Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Apple ID hacked, random screenshots of my financial transactions [Clos

Started by Iraboi , Nov 16 2012 04:13 PM

  • This topic is locked This topic is locked

#1
Iraboi
Posted 16 November 2012 - 04:13 PM

Iraboi

    New Member

  • Member
  • Pip
  • 7 posts
Symptoms:
My AppleID password hasn't work twice in the past couple weeks and I have had to reset it using the security questions both times. I am pretty sure it has been reset by someone else.
My computer has been crashing frequently.. this has never happened before.
There are pictures randomly appearing in My Documents of screenshots of my Fidelity balances(!!). In the log those show up as the Balance_###.html files. Note I retracted the account numbers for privacy.

I think this problem started a month or so ago when my son copied a bunch of music into a shared dropbox folder and it installed on my pc and suddenly virus warnings went off. I can't remember if it was MSE or Malwarebytes, as I have both running on my computer (with Malwarebytes set up to ignore MSE files). I disabled Malwarebytes very recently (after the virus symptoms started) to gain more free memory because it seemed like that was causing some of the crashing.

I am resetting all my passwords from a clean computer right now and will shut down this computer until I receive advice on what to do next.

Thanks.

--

OTL Log:

OTL logfile created on: 11/16/2012 4:07:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ira\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 42.54% Memory free
6.18 Gb Paging File | 4.44 Gb Available in Paging File | 71.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.32 Gb Total Space | 98.07 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.60 Gb Free Space | 64.00% Space Free | Partition Type: NTFS

Computer Name: IRA-PC | User Name: Ira | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/16 16:06:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ira\Downloads\OTL.exe
PRC - [2012/10/31 17:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/10/26 14:24:12 | 001,017,184 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/10/26 14:14:36 | 011,715,424 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\Evernote.exe
PRC - [2012/10/26 14:14:36 | 000,395,104 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteTray.exe
PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/09 22:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/07/05 17:09:38 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/05 17:09:34 | 002,114,984 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInToolkit.exe
PRC - [2012/07/05 17:09:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 11:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/06/09 12:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
PRC - [2011/04/10 15:06:42 | 000,951,656 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2011/04/10 15:06:40 | 000,730,472 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2011/04/10 15:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/03/08 23:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/08 23:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/10/12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/04 04:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 04:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 04:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/11/12 06:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/08/28 00:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/31 17:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
MOD - [2012/10/31 17:15:04 | 012,455,448 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012/10/31 17:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 17:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 17:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 17:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/08/29 06:50:42 | 021,009,920 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libcef.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/04 16:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe


========== Services (SafeList) ==========

SRV - [2012/10/09 10:21:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/05 17:09:38 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/05 17:09:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/06/09 12:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2011/04/10 15:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - [2012/11/16 11:53:39 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52BB06D7-3FA5-46E2-B854-331EC90EB6A0}\MpKsl9ccc6c9e.sys -- (MpKsl9ccc6c9e)
DRV - [2012/09/29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/07/05 17:10:02 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/06/08 11:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/06/08 11:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/04/10 20:08:50 | 000,021,888 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.6.31854.0.sys -- (DisplayLinkUsbPort)
DRV - [2011/04/10 15:07:03 | 000,182,896 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2011/04/10 15:07:03 | 000,027,648 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DisplayLinkGAport.sys -- (DisplayLinkGA)
DRV - [2011/04/10 15:07:03 | 000,024,448 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DisplayLinkmirrorport.sys -- (DisplayLinkmirror)
DRV - [2011/04/10 15:07:03 | 000,014,448 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2010/07/04 14:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/06/23 07:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 00:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.dell.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://loginprodx.a...ps&OLDSESSION="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/14 09:19:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/14 09:19:34 | 000,000,000 | ---D | M]

[2012/10/04 19:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ira\AppData\Roaming\Mozilla\Extensions
[2012/10/24 15:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ira\AppData\Roaming\Mozilla\Firefox\Profiles\w095yorr.default\extensions
[2012/10/04 19:09:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/08 10:51:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/12 08:36:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/20 11:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 11:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/08/14 16:49:30 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/08/30 10:38:59 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.att.yahoo.com/mail
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.att.yahoo.com/mail
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Vuru = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjkomipldgcookljbkgffaegdaaohllb\2.0_0\
CHR - Extension: YouTube = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: LastPass = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.14_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.8_0\
CHR - Extension: Google Reader = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Gmail = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AffixaPersonalSettings] C:\Program Files\Affixa\AffixaHandler.exe (Notably Good Ltd)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHVA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - Startup: C:\Users\Ira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ira\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Ira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.162 68.87.74.162 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9297EE24-D99A-4587-AF5B-874E7D15022E}: DhcpNameServer = 68.87.68.162 68.87.74.162 10.1.10.1
O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ira\Pictures\favorites\bryce, zion, gc\zionlasvegas 013.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ira\Pictures\favorites\bryce, zion, gc\zionlasvegas 013.jpg
O27 - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3f44a66b-2f2d-11e0-b9b4-0023ae1521e0}\Shell - "" = AutoRun
O33 - MountPoints2\{3f44a66b-2f2d-11e0-b9b4-0023ae1521e0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/16 15:26:05 | 000,000,000 | ---D | C] -- C:\Users\Ira\AppData\Local\MicrosoftStore
[2012/11/15 14:43:54 | 000,000,000 | ---D | C] -- C:\Jts
[2012/11/14 09:20:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/14 09:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/14 09:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/11/13 19:20:37 | 000,000,000 | ---D | C] -- C:\Users\Ira\Documents\ipad 3 surely redundant
[2012/11/13 14:01:25 | 000,000,000 | -HSD | C] -- C:\Users\Ira\Documents\cache
[2012/11/13 14:01:19 | 000,000,000 | ---D | C] -- C:\Users\Ira\AppData\Roaming\webex
[2012/11/13 14:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2012/11/12 12:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Database Oasis
[2012/11/12 12:13:02 | 000,000,000 | ---D | C] -- C:\Users\Ira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Database Oasis
[2012/11/04 12:55:34 | 000,000,000 | --SD | C] -- C:\Users\Ira\Documents\My Data Sources
[2012/10/29 10:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/10/25 08:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/13 14:20:21 | 000,454,120 | ---- | C] (CBS Interactive) -- C:\Users\Ira\cnet_spywareblastersetup44_exe.exe
[2011/07/25 11:09:39 | 016,208,688 | ---- | C] (Dropbox, Inc.) -- C:\Users\Ira\Dropbox 1.1.35.exe

========== Files - Modified Within 30 Days ==========

[2012/11/16 16:06:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/16 16:06:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/16 15:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/16 14:22:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/16 14:22:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/16 13:35:01 | 000,005,627 | ---- | M] () -- C:\Users\Ira\Documents\Positions by Account for Ira and Carrie.csv
[2012/11/16 11:50:28 | 000,106,562 | ---- | M] () -- C:\Users\Ira\Documents\JCP VL nov 2012.pdf
[2012/11/16 08:29:54 | 000,640,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/16 08:29:54 | 000,118,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/16 08:23:29 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\SyncBack Ira Backup.job
[2012/11/16 08:22:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/16 08:22:02 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/16 08:21:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/11/15 15:38:45 | 000,000,940 | ---- | M] () -- C:\Users\Ira\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/11/14 13:38:08 | 000,067,656 | ---- | M] () -- C:\Users\Ira\Documents\RRD E release 3Q 2012.pdf
[2012/11/14 11:30:53 | 000,062,750 | ---- | M] () -- C:\Users\Ira\Documents\IGT trade chart.pdf
[2012/11/14 11:09:18 | 000,080,545 | ---- | M] () -- C:\Users\Ira\Documents\WTW VL nov 2012.pdf
[2012/11/14 10:32:19 | 000,039,485 | ---- | M] () -- C:\Users\Ira\Documents\RAD ATP chart.pdf
[2012/11/14 10:10:19 | 000,270,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/14 09:20:58 | 000,002,651 | ---- | M] () -- C:\Users\Ira\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/11/13 15:05:00 | 004,664,231 | ---- | M] () -- C:\Users\Ira\Documents\Jeffereis PB pitch v12.1pptx.pdf
[2012/11/13 13:02:29 | 000,120,147 | ---- | M] () -- C:\Users\Ira\Documents\IGT VL nov 2012.pdf
[2012/11/13 11:13:38 | 000,080,115 | ---- | M] () -- C:\Users\Ira\Documents\IGT E disc QE.pdf
[2012/11/13 10:10:09 | 000,054,197 | ---- | M] () -- C:\Users\Ira\Documents\JCP chart nov 14 2012.pdf
[2012/11/13 09:26:20 | 000,200,426 | ---- | M] () -- C:\Users\Ira\Documents\hedging strategies using options.pdf
[2012/11/12 20:57:54 | 000,002,609 | ---- | M] () -- C:\Users\Ira\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/11/12 20:57:36 | 000,108,449 | ---- | M] () -- C:\Users\Ira\Documents\DO VL nov 2012.pdf
[2012/11/12 14:51:40 | 000,122,357 | ---- | M] () -- C:\Users\Ira\Documents\short int test.pdf
[2012/11/12 14:14:37 | 000,242,883 | ---- | M] () -- C:\Users\Ira\Documents\GoDaddy 1 yr renewal.pdf
[2012/11/12 13:43:27 | 002,296,282 | ---- | M] () -- C:\Users\Ira\Documents\IAB singleFundGetStarted.pdf
[2012/11/12 12:17:45 | 000,183,294 | ---- | M] () -- C:\Users\Ira\Documents\Database Oasis purchase receipt.pdf
[2012/11/12 12:13:19 | 000,001,831 | ---- | M] () -- C:\Users\Ira\Desktop\Database Oasis.lnk
[2012/11/12 11:14:43 | 000,039,092 | ---- | M] () -- C:\Users\Ira\Documents\RRD VL nov 2012.pdf
[2012/11/12 10:45:32 | 000,176,392 | ---- | M] () -- C:\Users\Ira\Documents\RRD S&P neg outlook.pdf
[2012/11/10 11:11:06 | 000,474,331 | ---- | M] () -- C:\Users\Ira\Documents\bond funds.pdf
[2012/11/10 10:22:46 | 000,083,277 | ---- | M] () -- C:\Users\Ira\Documents\HPQ VL oct 2012.pdf
[2012/11/08 10:54:36 | 000,607,527 | ---- | M] () -- C:\Users\Ira\Documents\interactive broker friends family advisor example.pdf
[2012/11/07 16:04:38 | 000,030,197 | ---- | M] () -- C:\Users\Ira\Documents\Balance_x(numbers retracted).html
[2012/11/07 16:04:38 | 000,030,158 | ---- | M] () -- C:\Users\Ira\Documents\Balance_X(numbers retracted).html
[2012/11/07 16:04:38 | 000,022,936 | ---- | M] () -- C:\Users\Ira\Documents\Balance_(numbers retracted).html
[2012/11/07 16:04:38 | 000,022,928 | ---- | M] () -- C:\Users\Ira\Documents\Balance_X(numbers retracted).html
[2012/11/07 16:04:33 | 000,000,000 | ---- | M] () -- C:\Users\Ira\Documents\about
[2012/11/07 12:08:01 | 000,031,311 | ---- | M] () -- C:\Users\Ira\Documents\Balance_Z(numbers retracted).html
[2012/11/07 11:51:05 | 000,010,755 | ---- | M] () -- C:\Users\Ira\Documents\Positions by Account retracted.csv
[2012/11/07 10:05:23 | 000,002,650 | ---- | M] () -- C:\Users\Ira\Documents\Account Balances (Brokerage).csv
[2012/11/05 13:43:05 | 000,399,897 | ---- | M] () -- C:\Users\Ira\Documents\Five ways to save a Web page _ How To - CNET.pdf
[2012/11/02 16:31:36 | 000,109,859 | ---- | M] () -- C:\Users\Ira\Documents\about_blank.pdf
[2012/11/02 11:16:38 | 000,008,597 | ---- | M] () -- C:\Users\Ira\Documents\VoluntaryCorporateActionPending10292012.pdf
[2012/11/01 15:37:35 | 000,566,723 | ---- | M] () -- C:\Users\Ira\Documents\L 10q Q3 2012.pdf
[2012/11/01 15:30:39 | 006,512,188 | ---- | M] () -- C:\Users\Ira\Documents\Investment Performance Measurement.pdf
[2012/11/01 08:09:51 | 000,021,438 | ---- | M] () -- C:\Users\Ira\Documents\oct 31 2012.csv
[2012/11/01 08:06:33 | 000,022,986 | ---- | M] () -- C:\Users\Ira\Documents\ACTIVITY month oct 12.csv
[2012/10/30 13:52:42 | 000,483,399 | ---- | M] () -- C:\Users\Ira\Documents\roger k estate tax article.pdf
[2012/10/28 09:59:44 | 000,000,000 | ---- | M] () -- C:\Users\Ira\Documents\LOG
[2012/10/28 09:51:09 | 000,014,112 | ---- | M] () -- C:\Users\Ira\Documents\ARI I.csv.ods
[2012/10/28 09:27:57 | 000,019,849 | ---- | M] () -- C:\Users\Ira\Documents\ARI I.csv
[2012/10/25 15:26:08 | 000,064,221 | ---- | M] () -- C:\Users\Ira\Documents\RRD VL aug 2012.pdf
[2012/10/25 09:12:47 | 000,033,895 | ---- | M] () -- C:\Users\Ira\Documents\FFIV VL sept 2012.pdf
[2012/10/24 10:21:00 | 001,292,619 | ---- | M] () -- C:\Users\Ira\Documents\photo my signature.JPG
[2012/10/24 10:16:32 | 000,019,968 | ---- | M] () -- C:\Users\Ira\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/23 13:41:39 | 000,101,003 | ---- | M] () -- C:\Users\Ira\Documents\JEF VL oct 2012.pdf
[2012/10/19 08:11:33 | 000,369,359 | ---- | M] () -- C:\Users\Ira\Documents\bookmarks_10_19_12.html
[2012/10/18 17:24:14 | 000,069,297 | ---- | M] () -- C:\Users\Ira\Documents\snapshot backup.JPG
[2012/10/18 15:19:46 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Fidelity Active Trader Pro.lnk
[2012/10/18 15:19:46 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Fidelity Active Trader Pro Beta 9.7.lnk

========== Files Created - No Company Name ==========

[2012/11/16 13:34:59 | 000,005,627 | ---- | C] () -- C:\Users\Ira\Documents\Positions by Account for Ira and Carrie.csv
[2012/11/16 11:35:27 | 000,106,562 | ---- | C] () -- C:\Users\Ira\Documents\JCP VL nov 2012.pdf
[2012/11/15 10:15:25 | 3210,784,768 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/14 13:37:02 | 000,067,656 | ---- | C] () -- C:\Users\Ira\Documents\RRD E release 3Q 2012.pdf
[2012/11/14 11:28:40 | 000,062,750 | ---- | C] () -- C:\Users\Ira\Documents\IGT trade chart.pdf
[2012/11/14 11:01:16 | 000,080,545 | ---- | C] () -- C:\Users\Ira\Documents\WTW VL nov 2012.pdf
[2012/11/14 10:31:33 | 000,039,485 | ---- | C] () -- C:\Users\Ira\Documents\RAD ATP chart.pdf
[2012/11/13 11:19:42 | 000,120,147 | ---- | C] () -- C:\Users\Ira\Documents\IGT VL nov 2012.pdf
[2012/11/13 11:10:53 | 000,080,115 | ---- | C] () -- C:\Users\Ira\Documents\IGT E disc QE.pdf
[2012/11/13 10:08:39 | 000,054,197 | ---- | C] () -- C:\Users\Ira\Documents\JCP chart nov 14 2012.pdf
[2012/11/13 09:26:20 | 000,200,426 | ---- | C] () -- C:\Users\Ira\Documents\hedging strategies using options.pdf
[2012/11/12 19:30:48 | 000,108,449 | ---- | C] () -- C:\Users\Ira\Documents\DO VL nov 2012.pdf
[2012/11/12 14:45:44 | 000,122,357 | ---- | C] () -- C:\Users\Ira\Documents\short int test.pdf
[2012/11/12 14:14:37 | 000,242,883 | ---- | C] () -- C:\Users\Ira\Documents\GoDaddy 1 yr renewal.pdf
[2012/11/12 13:43:27 | 002,296,282 | ---- | C] () -- C:\Users\Ira\Documents\IAB singleFundGetStarted.pdf
[2012/11/12 12:17:45 | 000,183,294 | ---- | C] () -- C:\Users\Ira\Documents\Database Oasis purchase receipt.pdf
[2012/11/12 12:13:19 | 000,001,831 | ---- | C] () -- C:\Users\Ira\Desktop\Database Oasis.lnk
[2012/11/12 10:47:07 | 000,039,092 | ---- | C] () -- C:\Users\Ira\Documents\RRD VL nov 2012.pdf
[2012/11/12 10:35:34 | 000,176,392 | ---- | C] () -- C:\Users\Ira\Documents\RRD S&P neg outlook.pdf
[2012/11/10 11:11:00 | 000,474,331 | ---- | C] () -- C:\Users\Ira\Documents\bond funds.pdf
[2012/11/09 14:21:47 | 000,083,277 | ---- | C] () -- C:\Users\Ira\Documents\HPQ VL oct 2012.pdf
[2012/11/08 10:54:29 | 000,607,527 | ---- | C] () -- C:\Users\Ira\Documents\interactive broker friends family advisor example.pdf
[2012/11/07 11:51:03 | 000,010,755 | ---- | C] () -- C:\Users\Ira\Documents\Positions by Account retracted.csv
[2012/11/07 10:15:46 | 000,031,311 | ---- | C] () -- C:\Users\Ira\Documents\Balance_Z(numbers retracted).html
[2012/11/07 09:59:35 | 000,002,650 | ---- | C] () -- C:\Users\Ira\Documents\Account Balances (Brokerage).csv
[2012/11/05 13:43:05 | 000,399,897 | ---- | C] () -- C:\Users\Ira\Documents\Five ways to save a Web page _ How To - CNET.pdf
[2012/11/02 16:28:04 | 000,109,859 | ---- | C] () -- C:\Users\Ira\Documents\about_blank.pdf
[2012/11/02 11:16:23 | 000,008,597 | ---- | C] () -- C:\Users\Ira\Documents\VoluntaryCorporateActionPending10292012.pdf
[2012/11/01 15:30:36 | 006,512,188 | ---- | C] () -- C:\Users\Ira\Documents\Investment Performance Measurement.pdf
[2012/11/01 09:00:30 | 000,030,197 | ---- | C] () -- C:\Users\Ira\Documents\Balance_X(numbers retracted).html
[2012/11/01 09:00:15 | 000,030,158 | ---- | C] () -- C:\Users\Ira\Documents\Balance_(numbers retracted).html
[2012/11/01 09:00:15 | 000,022,936 | ---- | C] () -- C:\Users\Ira\Documents\Balance_(numbers retracted).html
[2012/11/01 09:00:15 | 000,022,928 | ---- | C] () -- C:\Users\Ira\Documents\Balance_X(numbers retracted).html
[2012/11/01 08:09:50 | 000,021,438 | ---- | C] () -- C:\Users\Ira\Documents\oct 31 2012.csv
[2012/11/01 08:06:30 | 000,022,986 | ---- | C] () -- C:\Users\Ira\Documents\ACTIVITY month oct 12.csv
[2012/10/30 13:52:42 | 000,483,399 | ---- | C] () -- C:\Users\Ira\Documents\roger k estate tax article.pdf
[2012/10/30 13:19:01 | 000,566,723 | ---- | C] () -- C:\Users\Ira\Documents\L 10q Q3 2012.pdf
[2012/10/28 09:59:44 | 000,000,000 | ---- | C] () -- C:\Users\Ira\Documents\LOG
[2012/10/28 09:51:09 | 000,014,112 | ---- | C] () -- C:\Users\Ira\Documents\ARI I.csv.ods
[2012/10/28 09:27:55 | 000,019,849 | ---- | C] () -- C:\Users\Ira\Documents\ARI I.csv
[2012/10/25 09:12:41 | 000,033,895 | ---- | C] () -- C:\Users\Ira\Documents\FFIV VL sept 2012.pdf
[2012/10/22 19:45:35 | 000,101,003 | ---- | C] () -- C:\Users\Ira\Documents\JEF VL oct 2012.pdf
[2012/10/19 08:11:32 | 000,369,359 | ---- | C] () -- C:\Users\Ira\Documents\bookmarks_10_19_12.html
[2012/10/18 17:24:12 | 000,069,297 | ---- | C] () -- C:\Users\Ira\Documents\snapshot backup.JPG
[2012/10/18 15:19:46 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Fidelity Active Trader Pro.lnk
[2012/10/18 15:19:46 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Fidelity Active Trader Pro Beta 9.7.lnk
[2012/10/06 10:53:58 | 000,000,079 | ---- | C] () -- C:\Windows\EWF645.ini
[2012/10/06 10:03:27 | 002,719,723 | ---- | C] () -- C:\Users\Ira\active trader pro manual.pdf
[2012/05/30 12:57:22 | 000,061,935 | ---- | C] () -- C:\Users\Ira\MLI VL may 2012.pdf
[2012/04/03 09:29:15 | 000,007,295 | ---- | C] () -- C:\Users\Ira\Irene 2011 exp for condo.csv
[2011/11/22 15:27:42 | 001,268,302 | ---- | C] () -- C:\Users\Ira\JEF 10Q ended 9_2011.pdf
[2011/11/09 10:59:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll
[2011/11/09 10:59:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd11.dll
[2011/11/09 10:59:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll
[2011/08/09 12:37:26 | 038,785,536 | ---- | C] () -- C:\Users\Ira\ATsetup.msi
[2011/08/04 08:18:09 | 001,035,926 | ---- | C] () -- C:\Users\Ira\MozBackup-1.5.1-EN.exe
[2011/06/30 14:49:42 | 000,038,456 | ---- | C] () -- C:\Users\Ira\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/05/31 14:39:23 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/02/17 13:13:43 | 000,005,972 | ---- | C] () -- C:\Users\Ira\AppData\Local\d3d9caps.dat
[2011/02/09 23:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2011/01/16 22:42:07 | 000,019,968 | ---- | C] () -- C:\Users\Ira\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/08 23:38:39 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/01/07 16:54:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/07 16:54:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/07 16:24:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/01/04 18:50:17 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2011/01/04 18:50:16 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2011/01/04 18:50:16 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2011/01/04 18:50:16 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2011/01/04 18:50:16 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2011/01/04 18:50:13 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2010/05/12 23:57:50 | 000,380,074 | ---- | C] () -- C:\Program Files\Claim_your_free_PDF_converter.pdf

