBAC9F4D44081955ABBC9544930 ] C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe
02:42:28.0348 3932 C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe - ok
02:42:28.0348 3932 [ B051321EE9D0318DD07EBEBB2031612E ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
02:42:28.0348 3932 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe - ok
02:42:28.0364 3932 [ 8A07221789D46B2EA7DFCA2BC807572A ] C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
02:42:28.0364 3932 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe - ok
02:42:28.0364 3932 [ 3CA4ADDA47D97DDF412893F1D03EA6F6 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
02:42:28.0364 3932 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
02:42:28.0380 3932 [ EFD63099ED552D8B2410D78ECA4AA040 ] C:\Windows\System32\wpdshext.dll
02:42:28.0380 3932 C:\Windows\System32\wpdshext.dll - ok
02:42:28.0380 3932 [ 60CC15392FF14DCB9C29C69B3233741B ] C:\Windows\System32\stobject.dll
02:42:28.0380 3932 C:\Windows\System32\stobject.dll - ok
02:42:28.0380 3932 [ 86B6AC0FD2881B3D20B80F51C7152AE0 ] C:\Windows\System32\batmeter.dll
02:42:28.0380 3932 C:\Windows\System32\batmeter.dll - ok
02:42:28.0395 3932 [ D3C8C6B6DB123B0E51ECFFF0F6DF145E ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a7b48ad2929bc93362ec42cd4573f87\mscorlib.ni.dll
02:42:28.0395 3932 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\9a7b48ad2929bc93362ec42cd4573f87\mscorlib.ni.dll - ok
02:42:28.0395 3932 [ 24B1666FD14CC71C7B0679AC61625B90 ] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
02:42:28.0395 3932 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe - ok
02:42:28.0395 3932 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
02:42:28.0395 3932 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
02:42:28.0411 3932 [ 651F169718CC46C8A9264880C538D5FF ] C:\Windows\System32\prnfldr.dll
02:42:28.0411 3932 C:\Windows\System32\prnfldr.dll - ok
02:42:28.0411 3932 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
02:42:28.0411 3932 C:\Windows\SysWOW64\wsock32.dll - ok
02:42:28.0411 3932 [ 0470997A5ADC2FCDDCB3461D92073FAA ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\GdiPlus.dll
02:42:28.0411 3932 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\GdiPlus.dll - ok
02:42:28.0426 3932 [ 7808875797D50C46B7AB84B6A70F7869 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
02:42:28.0426 3932 C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe - ok
02:42:28.0426 3932 [ D56EFA2023BF17D457F9ACDAD5F14689 ] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
02:42:28.0426 3932 C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe - ok
02:42:28.0442 3932 [ E3242E77CDC1B5105F6A7A8560FED556 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
02:42:28.0442 3932 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe - ok
02:42:28.0442 3932 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
02:42:28.0442 3932 C:\Windows\SysWOW64\msacm32.dll - ok
02:42:28.0442 3932 [ 8019A904EBB6F8CFBA9E41A76A99604A ] C:\Windows\SysWOW64\wer.dll
02:42:28.0442 3932 C:\Windows\SysWOW64\wer.dll - ok
02:42:28.0458 3932 [ 913C2E4A03201644FC986EDEB5F8A390 ] C:\Windows\System32\DXP.dll
02:42:28.0458 3932 C:\Windows\System32\DXP.dll - ok
02:42:28.0458 3932 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
02:42:28.0458 3932 C:\Windows\System32\Syncreg.dll - ok
02:42:28.0473 3932 [ 45406FFD87F6BA4345B018E303A64FF1 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\wlidcli.dll
02:42:28.0473 3932 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\wlidcli.dll - ok
02:42:28.0473 3932 [ BDA67EA9720686A7D108F4E009C014BB ] C:\Program Files\TOSHIBA\FlashCards\TCrdEvnt.dll
02:42:28.0473 3932 C:\Program Files\TOSHIBA\FlashCards\TCrdEvnt.dll - ok
02:42:28.0473 3932 [ FCDB4831D6A25411760D78CA2F726726 ] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.dll
02:42:28.0473 3932 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.dll - ok
02:42:28.0489 3932 [ C099831A69B9E3C8384FA0163AFEF24A ] C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
02:42:28.0489 3932 C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll - ok
02:42:28.0489 3932 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
02:42:28.0489 3932 C:\Windows\ehome\ehSSO.dll - ok
02:42:28.0489 3932 [ 66920354B984D4A3848A84B4E66745EA ] C:\Windows\System32\netshell.dll
02:42:28.0489 3932 C:\Windows\System32\netshell.dll - ok
02:42:28.0504 3932 [ 3C33562F4FAE3D58E47F662DCE07675E ] C:\Windows\SysWOW64\WinSCard.dll