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/14 14:57:07 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\Affixa
[2011/01/10 11:30:57 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\Blackberry Desktop
[2012/11/16 08:25:13 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\Dropbox
[2012/10/10 11:55:35 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\Epson
[2011/10/30 15:39:34 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\GogTasks
[2012/10/06 11:25:59 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\Leadertech
[2012/10/16 09:04:20 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\Mapi2Xml
[2011/01/17 09:15:24 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\MozBackup
[2012/11/14 11:28:42 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\PrimoPDF
[2011/01/10 11:10:13 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\Research In Motion
[2012/11/13 14:01:27 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\webex

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 30 bytes -> C:\Users\Ira\Documents\Balance_about:blank.html
@Alternate Data Stream - 30 bytes -> C:\Users\Ira\Documents\about:blank.html
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >




--

OTL extras:

OTL Extras logfile created on: 11/16/2012 4:07:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ira\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 42.54% Memory free
6.18 Gb Paging File | 4.44 Gb Available in Paging File | 71.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.32 Gb Total Space | 98.07 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.60 Gb Free Space | 64.00% Space Free | Partition Type: NTFS

Computer Name: IRA-PC | User Name: Ira | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A061F7-E38E-40FE-8444-1A90D7435634}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{5467663C-2AE7-46DE-B98D-F3A32BFFAA14}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8429BB68-1B4A-4E92-A40D-DAAEA37F01EB}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{B3725B5F-616D-42B7-BEB7-31A4501EE401}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{F35B7929-1235-43C3-9E03-373B446ADAC4}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030569C0-7011-47C3-ACA3-44D000EE5CD1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1F4B4AB9-DF76-439A-AFB9-075DCBFD14A3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1FA85B3B-91BC-449D-BB6D-AD106927796D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{245CC05F-66BD-401E-82AB-765003A90F06}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{42846F74-4DC3-4942-A854-E2CECCE0ABB7}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{562D95DD-A508-4BE4-9623-759807065535}" = protocol=6 | dir=in | app=c:\users\ira\appdata\local\temp\wzse0.tmp\common\epsonnet setup\eneasyapp.exe |
"{5640A7DF-2D82-4F65-96E8-BB86C3836683}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{631C5BD3-0B40-4038-9D46-02A61D5BE275}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9AE25A8F-093D-4689-82C3-0CD88D6B88B8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A1460E59-942F-44CB-BAA7-7C8A755DD918}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A7DF1F01-612C-4F97-B354-AFAC81D4375F}" = protocol=17 | dir=in | app=c:\users\ira\appdata\local\temp\wzse0.tmp\common\epsonnet setup\eneasyapp.exe |
"{A88D5B19-5AE3-4C4F-BF87-2D9FE83CA9ED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AF3429C4-8F1B-4CF9-999F-DDF8D69EA7BF}" = protocol=17 | dir=in | app=c:\users\ira\appdata\roaming\dropbox\bin\dropbox.exe |
"{D51E3A7C-340C-4DD6-80F1-2B631C3F1F0E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E2B0D965-05F7-4E07-9BB9-7F70672BC3E1}" = protocol=6 | dir=in | app=c:\users\ira\appdata\roaming\dropbox\bin\dropbox.exe |
"{E9BA5A0D-F643-458C-9846-091B5FA2B89C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{14225D76-96EC-445D-8129-7B65B0C779EF}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{1DC59950-01BC-431E-8F4E-B9F5D1D14EB7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{2DD61538-8017-4F56-BBE1-1FC88DFB036C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{8CD3FBC5-49EF-417F-B14B-D42D39660C43}C:\users\ira\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ira\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{9C4ED932-CDB1-47A1-96E7-BA18C4CBE7CE}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{A9A24788-DB01-4F42-9BEB-58243D4D8B82}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{FE11D29D-02A6-4641-83DE-87BF5A6D0900}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{10BBBBBC-AB90-4980-8D37-0129576DFBB8}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{44AB5F3B-8F95-4EB4-80C3-0C646EFFF1D8}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{677F35F4-4446-41DF-8666-99B5B60BC42A}C:\users\ira\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ira\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{739299D6-2E71-4E97-AFE5-82D8CF538DB5}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{7BDA1CD6-8442-433E-966C-1525A4B6DE0C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{BC918C07-A1CC-4477-9CE4-514B268AAE90}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CB9D30B7-06DD-4525-BD02-74F8E8E7FFD8}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22461A1C-BD68-4D90-9897-1DB146D55ECB}" = LogMeIn
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{444DB2B5-28BB-4934-8AFD-2900EB4E873F}" = NBV-100U
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AC47574-7DAD-487C-A2BA-BD242E536753}" = Database Oasis
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{861C4DFA-E691-4BA6-BE6B-D5BA211990B6}" = DisplayLink Core Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A7-0409-0000-0000000FF1CE}" = Calendar Printing Assistant for Microsoft Office Outlook 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C329579-EA62-4D83-9BDE-FBD0BDA8FD6E}" = Affixa
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{C261E913-1B30-4B72-895A-3815D149B726}" = Fidelity Active Trader Pro®
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{CD2A9B1C-5A9F-4FCB-947F-A2CE5241EB26}" = GogTasks
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}" = Evernote v. 4.5.10
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Affixa 3.12.0624" = Affixa 3.2012.6.24
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON WorkForce 645 Series" = EPSON WorkForce 645 Series Printer Uninstall
"Google Calendar Sync" = Google Calendar Sync
"Google Chrome" = Google Chrome
"hdparm" = hdparm
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OUTLOOKR" = Microsoft Office Outlook 2007
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"ProInst" = Intel® PROSet/Wireless Software
"smartmontools" = smartmontools
"SpywareBlaster_is1" = SpywareBlaster 4.6
"SyncBack_is1" = SyncBack
"Unlocker" = Unlocker 1.9.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Dropbox" = Dropbox
"LastPass" = LastPass (uninstall only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/11/2012 10:21:22 AM | Computer Name = Ira-PC | Source = ESENT | ID = 902
Description = Windows (2552) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x015303E0 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x00001004

Error - 5/11/2012 10:21:22 AM | Computer Name = Ira-PC | Source = ESENT | ID = 902
Description = Windows (2552) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x015303E0 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x00001004

Error - 5/11/2012 10:21:22 AM | Computer Name = Ira-PC | Source = ESENT | ID = 902
Description = Windows (2552) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x015303E0 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x00001004

Error - 5/11/2012 10:21:22 AM | Computer Name = Ira-PC | Source = ESENT | ID = 902
Description = Windows (2552) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x015303E0 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x00001004

Error - 5/11/2012 10:21:22 AM | Computer Name = Ira-PC | Source = ESENT | ID = 902
Description = Windows (2552) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x015303E0 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x00001004

Error - 5/11/2012 10:21:22 AM | Computer Name = Ira-PC | Source = ESENT | ID = 902
Description = Windows (2552) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x015303E0 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x00001004

Error - 5/11/2012 10:21:22 AM | Computer Name = Ira-PC | Source = ESENT | ID = 902
Description = Windows (2552) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x015303E0 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x00001004

Error - 5/11/2012 10:21:22 AM | Computer Name = Ira-PC | Source = ESENT | ID = 902
Description = Windows (2552) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x015303E0 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x00001004

Error - 5/11/2012 10:21:22 AM | Computer Name = Ira-PC | Source = ESENT | ID = 902
Description = Windows (2552) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x015303E0 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x00001004

Error - 5/11/2012 10:21:22 AM | Computer Name = Ira-PC | Source = ESENT | ID = 902
Description = Windows (2552) Windows: The database engine detected multiple threads
illegally using the same database session to perform database operations. SessionId:
0x015303E0 Session-context: 0x00000000 Session-context ThreadId: 0x00000CD4 Current
ThreadId: 0x00001004

[ OSession Events ]
Error - 7/5/2011 4:09:39 PM | Computer Name = Ira-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/14/2011 3:36:14 PM | Computer Name = Ira-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/20/2011 11:51:51 AM | Computer Name = Ira-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 213
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/9/2011 5:17:10 PM | Computer Name = Ira-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2494
seconds with 2400 seconds of active time. This session ended with a crash.

Error - 12/20/2011 5:22:42 PM | Computer Name = Ira-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/2/2012 1:36:44 PM | Computer Name = Ira-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 597
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/15/2012 11:13:53 AM | Computer Name = Ira-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/15/2012 11:14:23 AM | Computer Name = Ira-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/15/2012 11:16:41 AM | Computer Name = Ira-PC | Source = DCOM | ID = 10016
Description =

Error - 11/15/2012 11:17:11 AM | Computer Name = Ira-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/15/2012 11:17:11 AM | Computer Name = Ira-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 11/15/2012 11:17:11 AM | Computer Name = Ira-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 11/16/2012 9:23:17 AM | Computer Name = Ira-PC | Source = DCOM | ID = 10016
Description =

Error - 11/16/2012 9:23:48 AM | Computer Name = Ira-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/16/2012 12:52:05 PM | Computer Name = Ira-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.139.2168.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error
code: 0x80070643 Error description: Fatal error during installation.

Error - 11/16/2012 12:53:05 PM | Computer Name = Ira-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >
  • 0

Advertisements

#2
Crag_Hack
Posted 19 November 2012 - 05:26 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. If you have since resolved the original problem you were having, I would appreciate you letting me know. Please include a clear description of the problems you're having along with any steps you may have performed so far if you haven't already.

Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way or lengthen the time it takes to disinfect your computer. Also please follow your topic to conclusion or your system may not be completely clean, and it will be more vulnerable to future infections.

Throughout our interactions I will be using canned speeches. These are premade speeches for different scenarios we will encounter. If you find errors like bad links in my canned speeches please let me know so I can fix them.

Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.

One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to (unless you are following my disinfection procedures) - if you do have to use your computer please disconnect it from the Internet - that way the current malware cannot propagate further infections.

Expect no more than 36 hours between your post and my response unless World War 3 breaks out and I will need at most 48 hours for initial analysis of your OTL log. Good luck! After 4 days if a topic is not replied to we assume it has been abandoned and it is closed.

We need to get an OTL log with some specific info before starting disinfection. Please do the following:

  • Download OTL from here
  • Double click OTL Posted Image to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Select the Scan All Users box in the middle on the top of the window
  • Under the Custom Scans/Fixes box paste this in:

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
WSHELPER.*
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it in your topic.

  • 0

#3
Iraboi
Posted 19 November 2012 - 08:43 PM

Iraboi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for the response.

--

OTL logfile created on: 11/19/2012 9:14:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Ira\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 43.79% Memory free
6.18 Gb Paging File | 4.57 Gb Available in Paging File | 73.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.32 Gb Total Space | 97.70 Gb Free Space | 45.37% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.60 Gb Free Space | 64.00% Space Free | Partition Type: NTFS

Computer Name: IRA-PC | User Name: Ira | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/16 16:06:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\Ira\Downloads\OTL.exe
PRC - [2012/10/26 14:24:12 | 001,017,184 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/10/26 14:14:36 | 011,715,424 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\Evernote.exe
PRC - [2012/10/26 14:14:36 | 000,395,104 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteTray.exe
PRC - [2012/09/29 18:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/05 17:09:38 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/05 17:09:34 | 002,114,984 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInToolkit.exe
PRC - [2012/07/05 17:09:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 11:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ira\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/06/09 12:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
PRC - [2011/04/24 10:01:00 | 000,219,008 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHVA.EXE
PRC - [2011/04/10 15:06:42 | 000,951,656 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2011/04/10 15:06:40 | 000,730,472 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2011/04/10 15:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/10/12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/04 04:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 04:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 04:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 04:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/11/12 06:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/08/28 00:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/08/29 06:50:42 | 021,009,920 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libcef.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/04 16:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe


========== Services (SafeList) ==========

SRV - [2012/10/09 10:21:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/05 17:09:38 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/05 17:09:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/06/08 11:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011/06/09 12:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2011/04/10 15:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - [2012/11/17 12:16:31 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{52BB06D7-3FA5-46E2-B854-331EC90EB6A0}\MpKsl619270e6.sys -- (MpKsl619270e6)
DRV - [2012/09/29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/07/05 17:10:02 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/06/08 11:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/06/08 11:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/04/10 20:08:50 | 000,021,888 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.6.31854.0.sys -- (DisplayLinkUsbPort)
DRV - [2011/04/10 15:07:03 | 000,182,896 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dlkmd.sys -- (dlkmd)
DRV - [2011/04/10 15:07:03 | 000,027,648 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DisplayLinkGAport.sys -- (DisplayLinkGA)
DRV - [2011/04/10 15:07:03 | 000,024,448 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DisplayLinkmirrorport.sys -- (DisplayLinkmirror)
DRV - [2011/04/10 15:07:03 | 000,014,448 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV - [2010/07/04 14:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2008/06/23 07:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 00:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.dell.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3814757557-2676616072-2102786938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-3814757557-2676616072-2102786938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-3814757557-2676616072-2102786938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-3814757557-2676616072-2102786938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
IE - HKU\S-1-5-21-3814757557-2676616072-2102786938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3814757557-2676616072-2102786938-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-3814757557-2676616072-2102786938-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-3814757557-2676616072-2102786938-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3814757557-2676616072-2102786938-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3814757557-2676616072-2102786938-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3814757557-2676616072-2102786938-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://loginprodx.a...ps&OLDSESSION="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/14 09:19:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/14 09:19:34 | 000,000,000 | ---D | M]

[2012/10/04 19:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ira\AppData\Roaming\Mozilla\Extensions
[2012/10/24 15:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ira\AppData\Roaming\Mozilla\Firefox\Profiles\w095yorr.default\extensions
[2012/10/04 19:09:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/08 10:51:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/12 08:36:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/20 11:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 11:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/08/14 16:49:30 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/08/30 10:38:59 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.att.yahoo.com/mail
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.att.yahoo.com/mail
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Vuru = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjkomipldgcookljbkgffaegdaaohllb\2.0_0\
CHR - Extension: YouTube = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: LastPass = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.14_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.8_0\
CHR - Extension: Google Reader = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Gmail = C:\Users\Ira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AffixaHandlerLib.BHO) - {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} - mscoree.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AffixaPersonalSettings] C:\Program Files\Affixa\AffixaHandler.exe (Notably Good Ltd)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\.DEFAULT..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - HKU\S-1-5-18..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3814757557-2676616072-2102786938-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3814757557-2676616072-2102786938-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHVA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3814757557-2676616072-2102786938-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-3814757557-2676616072-2102786938-1000..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - Startup: C:\Users\Ira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ira\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Ira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9297EE24-D99A-4587-AF5B-874E7D15022E}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Ira\Pictures\favorites\bryce, zion, gc\zionlasvegas 013.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ira\Pictures\favorites\bryce, zion, gc\zionlasvegas 013.jpg
O27 - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3f44a66b-2f2d-11e0-b9b4-0023ae1521e0}\Shell - "" = AutoRun
O33 - MountPoints2\{3f44a66b-2f2d-11e0-b9b4-0023ae1521e0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/16 15:26:05 | 000,000,000 | ---D | C] -- C:\Users\Ira\AppData\Local\MicrosoftStore
[2012/11/15 14:43:54 | 000,000,000 | ---D | C] -- C:\Jts
[2012/11/14 09:20:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/14 09:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/14 09:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/11/13 19:20:37 | 000,000,000 | ---D | C] -- C:\Users\Ira\Documents\ipad 3 surely redundant
[2012/11/13 14:01:25 | 000,000,000 | -HSD | C] -- C:\Users\Ira\Documents\cache
[2012/11/13 14:01:19 | 000,000,000 | ---D | C] -- C:\Users\Ira\AppData\Roaming\webex
[2012/11/13 14:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2012/11/12 12:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Database Oasis
[2012/11/12 12:13:02 | 000,000,000 | ---D | C] -- C:\Users\Ira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Database Oasis
[2012/11/04 12:55:34 | 000,000,000 | --SD | C] -- C:\Users\Ira\Documents\My Data Sources
[2012/10/29 10:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/10/25 08:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/13 14:20:21 | 000,454,120 | ---- | C] (CBS Interactive) -- C:\Users\Ira\cnet_spywareblastersetup44_exe.exe
[2011/07/25 11:09:39 | 016,208,688 | ---- | C] (Dropbox, Inc.) -- C:\Users\Ira\Dropbox 1.1.35.exe

========== Files - Modified Within 30 Days ==========

[2012/11/19 21:21:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/19 21:19:50 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/19 21:06:32 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/19 21:06:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/18 11:57:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 11:57:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/17 10:04:21 | 000,640,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/17 10:04:21 | 000,118,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/17 09:58:27 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\SyncBack Ira Backup.job
[2012/11/17 09:56:37 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/16 17:16:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/11/16 13:35:01 | 000,005,627 | ---- | M] () -- C:\Users\Ira\Documents\Positions by Account for Ira and Carrie.csv
[2012/11/16 11:50:28 | 000,106,562 | ---- | M] () -- C:\Users\Ira\Documents\JCP VL nov 2012.pdf
[2012/11/15 15:38:45 | 000,000,940 | ---- | M] () -- C:\Users\Ira\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/11/14 13:38:08 | 000,067,656 | ---- | M] () -- C:\Users\Ira\Documents\RRD E release 3Q 2012.pdf
[2012/11/14 11:30:53 | 000,062,750 | ---- | M] () -- C:\Users\Ira\Documents\IGT trade chart.pdf
[2012/11/14 11:09:18 | 000,080,545 | ---- | M] () -- C:\Users\Ira\Documents\WTW VL nov 2012.pdf
[2012/11/14 10:32:19 | 000,039,485 | ---- | M] () -- C:\Users\Ira\Documents\RAD ATP chart.pdf
[2012/11/14 10:10:19 | 000,270,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/14 09:20:58 | 000,002,651 | ---- | M] () -- C:\Users\Ira\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/11/13 15:05:00 | 004,664,231 | ---- | M] () -- C:\Users\Ira\Documents\Jeffereis PB pitch v12.1pptx.pdf
[2012/11/13 13:02:29 | 000,120,147 | ---- | M] () -- C:\Users\Ira\Documents\IGT VL nov 2012.pdf
[2012/11/13 11:13:38 | 000,080,115 | ---- | M] () -- C:\Users\Ira\Documents\IGT E disc QE.pdf
[2012/11/13 10:10:09 | 000,054,197 | ---- | M] () -- C:\Users\Ira\Documents\JCP chart nov 14 2012.pdf
[2012/11/13 09:26:20 | 000,200,426 | ---- | M] () -- C:\Users\Ira\Documents\hedging strategies using options.pdf
[2012/11/12 20:57:54 | 000,002,609 | ---- | M] () -- C:\Users\Ira\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/11/12 20:57:36 | 000,108,449 | ---- | M] () -- C:\Users\Ira\Documents\DO VL nov 2012.pdf
[2012/11/12 14:51:40 | 000,122,357 | ---- | M] () -- C:\Users\Ira\Documents\short int test.pdf
[2012/11/12 14:14:37 | 000,242,883 | ---- | M] () -- C:\Users\Ira\Documents\GoDaddy 1 yr renewal.pdf
[2012/11/12 13:43:27 | 002,296,282 | ---- | M] () -- C:\Users\Ira\Documents\IAB singleFundGetStarted.pdf
[2012/11/12 12:17:45 | 000,183,294 | ---- | M] () -- C:\Users\Ira\Documents\Database Oasis purchase receipt.pdf
[2012/11/12 12:13:19 | 000,001,831 | ---- | M] () -- C:\Users\Ira\Desktop\Database Oasis.lnk
[2012/11/12 11:14:43 | 000,039,092 | ---- | M] () -- C:\Users\Ira\Documents\RRD VL nov 2012.pdf
[2012/11/12 10:45:32 | 000,176,392 | ---- | M] () -- C:\Users\Ira\Documents\RRD S&P neg outlook.pdf
[2012/11/10 11:11:06 | 000,474,331 | ---- | M] () -- C:\Users\Ira\Documents\bond funds.pdf
[2012/11/10 10:22:46 | 000,083,277 | ---- | M] () -- C:\Users\Ira\Documents\HPQ VL oct 2012.pdf
[2012/11/08 10:54:36 | 000,607,527 | ---- | M] () -- C:\Users\Ira\Documents\interactive broker friends family advisor example.pdf
[2012/11/07 16:04:38 | 000,030,197 | ---- | M] () -- C:\Users\Ira\Documents\Balance_122.html
[2012/11/07 16:04:38 | 000,030,158 | ---- | M] () -- C:\Users\Ira\Documents\Balance_X4.html
[2012/11/07 16:04:38 | 000,022,936 | ---- | M] () -- C:\Users\Ira\Documents\Balance_40.html
[2012/11/07 16:04:38 | 000,022,928 | ---- | M] () -- C:\Users\Ira\Documents\Balance_X6.html
[2012/11/07 16:04:33 | 000,000,000 | ---- | M] () -- C:\Users\Ira\Documents\about
[2012/11/07 12:08:01 | 000,031,311 | ---- | M] () -- C:\Users\Ira\Documents\Balance_Z5.html
[2012/11/07 11:51:05 | 000,010,755 | ---- | M] () -- C:\Users\Ira\Documents\Positions by Account retracted.csv
[2012/11/07 10:05:23 | 000,002,650 | ---- | M] () -- C:\Users\Ira\Documents\Account Balances (Brokerage).csv
[2012/11/05 13:43:05 | 000,399,897 | ---- | M] () -- C:\Users\Ira\Documents\Five ways to save a Web page _ How To - CNET.pdf
[2012/11/02 16:31:36 | 000,109,859 | ---- | M] () -- C:\Users\Ira\Documents\about_blank.pdf
[2012/11/02 11:16:38 | 000,008,597 | ---- | M] () -- C:\Users\Ira\Documents\VoluntaryCorporateActionPending10292012.pdf
[2012/11/01 15:37:35 | 000,566,723 | ---- | M] () -- C:\Users\Ira\Documents\L 10q Q3 2012.pdf
[2012/11/01 15:30:39 | 006,512,188 | ---- | M] () -- C:\Users\Ira\Documents\Investment Performance Measurement.pdf
[2012/11/01 08:09:51 | 000,021,438 | ---- | M] () -- C:\Users\Ira\Documents\oct 31 2012.csv
[2012/11/01 08:06:33 | 000,022,986 | ---- | M] () -- C:\Users\Ira\Documents\ACTIVITY month oct 12.csv
[2012/10/30 13:52:42 | 000,483,399 | ---- | M] () -- C:\Users\Ira\Documents\roger k estate tax article.pdf
[2012/10/28 09:59:44 | 000,000,000 | ---- | M] () -- C:\Users\Ira\Documents\LOG
[2012/10/28 09:51:09 | 000,014,112 | ---- | M] () -- C:\Users\Ira\Documents\ARI I.csv.ods
[2012/10/28 09:27:57 | 000,019,849 | ---- | M] () -- C:\Users\Ira\Documents\ARI I.csv
[2012/10/25 15:26:08 | 000,064,221 | ---- | M] () -- C:\Users\Ira\Documents\RRD VL aug 2012.pdf
[2012/10/25 09:12:47 | 000,033,895 | ---- | M] () -- C:\Users\Ira\Documents\FFIV VL sept 2012.pdf
[2012/10/24 10:21:00 | 001,292,619 | ---- | M] () -- C:\Users\Ira\Documents\photo my signature.JPG
[2012/10/24 10:16:32 | 000,019,968 | ---- | M] () -- C:\Users\Ira\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/23 13:41:39 | 000,101,003 | ---- | M] () -- C:\Users\Ira\Documents\JEF VL oct 2012.pdf

========== Files Created - No Company Name ==========

[2012/11/16 13:34:59 | 000,005,627 | ---- | C] () -- C:\Users\Ira\Documents\Positions by Account for Ira and Carrie.csv
[2012/11/16 11:35:27 | 000,106,562 | ---- | C] () -- C:\Users\Ira\Documents\JCP VL nov 2012.pdf
[2012/11/15 10:15:25 | 3210,784,768 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/14 13:37:02 | 000,067,656 | ---- | C] () -- C:\Users\Ira\Documents\RRD E release 3Q 2012.pdf
[2012/11/14 11:28:40 | 000,062,750 | ---- | C] () -- C:\Users\Ira\Documents\IGT trade chart.pdf
[2012/11/14 11:01:16 | 000,080,545 | ---- | C] () -- C:\Users\Ira\Documents\WTW VL nov 2012.pdf
[2012/11/14 10:31:33 | 000,039,485 | ---- | C] () -- C:\Users\Ira\Documents\RAD ATP chart.pdf
[2012/11/13 11:19:42 | 000,120,147 | ---- | C] () -- C:\Users\Ira\Documents\IGT VL nov 2012.pdf
[2012/11/13 11:10:53 | 000,080,115 | ---- | C] () -- C:\Users\Ira\Documents\IGT E disc QE.pdf
[2012/11/13 10:08:39 | 000,054,197 | ---- | C] () -- C:\Users\Ira\Documents\JCP chart nov 14 2012.pdf
[2012/11/13 09:26:20 | 000,200,426 | ---- | C] () -- C:\Users\Ira\Documents\hedging strategies using options.pdf
[2012/11/12 19:30:48 | 000,108,449 | ---- | C] () -- C:\Users\Ira\Documents\DO VL nov 2012.pdf
[2012/11/12 14:45:44 | 000,122,357 | ---- | C] () -- C:\Users\Ira\Documents\short int test.pdf
[2012/11/12 14:14:37 | 000,242,883 | ---- | C] () -- C:\Users\Ira\Documents\GoDaddy 1 yr renewal.pdf
[2012/11/12 13:43:27 | 002,296,282 | ---- | C] () -- C:\Users\Ira\Documents\IAB singleFundGetStarted.pdf
[2012/11/12 12:17:45 | 000,183,294 | ---- | C] () -- C:\Users\Ira\Documents\Database Oasis purchase receipt.pdf
[2012/11/12 12:13:19 | 000,001,831 | ---- | C] () -- C:\Users\Ira\Desktop\Database Oasis.lnk
[2012/11/12 10:47:07 | 000,039,092 | ---- | C] () -- C:\Users\Ira\Documents\RRD VL nov 2012.pdf
[2012/11/12 10:35:34 | 000,176,392 | ---- | C] () -- C:\Users\Ira\Documents\RRD S&P neg outlook.pdf
[2012/11/10 11:11:00 | 000,474,331 | ---- | C] () -- C:\Users\Ira\Documents\bond funds.pdf
[2012/11/09 14:21:47 | 000,083,277 | ---- | C] () -- C:\Users\Ira\Documents\HPQ VL oct 2012.pdf
[2012/11/08 10:54:29 | 000,607,527 | ---- | C] () -- C:\Users\Ira\Documents\interactive broker friends family advisor example.pdf
[2012/11/07 11:51:03 | 000,010,755 | ---- | C] () -- C:\Users\Ira\Documents\Positions by Account retracted.csv
[2012/11/07 10:15:46 | 000,031,311 | ---- | C] () -- C:\Users\Ira\Documents\Balance_805.html
[2012/11/07 09:59:35 | 000,002,650 | ---- | C] () -- C:\Users\Ira\Documents\Account Balances (Brokerage).csv
[2012/11/05 13:43:05 | 000,399,897 | ---- | C] () -- C:\Users\Ira\Documents\Five ways to save a Web page _ How To - CNET.pdf
[2012/11/02 16:28:04 | 000,109,859 | ---- | C] () -- C:\Users\Ira\Documents\about_blank.pdf
[2012/11/02 11:16:23 | 000,008,597 | ---- | C] () -- C:\Users\Ira\Documents\VoluntaryCorporateActionPending10292012.pdf
[2012/11/01 15:30:36 | 006,512,188 | ---- | C] () -- C:\Users\Ira\Documents\Investment Performance Measurement.pdf
[2012/11/01 09:00:30 | 000,030,197 | ---- | C] () -- C:\Users\Ira\Documents\Balance_X5122.html
[2012/11/01 09:00:15 | 000,030,158 | ---- | C] () -- C:\Users\Ira\Documents\Balance_X5984.html
[2012/11/01 09:00:15 | 000,022,936 | ---- | C] () -- C:\Users\Ira\Documents\Balance_20.html
[2012/11/01 09:00:15 | 000,022,928 | ---- | C] () -- C:\Users\Ira\Documents\Balance_X56.html
[2012/11/01 08:09:50 | 000,021,438 | ---- | C] () -- C:\Users\Ira\Documents\oct 31 2012.csv
[2012/11/01 08:06:30 | 000,022,986 | ---- | C] () -- C:\Users\Ira\Documents\ACTIVITY month oct 12.csv
[2012/10/30 13:52:42 | 000,483,399 | ---- | C] () -- C:\Users\Ira\Documents\roger k estate tax article.pdf
[2012/10/30 13:19:01 | 000,566,723 | ---- | C] () -- C:\Users\Ira\Documents\L 10q Q3 2012.pdf
[2012/10/28 09:59:44 | 000,000,000 | ---- | C] () -- C:\Users\Ira\Documents\LOG
[2012/10/28 09:51:09 | 000,014,112 | ---- | C] () -- C:\Users\Ira\Documents\ARI I.csv.ods
[2012/10/28 09:27:55 | 000,019,849 | ---- | C] () -- C:\Users\Ira\Documents\ARI I.csv
[2012/10/25 09:12:41 | 000,033,895 | ---- | C] () -- C:\Users\Ira\Documents\FFIV VL sept 2012.pdf
[2012/10/22 19:45:35 | 000,101,003 | ---- | C] () -- C:\Users\Ira\Documents\JEF VL oct 2012.pdf
[2012/10/06 10:53:58 | 000,000,079 | ---- | C] () -- C:\Windows\EWF645.ini
[2012/10/06 10:03:27 | 002,719,723 | ---- | C] () -- C:\Users\Ira\active trader pro manual.pdf
[2012/05/30 12:57:22 | 000,061,935 | ---- | C] () -- C:\Users\Ira\MLI VL may 2012.pdf
[2012/04/03 09:29:15 | 000,007,295 | ---- | C] () -- C:\Users\Ira\Irene 2011 exp for condo.csv
[2011/11/22 15:27:42 | 001,268,302 | ---- | C] () -- C:\Users\Ira\JEF 10Q ended 9_2011.pdf
[2011/11/09 10:59:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll
[2011/11/09 10:59:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd11.dll
[2011/11/09 10:59:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll
[2011/08/09 12:37:26 | 038,785,536 | ---- | C] () -- C:\Users\Ira\ATsetup.msi
[2011/08/04 08:18:09 | 001,035,926 | ---- | C] () -- C:\Users\Ira\MozBackup-1.5.1-EN.exe
[2011/06/30 14:49:42 | 000,038,456 | ---- | C] () -- C:\Users\Ira\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/05/31 14:39:23 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/02/17 13:13:43 | 000,005,972 | ---- | C] () -- C:\Users\Ira\AppData\Local\d3d9caps.dat
[2011/02/09 23:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2011/01/16 22:42:07 | 000,019,968 | ---- | C] () -- C:\Users\Ira\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/08 23:38:39 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/01/07 16:54:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/07 16:54:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/07 16:24:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/01/04 18:50:17 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2011/01/04 18:50:16 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2011/01/04 18:50:16 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2011/01/04 18:50:16 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2011/01/04 18:50:16 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2011/01/04 18:50:13 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2010/05/12 23:57:50 | 000,380,074 | ---- | C] () -- C:\Program Files\Claim_your_free_PDF_converter.pdf

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/10/26 16:00:40 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Blackberry Desktop
[2012/11/03 19:25:24 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Epson
[2011/10/26 15:42:12 | 000,000,000 | ---D | M] -- C:\Users\Ben\AppData\Roaming\Research In Motion
[2012/08/14 14:57:07 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\Affixa
[2011/01/10 11:30:57 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\Blackberry Desktop
[2012/11/19 21:07:53 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\Dropbox
[2012/10/10 11:55:35 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\Epson
[2011/10/30 15:39:34 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\GogTasks
[2012/10/06 11:25:59 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\Leadertech
[2012/10/16 09:04:20 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\Mapi2Xml
[2011/01/17 09:15:24 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\MozBackup
[2012/11/14 11:28:42 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\PrimoPDF
[2011/01/10 11:10:13 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\Research In Motion
[2012/11/13 14:01:27 | 000,000,000 | ---D | M] -- C:\Users\Ira\AppData\Roaming\webex

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2009/04/11 12:59:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/11 12:59:39 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/11 12:59:39 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 12:59:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CSS >
[2012/04/18 17:06:44 | 000,000,093 | ---- | M] () MD5=F15FB82C578490B209442B8C1D5076CC -- C:\ProgramData\Intuit\Quicken\Inet\Common\Localweb\Services\Services.css

< MD5 for: SERVICES.EXE >
[2008/01/20 21:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.INI >
[2012/04/18 17:06:44 | 000,000,012 | ---- | M] () MD5=810C4D394B59FF7116A0CD6052286C41 -- C:\ProgramData\Intuit\Quicken\Inet\Common\Localweb\Services\Services.ini

< MD5 for: SERVICES.LNK >
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< MD5 for: WSHELPER.DLL.MUI >
[2006/11/02 07:41:20 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=1955EB7701DAB4C078BCCDFC5D2D1EE8 -- C:\Windows\System32\en-US\wshelper.dll.mui
[2006/11/02 07:41:20 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=1955EB7701DAB4C078BCCDFC5D2D1EE8 -- C:\Windows\winsxs\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.0.6000.16386_en-us_aba6a9ba9bd9dfc2\wshelper.dll.mui

< C:\Windows\assembly\tmp\U\*.* /s >
[2006/11/02 08:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 08:01:49 | 000,032,622 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/16 23:35:26 | 000,000,426 | ---- | C] () -- C:\Windows\Tasks\SyncBack Ira Backup.job
[2011/09/13 11:02:03 | 000,000,876 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/09/13 11:02:06 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/04/12 08:35:45 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: IRA-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 D RECOVERY NTFS Partition 15 GB Healthy
Volume 2 C OS NTFS Partition 215 GB Healthy System

========== Alternate Data Streams ==========

@Alternate Data Stream - 30 bytes -> C:\Users\Ira\Documents\Balance_about:blank.html
@Alternate Data Stream - 30 bytes -> C:\Users\Ira\Documents\about:blank.html
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
  • 0

#4
Crag_Hack
Posted 20 November 2012 - 05:06 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi Iraboi. I finished looking at your OTL log. It looks pretty clean. The next step is to run a special program to search for infections prevalent these days. Please do the following:

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer yes

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

  • 0

#5
Iraboi
Posted 20 November 2012 - 08:56 PM

Iraboi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here's the log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-20 21:00:26
-----------------------------
21:00:26.872 OS Version: Windows 6.0.6002 Service Pack 2
21:00:26.872 Number of processors: 2 586 0xF0D
21:00:26.888 ComputerName: IRA-PC UserName: Ira
21:00:32.457 Initialize success
21:02:45.330 AVAST engine defs: 12112000
21:03:25.665 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:03:25.665 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:03:25.681 Disk 0 MBR read successfully
21:03:25.696 Disk 0 MBR scan
21:03:25.743 Disk 0 Windows VISTA default MBR code
21:03:25.759 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
21:03:25.821 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 129024
21:03:25.915 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 220489 MB offset 31586304
21:03:25.993 Disk 0 Partition - 00 0F Extended LBA 2562 MB offset 483147776
21:03:26.102 Disk 0 Partition 4 00 DD MSDOS5.0 2561 MB offset 483149824
21:03:26.367 Disk 0 scanning sectors +488394752
21:03:26.554 Disk 0 scanning C:\Windows\system32\drivers
21:04:05.539 Service scanning
21:04:36.317 Service MpKsl0efea50a c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77787304-FA52-4B24-861C-5BDAD3043CE7}\MpKsl0efea50a.sys **LOCKED** 32
21:05:26.972 Modules scanning
21:06:15.690 Disk 0 trace - called modules:
21:06:15.737 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll partmgr.sys volmgr.sys ecache.sys volsnap.sys Ntfs.sys
21:06:15.753 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86436968]
21:06:15.768 3 CLASSPNP.SYS[8a7b38b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x854ff030]
21:06:16.798 AVAST engine scan C:\Windows
21:06:21.228 AVAST engine scan C:\Windows\system32
21:13:37.255 AVAST engine scan C:\Windows\system32\drivers
21:14:11.902 AVAST engine scan C:\Users\Ira
21:50:33.024 AVAST engine scan C:\ProgramData
21:53:42.050 Scan finished successfully
21:54:34.731 Disk 0 MBR has been saved successfully to "C:\Users\Ira\Downloads\MBR.dat"
21:54:34.778 The log file has been saved successfully to "C:\Users\Ira\Downloads\aswMBR.txt"


Thanks
  • 0

#6
Crag_Hack
Posted 21 November 2012 - 12:28 AM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi Iraboi. aswMBR log looks clean too. Let's try TDSSKiller see if anything shows up. I will be on the road tomorrow but ought to have some time to look at your log. If not I will definitely get back to you Thursday.

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#7
Iraboi
Posted 21 November 2012 - 05:36 AM

Iraboi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for the quick response Josh.