02:42:28.0504 3932 C:\Windows\SysWOW64\WinSCard.dll - ok
02:42:28.0504 3932 [ D25C90F166CB25DCB85755F3DAA984B3 ] C:\Program Files (x86)\Windows Live\Shared\wldlog.dll
02:42:28.0504 3932 C:\Program Files (x86)\Windows Live\Shared\wldlog.dll - ok
02:42:28.0504 3932 [ 8EB5E95365AC5796E0C8175267D50744 ] C:\Program Files (x86)\Windows Live\Messenger\shareanything.dll
02:42:28.0504 3932 C:\Program Files (x86)\Windows Live\Messenger\shareanything.dll - ok
02:42:28.0520 3932 [ 1079D6DA23EEE32E846BADEED77B4E9C ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
02:42:28.0520 3932 C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe - ok
02:42:28.0520 3932 [ 0E34B7BB1FCF22BCC1E394D16F9E992B ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
02:42:28.0520 3932 C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe - ok
02:42:28.0536 3932 [ 12FD7C1EADDDA10A67B1D6F905B3CC1E ] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
02:42:28.0536 3932 C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe - ok
02:42:28.0536 3932 [ ACEB5E6F416223806421D8864FC0EEB4 ] C:\Program Files (x86)\Windows Live\Shared\uxcore.dll
02:42:28.0536 3932 C:\Program Files (x86)\Windows Live\Shared\uxcore.dll - ok
02:42:28.0536 3932 [ 9FDF43178419CB0D4B50373C50396BDF ] C:\Windows\SysWOW64\d2d1.dll
02:42:28.0536 3932 C:\Windows\SysWOW64\d2d1.dll - ok
02:42:28.0551 3932 [ AD8F6914F7A9AC28047389BE7AF56EBF ] C:\Windows\SysWOW64\d3d10_1.dll
02:42:28.0551 3932 C:\Windows\SysWOW64\d3d10_1.dll - ok
02:42:28.0551 3932 [ 9103E020906FC7A166F380EF2D2516B2 ] C:\Windows\SysWOW64\d3d10_1core.dll
02:42:28.0551 3932 C:\Windows\SysWOW64\d3d10_1core.dll - ok
02:42:28.0551 3932 [ 0A94DE4AA9864D312E60D747FD249ABE ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
02:42:28.0551 3932 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll - ok
02:42:28.0567 3932 [ 4FB1F2F9B02FA1138CACD2DEA3F5AEC8 ] C:\Windows\System32\riched20.dll
02:42:28.0567 3932 C:\Windows\System32\riched20.dll - ok
02:42:28.0567 3932 [ DD76301614636306414EFA94A9AC5A03 ] C:\Windows\SysWOW64\dxgi.dll
02:42:28.0567 3932 C:\Windows\SysWOW64\dxgi.dll - ok
02:42:28.0567 3932 [ D701FFE63758A59579D9EF3B42BFDE44 ] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
02:42:28.0567 3932 C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe - ok
02:42:28.0582 3932 [ 1AA571774936717EE776DBED51E9EDF4 ] C:\Windows\SysWOW64\d3dx10_41.dll
02:42:28.0582 3932 C:\Windows\SysWOW64\d3dx10_41.dll - ok
02:42:28.0582 3932 [ 9F9B0AD8804ECFF8CBD279992DCF7210 ] C:\Windows\SysWOW64\DWrite.dll
02:42:28.0582 3932 C:\Windows\SysWOW64\DWrite.dll - ok
02:42:28.0598 3932 [ 3A2F5C8666F08B31C61DBAE9C297551C ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
02:42:28.0598 3932 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
02:42:28.0598 3932 [ 9DBD149CAF43D2E7C874C5F40600825C ] C:\Program Files (x86)\Windows Live\Shared\wldcore.dll
02:42:28.0598 3932 C:\Program Files (x86)\Windows Live\Shared\wldcore.dll - ok
02:42:28.0598 3932 [ 51AE7FB541762F4E66303146E03AD15C ] C:\Program Files (x86)\Windows Live\Shared\uxctl.dll
02:42:28.0598 3932 C:\Program Files (x86)\Windows Live\Shared\uxctl.dll - ok
02:42:28.0614 3932 [ 5046E55184021406C27E8D48A1B2C9D2 ] C:\Windows\System32\l3codeca.acm
02:42:28.0614 3932 C:\Windows\System32\l3codeca.acm - ok
02:42:28.0614 3932 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
02:42:28.0614 3932 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
02:42:28.0614 3932 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
02:42:28.0614 3932 C:\Windows\System32\AltTab.dll - ok
02:42:28.0629 3932 [ AB01C36BCC34CCFE5B0BB5FFB2605135 ] C:\Windows\System32\WPDShServiceObj.dll
02:42:28.0629 3932 C:\Windows\System32\WPDShServiceObj.dll - ok
02:42:28.0629 3932 [ FD4F95ABDE5603478C929B6CB0BDCFFF ] C:\Windows\System32\pnidui.dll
02:42:28.0629 3932 C:\Windows\System32\pnidui.dll - ok
02:42:28.0629 3932 [ E6EE5019E84F23C9FFFF7B6E2A5158D0 ] C:\Windows\SysWOW64\WMVCORE.DLL
02:42:28.0629 3932 C:\Windows\SysWOW64\WMVCORE.DLL - ok
02:42:28.0645 3932 [ 18C49CF5352BF8DE47BD2B1E5A912886 ] C:\Program Files (x86)\Windows Live\Shared\uxcontacts.dll
02:42:28.0645 3932 C:\Program Files (x86)\Windows Live\Shared\uxcontacts.dll - ok
02:42:28.0645 3932 [ D779D935A3109B2D20FD84EA097E3E4A ] C:\Program Files (x86)\Windows Live\Shared\uxcalendar.dll
02:42:28.0645 3932 C:\Program Files (x86)\Windows Live\Shared\uxcalendar.dll - ok