--

06:21:07.0264 2616 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
06:21:09.0276 2616 ============================================================
06:21:09.0276 2616 Current date / time: 2012/11/21 06:21:09.0276
06:21:09.0276 2616 SystemInfo:
06:21:09.0276 2616
06:21:09.0276 2616 OS Version: 6.0.6002 ServicePack: 2.0
06:21:09.0276 2616 Product type: Workstation
06:21:09.0276 2616 ComputerName: IRA-PC
06:21:09.0276 2616 UserName: Ira
06:21:09.0276 2616 Windows directory: C:\Windows
06:21:09.0276 2616 System windows directory: C:\Windows
06:21:09.0276 2616 Processor architecture: Intel x86
06:21:09.0276 2616 Number of processors: 2
06:21:09.0276 2616 Page size: 0x1000
06:21:09.0276 2616 Boot type: Normal boot
06:21:09.0276 2616 ============================================================
06:21:13.0739 2616 BG loaded
06:21:14.0893 2616 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:21:15.0049 2616 ============================================================
06:21:15.0049 2616 \Device\Harddisk0\DR0:
06:21:15.0049 2616 MBR partitions:
06:21:15.0049 2616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
06:21:15.0049 2616 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x1AEA4800
06:21:15.0252 2616 ============================================================
06:21:15.0861 2616 C: <-> \Device\Harddisk0\DR0\Partition2
06:21:15.0970 2616 D: <-> \Device\Harddisk0\DR0\Partition1
06:21:15.0970 2616 ============================================================
06:21:15.0970 2616 Initialize success
06:21:15.0970 2616 ============================================================
06:21:51.0617 2700 ============================================================
06:21:51.0617 2700 Scan started
06:21:51.0617 2700 Mode: Manual;
06:21:51.0617 2700 ============================================================
06:21:55.0623 2700 ================ Scan system memory ========================
06:21:55.0623 2700 System memory - ok
06:21:55.0625 2700 ================ Scan services =============================
06:21:57.0179 2700 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
06:21:57.0195 2700 ACPI - ok
06:21:57.0803 2700 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:21:57.0803 2700 AdobeFlashPlayerUpdateSvc - ok
06:21:58.0304 2700 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
06:21:58.0382 2700 adp94xx - ok
06:21:58.0506 2700 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
06:21:58.0522 2700 adpahci - ok
06:21:58.0631 2700 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
06:21:58.0647 2700 adpu160m - ok
06:21:58.0756 2700 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
06:21:58.0787 2700 adpu320 - ok
06:21:58.0912 2700 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:21:58.0912 2700 AeLookupSvc - ok
06:21:58.0990 2700 [ EF1142512BEC12F1C2C87735DA1755BE ] AESTFilters C:\Windows\system32\aestsrv.exe
06:21:58.0990 2700 AESTFilters - ok
06:21:59.0208 2700 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
06:21:59.0208 2700 AFD - ok
06:21:59.0396 2700 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
06:21:59.0411 2700 agp440 - ok
06:21:59.0458 2700 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
06:21:59.0458 2700 aic78xx - ok
06:21:59.0598 2700 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
06:21:59.0645 2700 ALG - ok
06:21:59.0786 2700 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
06:21:59.0786 2700 aliide - ok
06:21:59.0832 2700 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
06:21:59.0832 2700 amdagp - ok
06:21:59.0879 2700 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
06:22:00.0098 2700 amdide - ok
06:22:00.0269 2700 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
06:22:00.0269 2700 AmdK7 - ok
06:22:00.0363 2700 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
06:22:00.0378 2700 AmdK8 - ok
06:22:00.0581 2700 [ A80230BD04F0B8BF05185B369BB1CBB8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
06:22:00.0581 2700 ApfiltrService - ok
06:22:00.0722 2700 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
06:22:00.0737 2700 Appinfo - ok
06:22:01.0392 2700 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:22:01.0424 2700 Apple Mobile Device - ok
06:22:01.0470 2700 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
06:22:01.0470 2700 arc - ok
06:22:01.0564 2700 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
06:22:01.0580 2700 arcsas - ok
06:22:02.0968 2700 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
06:22:03.0420 2700 aspnet_state - ok
06:22:03.0498 2700 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
06:22:03.0514 2700 AsyncMac - ok
06:22:03.0576 2700 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
06:22:03.0576 2700 atapi - ok
06:22:03.0764 2700 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:22:03.0779 2700 AudioEndpointBuilder - ok
06:22:03.0779 2700 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
06:22:03.0795 2700 Audiosrv - ok
06:22:03.0982 2700 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
06:22:03.0982 2700 Beep - ok
06:22:04.0232 2700 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
06:22:04.0247 2700 BFE - ok
06:22:04.0419 2700 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
06:22:04.0419 2700 BITS - ok
06:22:04.0466 2700 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
06:22:04.0466 2700 blbdrive - ok
06:22:04.0793 2700 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
06:22:04.0809 2700 Bonjour Service - ok
06:22:04.0887 2700 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:22:04.0902 2700 bowser - ok
06:22:05.0012 2700 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
06:22:05.0058 2700 BrFiltLo - ok
06:22:05.0121 2700 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
06:22:05.0121 2700 BrFiltUp - ok
06:22:05.0152 2700 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
06:22:05.0152 2700 Browser - ok
06:22:05.0261 2700 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
06:22:05.0277 2700 Brserid - ok
06:22:05.0339 2700 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
06:22:05.0339 2700 BrSerWdm - ok
06:22:05.0370 2700 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
06:22:05.0370 2700 BrUsbMdm - ok
06:22:05.0433 2700 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
06:22:05.0433 2700 BrUsbSer - ok
06:22:05.0573 2700 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
06:22:05.0573 2700 BthEnum - ok
06:22:05.0760 2700 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
06:22:05.0776 2700 BTHMODEM - ok
06:22:05.0870 2700 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
06:22:05.0870 2700 BthPan - ok
06:22:06.0072 2700 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BthPort C:\Windows\system32\Drivers\BTHport.sys
06:22:06.0135 2700 BthPort - ok
06:22:06.0213 2700 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
06:22:06.0213 2700 BthServ - ok
06:22:06.0275 2700 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
06:22:06.0275 2700 BTHUSB - ok
06:22:06.0572 2700 [ 4A28E7BD365377D0512B7EF8C7596D2C ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
06:22:06.0572 2700 btwaudio - ok
06:22:06.0743 2700 [ 5FFDE57253D665067B0886612817EB11 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
06:22:06.0743 2700 btwavdt - ok
06:22:06.0852 2700 [ AB07DC8B05C31A4F95FC73019BE9DB15 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
06:22:06.0852 2700 btwrchid - ok
06:22:06.0977 2700 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:22:06.0977 2700 cdfs - ok
06:22:07.0040 2700 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
06:22:07.0055 2700 cdrom - ok
06:22:07.0149 2700 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
06:22:07.0164 2700 CertPropSvc - ok
06:22:07.0242 2700 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
06:22:07.0242 2700 circlass - ok
06:22:07.0430 2700 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
06:22:07.0430 2700 CLFS - ok
06:22:08.0116 2700 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:22:08.0241 2700 clr_optimization_v2.0.50727_32 - ok
06:22:08.0412 2700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:22:09.0567 2700 clr_optimization_v4.0.30319_32 - ok
06:22:09.0692 2700 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
06:22:09.0707 2700 CmBatt - ok
06:22:09.0785 2700 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
06:22:09.0816 2700 cmdide - ok
06:22:09.0848 2700 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
06:22:09.0848 2700 Compbatt - ok
06:22:09.0863 2700 COMSysApp - ok
06:22:09.0926 2700 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
06:22:09.0957 2700 crcdisk - ok
06:22:09.0988 2700 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
06:22:10.0004 2700 Crusoe - ok
06:22:10.0331 2700 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:22:10.0331 2700 CryptSvc - ok
06:22:10.0752 2700 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
06:22:10.0768 2700 DcomLaunch - ok
06:22:10.0846 2700 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
06:22:10.0846 2700 DfsC - ok
06:22:11.0532 2700 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
06:22:12.0250 2700 DFSR - ok
06:22:12.0437 2700 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
06:22:12.0437 2700 Dhcp - ok
06:22:12.0702 2700 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
06:22:12.0702 2700 disk - ok
06:22:12.0936 2700 [ C3EB4E3D6DE528301FF9418DE974D9FE ] DisplayLinkGA C:\Windows\system32\DRIVERS\DisplayLinkGAport.sys
06:22:12.0936 2700 DisplayLinkGA - ok
06:22:13.0030 2700 [ B27A1C70013724709B2E712A747B5C78 ] DisplayLinkmirror C:\Windows\system32\DRIVERS\DisplayLinkmirrorport.sys
06:22:13.0046 2700 DisplayLinkmirror - ok
06:22:14.0528 2700 [ 3404BB885D265549C2FCC7CB24B4828D ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
06:22:14.0590 2700 DisplayLinkService - ok
06:22:14.0684 2700 [ ADCCC97AD9AF22D019428B6773F23150 ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys
06:22:14.0684 2700 DisplayLinkUsbPort - ok
06:22:14.0855 2700 [ B19E212EF403999DADD5F337746DD21D ] dlkmd C:\Windows\system32\drivers\dlkmd.sys
06:22:14.0855 2700 dlkmd - ok
06:22:15.0011 2700 [ 4B9C06A5A539A46AAAFACE8BDB65218C ] dlkmdldr C:\Windows\system32\drivers\dlkmdldr.sys
06:22:15.0058 2700 dlkmdldr - ok
06:22:15.0245 2700 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:22:15.0245 2700 Dnscache - ok
06:22:15.0339 2700 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
06:22:15.0354 2700 dot3svc - ok
06:22:15.0588 2700 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
06:22:15.0588 2700 DPS - ok
06:22:15.0807 2700 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:22:15.0869 2700 drmkaud - ok
06:22:15.0947 2700 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:22:15.0963 2700 DXGKrnl - ok
06:22:16.0322 2700 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
06:22:16.0322 2700 e1express - ok
06:22:16.0415 2700 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
06:22:16.0415 2700 E1G60 - ok
06:22:16.0493 2700 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
06:22:20.0596 2700 EapHost - ok
06:22:20.0721 2700 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
06:22:20.0736 2700 Ecache - ok
06:22:20.0846 2700 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
06:22:20.0846 2700 ehRecvr - ok
06:22:20.0877 2700 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
06:22:20.0877 2700 ehSched - ok
06:22:20.0892 2700 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
06:22:20.0908 2700 ehstart - ok
06:22:20.0986 2700 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
06:22:20.0986 2700 elxstor - ok
06:22:21.0064 2700 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
06:22:21.0080 2700 EMDMgmt - ok
06:22:21.0392 2700 [ B78436CA173FF723A1EACE5CD4900375 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
06:22:21.0392 2700 EpsonCustomerParticipation - ok
06:22:21.0438 2700 [ F2A80DE2D1B7116052C09CB4D4CA1416 ] ErrDev C:\Windows\system32\drivers\errdev.sys
06:22:21.0438 2700 ErrDev - ok
06:22:21.0501 2700 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
06:22:21.0501 2700 EventSystem - ok
06:22:21.0626 2700 [ E71B03FF6B819AE1A286AA27E956D523 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
06:22:21.0750 2700 EvtEng - ok
06:22:21.0797 2700 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
06:22:21.0813 2700 exfat - ok
06:22:21.0938 2700 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:22:21.0953 2700 fastfat - ok
06:22:22.0031 2700 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
06:22:22.0031 2700 fdc - ok
06:22:22.0109 2700 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
06:22:22.0125 2700 fdPHost - ok
06:22:22.0125 2700 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
06:22:22.0172 2700 FDResPub - ok
06:22:22.0250 2700 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:22:22.0250 2700 FileInfo - ok
06:22:22.0343 2700 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:22:22.0359 2700 Filetrace - ok
06:22:22.0390 2700 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
06:22:22.0390 2700 flpydisk - ok
06:22:22.0484 2700 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:22:22.0484 2700 FltMgr - ok
06:22:22.0624 2700 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
06:22:22.0671 2700 FontCache - ok
06:22:22.0920 2700 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
06:22:22.0920 2700 FontCache3.0.0.0 - ok
06:22:23.0030 2700 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:22:23.0030 2700 Fs_Rec - ok
06:22:23.0108 2700 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
06:22:23.0108 2700 gagp30kx - ok
06:22:23.0217 2700 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:22:23.0232 2700 GEARAspiWDM - ok
06:22:23.0295 2700 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
06:22:23.0498 2700 gpsvc - ok
06:22:23.0810 2700 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
06:22:23.0810 2700 gupdate - ok
06:22:23.0825 2700 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
06:22:23.0825 2700 gupdatem - ok
06:22:23.0966 2700 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
06:22:23.0981 2700 HDAudBus - ok
06:22:24.0044 2700 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
06:22:24.0059 2700 HidBth - ok
06:22:24.0090 2700 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
06:22:24.0106 2700 HidIr - ok
06:22:24.0215 2700 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
06:22:24.0215 2700 hidserv - ok
06:22:24.0278 2700 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
06:22:24.0278 2700 HidUsb - ok
06:22:24.0402 2700 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
06:22:24.0418 2700 hkmsvc - ok
06:22:24.0496 2700 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
06:22:24.0496 2700 HpCISSs - ok
06:22:24.0574 2700 [ 99F85640054BA65190B860D878A7C9AE ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
06:22:24.0590 2700 HSF_DPV - ok
06:22:24.0652 2700 [ CFBC2B81972E298F0E19EE68FA9E73DA ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
06:22:24.0652 2700 HSXHWAZL - ok
06:22:24.0792 2700 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:22:24.0792 2700 HTTP - ok
06:22:24.0855 2700 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
06:22:24.0855 2700 i2omp - ok
06:22:24.0902 2700 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
06:22:24.0902 2700 i8042prt - ok
06:22:25.0151 2700 [ AE38A12F79A4980DDB88F36514F8A1DA ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
06:22:25.0151 2700 IAANTMON - ok
06:22:25.0214 2700 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
06:22:25.0214 2700 iaStor - ok
06:22:25.0338 2700 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
06:22:25.0354 2700 iaStorV - ok
06:22:25.0760 2700 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:22:25.0916 2700 idsvc - ok
06:22:26.0118 2700 [ C134E69CE901422D1F2D7EA8D69098FE ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
06:22:26.0150 2700 igfx - ok
06:22:26.0181 2700 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
06:22:26.0228 2700 iirsp - ok
06:22:26.0306 2700 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
06:22:26.0337 2700 IKEEXT - ok
06:22:26.0399 2700 [ 98D303CCB3415E9202E82043B37D66DC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
06:22:26.0399 2700 IntcHdmiAddService - ok
06:22:26.0540 2700 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
06:22:26.0586 2700 intelide - ok
06:22:26.0680 2700 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
06:22:26.0680 2700 intelppm - ok
06:22:26.0758 2700 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
06:22:26.0758 2700 IPBusEnum - ok
06:22:26.0789 2700 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:22:26.0805 2700 IpFilterDriver - ok
06:22:26.0883 2700 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
06:22:26.0898 2700 iphlpsvc - ok
06:22:26.0961 2700 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
06:22:26.0976 2700 IPMIDRV - ok
06:22:27.0008 2700 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
06:22:27.0008 2700 IPNAT - ok
06:22:27.0117 2700 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
06:22:27.0132 2700 iPod Service - ok
06:22:27.0195 2700 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:22:27.0226 2700 IRENUM - ok
06:22:27.0257 2700 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
06:22:27.0288 2700 isapnp - ok
06:22:27.0366 2700 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
06:22:27.0366 2700 iScsiPrt - ok
06:22:27.0398 2700 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
06:22:27.0398 2700 iteatapi - ok
06:22:27.0460 2700 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
06:22:27.0460 2700 iteraid - ok
06:22:27.0507 2700 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
06:22:27.0507 2700 kbdclass - ok
06:22:27.0585 2700 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
06:22:27.0585 2700 kbdhid - ok
06:22:27.0694 2700 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
06:22:27.0710 2700 KeyIso - ok
06:22:27.0881 2700 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:22:27.0897 2700 KSecDD - ok
06:22:28.0146 2700 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
06:22:28.0942 2700 KtmRm - ok
06:22:29.0051 2700 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
06:22:29.0051 2700 LanmanServer - ok
06:22:29.0192 2700 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:22:29.0207 2700 LanmanWorkstation - ok
06:22:29.0301 2700 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:22:29.0301 2700 lltdio - ok
06:22:29.0426 2700 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:22:29.0426 2700 lltdsvc - ok
06:22:29.0472 2700 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
06:22:29.0472 2700 lmhosts - ok
06:22:29.0722 2700 [ 3D67740573A70C6C9B1614982CFAC4C5 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
06:22:29.0738 2700 LMIGuardianSvc - ok
06:22:29.0972 2700 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
06:22:29.0972 2700 LMIInfo - ok
06:22:30.0034 2700 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
06:22:30.0034 2700 lmimirr - ok
06:22:30.0096 2700 LMIRfsClientNP - ok
06:22:30.0159 2700 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
06:22:30.0159 2700 LMIRfsDriver - ok
06:22:30.0252 2700 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
06:22:30.0268 2700 LogMeIn - ok
06:22:30.0377 2700 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
06:22:30.0393 2700 LSI_FC - ok