02:42:28.0660 3932 [ EB24684437EC448D680A7CACBDE94C94 ] C:\Program Files (x86)\Windows Live\Shared\wlidux.dll
02:42:28.0660 3932 C:\Program Files (x86)\Windows Live\Shared\wlidux.dll - ok
02:42:28.0660 3932 [ BD03C64C4B1F34D1F330BF6C4AC8113D ] C:\Windows\System32\QUTIL.DLL
02:42:28.0660 3932 C:\Windows\System32\QUTIL.DLL - ok
02:42:28.0660 3932 [ 8BC00C736E67A75D936E5B440917359B ] C:\Windows\System32\ActionCenter.dll
02:42:28.0660 3932 C:\Windows\System32\ActionCenter.dll - ok
02:42:28.0676 3932 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
02:42:28.0676 3932 C:\Windows\System32\PortableDeviceTypes.dll - ok
02:42:28.0676 3932 [ C8FE465986FE1E242C92B6B76CDFEC6F ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6ec488b702c100ad5d3e712db0e88554\System.ni.dll
02:42:28.0676 3932 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6ec488b702c100ad5d3e712db0e88554\System.ni.dll - ok
02:42:28.0676 3932 [ 2C5B8A680A90E96B1EC0D6DA0505E685 ] C:\Windows\System32\srchadmin.dll
02:42:28.0676 3932 C:\Windows\System32\srchadmin.dll - ok
02:42:28.0692 3932 [ 92AAF75C3EB344A098DC026BC9DDF42A ] C:\Windows\System32\bthprops.cpl
02:42:28.0692 3932 C:\Windows\System32\bthprops.cpl - ok
02:42:28.0692 3932 [ A7DD56261518373F70F23079EB3CD0A2 ] C:\Windows\SysWOW64\WMASF.DLL
02:42:28.0692 3932 C:\Windows\SysWOW64\WMASF.DLL - ok
02:42:28.0692 3932 [ 73DBAA64D589F3262615550DD6881FEE ] C:\Windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll
02:42:28.0692 3932 C:\Windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774\vcomp.dll - ok
02:42:28.0707 3932 [ C6595B078842E187C6587A285B43A565 ] C:\Windows\SysWOW64\inetcomm.dll
02:42:28.0707 3932 C:\Windows\SysWOW64\inetcomm.dll - ok
02:42:28.0707 3932 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
02:42:28.0707 3932 C:\Windows\System32\webcheck.dll - ok
02:42:28.0723 3932 [ E6F66F31422C44EDC00D9C9329E7DF60 ] C:\Windows\System32\SyncCenter.dll
02:42:28.0723 3932 C:\Windows\System32\SyncCenter.dll - ok
02:42:28.0723 3932 [ B7592E80772071D66336B3EC9B82101D ] C:\Windows\SysWOW64\msoert2.dll
02:42:28.0723 3932 C:\Windows\SysWOW64\msoert2.dll - ok
02:42:28.0723 3932 [ 9CB30A4E79BE55751312991DE827F6ED ] C:\Windows\SysWOW64\INETRES.dll
02:42:28.0723 3932 C:\Windows\SysWOW64\INETRES.dll - ok
02:42:28.0738 3932 [ AFF3C845926422E135A08AE474DE27EA ] C:\Program Files (x86)\Windows Live\Messenger\msgrvsta.thm
02:42:28.0738 3932 C:\Program Files (x86)\Windows Live\Messenger\msgrvsta.thm - ok
02:42:28.0738 3932 [ EB7368D501B9D22E777F6011F72F60FE ] C:\Program Files (x86)\Windows Live\Messenger\en\msgslang.dll.mui
02:42:28.0738 3932 C:\Program Files (x86)\Windows Live\Messenger\en\msgslang.dll.mui - ok
02:42:28.0738 3932 [ 649ED39CA880B4CC5602D80931FF8817 ] C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll
02:42:28.0738 3932 C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll - ok
02:42:28.0754 3932 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\SysWOW64\devenum.dll
02:42:28.0754 3932 C:\Windows\SysWOW64\devenum.dll - ok
02:42:28.0754 3932 [ 70F03B29A62194E69911952B3640D9D2 ] C:\Windows\SysWOW64\msdmo.dll
02:42:28.0754 3932 C:\Windows\SysWOW64\msdmo.dll - ok
02:42:28.0754 3932 [ E24FE90E9DE8D8AE70E59F7B01675DEF ] C:\Windows\SysWOW64\avicap32.dll
02:42:28.0754 3932 C:\Windows\SysWOW64\avicap32.dll - ok
02:42:28.0770 3932 [ 2DEEB96A0957BD058753FF250E85EF49 ] C:\Windows\SysWOW64\msvfw32.dll
02:42:28.0770 3932 C:\Windows\SysWOW64\msvfw32.dll - ok
02:42:28.0770 3932 [ 8B886A0AC14EAA8599142887991A5A2E ] C:\Windows\System32\imapi2.dll
02:42:28.0770 3932 C:\Windows\System32\imapi2.dll - ok
02:42:28.0770 3932 [ A7AA180554D4D0D72D22707D959AE603 ] C:\Program Files\TOSHIBA\Power Saver\TFunctab.dll
02:42:28.0785 3932 C:\Program Files\TOSHIBA\Power Saver\TFunctab.dll - ok
02:42:28.0785 3932 [ E32B288B38C3182D9F890F45B067A5DB ] C:\Windows\SysWOW64\vfwwdm32.dll
02:42:28.0785 3932 C:\Windows\SysWOW64\vfwwdm32.dll - ok
02:42:28.0785 3932 [ 971808AE01B750B408D9ED02465DC59F ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnESC.dll
02:42:28.0785 3932 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnESC.dll - ok
02:42:28.0801 3932 [ 8402A407CB307B5E61CC7FF29F2EFC93 ] C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll
02:42:28.0801 3932 C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll - ok
02:42:28.0801 3932 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
02:42:28.0801 3932 C:\Windows\System32\FXSST.dll - ok
02:42:28.0801 3932 [ 11615D80DC10ABB83D2A9002B70A4E36 ] C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
02:42:28.0801 3932 C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll - ok
02:42:28.0816 3932 [ 8898CD3DCA1621B7759ACEE7D7AAC7F4 ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
02:42:28.0816 3932 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll - ok
02:42:28.0816 3932 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
02:42:28.0816 3932 C:\Windows\System32\rasdlg.dll - ok
02:42:28.0816 3932 [ 88B0BCC23660D466879099F26CCB8CA5 ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF1.dll
02:42:28.0816 3932 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF1.dll - ok
02:42:28.0832 3932 [ FC5238A50FD0E6B9D79C6D4A4A8B7B65 ] C:\Program Files\TOSHIBA\Power Saver\TFunc2.dll
02:42:28.0832 3932 C:\Program Files\TOSHIBA\Power Saver\TFunc2.dll - ok
02:42:28.0832 3932 [ E6BC081DDE7391AD0A044C0796A86D08 ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF3.dll
02:42:28.0832 3932 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF3.dll - ok
02:42:28.0832 3932 [ EDE3D67AE2951D330AA6A4EB7FEF7739 ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF4.dll
02:42:28.0832 3932 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF4.dll - ok
02:42:28.0848 3932 [ A9E5287A31174AD561C19ED017C0320A ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\fnf5.dll
02:42:28.0848 3932 C:\Program Files\TOSHIBA\FlashCards\Hotkey\fnf5.dll - ok
02:42:28.0848 3932 [ 8BF179E9513F70EA95DE2D539650EAF0 ] C:\Windows\SysWOW64\ksproxy.ax
02:42:28.0848 3932 C:\Windows\SysWOW64\ksproxy.ax - ok
02:42:28.0848 3932 [ 64424094D33B2111B5839DA87CFA4A49 ] C:\Windows\System32\igfxext.exe
02:42:28.0848 3932 C:\Windows\System32\igfxext.exe - ok
02:42:28.0863 3932 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\SysWOW64\ksuser.dll
02:42:28.0863 3932 C:\Windows\SysWOW64\ksuser.dll - ok
02:42:28.0863 3932 [ BB68579E181956E37EB11F9083C01CF3 ] C:\Windows\System32\dot3api.dll
02:42:28.0863 3932 C:\Windows\System32\dot3api.dll - ok
02:42:28.0863 3932 [ 34E6D8C67E7FD7C917BECFECA326B168 ] C:\Windows\System32\FXSAPI.dll
02:42:28.0863 3932 C:\Windows\System32\FXSAPI.dll - ok
02:42:28.0879 3932 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
02:42:28.0879 3932 C:\Windows\System32\wlanhlp.dll - ok
02:42:28.0879 3932 [ B3B2F36AE69601D856B82EBB56500517 ] C:\Windows\System32\igfxexps.dll
02:42:28.0879 3932 C:\Windows\System32\igfxexps.dll - ok
02:42:28.0894 3932 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
02:42:28.0894 3932 C:\Windows\System32\wlanapi.dll - ok
02:42:28.0894 3932 [ 5A462CA146417C53309FAE0852B7FC3F ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF67.dll
02:42:28.0894 3932 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF67.dll - ok
02:42:28.0894 3932 [ DB6D771DA581CA9FD3E1A1D45761B89C ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll
02:42:28.0894 3932 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll - ok
02:42:28.0910 3932 [ 7459301D21C2E21468823F73042D9F87 ] C:\Windows\SysWOW64\d3d9.dll
02:42:28.0910 3932 C:\Windows\SysWOW64\d3d9.dll - ok
02:42:28.0910 3932 [ 684C3847C7E6EAEFBB72C92CFEB7F455 ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF9.dll
02:42:28.0910 3932 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF9.dll - ok
02:42:28.0910 3932 [ 9082BF97C8D6027FF3E405BDDE38C9F1 ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnSpace.dll
02:42:28.0910 3932 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnSpace.dll - ok
02:42:28.0926 3932 [ 0390219E584F39505E046E6568D3BDDE ] C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
02:42:28.0926 3932 C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll - ok
02:42:28.0926 3932 [ 6BE1A6D5C978F6E57FC052C8F8C57540 ] C:\Program Files (x86)\TOSHIBA\PCDiag\NotifyPCD.dll
02:42:28.0926 3932 C:\Program Files (x86)\TOSHIBA\PCDiag\NotifyPCD.dll - ok
02:42:28.0941 3932 [ 9896233EF255B5E1C6CF4919D9A09F65 ] C:\Program Files\TOSHIBA\HDD Protection\NotifyTHP.dll
02:42:28.0941 3932 C:\Program Files\TOSHIBA\HDD Protection\NotifyTHP.dll - ok
02:42:28.0941 3932 [ DB19F12858970BA4563ABDABE44481A2 ] C:\Program Files (x86)\TOSHIBA\ConfigFree\x64\CFNotify64.dll
02:42:28.0941 3932 C:\Program Files (x86)\TOSHIBA\ConfigFree\x64\CFNotify64.dll - ok
02:42:28.0941 3932 [ 4773A6F221AD2A84D98135E39253DB8F ] C:\Program Files\TOSHIBA\SmoothView\NotifyTZU.dll
02:42:28.0941 3932 C:\Program Files\TOSHIBA\SmoothView\NotifyTZU.dll - ok