06:22:30.0424 2700 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
06:22:30.0424 2700 LSI_SAS - ok
06:22:30.0518 2700 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
06:22:30.0518 2700 LSI_SCSI - ok
06:22:30.0549 2700 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
06:22:30.0549 2700 luafv - ok
06:22:30.0564 2700 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
06:22:30.0580 2700 MBAMProtector - ok
06:22:30.0642 2700 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
06:22:30.0642 2700 MBAMScheduler - ok
06:22:30.0736 2700 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
06:22:30.0752 2700 MBAMService - ok
06:22:30.0830 2700 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
06:22:30.0845 2700 Mcx2Svc - ok
06:22:30.0861 2700 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
06:22:30.0876 2700 mdmxsdk - ok
06:22:30.0923 2700 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
06:22:30.0923 2700 megasas - ok
06:22:30.0970 2700 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
06:22:30.0970 2700 MegaSR - ok
06:22:31.0017 2700 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
06:22:31.0032 2700 MMCSS - ok
06:22:31.0064 2700 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
06:22:31.0064 2700 Modem - ok
06:22:31.0251 2700 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:22:31.0251 2700 monitor - ok
06:22:31.0329 2700 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:22:31.0329 2700 mouclass - ok
06:22:31.0376 2700 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:22:31.0391 2700 mouhid - ok
06:22:31.0454 2700 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
06:22:31.0454 2700 MountMgr - ok
06:22:31.0500 2700 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
06:22:31.0516 2700 MozillaMaintenance - ok
06:22:31.0641 2700 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
06:22:31.0656 2700 MpFilter - ok
06:22:31.0734 2700 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
06:22:31.0750 2700 mpio - ok
06:22:31.0781 2700 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:22:31.0781 2700 mpsdrv - ok
06:22:31.0937 2700 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
06:22:31.0937 2700 MpsSvc - ok
06:22:31.0968 2700 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
06:22:31.0984 2700 Mraid35x - ok
06:22:32.0031 2700 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:22:32.0031 2700 MRxDAV - ok
06:22:32.0062 2700 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:22:32.0078 2700 mrxsmb - ok
06:22:32.0156 2700 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:22:32.0156 2700 mrxsmb10 - ok
06:22:32.0234 2700 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:22:32.0249 2700 mrxsmb20 - ok
06:22:32.0280 2700 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
06:22:32.0280 2700 msahci - ok
06:22:32.0343 2700 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
06:22:32.0358 2700 msdsm - ok
06:22:32.0374 2700 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
06:22:32.0390 2700 MSDTC - ok
06:22:32.0499 2700 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:22:32.0499 2700 Msfs - ok
06:22:32.0592 2700 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
06:22:32.0592 2700 msisadrv - ok
06:22:32.0624 2700 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:22:32.0639 2700 MSiSCSI - ok
06:22:32.0639 2700 msiserver - ok
06:22:32.0686 2700 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:22:32.0686 2700 MSKSSRV - ok
06:22:32.0858 2700 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
06:22:32.0858 2700 MsMpSvc - ok
06:22:32.0936 2700 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:22:32.0936 2700 MSPCLOCK - ok
06:22:32.0998 2700 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:22:32.0998 2700 MSPQM - ok
06:22:33.0107 2700 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:22:33.0107 2700 MsRPC - ok
06:22:33.0170 2700 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
06:22:33.0170 2700 mssmbios - ok
06:22:33.0185 2700 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:22:33.0185 2700 MSTEE - ok
06:22:33.0232 2700 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
06:22:33.0232 2700 Mup - ok
06:22:33.0310 2700 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
06:22:33.0310 2700 napagent - ok
06:22:33.0419 2700 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:22:33.0419 2700 NativeWifiP - ok
06:22:33.0497 2700 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
06:22:33.0513 2700 NDIS - ok
06:22:33.0575 2700 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:22:33.0575 2700 NdisTapi - ok
06:22:33.0622 2700 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:22:33.0622 2700 Ndisuio - ok
06:22:33.0684 2700 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:22:33.0684 2700 NdisWan - ok
06:22:33.0762 2700 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:22:33.0762 2700 NDProxy - ok
06:22:33.0778 2700 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:22:33.0794 2700 NetBIOS - ok
06:22:33.0887 2700 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
06:22:33.0903 2700 netbt - ok
06:22:33.0950 2700 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
06:22:33.0981 2700 Netlogon - ok
06:22:34.0043 2700 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
06:22:34.0121 2700 Netman - ok
06:22:34.0215 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
06:22:34.0277 2700 NetMsmqActivator - ok
06:22:34.0293 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
06:22:34.0293 2700 NetPipeActivator - ok
06:22:34.0340 2700 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
06:22:34.0355 2700 netprofm - ok
06:22:34.0402 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
06:22:34.0402 2700 NetTcpActivator - ok
06:22:34.0418 2700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
06:22:34.0418 2700 NetTcpPortSharing - ok
06:22:34.0542 2700 [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
06:22:34.0574 2700 NETw4v32 - ok
06:22:34.0683 2700 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
06:22:34.0683 2700 nfrd960 - ok
06:22:34.0730 2700 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
06:22:34.0745 2700 NisDrv - ok
06:22:34.0854 2700 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
06:22:34.0854 2700 NisSrv - ok
06:22:34.0948 2700 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
06:22:34.0964 2700 NlaSvc - ok
06:22:35.0026 2700 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:22:35.0042 2700 Npfs - ok
06:22:35.0182 2700 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
06:22:35.0198 2700 nsi - ok
06:22:35.0244 2700 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:22:35.0276 2700 nsiproxy - ok
06:22:35.0447 2700 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:22:35.0463 2700 Ntfs - ok
06:22:35.0494 2700 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
06:22:35.0494 2700 ntrigdigi - ok
06:22:35.0510 2700 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
06:22:35.0510 2700 Null - ok
06:22:35.0541 2700 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:22:35.0541 2700 nvraid - ok
06:22:35.0556 2700 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:22:35.0572 2700 nvstor - ok
06:22:35.0588 2700 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
06:22:35.0588 2700 nv_agp - ok
06:22:35.0744 2700 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:22:35.0775 2700 odserv - ok
06:22:35.0915 2700 [ 19CAC780B858822055F46C58A111723C ] OEM02Dev C:\Windows\system32\DRIVERS\OEM02Dev.sys
06:22:35.0931 2700 OEM02Dev - ok
06:22:35.0978 2700 [ 86326062A90494BDD79CE383511D7D69 ] OEM02Vfx C:\Windows\system32\DRIVERS\OEM02Vfx.sys
06:22:35.0993 2700 OEM02Vfx - ok
06:22:36.0071 2700 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
06:22:36.0071 2700 ohci1394 - ok
06:22:36.0227 2700 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:22:36.0227 2700 ose - ok
06:22:36.0336 2700 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
06:22:36.0352 2700 p2pimsvc - ok
06:22:36.0368 2700 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
06:22:36.0383 2700 p2psvc - ok
06:22:36.0414 2700 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
06:22:36.0414 2700 Parport - ok
06:22:36.0492 2700 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:22:36.0492 2700 partmgr - ok
06:22:36.0508 2700 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
06:22:36.0524 2700 Parvdm - ok
06:22:36.0555 2700 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
06:22:36.0555 2700 PcaSvc - ok
06:22:36.0617 2700 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
06:22:36.0633 2700 pci - ok
06:22:36.0695 2700 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
06:22:36.0695 2700 pciide - ok
06:22:36.0773 2700 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
06:22:36.0773 2700 pcmcia - ok
06:22:36.0820 2700 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:22:36.0836 2700 PEAUTH - ok
06:22:37.0179 2700 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
06:22:37.0194 2700 pla - ok
06:22:37.0288 2700 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:22:37.0288 2700 PlugPlay - ok
06:22:37.0350 2700 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
06:22:37.0366 2700 PNRPAutoReg - ok
06:22:37.0382 2700 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
06:22:37.0397 2700 PNRPsvc - ok
06:22:37.0460 2700 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:22:37.0491 2700 PolicyAgent - ok
06:22:37.0553 2700 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:22:37.0553 2700 PptpMiniport - ok
06:22:37.0631 2700 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
06:22:37.0631 2700 Processor - ok
06:22:37.0803 2700 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
06:22:37.0803 2700 ProfSvc - ok
06:22:37.0850 2700 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
06:22:37.0850 2700 ProtectedStorage - ok
06:22:37.0928 2700 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
06:22:37.0928 2700 PSched - ok
06:22:38.0115 2700 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
06:22:38.0224 2700 ql2300 - ok
06:22:38.0286 2700 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
06:22:38.0286 2700 ql40xx - ok
06:22:38.0458 2700 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
06:22:38.0458 2700 QWAVE - ok
06:22:38.0505 2700 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:22:38.0505 2700 QWAVEdrv - ok
06:22:38.0645 2700 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
06:22:38.0708 2700 R300 - ok
06:22:38.0786 2700 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:22:38.0801 2700 RasAcd - ok
06:22:38.0848 2700 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
06:22:38.0864 2700 RasAuto - ok
06:22:38.0926 2700 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:22:38.0926 2700 Rasl2tp - ok
06:22:38.0988 2700 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
06:22:38.0988 2700 RasMan - ok
06:22:39.0035 2700 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:22:39.0035 2700 RasPppoe - ok
06:22:39.0082 2700 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:22:39.0082 2700 RasSstp - ok
06:22:39.0191 2700 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:22:39.0191 2700 rdbss - ok
06:22:39.0254 2700 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:22:39.0269 2700 RDPCDD - ok
06:22:39.0378 2700 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
06:22:39.0425 2700 rdpdr - ok
06:22:39.0441 2700 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:22:39.0472 2700 RDPENCDD - ok
06:22:39.0581 2700 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:22:39.0581 2700 RDPWD - ok
06:22:39.0628 2700 [ 2CF574D0965F58E514A2DC94114D7ECA ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
06:22:39.0768 2700 RegSrvc - ok
06:22:39.0878 2700 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
06:22:39.0878 2700 RemoteAccess - ok
06:22:39.0909 2700 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:22:40.0049 2700 RemoteRegistry - ok
06:22:40.0143 2700 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
06:22:40.0158 2700 RFCOMM - ok
06:22:40.0221 2700 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
06:22:40.0252 2700 rimmptsk - ok
06:22:40.0268 2700 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
06:22:40.0299 2700 rimsptsk - ok
06:22:40.0424 2700 [ 616EAC1B0E48B236A5A9B8AE07FDB81C ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
06:22:40.0424 2700 RimUsb - ok
06:22:40.0564 2700 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
06:22:40.0564 2700 RimVSerPort - ok
06:22:40.0642 2700 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
06:22:40.0642 2700 rismxdp - ok
06:22:40.0720 2700 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
06:22:40.0720 2700 ROOTMODEM - ok
06:22:40.0782 2700 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
06:22:40.0782 2700 RpcLocator - ok
06:22:41.0001 2700 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
06:22:41.0032 2700 RpcSs - ok
06:22:41.0110 2700 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:22:41.0110 2700 rspndr - ok
06:22:41.0141 2700 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
06:22:41.0141 2700 SamSs - ok
06:22:41.0235 2700 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
06:22:41.0250 2700 sbp2port - ok
06:22:41.0344 2700 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:22:41.0344 2700 SCardSvr - ok
06:22:41.0453 2700 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
06:22:41.0469 2700 Schedule - ok
06:22:41.0500 2700 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
06:22:41.0500 2700 SCPolicySvc - ok
06:22:41.0594 2700 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
06:22:41.0594 2700 sdbus - ok
06:22:41.0672 2700 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:22:41.0672 2700 SDRSVC - ok
06:22:41.0750 2700 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:22:41.0750 2700 secdrv - ok
06:22:41.0781 2700 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
06:22:41.0796 2700 seclogon - ok
06:22:41.0828 2700 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
06:22:41.0828 2700 SENS - ok
06:22:41.0859 2700 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
06:22:41.0859 2700 Serenum - ok
06:22:41.0906 2700 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
06:22:41.0906 2700 Serial - ok
06:22:41.0937 2700 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
06:22:41.0952 2700 sermouse - ok
06:22:41.0999 2700 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
06:22:41.0999 2700 SessionEnv - ok
06:22:42.0015 2700 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
06:22:42.0030 2700 sffdisk - ok
06:22:42.0046 2700 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
06:22:42.0046 2700 sffp_mmc - ok
06:22:42.0093 2700 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
06:22:42.0093 2700 sffp_sd - ok
06:22:42.0108 2700 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
06:22:42.0124 2700 sfloppy - ok
06:22:42.0171 2700 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
06:22:42.0171 2700 SharedAccess - ok
06:22:42.0280 2700 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:22:42.0296 2700 ShellHWDetection - ok
06:22:42.0342 2700 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
06:22:42.0342 2700 sisagp - ok
06:22:42.0374 2700 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
06:22:42.0374 2700 SiSRaid2 - ok
06:22:42.0405 2700 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
06:22:42.0405 2700 SiSRaid4 - ok
06:22:42.0608 2700 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
06:22:42.0654 2700 slsvc - ok
06:22:42.0732 2700 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
06:22:42.0732 2700 SLUINotify - ok
06:22:42.0764 2700 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:22:42.0764 2700 Smb - ok
06:22:42.0857 2700 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:22:42.0873 2700 SNMPTRAP - ok
06:22:42.0935 2700 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
06:22:42.0935 2700 spldr - ok
06:22:43.0029 2700 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
06:22:43.0044 2700 Spooler - ok
06:22:43.0154 2700 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
06:22:43.0154 2700 srv - ok
06:22:43.0310 2700 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:22:43.0325 2700 srv2 - ok
06:22:43.0388 2700 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:22:43.0388 2700 srvnet - ok
06:22:43.0466 2700 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:22:43.0466 2700 SSDPSRV - ok
06:22:43.0606 2700 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:22:43.0622 2700 SstpSvc - ok
06:22:43.0700 2700 [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] STacSV C:\Windows\system32\STacSV.exe
06:22:43.0700 2700 STacSV - ok
06:22:43.0762 2700 [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] STHDA C:\Windows\system32\drivers\stwrt.sys
06:22:43.0762 2700 STHDA - ok
06:22:43.0840 2700 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
06:22:43.0840 2700 stisvc - ok
06:22:43.0918 2700 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
06:22:43.0918 2700 swenum - ok
06:22:43.0996 2700 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
06:22:43.0996 2700 swprv - ok
06:22:44.0074 2700 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
06:22:44.0074 2700 Symc8xx - ok
06:22:44.0090 2700 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
06:22:44.0090 2700 Sym_hi - ok
06:22:44.0136 2700 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
06:22:44.0136 2700 Sym_u3 - ok
06:22:44.0230 2700 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
06:22:44.0246 2700 SysMain - ok
06:22:44.0324 2700 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:22:44.0339 2700 TabletInputService - ok
06:22:44.0448 2700 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
06:22:44.0448 2700 TapiSrv - ok
06:22:44.0526 2700 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
06:22:44.0542 2700 TBS - ok
06:22:44.0682 2700 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:22:44.0776 2700 Tcpip - ok
06:22:44.0854 2700 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
06:22:44.0870 2700 Tcpip6 - ok
06:22:45.0150 2700 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:22:45.0150 2700 tcpipreg - ok
06:22:45.0197 2700 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:22:45.0213 2700 TDPIPE - ok
06:22:45.0228 2700 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:22:45.0228 2700 TDTCP - ok
06:22:45.0306 2700 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:22:45.0306 2700 tdx - ok
06:22:45.0384 2700 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
06:22:45.0384 2700 TermDD - ok
06:22:45.0603 2700 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
06:22:45.0603 2700 TermService - ok
06:22:45.0696 2700 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
06:22:45.0696 2700 Themes - ok
06:22:45.0728 2700 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
06:22:45.0728 2700 THREADORDER - ok
06:22:45.0790 2700 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
06:22:45.0806 2700 TrkWks - ok
06:22:45.0884 2700 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:22:45.0884 2700 TrustedInstaller - ok
06:22:45.0946 2700 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:22:45.0946 2700 tssecsrv - ok
06:22:45.0977 2700 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
06:22:45.0977 2700 tunmp - ok
06:22:46.0102 2700 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:22:46.0102 2700 tunnel - ok