02:42:28.0957 3932 [ D56DB55F7CD6FADBEB334266CFECCB32 ] C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
02:42:28.0957 3932 C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll - ok
02:42:28.0957 3932 [ AAEB89CE906A9206F05AB08324339513 ] C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
02:42:28.0957 3932 C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll - ok
02:42:28.0957 3932 [ 236A40829213BA4C594A8429172DF1B1 ] C:\Program Files\TOSHIBA\Utilities\NotifyX.dll
02:42:28.0957 3932 C:\Program Files\TOSHIBA\Utilities\NotifyX.dll - ok
02:42:28.0972 3932 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
02:42:28.0972 3932 C:\Windows\System32\FXSRESM.dll - ok
02:42:28.0972 3932 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] C:\Windows\System32\FXSSVC.exe
02:42:28.0972 3932 C:\Windows\System32\FXSSVC.exe - ok
02:42:28.0972 3932 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\SysWOW64\d3d8thk.dll
02:42:28.0972 3932 C:\Windows\SysWOW64\d3d8thk.dll - ok
02:42:28.0988 3932 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
02:42:28.0988 3932 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
02:42:28.0988 3932 [ F0AAB2A76A7AF04C70A818E96BAF3E64 ] C:\Windows\System32\hgcpl.dll
02:42:28.0988 3932 C:\Windows\System32\hgcpl.dll - ok
02:42:29.0004 3932 [ 4DDACA8A66B95ABA02812FF3C13DE198 ] C:\Windows\SysWOW64\vidcap.ax
02:42:29.0004 3932 C:\Windows\SysWOW64\vidcap.ax - ok
02:42:29.0004 3932 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
02:42:29.0004 3932 C:\Windows\System32\WWanAPI.dll - ok
02:42:29.0004 3932 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
02:42:29.0004 3932 C:\Windows\System32\wwapi.dll - ok
02:42:29.0019 3932 [ 3F41165F3F56547D0BACA826C2651A77 ] C:\Windows\SysWOW64\Kswdmcap.ax
02:42:29.0019 3932 C:\Windows\SysWOW64\Kswdmcap.ax - ok
02:42:29.0019 3932 [ 0B9F7D42D745038437FAE70D97F9AD5A ] C:\Windows\System32\QAGENT.DLL
02:42:29.0019 3932 C:\Windows\System32\QAGENT.DLL - ok
02:42:29.0019 3932 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
02:42:29.0019 3932 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
02:42:29.0035 3932 [ 74C76BB54B26CE50C4BC755F92687C63 ] C:\Windows\SysWOW64\mfc42.dll
02:42:29.0035 3932 C:\Windows\SysWOW64\mfc42.dll - ok
02:42:29.0035 3932 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files (x86)\Windows Live\Shared\sqmapi.dll
02:42:29.0035 3932 C:\Program Files (x86)\Windows Live\Shared\sqmapi.dll - ok
02:42:29.0035 3932 [ 9BF014C20F91D97055532F2F5496E7BD ] C:\Program Files\Windows Media Player\wmpnetwk.exe
02:42:29.0035 3932 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
02:42:29.0050 3932 [ BFD17358837F27235BFC1640905C683C ] C:\Program Files (x86)\Windows Live\Contacts\PresenceIM.dll
02:42:29.0050 3932 C:\Program Files (x86)\Windows Live\Contacts\PresenceIM.dll - ok
02:42:29.0050 3932 [ 5764C381949147EBCFB9A7134E2ABF06 ] C:\Windows\SysWOW64\odbc32.dll
02:42:29.0050 3932 C:\Windows\SysWOW64\odbc32.dll - ok
02:42:29.0050 3932 [ EFEA483CB72A27915FA97AF700FDA05C ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6ea40f2da0e2321428a7bdd387e475fd\System.Drawing.ni.dll
02:42:29.0050 3932 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\6ea40f2da0e2321428a7bdd387e475fd\System.Drawing.ni.dll - ok
02:42:29.0066 3932 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll
02:42:29.0066 3932 C:\Windows\SysWOW64\odbcint.dll - ok
02:42:29.0066 3932 [ B8956806B33366E28C08C261E746B0B8 ] C:\Program Files (x86)\Windows Live\Contacts\livetransport.dll
02:42:29.0066 3932 C:\Program Files (x86)\Windows Live\Contacts\livetransport.dll - ok
02:42:29.0082 3932 [ E301F09BEB39DAF997D6609C5913599F ] C:\Program Files (x86)\Windows Live\Contacts\liveNatTrav.dll
02:42:29.0082 3932 C:\Program Files (x86)\Windows Live\Contacts\liveNatTrav.dll - ok
02:42:29.0082 3932 [ 302B93586DFA480545C320EBA5BA6572 ] C:\Windows\System32\wmdrmdev.dll
02:42:29.0082 3932 C:\Windows\System32\wmdrmdev.dll - ok
02:42:29.0082 3932 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
02:42:29.0082 3932 C:\Windows\System32\drmv2clt.dll - ok
02:42:29.0097 3932 [ 531E3414858A817152EDEDE9C1BF9DE3 ] C:\Program Files (x86)\Windows Live\Contacts\ObjectStore.dll
02:42:29.0097 3932 C:\Program Files (x86)\Windows Live\Contacts\ObjectStore.dll - ok
02:42:29.0097 3932 [ AE5FF948400A51B040F999BF04290373 ] C:\Windows\SysWOW64\winsta.dll
02:42:29.0097 3932 C:\Windows\SysWOW64\winsta.dll - ok
02:42:29.0097 3932 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\SysWOW64\es.dll
02:42:29.0097 3932 C:\Windows\SysWOW64\es.dll - ok
02:42:29.0113 3932 [ 39D8EAA29CC2CC144E2B1214FA774F6A ] C:\Program Files (x86)\Windows Live\Messenger\vvpltfrm.dll
02:42:29.0113 3932 C:\Program Files (x86)\Windows Live\Messenger\vvpltfrm.dll - ok
02:42:29.0113 3932 [ 3DEBA83ECDAF6ED2E72430D238803117 ] C:\Windows\System32\wmp.dll
02:42:29.0113 3932 C:\Windows\System32\wmp.dll - ok
02:42:29.0113 3932 [ 044CB0374E0DA180A29278901EB259E1 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\ced1d3b0790804426463ad06a61f180e\System.Windows.Forms.ni.dll
02:42:29.0113 3932 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\ced1d3b0790804426463ad06a61f180e\System.Windows.Forms.ni.dll - ok
02:42:29.0128 3932 [ 75E4AA1849094794BEC19711BC7A6599 ] C:\Windows\SysWOW64\igd10umd32.dll
02:42:29.0128 3932 C:\Windows\SysWOW64\igd10umd32.dll - ok
02:42:29.0128 3932 [ C2FB797884D9CC30AC0B5FB28146FE7A ] C:\Program Files (x86)\Windows Live\Messenger\uccapi.dll
02:42:29.0128 3932 C:\Program Files (x86)\Windows Live\Messenger\uccapi.dll - ok
02:42:29.0128 3932 [ 8C680C0E6B3D6711B2B88AC82FE1804E ] C:\Windows\SysWOW64\MMDevAPI.dll
02:42:29.0128 3932 C:\Windows\SysWOW64\MMDevAPI.dll - ok
02:42:29.0144 3932 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
02:42:29.0144 3932 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
02:42:29.0144 3932 [ AFBB5060A2DAD431A2EAEB2C86CFFE81 ] C:\Windows\SysWOW64\AudioSes.dll
02:42:29.0144 3932 C:\Windows\SysWOW64\AudioSes.dll - ok
02:42:29.0160 3932 [ 550BF4ACD6FC3F41DC5A83EF31B9F9B4 ] C:\Windows\System32\wmploc.DLL
02:42:29.0160 3932 C:\Windows\System32\wmploc.DLL - ok
02:42:29.0160 3932 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
02:42:29.0160 3932 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
02:42:29.0160 3932 [ 5DB64F0ADBAD651B1CD099A79ECAAB2B ] C:\Program Files (x86)\Windows Live\Messenger\rtmpltfm.dll
02:42:29.0160 3932 C:\Program Files (x86)\Windows Live\Messenger\rtmpltfm.dll - ok
02:42:29.0175 3932 [ 8541447303958819ADB46B557ADD3750 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\dcadcfb938ccdd3f70859fdcdd329ec5\System.Configuration.ni.dll
02:42:29.0175 3932 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\dcadcfb938ccdd3f70859fdcdd329ec5\System.Configuration.ni.dll - ok
02:42:29.0175 3932 [ 5BBEDD5BBFE4F18131768E96B4949E74 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
02:42:29.0175 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe - ok
02:42:29.0175 3932 [ 33E5A8FC8EB0EE42478F8538D0215D8F ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
02:42:29.0175 3932 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe - ok
02:42:29.0191 3932 [ E0347D1FAB0B47EDC65F804DAAD0F306 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTMonRes.dll
02:42:29.0191 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTMonRes.dll - ok
02:42:29.0191 3932 [ 068D04B8530EE531E6F6FC2776B4B15D ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\Temp\pccntupd.exe
02:42:29.0191 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\Temp\pccntupd.exe - ok
02:42:29.0206 3932 [ 3103FE27C967675B019E880AA6DA3D6D ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
02:42:29.0206 3932 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
02:42:29.0206 3932 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\SysWOW64\avrt.dll
02:42:29.0206 3932 C:\Windows\SysWOW64\avrt.dll - ok
02:42:29.0206 3932 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
02:42:29.0206 3932 C:\Windows\SysWOW64\powrprof.dll - ok
02:42:29.0222 3932 [ A0C69A8661CCEB20DB60A4FA35A2FBE4 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\c40cbbdf7af03daedb16f4d9ef1b6f5f\System.Xml.ni.dll
02:42:29.0222 3932 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\c40cbbdf7af03daedb16f4d9ef1b6f5f\System.Xml.ni.dll - ok
02:42:29.0222 3932 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
02:42:29.0222 3932 C:\Windows\SysWOW64\oledlg.dll - ok
02:42:29.0222 3932 [ 5512F60D1AE0A3A20E6935EF71488EA7 ] C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNt.exe
02:42:29.0222 3932 C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNt.exe - ok
02:42:29.0238 3932 [ 8760760326B0CE221149C961D3F72BD9 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
02:42:29.0238 3932 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe - ok
02:42:29.0238 3932 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\SysWOW64\hid.dll
02:42:29.0238 3932 C:\Windows\SysWOW64\hid.dll - ok