06:22:46.0180 2700 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
06:22:46.0180 2700 uagp35 - ok
06:22:46.0305 2700 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:22:46.0320 2700 udfs - ok
06:22:46.0383 2700 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:22:46.0383 2700 UI0Detect - ok
06:22:46.0476 2700 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
06:22:46.0476 2700 uliagpkx - ok
06:22:46.0570 2700 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
06:22:46.0570 2700 uliahci - ok
06:22:46.0664 2700 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
06:22:46.0664 2700 UlSata - ok
06:22:46.0788 2700 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
06:22:46.0835 2700 ulsata2 - ok
06:22:46.0898 2700 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
06:22:46.0898 2700 umbus - ok
06:22:46.0991 2700 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
06:22:46.0991 2700 UnlockerDriver5 - ok
06:22:47.0085 2700 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
06:22:47.0100 2700 upnphost - ok
06:22:47.0225 2700 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
06:22:47.0288 2700 USBAAPL - ok
06:22:47.0506 2700 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
06:22:47.0506 2700 usbaudio - ok
06:22:47.0584 2700 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
06:22:47.0584 2700 usbccgp - ok
06:22:47.0678 2700 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
06:22:47.0787 2700 usbcir - ok
06:22:47.0834 2700 [ 8D75AEC2BBA8D041976D1831A03E42FC ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
06:22:47.0834 2700 usbehci - ok
06:22:47.0896 2700 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
06:22:47.0896 2700 usbhub - ok
06:22:47.0943 2700 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
06:22:47.0943 2700 usbohci - ok
06:22:48.0036 2700 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
06:22:48.0036 2700 usbprint - ok
06:22:48.0068 2700 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:22:48.0068 2700 USBSTOR - ok
06:22:48.0146 2700 [ 407FA9318014A409C4575B77493950C8 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
06:22:48.0146 2700 usbuhci - ok
06:22:48.0208 2700 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
06:22:48.0208 2700 UxSms - ok
06:22:48.0333 2700 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
06:22:48.0348 2700 vds - ok
06:22:48.0411 2700 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:22:48.0473 2700 vga - ok
06:22:48.0504 2700 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
06:22:48.0504 2700 VgaSave - ok
06:22:48.0536 2700 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
06:22:48.0582 2700 viaagp - ok
06:22:48.0598 2700 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
06:22:48.0614 2700 ViaC7 - ok
06:22:48.0614 2700 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
06:22:48.0629 2700 viaide - ok
06:22:48.0660 2700 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
06:22:48.0660 2700 volmgr - ok
06:22:48.0707 2700 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:22:48.0707 2700 volmgrx - ok
06:22:48.0972 2700 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
06:22:48.0988 2700 volsnap - ok
06:22:49.0066 2700 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
06:22:49.0082 2700 vsmraid - ok
06:22:49.0440 2700 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
06:22:49.0456 2700 VSS - ok
06:22:49.0550 2700 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
06:22:49.0550 2700 W32Time - ok
06:22:49.0643 2700 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
06:22:49.0643 2700 WacomPen - ok
06:22:49.0674 2700 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
06:22:49.0674 2700 Wanarp - ok
06:22:49.0690 2700 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:22:49.0690 2700 Wanarpv6 - ok
06:22:49.0940 2700 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:22:49.0955 2700 wcncsvc - ok
06:22:50.0018 2700 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:22:50.0018 2700 WcsPlugInService - ok
06:22:50.0064 2700 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
06:22:50.0080 2700 Wd - ok
06:22:50.0205 2700 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:22:50.0220 2700 Wdf01000 - ok
06:22:50.0267 2700 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:22:50.0267 2700 WdiServiceHost - ok
06:22:50.0283 2700 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:22:50.0283 2700 WdiSystemHost - ok
06:22:50.0330 2700 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
06:22:50.0345 2700 WebClient - ok
06:22:50.0454 2700 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:22:50.0454 2700 Wecsvc - ok
06:22:50.0517 2700 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:22:50.0517 2700 wercplsupport - ok
06:22:50.0626 2700 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
06:22:50.0626 2700 WerSvc - ok
06:22:51.0156 2700 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
06:22:51.0172 2700 winachsf - ok
06:22:51.0531 2700 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
06:22:51.0531 2700 WinDefend - ok
06:22:51.0546 2700 WinHttpAutoProxySvc - ok
06:22:52.0155 2700 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:22:52.0170 2700 Winmgmt - ok
06:22:52.0638 2700 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
06:22:52.0654 2700 WinRM - ok
06:22:52.0732 2700 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
06:22:52.0748 2700 Wlansvc - ok
06:22:52.0841 2700 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
06:22:52.0841 2700 WmiAcpi - ok
06:22:53.0184 2700 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:22:53.0200 2700 wmiApSrv - ok
06:22:53.0356 2700 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
06:22:53.0372 2700 WMPNetworkSvc - ok
06:22:53.0543 2700 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:22:53.0543 2700 WPCSvc - ok
06:22:53.0606 2700 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:22:53.0606 2700 WPDBusEnum - ok
06:22:53.0730 2700 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
06:22:53.0777 2700 WpdUsb - ok
06:22:53.0964 2700 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
06:22:53.0980 2700 WPFFontCache_v0400 - ok
06:22:54.0058 2700 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:22:54.0058 2700 ws2ifsl - ok
06:22:54.0167 2700 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
06:22:54.0183 2700 wscsvc - ok
06:22:54.0245 2700 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
06:22:54.0245 2700 WSDPrintDevice - ok
06:22:54.0261 2700 WSearch - ok
06:22:54.0464 2700 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
06:22:54.0495 2700 wuauserv - ok
06:22:54.0682 2700 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:22:54.0682 2700 WUDFRd - ok
06:22:54.0729 2700 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:22:54.0744 2700 wudfsvc - ok
06:22:54.0776 2700 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
06:22:54.0776 2700 XAudio - ok
06:22:54.0822 2700 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
06:22:54.0822 2700 XAudioService - ok
06:22:54.0885 2700 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
06:22:54.0900 2700 yukonwlh - ok
06:22:54.0947 2700 ================ Scan global ===============================
06:22:54.0978 2700 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
06:22:55.0072 2700 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
06:22:55.0088 2700 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
06:22:55.0181 2700 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
06:22:55.0197 2700 [Global] - ok
06:22:55.0197 2700 ================ Scan MBR ==================================
06:22:55.0212 2700 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
06:22:55.0852 2700 \Device\Harddisk0\DR0 - ok
06:22:55.0852 2700 ================ Scan VBR ==================================
06:22:55.0977 2700 [ AE8E401179F120FB7E2CA6A6D44021F4 ] \Device\Harddisk0\DR0\Partition1
06:22:55.0992 2700 \Device\Harddisk0\DR0\Partition1 - ok
06:22:56.0024 2700 [ 9EE28453946A8AEC2E94DB5FA2876656 ] \Device\Harddisk0\DR0\Partition2
06:22:56.0024 2700 \Device\Harddisk0\DR0\Partition2 - ok
06:22:56.0024 2700 ================ Scan active images ========================
06:22:56.0024 2700 [ 36975327EF03949CC378AB01E316B574 ] C:\Windows\System32\drivers\crashdmp.sys
06:22:56.0024 2700 C:\Windows\System32\drivers\crashdmp.sys - ok
06:22:56.0039 2700 [ 997E8F5939F2D12CD9F2E6B395724C16 ] C:\Windows\System32\drivers\iaStor.sys
06:22:56.0039 2700 C:\Windows\System32\drivers\iaStor.sys - ok
06:22:56.0039 2700 [ 300DB877AC094FEAB0BE7688C3454A9C ] C:\Windows\System32\drivers\tunnel.sys
06:22:56.0039 2700 C:\Windows\System32\drivers\tunnel.sys - ok
06:22:56.0055 2700 [ 224191001E78C89DFA78924C3EA595FF ] C:\Windows\System32\drivers\intelppm.sys
06:22:56.0055 2700 C:\Windows\System32\drivers\intelppm.sys - ok
06:22:56.0070 2700 [ CAECC0120AC49E3D2F758B9169872D38 ] C:\Windows\System32\drivers\TUNMP.SYS
06:22:56.0070 2700 C:\Windows\System32\drivers\TUNMP.SYS - ok
06:22:56.0070 2700 [ C134E69CE901422D1F2D7EA8D69098FE ] C:\Windows\System32\drivers\igdkmd32.sys
06:22:56.0070 2700 C:\Windows\System32\drivers\igdkmd32.sys - ok
06:22:56.0086 2700 [ B19E212EF403999DADD5F337746DD21D ] C:\Windows\System32\drivers\dlkmd.sys
06:22:56.0086 2700 C:\Windows\System32\drivers\dlkmd.sys - ok
06:22:56.0086 2700 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] C:\Windows\System32\drivers\dxgkrnl.sys
06:22:56.0086 2700 C:\Windows\System32\drivers\dxgkrnl.sys - ok
06:22:56.0102 2700 [ 71F19B26115C240B7FBB6D238B630639 ] C:\Windows\System32\drivers\watchdog.sys
06:22:56.0102 2700 C:\Windows\System32\drivers\watchdog.sys - ok
06:22:56.0102 2700 [ 8D75AEC2BBA8D041976D1831A03E42FC ] C:\Windows\System32\drivers\usbehci.sys
06:22:56.0102 2700 C:\Windows\System32\drivers\usbehci.sys - ok
06:22:56.0117 2700 [ 708347B00B58F48CD6B3D403D40236A8 ] C:\Windows\System32\drivers\usbport.sys
06:22:56.0117 2700 C:\Windows\System32\drivers\usbport.sys - ok
06:22:56.0117 2700 [ 407FA9318014A409C4575B77493950C8 ] C:\Windows\System32\drivers\usbuhci.sys
06:22:56.0117 2700 C:\Windows\System32\drivers\usbuhci.sys - ok
06:22:56.0133 2700 [ 062452B7FFD68C8C042A6261FE8DFF4A ] C:\Windows\System32\drivers\hdaudbus.sys
06:22:56.0133 2700 C:\Windows\System32\drivers\hdaudbus.sys - ok
06:22:56.0148 2700 [ 04E268ADFC81964C49DC0C082D520F7E ] C:\Windows\System32\drivers\yk60x86.sys
06:22:56.0148 2700 C:\Windows\System32\drivers\yk60x86.sys - ok
06:22:56.0148 2700 [ 6522DD40A5F67CED020BD81B856613FB ] C:\Windows\System32\drivers\NETw4v32.sys
06:22:56.0148 2700 C:\Windows\System32\drivers\NETw4v32.sys - ok
06:22:56.0164 2700 [ 0349BE02F329F4F48F1D48097FD65974 ] C:\Windows\System32\drivers\1394bus.sys
06:22:56.0164 2700 C:\Windows\System32\drivers\1394bus.sys - ok
06:22:56.0164 2700 [ 6F310E890D46E246E0E261A63D9B36B4 ] C:\Windows\System32\drivers\ohci1394.sys
06:22:56.0164 2700 C:\Windows\System32\drivers\ohci1394.sys - ok
06:22:56.0180 2700 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] C:\Windows\System32\drivers\rimmptsk.sys
06:22:56.0180 2700 C:\Windows\System32\drivers\rimmptsk.sys - ok
06:22:56.0195 2700 [ 8F36B54688C31EED4580129040C6A3D3 ] C:\Windows\System32\drivers\sdbus.sys
06:22:56.0195 2700 C:\Windows\System32\drivers\sdbus.sys - ok
06:22:56.0211 2700 [ A4216C71DD4F60B26418CCFD99CD0815 ] C:\Windows\System32\drivers\rimsptsk.sys
06:22:56.0211 2700 C:\Windows\System32\drivers\rimsptsk.sys - ok
06:22:56.0211 2700 [ D231B577024AA324AF13A42F3A807D10 ] C:\Windows\System32\drivers\rixdptsk.sys
06:22:56.0211 2700 C:\Windows\System32\drivers\rixdptsk.sys - ok
06:22:56.0226 2700 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] C:\Windows\System32\drivers\i8042prt.sys
06:22:56.0226 2700 C:\Windows\System32\drivers\i8042prt.sys - ok
06:22:56.0226 2700 [ A80230BD04F0B8BF05185B369BB1CBB8 ] C:\Windows\System32\drivers\Apfiltr.sys
06:22:56.0226 2700 C:\Windows\System32\drivers\Apfiltr.sys - ok
06:22:56.0242 2700 [ 5BF6A1326A335C5298477754A506D263 ] C:\Windows\System32\drivers\mouclass.sys
06:22:56.0242 2700 C:\Windows\System32\drivers\mouclass.sys - ok
06:22:56.0242 2700 [ 37605E0A8CF00CBBA538E753E4344C6E ] C:\Windows\System32\drivers\kbdclass.sys
06:22:56.0242 2700 C:\Windows\System32\drivers\kbdclass.sys - ok
06:22:56.0258 2700 [ 6B4BFFB9BECD728097024276430DB314 ] C:\Windows\System32\drivers\cdrom.sys
06:22:56.0258 2700 C:\Windows\System32\drivers\cdrom.sys - ok
06:22:56.0273 2700 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] C:\Windows\System32\drivers\CmBatt.sys
06:22:56.0273 2700 C:\Windows\System32\drivers\CmBatt.sys - ok
06:22:56.0273 2700 [ 185ADA973B5020655CEE342059A86CBB ] C:\Windows\System32\drivers\GEARAspiWDM.sys
06:22:56.0273 2700 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
06:22:56.0289 2700 [ 2E7255D172DF0B8283CDFB7B433B864E ] C:\Windows\System32\drivers\wmiacpi.sys
06:22:56.0289 2700 C:\Windows\System32\drivers\wmiacpi.sys - ok
06:22:56.0304 2700 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] C:\Windows\System32\drivers\lmimirr.sys
06:22:56.0304 2700 C:\Windows\System32\drivers\lmimirr.sys - ok
06:22:56.0304 2700 [ C048D2C33D27441A0CDCAAE2651EB03D ] C:\Windows\System32\drivers\videoprt.sys
06:22:56.0304 2700 C:\Windows\System32\drivers\videoprt.sys - ok
06:22:56.0320 2700 [ 232FA340531D940AAC623B121A595034 ] C:\Windows\System32\drivers\msiscsi.sys
06:22:56.0320 2700 C:\Windows\System32\drivers\msiscsi.sys - ok
06:22:56.0336 2700 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] C:\Windows\System32\drivers\rootmdm.sys
06:22:56.0336 2700 C:\Windows\System32\drivers\rootmdm.sys - ok
06:22:56.0336 2700 [ 47E55AFE1ED1D5AFF09690DB226F4A7A ] C:\Windows\System32\drivers\Storport.sys
06:22:56.0336 2700 C:\Windows\System32\drivers\Storport.sys - ok
06:22:56.0351 2700 [ 77937EFF009AC696B90E09F671F9D0A4 ] C:\Windows\System32\drivers\tdi.sys
06:22:56.0351 2700 C:\Windows\System32\drivers\tdi.sys - ok
06:22:56.0367 2700 [ E13B5EA0F51BA5B1512EC671393D09BA ] C:\Windows\System32\drivers\modem.sys
06:22:56.0367 2700 C:\Windows\System32\drivers\modem.sys - ok
06:22:56.0367 2700 [ 0E186E90404980569FB449BA7519AE61 ] C:\Windows\System32\drivers\ndistapi.sys
06:22:56.0367 2700 C:\Windows\System32\drivers\ndistapi.sys - ok
06:22:56.0382 2700 [ A214ADBAF4CB47DD2728859EF31F26B0 ] C:\Windows\System32\drivers\rasl2tp.sys
06:22:56.0382 2700 C:\Windows\System32\drivers\rasl2tp.sys - ok
06:22:56.0398 2700 [ 818F648618AE34F729FDB47EC68345C3 ] C:\Windows\System32\drivers\ndiswan.sys
06:22:56.0398 2700 C:\Windows\System32\drivers\ndiswan.sys - ok
06:22:56.0414 2700 [ 509A98DD18AF4375E1FC40BC175F1DEF ] C:\Windows\System32\drivers\raspppoe.sys
06:22:56.0414 2700 C:\Windows\System32\drivers\raspppoe.sys - ok
06:22:56.0414 2700 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] C:\Windows\System32\drivers\raspptp.sys
06:22:56.0414 2700 C:\Windows\System32\drivers\raspptp.sys - ok
06:22:56.0429 2700 [ 2005F4A1E05FA09389AC85840F0A9E4D ] C:\Windows\System32\drivers\rassstp.sys
06:22:56.0429 2700 C:\Windows\System32\drivers\rassstp.sys - ok
06:22:56.0429 2700 [ 2C4FB2E9F039287767C384E46EE91030 ] C:\Windows\System32\drivers\RimSerial.sys
06:22:56.0429 2700 C:\Windows\System32\drivers\RimSerial.sys - ok
06:22:56.0445 2700 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] C:\Windows\System32\drivers\termdd.sys
06:22:56.0445 2700 C:\Windows\System32\drivers\termdd.sys - ok
06:22:56.0460 2700 [ EF73C1E29FBE7B0FD0274BF4394E346A ] C:\Windows\System32\drivers\ks.sys
06:22:56.0460 2700 C:\Windows\System32\drivers\ks.sys - ok
06:22:56.0460 2700 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] C:\Windows\System32\drivers\swenum.sys
06:22:56.0460 2700 C:\Windows\System32\drivers\swenum.sys - ok
06:22:56.0476 2700 [ E384487CB84BE41D09711C30CA79646C ] C:\Windows\System32\drivers\mssmbios.sys
06:22:56.0476 2700 C:\Windows\System32\drivers\mssmbios.sys - ok
06:22:56.0476 2700 [ 32CFF9F809AE9AED85464492BF3E32D2 ] C:\Windows\System32\drivers\umbus.sys
06:22:56.0476 2700 C:\Windows\System32\drivers\umbus.sys - ok
06:22:56.0492 2700 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] C:\Windows\System32\drivers\usbhub.sys
06:22:56.0492 2700 C:\Windows\System32\drivers\usbhub.sys - ok
06:22:56.0492 2700 [ 71DAB552B41936358F3B541AE5997FB3 ] C:\Windows\System32\drivers\ndproxy.sys
06:22:56.0492 2700 C:\Windows\System32\drivers\ndproxy.sys - ok
06:22:56.0507 2700 [ CFBC2B81972E298F0E19EE68FA9E73DA ] C:\Windows\System32\drivers\HSXHWAZL.sys
06:22:56.0507 2700 C:\Windows\System32\drivers\HSXHWAZL.sys - ok
06:22:56.0523 2700 [ 99F85640054BA65190B860D878A7C9AE ] C:\Windows\System32\drivers\HSX_DPV.sys
06:22:56.0523 2700 C:\Windows\System32\drivers\HSX_DPV.sys - ok
06:22:56.0523 2700 [ 72CC6A8CA7891031D6380DB5025C773C ] C:\Windows\System32\drivers\HSX_CNXT.sys
06:22:56.0523 2700 C:\Windows\System32\drivers\HSX_CNXT.sys - ok
06:22:56.0538 2700 [ 7BE5A3C671A2CB56E94403BFC2020A0D ] C:\Windows\System32\drivers\drmk.sys
06:22:56.0538 2700 C:\Windows\System32\drivers\drmk.sys - ok
06:22:56.0538 2700 [ 98D303CCB3415E9202E82043B37D66DC ] C:\Windows\System32\drivers\IntcHdmi.sys
06:22:56.0538 2700 C:\Windows\System32\drivers\IntcHdmi.sys - ok
06:22:56.0554 2700 [ 218286724EC530FF252648369E05B090 ] C:\Windows\System32\drivers\portcls.sys
06:22:56.0554 2700 C:\Windows\System32\drivers\portcls.sys - ok
06:22:56.0554 2700 [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] C:\Windows\System32\drivers\stwrt.sys
06:22:56.0554 2700 C:\Windows\System32\drivers\stwrt.sys - ok
06:22:56.0570 2700 [ CAF811AE4C147FFCD5B51750C7F09142 ] C:\Windows\System32\drivers\usbccgp.sys
06:22:56.0570 2700 C:\Windows\System32\drivers\usbccgp.sys - ok
06:22:56.0585 2700 [ 4179B1E80741724EA45DFA482AB3A22C ] C:\Windows\System32\drivers\usbd.sys
06:22:56.0585 2700 C:\Windows\System32\drivers\usbd.sys - ok
06:22:56.0601 2700 [ 19CAC780B858822055F46C58A111723C ] C:\Windows\System32\drivers\OEM02Dev.sys
06:22:56.0601 2700 C:\Windows\System32\drivers\OEM02Dev.sys - ok
06:22:56.0601 2700 [ 86326062A90494BDD79CE383511D7D69 ] C:\Windows\System32\drivers\OEM02Vfx.sys
06:22:56.0601 2700 C:\Windows\System32\drivers\OEM02Vfx.sys - ok
06:22:56.0616 2700 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] C:\Windows\System32\drivers\beep.sys
06:22:56.0616 2700 C:\Windows\System32\drivers\beep.sys - ok
06:22:56.0616 2700 [ B972A66758577E0BFD1DE0F91AAA27B5 ] C:\Windows\System32\drivers\fs_rec.sys
06:22:56.0616 2700 C:\Windows\System32\drivers\fs_rec.sys - ok
06:22:56.0632 2700 [ C5DBBCDA07D780BDA9B685DF333BB41E ] C:\Windows\System32\drivers\null.sys
06:22:56.0632 2700 C:\Windows\System32\drivers\null.sys - ok
06:22:56.0648 2700 [ 175444D3A01CA45D0E1C5DC5F48DF7CD ] C:\Windows\System32\drivers\hidparse.sys
06:22:56.0648 2700 C:\Windows\System32\drivers\hidparse.sys - ok
06:22:56.0648 2700 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] C:\Windows\System32\drivers\kbdhid.sys
06:22:56.0648 2700 C:\Windows\System32\drivers\kbdhid.sys - ok
06:22:56.0663 2700 [ 2E93AC0A1D8C79D019DB6C51F036636C ] C:\Windows\System32\drivers\vga.sys
06:22:56.0663 2700 C:\Windows\System32\drivers\vga.sys - ok
06:22:56.0679 2700 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] C:\Windows\System32\drivers\RDPCDD.sys
06:22:56.0679 2700 C:\Windows\System32\drivers\RDPCDD.sys - ok
06:22:56.0694 2700 [ 9D91FE5286F748862ECFFA05F8A0710C ] C:\Windows\System32\drivers\RDPENCDD.sys
06:22:56.0694 2700 C:\Windows\System32\drivers\RDPENCDD.sys - ok
06:22:56.0694 2700 [ A9927F4A46B816C92F461ACB90CF8515 ] C:\Windows\System32\drivers\msfs.sys
06:22:56.0694 2700 C:\Windows\System32\drivers\msfs.sys - ok
06:22:56.0710 2700 [ D36F239D7CCE1931598E8FB90A0DBC26 ] C:\Windows\System32\drivers\npfs.sys
06:22:56.0710 2700 C:\Windows\System32\drivers\npfs.sys - ok
06:22:56.0710 2700 [ 147D7F9C556D259924351FEB0DE606C3 ] C:\Windows\System32\drivers\rasacd.sys
06:22:56.0710 2700 C:\Windows\System32\drivers\rasacd.sys - ok
06:22:56.0726 2700 [ 76B06EB8A01FC8624D699E7045303E54 ] C:\Windows\System32\drivers\tdx.sys
06:22:56.0726 2700 C:\Windows\System32\drivers\tdx.sys - ok
06:22:56.0726 2700 [ 7B75299A4D201D6A6533603D6914AB04 ] C:\Windows\System32\drivers\smb.sys
06:22:56.0726 2700 C:\Windows\System32\drivers\smb.sys - ok
06:22:56.0741 2700 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] C:\Windows\System32\drivers\netbt.sys
06:22:56.0741 2700 C:\Windows\System32\drivers\netbt.sys - ok
06:22:56.0741 2700 [ 3911B972B55FEA0478476B2E777B29FA ] C:\Windows\System32\drivers\afd.sys
06:22:56.0741 2700 C:\Windows\System32\drivers\afd.sys - ok
06:22:56.0757 2700 [ 99514FAA8DF93D34B5589187DB3AA0BA ] C:\Windows\System32\drivers\pacer.sys
06:22:56.0757 2700 C:\Windows\System32\drivers\pacer.sys - ok
06:22:56.0772 2700 [ BCD093A5A6777CF626434568DC7DBA78 ] C:\Windows\System32\drivers\netbios.sys
06:22:56.0772 2700 C:\Windows\System32\drivers\netbios.sys - ok
06:22:56.0772 2700 [ 55201897378CCA7AF8B5EFD874374A26 ] C:\Windows\System32\drivers\wanarp.sys
06:22:56.0772 2700 C:\Windows\System32\drivers\wanarp.sys - ok
06:22:56.0788 2700 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] C:\Windows\System32\drivers\rdbss.sys
06:22:56.0788 2700 C:\Windows\System32\drivers\rdbss.sys - ok
06:22:56.0804 2700 [ 609773E344A97410CE4EBF74A8914FCF ] C:\Windows\System32\drivers\nsiproxy.sys
06:22:56.0804 2700 C:\Windows\System32\drivers\nsiproxy.sys - ok
06:22:56.0804 2700 [ 622C41A07CA7E6DD91770F50D532CB6C ] C:\Windows\System32\drivers\dfsc.sys
06:22:56.0804 2700 C:\Windows\System32\drivers\dfsc.sys - ok
06:22:56.0819 2700 [ 98AF15A94CD6AC37248E72E5FE789B35 ] C:\Windows\System32\smss.exe
06:22:56.0819 2700 C:\Windows\System32\smss.exe - ok
06:22:56.0835 2700 [ 10761177A6EBE45843F443E99509F5E7 ] C:\Windows\System32\autochk.exe
06:22:56.0835 2700 C:\Windows\System32\autochk.exe - ok
06:22:56.0835 2700 [ DDA770BBD7C2ED024D6F50E279D90E5B ] C:\Windows\System32\ntdll.dll
06:22:56.0835 2700 C:\Windows\System32\ntdll.dll - ok
06:22:56.0850 2700 [ 5961CADB7CAD938368D2028725EF771D ] C:\Windows\System32\drivers\hidclass.sys
06:22:56.0850 2700 C:\Windows\System32\drivers\hidclass.sys - ok
06:22:56.0850 2700 [ CCA4B519B17E23A00B826C55716809CC ] C:\Windows\System32\drivers\hidusb.sys
06:22:56.0850 2700 C:\Windows\System32\drivers\hidusb.sys - ok
06:22:56.0866 2700 [ 93B8D4869E12CFBE663915502900876F ] C:\Windows\System32\drivers\mouhid.sys
06:22:56.0866 2700 C:\Windows\System32\drivers\mouhid.sys - ok
06:22:56.0882 2700 [ 9CB0D2A9A77D91D9614355EE9FF00519 ] C:\Windows\System32\wininet.dll
06:22:56.0882 2700 C:\Windows\System32\wininet.dll - ok
06:22:56.0897 2700 [ EB0E02749CE5C488741C9A0ABEAB5DEC ] C:\Windows\System32\lpk.dll
06:22:56.0897 2700 C:\Windows\System32\lpk.dll - ok
06:22:56.0913 2700 [ AAF101900A23D75AE1AE00840FA6F3B8 ] C:\Windows\System32\shell32.dll
06:22:56.0913 2700 C:\Windows\System32\shell32.dll - ok
06:22:56.0913 2700 [ 75510147B94598407666F4802797C75A ] C:\Windows\System32\user32.dll
06:22:56.0913 2700 C:\Windows\System32\user32.dll - ok
06:22:56.0928 2700 [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\Windows\System32\ws2_32.dll
06:22:56.0928 2700 C:\Windows\System32\ws2_32.dll - ok
06:22:56.0928 2700 [ EB49FAA5EBBC06356FB12476438781B9 ] C:\Windows\System32\imagehlp.dll
06:22:56.0928 2700 C:\Windows\System32\imagehlp.dll - ok
06:22:56.0944 2700 [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\Windows\System32\Wldap32.dll
06:22:56.0944 2700 C:\Windows\System32\Wldap32.dll - ok
06:22:56.0960 2700 [ 9586E7CB2255A8B097A7E4538202585E ] C:\Windows\System32\ole32.dll
06:22:56.0960 2700 C:\Windows\System32\ole32.dll - ok
06:22:56.0960 2700 [ 9176285122B7B849FEC2AA1B72A8F7A8 ] C:\Windows\System32\shlwapi.dll
06:22:56.0960 2700 C:\Windows\System32\shlwapi.dll - ok
06:22:56.0975 2700 [ C394079EB162E812D682C73FA96AF6E4 ] C:\Windows\System32\clbcatq.dll
06:22:56.0975 2700 C:\Windows\System32\clbcatq.dll - ok
06:22:56.0991 2700 [ 3178C47DB9F1615E5334029607BD3459 ] C:\Windows\System32\iertutil.dll
06:22:56.0991 2700 C:\Windows\System32\iertutil.dll - ok
06:22:57.0006 2700 [ 50CAA7072C171B9887215C83D52069E4 ] C:\Windows\System32\advapi32.dll
06:22:57.0006 2700 C:\Windows\System32\advapi32.dll - ok
06:22:57.0022 2700 [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\Windows\System32\msctf.dll
06:22:57.0022 2700 C:\Windows\System32\msctf.dll - ok
06:22:57.0022 2700 [ E2281CFF793D7A09CE2B35F9F8732EE3 ] C:\Windows\System32\rpcrt4.dll
06:22:57.0022 2700 C:\Windows\System32\rpcrt4.dll - ok
06:22:57.0038 2700 [ FC4EE980C3BD87D35816EC55007E00B5 ] C:\Windows\System32\urlmon.dll
06:22:57.0038 2700 C:\Windows\System32\urlmon.dll - ok
06:22:57.0038 2700 [ 574B473FACAA0E91702B86578440B525 ] C:\Windows\System32\kernel32.dll
06:22:57.0038 2700 C:\Windows\System32\kernel32.dll - ok
06:22:57.0053 2700 [ 7856E3B4594714EF89BB97375E8644EE ] C:\Windows\System32\gdi32.dll
06:22:57.0053 2700 C:\Windows\System32\gdi32.dll - ok
06:22:57.0069 2700 [ 6F29236AB5926100972924BD29D9D225 ] C:\Windows\System32\normaliz.dll
06:22:57.0069 2700 C:\Windows\System32\normaliz.dll - ok
06:22:57.0069 2700 [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\Windows\System32\usp10.dll
06:22:57.0069 2700 C:\Windows\System32\usp10.dll - ok
06:22:57.0084 2700 [ 17AF64D727545F2804F6E6D998327E3F ] C:\Windows\System32\msvcrt.dll
06:22:57.0084 2700 C:\Windows\System32\msvcrt.dll - ok
06:22:57.0100 2700 [ 4AA2A0E26CEF1A803741253DCF9A1503 ] C:\Windows\System32\comdlg32.dll
06:22:57.0100 2700 C:\Windows\System32\comdlg32.dll - ok
06:22:57.0100 2700 [ C8BDCECEE082B54F0BAC838BF0A34597 ] C:\Windows\System32\imm32.dll
06:22:57.0100 2700 C:\Windows\System32\imm32.dll - ok
06:22:57.0116 2700 [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\Windows\System32\nsi.dll
06:22:57.0116 2700 C:\Windows\System32\nsi.dll - ok
06:22:57.0131 2700 [ B218342214D9BBA0F54EA12BA2E9278C ] C:\Windows\System32\oleaut32.dll
06:22:57.0131 2700 C:\Windows\System32\oleaut32.dll - ok
06:22:57.0147 2700 [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\Windows\System32\setupapi.dll
06:22:57.0147 2700 C:\Windows\System32\setupapi.dll - ok
06:22:57.0147 2700 [ DC8891A9203810FC994E7FCCF76E94C8 ] C:\Windows\System32\comctl32.dll
06:22:57.0147 2700 C:\Windows\System32\comctl32.dll - ok
06:22:57.0162 2700 [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\Windows\System32\psapi.dll
06:22:57.0162 2700 C:\Windows\System32\psapi.dll - ok
06:22:57.0162 2700 [ EAAAFEF04FBB45665C9576E525D45A12 ] C:\Windows\System32\drivers\dxapi.sys
06:22:57.0162 2700 C:\Windows\System32\drivers\dxapi.sys - ok
06:22:57.0178 2700 [ 8A9E46EB3A8C3AB5450B0661437BFA27 ] C:\Windows\System32\win32k.sys
06:22:57.0178 2700 C:\Windows\System32\win32k.sys - ok
06:22:57.0194 2700 [ 187076DD5D8D4D5D23079D0741195EAD ] C:\Windows\System32\csrsrv.dll
06:22:57.0194 2700 C:\Windows\System32\csrsrv.dll - ok
06:22:57.0209 2700 [ ABCA209EBA02CB59233614DB83B4F50D ] C:\Windows\System32\csrss.exe
06:22:57.0209 2700 C:\Windows\System32\csrss.exe - ok
06:22:57.0209 2700 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\System32\basesrv.dll
06:22:57.0209 2700 C:\Windows\System32\basesrv.dll - ok
06:22:57.0225 2700 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\System32\winsrv.dll
06:22:57.0225 2700 C:\Windows\System32\winsrv.dll - ok
06:22:57.0240 2700 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] C:\Windows\System32\drivers\monitor.sys
06:22:57.0240 2700 C:\Windows\System32\drivers\monitor.sys - ok
06:22:57.0256 2700 [ CC21507D246861671A0BF97E75CE1B00 ] C:\Windows\System32\tsddd.dll
06:22:57.0256 2700 C:\Windows\System32\tsddd.dll - ok
06:22:57.0256 2700 [ 101BA3EA053480BB5D957EF37C06B5ED ] C:\Windows\System32\wininit.exe
06:22:57.0256 2700 C:\Windows\System32\wininit.exe - ok
06:22:57.0272 2700 [ 12C8D6C564702B0776512932290A3F6B ] C:\Windows\System32\KBDUS.DLL
06:22:57.0272 2700 C:\Windows\System32\KBDUS.DLL - ok
06:22:57.0287 2700 [ D602FEDBD9155FC2DED6863FB60C950F ] C:\Windows\System32\secur32.dll
06:22:57.0287 2700 C:\Windows\System32\secur32.dll - ok
06:22:57.0303 2700 [ 665417528489096BBCB8AEA46D3DA924 ] C:\Windows\System32\userenv.dll
06:22:57.0303 2700 C:\Windows\System32\userenv.dll - ok
06:22:57.0303 2700 [ 1107BD574A84367735FEC38B9BD64E6B ] C:\Windows\System32\apphelp.dll
06:22:57.0303 2700 C:\Windows\System32\apphelp.dll - ok
06:22:57.0318 2700 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\System32\services.exe
06:22:57.0318 2700 C:\Windows\System32\services.exe - ok
06:22:57.0334 2700 [ 92283D9E33EC5F41ECC0B430B7459241 ] C:\Windows\System32\WlS0WndH.dll
06:22:57.0334 2700 C:\Windows\System32\WlS0WndH.dll - ok
06:22:57.0334 2700 [ BE6FAC6F0745C67DAE7522C96406D083 ] C:\Windows\System32\sxs.dll
06:22:57.0334 2700 C:\Windows\System32\sxs.dll - ok
06:22:57.0350 2700 [ A3E186B4B935905B829219502557314E ] C:\Windows\System32\lsass.exe
06:22:57.0350 2700 C:\Windows\System32\lsass.exe - ok
06:22:57.0350 2700 [ 4774AD6C447E02E954BD9A793614EBEC ] C:\Windows\System32\lsm.exe
06:22:57.0350 2700 C:\Windows\System32\lsm.exe - ok
06:22:57.0365 2700 [ D90911B3FA05D7B930C1286084B404DE ] C:\Windows\System32\scesrv.dll
06:22:57.0365 2700 C:\Windows\System32\scesrv.dll - ok
06:22:57.0365 2700 [ 178FAC2B7C66E9A4400CE7AC37623E3F ] C:\Windows\System32\lsasrv.dll
06:22:57.0365 2700 C:\Windows\System32\lsasrv.dll - ok
06:22:57.0381 2700 [ 1AE011BB950A5E0B05023D2AFEC3666D ] C:\Windows\System32\authz.dll
06:22:57.0381 2700 C:\Windows\System32\authz.dll - ok
06:22:57.0381 2700 [ 98B656EAF128CD06F625B09C84D959E1 ] C:\Windows\System32\netapi32.dll
06:22:57.0381 2700 C:\Windows\System32\netapi32.dll - ok
06:22:57.0396 2700 [ 71F5A7104FDF16C0AC5283A6CE666553 ] C:\Windows\System32\sysntfy.dll
06:22:57.0396 2700 C:\Windows\System32\sysntfy.dll - ok
06:22:57.0396 2700 [ F0321DA5203F1E71917F3B7A13DC4912 ] C:\Windows\System32\wmsgapi.dll
06:22:57.0396 2700 C:\Windows\System32\wmsgapi.dll - ok
06:22:57.0412 2700 [ 2FA16465F64DB54B1F7F511395EB4FD7 ] C:\Windows\System32\ncobjapi.dll
06:22:57.0412 2700 C:\Windows\System32\ncobjapi.dll - ok
06:22:57.0412 2700 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] C:\Windows\System32\aelupsvc.dll
06:22:57.0412 2700 C:\Windows\System32\aelupsvc.dll - ok
06:22:57.0428 2700 [ A1545B731579895D8CC44FC0481C1192 ] C:\Windows\System32\alg.exe
06:22:57.0428 2700 C:\Windows\System32\alg.exe - ok
06:22:57.0443 2700 [ 7808BF0E367ED7348808879CEF482AB3 ] C:\Windows\System32\samsrv.dll
06:22:57.0443 2700 C:\Windows\System32\samsrv.dll - ok
06:22:57.0443 2700 [ CF9F5BBC2740C41DD471278C41B91F5F ] C:\Windows\System32\cdd.dll
06:22:57.0443 2700 C:\Windows\System32\cdd.dll - ok
06:22:57.0459 2700 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] C:\Windows\System32\appinfo.dll
06:22:57.0459 2700 C:\Windows\System32\appinfo.dll - ok
06:22:57.0459 2700 [ 459B48188494490707DCA8BAA91AA185 ] C:\Windows\System32\cryptdll.dll
06:22:57.0459 2700 C:\Windows\System32\cryptdll.dll - ok
06:22:57.0474 2700 [ 85E861D0B88DB2B54ACB0839654C09F7 ] C:\Windows\System32\dnsapi.dll
06:22:57.0474 2700 C:\Windows\System32\dnsapi.dll - ok
06:22:57.0474 2700 [ 3464DAE0E801F5A81A23C571D86F30B2 ] C:\Windows\System32\rascfg.dll
06:22:57.0474 2700 C:\Windows\System32\rascfg.dll - ok
06:22:57.0490 2700 [ B0F9073BE86C6D4EDD4EBA674251E699 ] C:\Windows\System32\crypt32.dll
06:22:57.0490 2700 C:\Windows\System32\crypt32.dll - ok
06:22:57.0506 2700 [ 965AC9FBF2C67231C157E99C03C58D24 ] C:\Windows\System32\feclient.dll
06:22:57.0506 2700 C:\Windows\System32\feclient.dll - ok
06:22:57.0506 2700 [ 1F94EA31C9543B855F53BDAC7792DA4E ] C:\Windows\System32\mpr.dll
06:22:57.0506 2700 C:\Windows\System32\mpr.dll - ok
06:22:57.0537 2700 [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\Windows\System32\msasn1.dll
06:22:57.0537 2700 C:\Windows\System32\msasn1.dll - ok
06:22:57.0552 2700 [ 7F0F1D4B0D847696F8E309423D227DCE ] C:\Windows\System32\ntdsapi.dll
06:22:57.0552 2700 C:\Windows\System32\ntdsapi.dll - ok
06:22:57.0552 2700 [ 453DE2958C885527E20C79A3FEFE6AF7 ] C:\Windows\System32\samlib.dll
06:22:57.0552 2700 C:\Windows\System32\samlib.dll - ok
06:22:57.0568 2700 [ 68E2A1A0407A66CF50DA0300852424AB ] C:\Windows\System32\audiosrv.dll
06:22:57.0568 2700 C:\Windows\System32\audiosrv.dll - ok
06:22:57.0568 2700 [ C789AF0F724FDA5852FB9A7D3A432381 ] C:\Windows\System32\BFE.DLL
06:22:57.0568 2700 C:\Windows\System32\BFE.DLL - ok
06:22:57.0584 2700 [ C6DF7A87063D006ECF1FD8156CB6DE3F ] C:\Windows\System32\SLC.dll
06:22:57.0584 2700 C:\Windows\System32\SLC.dll - ok
06:22:57.0599 2700 [ 93952506C6D67330367F7E7934B6A02F ] C:\Windows\System32\qmgr.dll
06:22:57.0599 2700 C:\Windows\System32\qmgr.dll - ok
06:22:57.0599 2700 [ 4DE3C4D07BAFDE616EFA0ADE076CBAC2 ] C:\Windows\System32\wevtapi.dll
06:22:57.0599 2700 C:\Windows\System32\wevtapi.dll - ok
06:22:57.0615 2700 [ 9028559C132146FB75EB7ACF384B086A ] C:\Windows\System32\dhcpcsvc.dll
06:22:57.0615 2700 C:\Windows\System32\dhcpcsvc.dll - ok
06:22:57.0630 2700 [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\Windows\System32\IPHLPAPI.DLL
06:22:57.0630 2700 C:\Windows\System32\IPHLPAPI.DLL - ok
06:22:57.0646 2700 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] C:\Windows\System32\browser.dll
06:22:57.0646 2700 C:\Windows\System32\browser.dll - ok
06:22:57.0646 2700 [ A4C8377FA4A994E07075107DBE2E3DCE ] C:\Windows\System32\bthserv.dll
06:22:57.0646 2700 C:\Windows\System32\bthserv.dll - ok
06:22:57.0662 2700 [ 312EC3E37A0A1F2006534913E37B4423 ] C:\Windows\System32\certprop.dll
06:22:57.0662 2700 C:\Windows\System32\certprop.dll - ok
06:22:57.0677 2700 [ 6B09105742C75DF80CEF21700F20F55A ] C:\Windows\System32\winnsi.dll
06:22:57.0677 2700 C:\Windows\System32\winnsi.dll - ok
06:22:57.0677 2700 [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\Windows\System32\dhcpcsvc6.dll
06:22:57.0677 2700 C:\Windows\System32\dhcpcsvc6.dll - ok
06:22:57.0693 2700 [ DE0DD9AE3430F84A96B5501112A696BE ] C:\Windows\System32\bcrypt.dll
06:22:57.0693 2700 C:\Windows\System32\bcrypt.dll - ok
06:22:57.0708 2700 [ 7F15B4953378C8B5161D65C26D5FED4D ] C:\Windows\System32\cngaudit.dll
06:22:57.0708 2700 C:\Windows\System32\cngaudit.dll - ok
06:22:57.0708 2700 [ 4211249955AF9133E2E357CC92B54DFD ] C:\Windows\System32\comres.dll
06:22:57.0708 2700 C:\Windows\System32\comres.dll - ok
06:22:57.0724 2700 [ 188CC19108B0EBD6332D6628D4EDE469 ] C:\Windows\System32\ncrypt.dll
06:22:57.0724 2700 C:\Windows\System32\ncrypt.dll - ok
06:22:57.0740 2700 [ F1E8C34892336D33EDDCDFE44E474F64 ] C:\Windows\System32\cryptsvc.dll
06:22:57.0740 2700 C:\Windows\System32\cryptsvc.dll - ok
06:22:57.0755 2700 [ 26F139DDEC6407508071930D3D07337E ] C:\Windows\System32\credssp.dll
06:22:57.0755 2700 C:\Windows\System32\credssp.dll - ok
06:22:57.0755 2700 [ 74F380C8EC8813626C670D46E8A714D1 ] C:\Windows\System32\dfsrres.dll
06:22:57.0755 2700 C:\Windows\System32\dfsrres.dll - ok
06:22:57.0771 2700 [ ABE9EEA1EABEA0711610A637A7B1C25D ] C:\Windows\System32\msprivs.dll
06:22:57.0771 2700 C:\Windows\System32\msprivs.dll - ok
06:22:57.0786 2700 [ 08D6D1692B62C9EE4062E1FA04D8FE2F ] C:\Windows\System32\oleres.dll
06:22:57.0786 2700 C:\Windows\System32\oleres.dll - ok
06:22:57.0786 2700 [ 898E7C06A350D4A1A64A9EA264D55452 ] C:\Windows\System32\winlogon.exe
06:22:57.0786 2700 C:\Windows\System32\winlogon.exe - ok
06:22:57.0802 2700 [ AA01497884F9CBAC89470120AF78D2B1 ] C:\Windows\System32\kerberos.dll
06:22:57.0802 2700 C:\Windows\System32\kerberos.dll - ok
06:22:57.0802 2700 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] C:\Windows\System32\dot3svc.dll
06:22:57.0802 2700 C:\Windows\System32\dot3svc.dll - ok
06:22:57.0818 2700 [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\Windows\System32\wship6.dll
06:22:57.0818 2700 C:\Windows\System32\wship6.dll - ok
06:22:57.0833 2700 [ 22CFAEB9172F5F198048401485CD0571 ] C:\Windows\System32\WSHTCPIP.DLL
06:22:57.0833 2700 C:\Windows\System32\WSHTCPIP.DLL - ok
06:22:57.0864 2700 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] C:\Windows\System32\dps.dll
06:22:57.0864 2700 C:\Windows\System32\dps.dll - ok
06:22:57.0864 2700 [ 4AAFC7461633848AA87A363B2CBEC522 ] C:\Windows\System32\winsta.dll
06:22:57.0864 2700 C:\Windows\System32\winsta.dll - ok
06:22:57.0880 2700 [ 05C3B38DB95BA5585817A4F898EE5581 ] C:\Windows\System32\wshqos.dll
06:22:57.0880 2700 C:\Windows\System32\wshqos.dll - ok
06:22:57.0896 2700 [ 9BE3744D295A7701EB425332014F0797 ] C:\Windows\ehome\ehrecvr.exe
06:22:57.0896 2700 C:\Windows\ehome\ehrecvr.exe - ok
06:22:57.0911 2700 [ C0B95E40D85CD807D614E264248A45B9 ] C:\Windows\System32\eapsvc.dll
06:22:57.0911 2700 C:\Windows\System32\eapsvc.dll - ok
06:22:57.0911 2700 [ FC62A635063B762E1C3C60EA77279378 ] C:\Windows\System32\NapiNSP.dll
06:22:57.0911 2700 C:\Windows\System32\NapiNSP.dll - ok
06:22:57.0927 2700 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] C:\Windows\System32\nlasvc.dll
06:22:57.0927 2700 C:\Windows\System32\nlasvc.dll - ok
06:22:57.0942 2700 [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\Windows\System32\pnrpnsp.dll
06:22:57.0942 2700 C:\Windows\System32\pnrpnsp.dll - ok
06:22:57.0958 2700 [ AD1870C8E5D6DD340C829E6074BF3C3F ] C:\Windows\ehome\ehsched.exe
06:22:57.0958 2700 C:\Windows\ehome\ehsched.exe - ok
06:22:57.0974 2700 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] C:\Windows\ehome\ehstart.dll
06:22:57.0974 2700 C:\Windows\ehome\ehstart.dll - ok
06:22:57.0974 2700 [ 8617350C9B590B63E620881092751BCB ] C:\Windows\System32\mswsock.dll
06:22:57.0974 2700 C:\Windows\System32\mswsock.dll - ok
06:22:57.0989 2700 [ 4ABCE74D012971305249E45E095E9EA6 ] C:\Windows\System32\msv1_0.dll
06:22:57.0989 2700 C:\Windows\System32\msv1_0.dll - ok
06:22:58.0005 2700 [ 95DAECF0FB120A7B5DA679CC54E37DDE ] C:\Windows\System32\netlogon.dll
06:22:58.0005 2700 C:\Windows\System32\netlogon.dll - ok
06:22:58.0005 2700 [ 4E6B23DFC917EA39306B529B773950F4 ] C:\Windows\System32\emdmgmt.dll
06:22:58.0005 2700 C:\Windows\System32\emdmgmt.dll - ok
06:22:58.0020 2700 [ 72910BC4A218C49EA8E43D1FAEC403A5 ] C:\Windows\System32\winbrand.dll
06:22:58.0020 2700 C:\Windows\System32\winbrand.dll - ok
06:22:58.0036 2700 [ A1B40A28F38D27A7E3229EE4C7064434 ] C:\Windows\System32\wevtsvc.dll
06:22:58.0036 2700 C:\Windows\System32\wevtsvc.dll - ok
06:22:58.0052 2700 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] C:\Windows\System32\fdPHost.dll
06:22:58.0052 2700 C:\Windows\System32\fdPHost.dll - ok
06:22:58.0052 2700 [ 50E3E76B0901BB4FC029BB88BFA5CE79 ] C:\Windows\System32\schannel.dll
06:22:58.0052 2700 C:\Windows\System32\schannel.dll - ok
06:22:58.0067 2700 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] C:\Windows\System32\FDResPub.dll
06:22:58.0067 2700 C:\Windows\System32\FDResPub.dll - ok
06:22:58.0083 2700 [ 8CE364388C8ECA59B14B539179276D44 ] C:\Windows\System32\FntCache.dll
06:22:58.0083 2700 C:\Windows\System32\FntCache.dll - ok
06:22:58.0098 2700 [ 93620229F3CC3B67A3528BF39F064C30 ] C:\Windows\System32\wdigest.dll
06:22:58.0098 2700 C:\Windows\System32\wdigest.dll - ok
06:22:58.0098 2700 [ E14170AEA125119B98FA2BDE3FF4F462 ] C:\Windows\System32\rsaenh.dll
06:22:58.0098 2700 C:\Windows\System32\rsaenh.dll - ok
06:22:58.0114 2700 [ 0F420E81062757EA8363CBACD4D40D6D ] C:\Windows\System32\gpapi.dll
06:22:58.0114 2700 C:\Windows\System32\gpapi.dll - ok
06:22:58.0130 2700 [ 302964DCAC79D618CC7B72C778DA9FD2 ] C:\Windows\System32\PresentationHost.exe
06:22:58.0130 2700 C:\Windows\System32\PresentationHost.exe - ok
06:22:58.0130 2700 [ F8873D15018F411588BEC02C1725BADA ] C:\Windows\System32\TSpkg.dll
06:22:58.0130 2700 C:\Windows\System32\TSpkg.dll - ok
06:22:58.0145 2700 [ 84067081F3318162797385E11A8F0582 ] C:\Windows\System32\hidserv.dll
06:22:58.0145 2700 C:\Windows\System32\hidserv.dll - ok
06:22:58.0145 2700 [ D8AD255B37DA92434C26E4876DB7D418 ] C:\Windows\System32\KMSVC.DLL
06:22:58.0145 2700 C:\Windows\System32\KMSVC.DLL - ok
06:22:58.0176 2700 [ 05586F5438AB0DA4F5149159E0E5FD4B ] C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
06:22:58.0176 2700 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
06:22:58.0192 2700 [ 9908D8A397B76CD8D31D0D383C5773C9 ] C:\Windows\System32\IKEEXT.DLL
06:22:58.0192 2700 C:\Windows\System32\IKEEXT.DLL - ok
06:22:58.0192 2700 [ 9AC218C6E6105477484C6FDBE7D409A4 ] C:\Windows\System32\IPBusEnum.dll
06:22:58.0192 2700 C:\Windows\System32\IPBusEnum.dll - ok
06:22:58.0208 2700 [ 1998BD97F950680BB55F55A7244679C2 ] C:\Windows\System32\iphlpsvc.dll
06:22:58.0208 2700 C:\Windows\System32\iphlpsvc.dll - ok
06:22:58.0223 2700 [ 74C2F29CC612B2B34231BEBD824D2FB2 ] C:\Windows\System32\keyiso.dll
06:22:58.0223 2700 C:\Windows\System32\keyiso.dll - ok
06:22:58.0239 2700 [ 1BF5EEBFD518DD7298434D8C862F825D ] C:\Windows\System32\srvsvc.dll
06:22:58.0239 2700 C:\Windows\System32\srvsvc.dll - ok
06:22:58.0254 2700 [ 1DB69705B695B987082C8BAEC0C6B34F ] C:\Windows\System32\wkssvc.dll
06:22:58.0254 2700 C:\Windows\System32\wkssvc.dll - ok
06:22:58.0254 2700 [ 132F6237FA3BF3E9715F63A1CCF72BF1 ] C:\Windows\ehome\ehres.dll
06:22:58.0254 2700 C:\Windows\ehome\ehres.dll - ok
06:22:58.0286 2700 [ FA0593D936C9B95FB6FAA32AD1595D49 ] C:\Windows\System32\lltdres.dll
06:22:58.0286 2700 C:\Windows\System32\lltdres.dll - ok
06:22:58.0286 2700 [ 35D40113E4A5B961B6CE5C5857702518 ] C:\Windows\System32\lmhsvc.dll
06:22:58.0286 2700 C:\Windows\System32\lmhsvc.dll - ok
06:22:58.0301 2700 [ 95F1EB99B81CFD6F581C85F0A0AA9B2B ] C:\Windows\System32\FirewallAPI.dll
06:22:58.0301 2700 C:\Windows\System32\FirewallAPI.dll - ok
06:22:58.0317 2700 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] C:\Windows\System32\mmcss.dll
06:22:58.0317 2700 C:\Windows\System32\mmcss.dll - ok
06:22:58.0317 2700 [ EA822412BBBA9B7D2B1A3748AD50EFB8 ] C:\Windows\System32\iscsidsc.dll
06:22:58.0317 2700 C:\Windows\System32\iscsidsc.dll - ok
06:22:58.0348 2700 [ ED21401F1E2F6BC2F54C462BB66D0D6B ] C:\Windows\System32\msimsg.dll
06:22:58.0348 2700 C:\Windows\System32\msimsg.dll - ok
06:22:58.0348 2700 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] C:\Windows\System32\QAGENTRT.DLL
06:22:58.0348 2700 C:\Windows\System32\QAGENTRT.DLL - ok
06:22:58.0364 2700 [ C8052711DAECC48B982434C5116CA401 ] C:\Windows\System32\netman.dll
06:22:58.0364 2700 C:\Windows\System32\netman.dll - ok
06:22:58.0379 2700 [ 4EF5DF1B011B05737ECB8F0B7B171510 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
06:22:58.0379 2700 C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll - ok
06:22:58.0395 2700 [ ED640F4CE585058119B824CC76591D9C ] C:\Windows\System32\netprof.dll
06:22:58.0395 2700 C:\Windows\System32\netprof.dll - ok
06:22:58.0410 2700 [ CA461A203EF40A98C1C23DE3CBEE68B2 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
06:22:58.0410 2700 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
06:22:58.0410 2700 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] C:\Windows\System32\nsisvc.dll
06:22:58.0410 2700 C:\Windows\System32\nsisvc.dll - ok
06:22:58.0426 2700 [ 0C8E8E61AD1EB0B250B846712C917506 ] C:\Windows\System32\p2psvc.dll
06:22:58.0426 2700 C:\Windows\System32\p2psvc.dll - ok
06:22:58.0442 2700 [ C6276AD11F4BB49B58AA1ED88537F14A ] C:\Windows\System32\pcasvc.dll
06:22:58.0442 2700 C:\Windows\System32\pcasvc.dll - ok
06:22:58.0457 2700 [ B1689DF169143F57053F795390C99DB3 ] C:\Windows\System32\pla.dll
06:22:58.0457 2700 C:\Windows\System32\pla.dll - ok
06:22:58.0457 2700 [ C5E7F8A996EC0A82D508FD9064A5569E ] C:\Windows\System32\umpnpmgr.dll
06:22:58.0457 2700 C:\Windows\System32\umpnpmgr.dll - ok
06:22:58.0488 2700 [ 64B28D672B5B6A01E87B0C3096B1E047 ] C:\Windows\System32\polstore.dll
06:22:58.0488 2700 C:\Windows\System32\polstore.dll - ok
06:22:58.0504 2700 [ 0508FAA222D28835310B7BFCA7A77346 ] C:\Windows\System32\profsvc.dll
06:22:58.0504 2700 C:\Windows\System32\profsvc.dll - ok
06:22:58.0504 2700 [ 08F9134A2215B7ED985409A4DF60AC60 ] C:\Windows\System32\psbase.dll
06:22:58.0504 2700 C:\Windows\System32\psbase.dll - ok
06:22:58.0520 2700 [ E9ECAE663F47E6CB43962D18AB18890F ] C:\Windows\System32\qwave.dll
06:22:58.0520 2700 C:\Windows\System32\qwave.dll - ok
06:22:58.0535 2700 [ 9F5E0E1926014D17486901C88ECA2DB7 ] C:\Windows\System32\drivers\qwavedrv.sys
06:22:58.0535 2700 C:\Windows\System32\drivers\qwavedrv.sys - ok
06:22:58.0535 2700 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] C:\Windows\System32\rasauto.dll
06:22:58.0535 2700 C:\Windows\System32\rasauto.dll - ok
06:22:58.0551 2700 [ 75D47445D70CA6F9F894B032FBC64FCF ] C:\Windows\System32\rasmans.dll
06:22:58.0551 2700 C:\Windows\System32\rasmans.dll - ok
06:22:58.0566 2700 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] C:\Windows\System32\sstpsvc.dll
06:22:58.0566 2700 C:\Windows\System32\sstpsvc.dll - ok
06:22:58.0598 2700 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] C:\Windows\System32\mprdim.dll
06:22:58.0598 2700 C:\Windows\System32\mprdim.dll - ok
06:22:58.0613 2700 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] C:\Windows\System32\regsvc.dll
06:22:58.0613 2700 C:\Windows\System32\regsvc.dll - ok
06:22:58.0613 2700 [ 5123F83CBC4349D065534EEB6BBDC42B ] C:\Windows\System32\Locator.exe
06:22:58.0613 2700 C:\Windows\System32\Locator.exe - ok
06:22:58.0629 2700 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] C:\Windows\System32\SCardSvr.dll
06:22:58.0629 2700 C:\Windows\System32\SCardSvr.dll - ok
06:22:58.0644 2700 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] C:\Windows\System32\schedsvc.dll
06:22:58.0644 2700 C:\Windows\System32\schedsvc.dll - ok
06:22:58.0660 2700 [ 716313D9F6B0529D03F726D5AAF6F191 ] C:\Windows\System32\sdrsvc.dll
06:22:58.0660 2700 C:\Windows\System32\sdrsvc.dll - ok
06:22:58.0691 2700 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] C:\Windows\System32\seclogon.dll
06:22:58.0691 2700 C:\Windows\System32\seclogon.dll - ok
06:22:58.0707 2700 [ A9BBAB5759771E523F55563D6CBE140F ] C:\Windows\System32\Sens.dll
06:22:58.0707 2700 C:\Windows\System32\Sens.dll - ok
06:22:58.0722 2700 [ D2193326F729B163125610DBF3E17D57 ] C:\Windows\System32\SessEnv.dll
06:22:58.0722 2700 C:\Windows\System32\SessEnv.dll - ok
06:22:58.0722 2700 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] C:\Windows\System32\ipnathlp.dll
06:22:58.0722 2700 C:\Windows\System32\ipnathlp.dll - ok
06:22:58.0738 2700 [ C7230FBEE14437716701C15BE02C27B8 ] C:\Windows\System32\shsvcs.dll
06:22:58.0738 2700 C:\Windows\System32\shsvcs.dll - ok
06:22:58.0754 2700 [ 862BB4CBC05D80C5B45BE430E5EF872F ] C:\Windows\System32\SLsvc.exe
06:22:58.0754 2700 C:\Windows\System32\SLsvc.exe - ok
06:22:58.0769 2700 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] C:\Windows\System32\SLUINotify.dll
06:22:58.0769 2700 C:\Windows\System32\SLUINotify.dll - ok
06:22:58.0800 2700 [ 2A146A055B4401C16EE62D18B8E2A032 ] C:\Windows\System32\snmptrap.exe
06:22:58.0800 2700 C:\Windows\System32\snmptrap.exe - ok
06:22:58.0800 2700 [ E4060CFE50F87C72316CB0FDB20E4913 ] C:\Windows\System32\tcpipcfg.dll
06:22:58.0800 2700 C:\Windows\System32\tcpipcfg.dll - ok
06:22:58.0816 2700 [ 8554097E5136C3BF9F69FE578A1B35F4 ] C:\Windows\System32\spoolsv.exe
06:22:58.0816 2700 C:\Windows\System32\spoolsv.exe - ok
06:22:58.0832 2700 [ 03D50B37234967433A5EA5BA72BC0B62 ] C:\Windows\System32\ssdpsrv.dll
06:22:58.0832 2700 C:\Windows\System32\ssdpsrv.dll - ok
06:22:58.0832 2700 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] C:\Windows\System32\wiaservc.dll
06:22:58.0832 2700 C:\Windows\System32\wiaservc.dll - ok
06:22:58.0847 2700 [ F21FD248040681CCA1FB6C9A03AAA93D ] C:\Windows\System32\swprv.dll
06:22:58.0847 2700 C:\Windows\System32\swprv.dll - ok
06:22:58.0863 2700 [ 9A51B04E9886AA4EE90093586B0BA88D ] C:\Windows\System32\sysmain.dll
06:22:58.0863 2700 C:\Windows\System32\sysmain.dll - ok
06:22:58.0863 2700 [ 2DCA225EAE15F42C0933E998EE0231C3 ] C:\Windows\System32\TabSvc.dll
06:22:58.0863 2700 C:\Windows\System32\TabSvc.dll - ok
06:22:58.0878 2700 [ D7673E4B38CE21EE54C59EEEB65E2483 ] C:\Windows\System32\tapisrv.dll
06:22:58.0878 2700 C:\Windows\System32\tapisrv.dll - ok
06:22:58.0894 2700 [ CB05822CD9CC6C688168E113C603DBE7 ] C:\Windows\System32\tbssvc.dll
06:22:58.0894 2700 C:\Windows\System32\tbssvc.dll - ok
06:22:58.0894 2700 [ BB95DA09BEF6E7A131BFF3BA5032090D ] C:\Windows\System32\termsrv.dll
06:22:58.0894 2700 C:\Windows\System32\termsrv.dll - ok
06:22:58.0910 2700 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] C:\Windows\servicing\TrustedInstaller.exe
06:22:58.0910 2700 C:\Windows\servicing\TrustedInstaller.exe - ok
06:22:58.0925 2700 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] C:\Windows\System32\trkwks.dll
06:22:58.0925 2700 C:\Windows\System32\trkwks.dll - ok
06:22:58.0925 2700 [ ECEF404F62863755951E09C802C94AD5 ] C:\Windows\System32\UI0Detect.exe
06:22:58.0925 2700 C:\Windows\System32\UI0Detect.exe - ok
06:22:58.0941 2700 [ 01DD1004181FD46ECDC3628228EB269D ] C:\Windows\System32\dwm.exe
06:22:58.0941 2700 C:\Windows\System32\dwm.exe - ok
06:22:58.0956 2700 [ 68308183F4AE0BE7BF8ECD07CB297999 ] C:\Windows\System32\upnphost.dll
06:22:58.0956 2700 C:\Windows\System32\upnphost.dll - ok
06:22:58.0956 2700 [ CD88D1B7776DC17A119049742EC07EB4 ] C:\Windows\System32\vds.exe
06:22:58.0956 2700 C:\Windows\System32\vds.exe - ok
06:22:58.0972 2700 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] C:\Windows\System32\VSSVC.exe
06:22:58.0972 2700 C:\Windows\System32\VSSVC.exe - ok
06:22:58.0988 2700 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] C:\Windows\System32\w32time.dll
06:22:58.0988 2700 C:\Windows\System32\w32time.dll - ok
06:22:58.0988 2700 [ A3CD60FD826381B49F03832590E069AF ] C:\Windows\System32\wcncsvc.dll
06:22:58.0988 2700 C:\Windows\System32\wcncsvc.dll - ok
06:22:59.0003 2700 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] C:\Windows\System32\WcsPlugInService.dll
06:22:59.0003 2700 C:\Windows\System32\WcsPlugInService.dll - ok
06:22:59.0019 2700 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] C:\Windows\System32\wdi.dll
06:22:59.0019 2700 C:\Windows\System32\wdi.dll - ok
06:22:59.0019 2700 [ 04C37D8107320312FBAE09926103D5E2 ] C:\Windows\System32\WebClnt.dll
06:22:59.0019 2700 C:\Windows\System32\WebClnt.dll - ok
06:22:59.0034 2700 [ AE3736E7E8892241C23E4EBBB7453B60 ] C:\Windows\System32\wecsvc.dll
06:22:59.0034 2700 C:\Windows\System32\wecsvc.dll - ok
06:22:59.0050 2700 [ 670FF720071ED741206D69BD995EA453 ] C:\Windows\System32\wercplsupport.dll
06:22:59.0050 2700 C:\Windows\System32\wercplsupport.dll - ok
06:22:59.0050 2700 [ 32B88481D3B326DA6DEB07B1D03481E7 ] C:\Windows\System32\wersvc.dll
06:22:59.0050 2700 C:\Windows\System32\wersvc.dll - ok
06:22:59.0097 2700 [ 62DB790A860CDFC4278D2F03CC5675D8 ] C:\Program Files\Windows Defender\MsMpRes.dll
06:22:59.0097 2700 C:\Program Files\Windows Defender\MsMpRes.dll - ok
06:22:59.0112 2700 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] C:\Windows\System32\wbem\WMIsvc.dll
06:22:59.0112 2700 C:\Windows\System32\wbem\WMIsvc.dll - ok
06:22:59.0128 2700 [ DBD02E3E6F061EBBBF9B99A9D7CBA30B ] C:\Windows\System32\winhttp.dll
06:22:59.0128 2700 C:\Windows\System32\winhttp.dll - ok
06:22:59.0144 2700 [ 7CFE68BDC065E55AA5E8421607037511 ] C:\Windows\System32\WsmSvc.dll
06:22:59.0144 2700 C:\Windows\System32\WsmSvc.dll - ok
06:22:59.0159 2700 [ C008405E4FEEB069E30DA1D823910234 ] C:\Windows\System32\wlansvc.dll
06:22:59.0159 2700 C:\Windows\System32\wlansvc.dll - ok
06:22:59.0175 2700 [ 43BE3875207DCB62A85C8C49970B66CC ] C:\Windows\System32\wbem\WmiApSrv.exe
06:22:59.0175 2700 C:\Windows\System32\wbem\WmiApSrv.exe - ok
06:22:59.0190 2700 [ 3978704576A121A9204F8CC49A301A9B ] C:\Program Files\Windows Media Player\wmpnetwk.exe
06:22:59.0190 2700 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
06:22:59.0206 2700 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] C:\Windows\System32\wpcsvc.dll
06:22:59.0206 2700 C:\Windows\System32\wpcsvc.dll - ok
06:22:59.0206 2700 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
06:22:59.0206 2700 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe - ok
06:22:59.0222 2700 [ 801FBDB89D472B3C467EB112A0FC9246 ] C:\Windows\System32\wpdbusenum.dll
06:22:59.0222 2700 C:\Windows\System32\wpdbusenum.dll - ok
06:22:59.0237 2700 [ 1CA6C40261DDC0425987980D0CD2AAAB ] C:\Windows\System32\wscsvc.dll
06:22:59.0237 2700 C:\Windows\System32\wscsvc.dll - ok
06:22:59.0253 2700 [ AED0DFF80C6B3914769407E78D7AB21A ] C:\Windows\System32\SearchIndexer.exe
06:22:59.0253 2700 C:\Windows\System32\SearchIndexer.exe - ok
06:22:59.0268 2700 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\Windows\System32\wuaueng.dll
06:22:59.0268 2700 C:\Windows\System32\wuaueng.dll - ok
06:22:59.0284 2700 [ 575A4190D989F64732119E4114045A4F ] C:\Windows\System32\WUDFSvc.dll
06:22:59.0284 2700 C:\Windows\System32\WUDFSvc.dll - ok
06:22:59.0284 2700 [ 8FC182167381E9915651267044105EE1 ] C:\Windows\System32\scecli.dll
06:22:59.0284 2700 C:\Windows\System32\scecli.dll - ok
06:22:59.0284 2700 [ CD08EEC61C591AF59A39F4363C567D30 ] C:\Windows\System32\ntmarta.dll
06:22:59.0284 2700 C:\Windows\System32\ntmarta.dll - ok
06:22:59.0300 2700 [ 3794B461C45882E06856F282EEF025AF ] C:\Windows\System32\svchost.exe
06:22:59.0300 2700 C:\Windows\System32\svchost.exe - ok
06:22:59.0315 2700 [ 9A7F4B2EDACD11444D048AA19CBB26AF ] C:\Windows\System32\powrprof.dll
06:22:59.0315 2700 C:\Windows\System32\powrprof.dll - ok
06:22:59.0331 2700 [ 8F5C7426567798E62A3B3614965D62CC ] C:\Windows\System32\drivers\luafv.sys
06:22:59.0331 2700 C:\Windows\System32\drivers\luafv.sys - ok
06:22:59.0346 2700 [ 500D089CE760D83DA2B6CBA681AA9949 ] C:\Windows\System32\drivers\mbam.sys
06:22:59.0346 2700 C:\Windows\System32\drivers\mbam.sys - ok
06:22:59.0378 2700 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] C:\Windows\System32\rpcss.dll
06:22:59.0378 2700 C:\Windows\System32\rpcss.dll - ok
06:22:59.0393 2700 [ 69827805A221C21450BA22F4326A2EE3 ] C:\Windows\System32\version.dll
06:22:59.0393 2700 C:\Windows\System32\version.dll - ok
06:22:59.0409 2700 [ 9AC7F31404F784753C4C04296E48CFAB ] C:\Program Files\Microsoft Security Client\MpSvc.dll
06:22:59.0409 2700 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
06:22:59.0424 2700 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
06:22:59.0424 2700 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
06:22:59.0424 2700 [ 84204FDA617A3611D510A1DCBAE64004 ] C:\Program Files\Microsoft Security Client\MpClient.dll
06:22:59.0424 2700 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
06:22:59.0440 2700 [ F42483814FC39170B3982A184EC5AAA2 ] C:\Windows\System32\wtsapi32.dll
06:22:59.0440 2700 C:\Windows\System32\wtsapi32.dll - ok
06:22:59.0456 2700 [ 62D577288B48998FC6667BF22DC5B690 ] C:\Windows\System32\LogonUI.exe
06:22:59.0456 2700 C:\Windows\System32\LogonUI.exe - ok
06:22:59.0471 2700 [ B2E569EF26DAC9D6994A2AFF4F601B7A ] C:\Windows\System32\wintrust.dll
06:22:59.0471 2700 C:\Windows\System32\wintrust.dll - ok
06:22:59.0471 2700 [ 58C2521D87C494831A625202C80354AD ] C:\Windows\System32\authui.dll
06:22:59.0471 2700 C:\Windows\System32\authui.dll - ok
06:22:59.0487 2700 [ 4575AA12561C5648483403541D0D7F2B ] C:\Program Files\Windows Defender\MpSvc.dll
06:22:59.0487 2700 C:\Program Files\Windows Defender\MpSvc.dll - ok
06:22:59.0502 2700 [ BE3C082837866C4C291ADAF163C10EA6 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
06:22:59.0502 2700 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - ok
06:22:59.0518 2700 [ 1BD363738B672A394EBE3B8A78EAB9D3 ] C:\Program Files\Windows Defender\MpClient.dll
06:22:59.0518 2700 C:\Program Files\Windows Defender\MpClient.dll - ok
06:22:59.0534 2700 [ 2EC53B5A351C4D443896DBAD117F7E82 ] C:\Windows\System32\msimg32.dll
06:22:59.0534 2700 C:\Windows\System32\msimg32.dll - ok
06:22:59.0549 2700 [ 999D69DEB576C2C424294DF025891CC6 ] C:\Windows\System32\uxtheme.dll
06:22:59.0549 2700 C:\Windows\System32\uxtheme.dll - ok
06:22:59.0549 2700 [ 76EAEF4DDEBBC7C38853F586C0E91DCE ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll
06:22:59.0549 2700 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll - ok
06:22:59.0565 2700 [ 75EB73E64F5B4655D9797D20F26DE320 ] C:\Windows\System32\duser.dll
06:22:59.0565 2700 C:\Windows\System32\duser.dll - ok
06:22:59.0580 2700 [ 1908CC7673F72601AFFDCA022689CEDF ] C:\Windows\System32\xmllite.dll
06:22:59.0580 2700 C:\Windows\System32\xmllite.dll - ok
06:22:59.0580 2700 [ 9537C3F4853ABB33DD839F52F198F22B ] C:\Windows\System32\LMIinit.dll
06:22:59.0580 2700 C:\Windows\System32\LMIinit.dll - ok
06:22:59.0596 2700 [ B25DBBA6C63A61FF4AFDB5ADAB4E70CB ] C:\Windows\System32\SmartcardCredentialProvider.dll
06:22:59.0596 2700 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
06:22:59.0612 2700 [ 9DC3723519F52B6BC63EACD4BD411313 ] C:\Windows\System32\rasplap.dll
06:22:59.0612 2700 C:\Windows\System32\rasplap.dll - ok
06:22:59.0612 2700 [ 3CB863B78642405371CB3A71C07E2382 ] C:\Windows\System32\rasapi32.dll
06:22:59.0627 2700 C:\Windows\System32\rasapi32.dll - ok
06:22:59.0627 2700 [ 3A1DDA77F331D107BA40DB06E4D666E9 ] C:\Windows\System32\rasman.dll
06:22:59.0627 2700 C:\Windows\System32\rasman.dll - ok
06:22:59.0643 2700 [ 70F08ECE7A30A639D3F0C8C433685C7D ] C:\Windows\System32\tapi32.dll
06:22:59.0643 2700 C:\Windows\System32\tapi32.dll - ok
06:22:59.0643 2700 [ 0DBEE38060475A4C3E04D3B908AEC0B9 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
06:22:59.0643 2700 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
06:22:59.0658 2700 [ 3D418A22A56471295AEB1CEB9027C3DA ] C:\Windows\System32\rtutils.dll
06:22:59.0658 2700 C:\Windows\System32\rtutils.dll - ok
06:22:59.0674 2700 [ 14FF750EFE13B0C21E5A06507C3A97B1 ] C:\Windows\System32\winmm.dll
06:22:59.0674 2700 C:\Windows\System32\winmm.dll - ok
06:22:59.0674 2700 [ DC15AB7168C0309D8F04FD95B6240422 ] C:\Windows\System32\oleacc.dll
06:22:59.0674 2700 C:\Windows\System32\oleacc.dll - ok
06:22:59.0690 2700 [ 627920CFF5DFCF8CF54CF2D592D61307 ] C:\Windows\System32\WinSCard.dll
06:22:59.0690 2700 C:\Windows\System32\WinSCard.dll - ok
06:22:59.0690 2700 [ 7C29BC74635524E13FAA556A5FD48968 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
06:22:59.0690 2700 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
06:22:59.0705 2700 [ 12A1DF1B84FB45A00D47B2CDE2CEEBBA ] C:\Windows\System32\shgina.dll
06:22:59.0705 2700 C:\Windows\System32\shgina.dll - ok
06:22:59.0705 2700 [ A9542FF2E9A82CF100E5729EC79068F0 ] C:\Windows\System