02:42:29.0253 3932 [ 4E75477E8BFA55C6F1F2688FB553F0C5 ] C:\Windows\System32\bitsperf.dll
02:42:29.0253 3932 C:\Windows\System32\bitsperf.dll - ok
02:42:29.0253 3932 [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll
02:42:29.0253 3932 C:\Windows\System32\bitsigd.dll - ok
02:42:29.0253 3932 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
02:42:29.0253 3932 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
02:42:29.0269 3932 [ 29CA5974FAB0E8AE4AA7814FE05CF832 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
02:42:29.0269 3932 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
02:42:29.0269 3932 [ 9E29BC11A70165635CC10D42E64CFEE1 ] C:\Windows\System32\upnp.dll
02:42:29.0269 3932 C:\Windows\System32\upnp.dll - ok
02:42:29.0269 3932 [ ACCBA604D34842844133A731F8045B32 ] C:\Windows\SysWOW64\sxs.dll
02:42:29.0269 3932 C:\Windows\SysWOW64\sxs.dll - ok
02:42:29.0284 3932 [ 203C3380A744CA5B9B1A9CAEB57F7D57 ] C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
02:42:29.0284 3932 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe - ok
02:42:29.0284 3932 [ B24ABFAB2D541996A38905369D511953 ] C:\Windows\SysWOW64\wdmaud.drv
02:42:29.0284 3932 C:\Windows\SysWOW64\wdmaud.drv - ok
02:42:29.0284 3932 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\SysWOW64\msacm32.drv
02:42:29.0284 3932 C:\Windows\SysWOW64\msacm32.drv - ok
02:42:29.0300 3932 [ 0F6652951129F283C72E1A5A951FF948 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDRES.DLL
02:42:29.0300 3932 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDRES.DLL - ok
02:42:29.0300 3932 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\46954348.sys
02:42:29.0300 3932 C:\Windows\System32\drivers\46954348.sys - ok
02:42:29.0300 3932 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\SysWOW64\midimap.dll
02:42:29.0300 3932 C:\Windows\SysWOW64\midimap.dll - ok
02:42:29.0316 3932 [ B6884AE857E0C2106FA718A6C688CD7C ] C:\Program Files (x86)\Windows Live\Shared\en\wliduxloc.dll.mui
02:42:29.0316 3932 C:\Program Files (x86)\Windows Live\Shared\en\wliduxloc.dll.mui - ok
02:42:29.0316 3932 [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\SysWOW64\ncobjapi.dll
02:42:29.0316 3932 C:\Windows\SysWOW64\ncobjapi.dll - ok
02:42:29.0331 3932 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\SysWOW64\wbem\wmiutils.dll
02:42:29.0331 3932 C:\Windows\SysWOW64\wbem\wmiutils.dll - ok
02:42:29.0331 3932 [ 62D6C0C69ADFB00C3EB9A0CC81F39EE6 ] C:\Windows\SysWOW64\WinSATAPI.dll
02:42:29.0331 3932 C:\Windows\SysWOW64\WinSATAPI.dll - ok
02:42:29.0331 3932 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
02:42:29.0331 3932 C:\Windows\System32\ssdpsrv.dll - ok
02:42:29.0347 3932 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] C:\Windows\System32\FntCache.dll
02:42:29.0347 3932 C:\Windows\System32\FntCache.dll - ok
02:42:29.0347 3932 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
02:42:29.0347 3932 C:\Windows\System32\wbem\NCProv.dll - ok
02:42:29.0347 3932 [ 4DBC81CEFE9DB36856880BFB3491C100 ] C:\Windows\SysWOW64\msxml6.dll
02:42:29.0347 3932 C:\Windows\SysWOW64\msxml6.dll - ok
02:42:29.0362 3932 [ AC5DF873913B00E554D8F553459BC431 ] C:\Windows\System32\qmgrprxy.dll
02:42:29.0362 3932 C:\Windows\System32\qmgrprxy.dll - ok
02:42:29.0362 3932 [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\SysWOW64\qmgrprxy.dll
02:42:29.0362 3932 C:\Windows\SysWOW64\qmgrprxy.dll - ok
02:42:29.0362 3932 [ 6EC594AB7EFA45EACDE65FD4040F53D9 ] C:\Windows\SysWOW64\riched20.dll
02:42:29.0362 3932 C:\Windows\SysWOW64\riched20.dll - ok
02:42:29.0378 3932 [ 8898C95862D03D16B2A06DB4DB6BB6B2 ] C:\Windows\SysWOW64\ExplorerFrame.dll
02:42:29.0378 3932 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
02:42:29.0378 3932 [ 2424231BBD703A677D115C29983B4293 ] C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
02:42:29.0378 3932 C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL - ok
02:42:29.0378 3932 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
02:42:29.0378 3932 C:\Windows\System32\UIAnimation.dll - ok
02:42:29.0394 3932 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
02:42:29.0394 3932 C:\Windows\SysWOW64\duser.dll - ok
02:42:29.0394 3932 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
02:42:29.0394 3932 C:\Windows\SysWOW64\dui70.dll - ok
02:42:29.0394 3932 [ 4F20D081F9C9B91730EE5CB84E9AC8C4 ] C:\Windows\System32\blackbox.dll
02:42:29.0394 3932 C:\Windows\System32\blackbox.dll - ok
02:42:29.0409 3932 [ 5F1F35F2F995FA8615438AB922B0BA7B ] C:\Program Files\Internet Explorer\ieproxy.dll
02:42:29.0409 3932 C:\Program Files\Internet Explorer\ieproxy.dll - ok
02:42:29.0409 3932 [ DD37622A478EDFE1D43DF561A19C02DD ] C:\Windows\System32\wmpmde.dll
02:42:29.0409 3932 C:\Windows\System32\wmpmde.dll - ok
02:42:29.0425 3932 [ 2D444C361F758D6CC4B2F51655ECF528 ] C:\Windows\System32\wmpps.dll
02:42:29.0425 3932 C:\Windows\System32\wmpps.dll - ok
02:42:29.0425 3932 [ 4509387963DF66A6401752A0C631F6E8 ] C:\Windows\System32\httpapi.dll
02:42:29.0425 3932 C:\Windows\System32\httpapi.dll - ok
02:42:29.0425 3932 [ EC7EB038EA11E0D04214D143E0CB6002 ] C:\Windows\System32\WinSATAPI.dll
02:42:29.0425 3932 C:\Windows\System32\WinSATAPI.dll - ok
02:42:29.0440 3932 [ B79515AFF098E5A56DFBD316152534DE ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
02:42:29.0440 3932 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok
02:42:29.0440 3932 [ 2BF5A09197251572A74C426EE3E35117 ] C:\Windows\System32\MSMPEG2ENC.DLL
02:42:29.0440 3932 C:\Windows\System32\MSMPEG2ENC.DLL - ok
02:42:29.0440 3932 [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll
02:42:29.0440 3932 C:\Windows\System32\devenum.dll - ok
02:42:29.0456 3932 [ 0B0604BC02CA5F77A1F23C6B0D86AE8C ] C:\Windows\System32\msdmo.dll
02:42:29.0456 3932 C:\Windows\System32\msdmo.dll - ok
02:42:29.0456 3932 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
02:42:29.0456 3932 C:\Windows\System32\upnphost.dll - ok
02:42:29.0456 3932 [ 031C6782F2D50336FC2C72F8D14A4C13 ] C:\Windows\System32\wbem\wmiprov.dll
02:42:29.0456 3932 C:\Windows\System32\wbem\wmiprov.dll - ok
02:42:29.0472 3932 [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
02:42:29.0472 3932 C:\Windows\System32\udhisapi.dll - ok
02:42:29.0472 3932 [ FC3001B4B9DF50B61F3CCA615759EFE7 ] C:\Windows\System32\PhotoMetadataHandler.dll
02:42:29.0472 3932 C:\Windows\System32\PhotoMetadataHandler.dll - ok
02:42:29.0487 3932 [ 80C834BA6B844C4B717F2465C4E8EC0F ] C:\Windows\System32\WindowsCodecsExt.dll
02:42:29.0487 3932 C:\Windows\System32\WindowsCodecsExt.dll - ok
02:42:29.0487 3932 ============================================================
02:42:29.0487 3932 Scan finished
02:42:29.0487 3932 ============================================================
02:42:29.0503 3772 Detected object count: 1
02:42:29.0503 3772 Actual detected object count: 1
02:42:55.0399 3772 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
02:42:55.0399 3772 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:43:23.0635 3404 Deinitialize success
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi alexander4,

Please restart your system. Do you have redirects now?

If you do, please answer these questions for me so we can narrow the problem.

  • Do you use router to to access internet?
  • Do you have any other PCs connected to that router and does they get redirected?
  • Do you get redirected in all browsers you use or this redirection only effect one browser?

  • 0

Advertisements


#11
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Maliprog,

I've done searches in Google and Yahoo, and navigated without any issues. I think we are in good shape, although I think the final verdict is up to you.
  • 0

#12
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Not sure if you're still awake. It's late, I'll buy you some coffee.
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
That's nice to hear.

I need to check something. Please update your Malwarebytes with latest definitions and do Quick Scan. Remove all findings and post log here for me after the scan.
  • 0

#14
alexander4

alexander4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Ah, sorry, did not check back yesterday.

Malwarebytes said it is clean. I couldn't copy and paste the text, so here it is in JPEG format.

EDIT: Aha, it generated a notepad file. Here is the text from that.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.18.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ristin :: PLEIADES [administrator]

11/18/2012 4:22:58 AM
mbam-log-2012-11-18 (04-22-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203664
Time elapsed: 7 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Attached Thumbnails

  • mbytes scan log.jpg

Edited by alexander4, 18 November 2012 - 04:52 AM.

  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi alexander4,

Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP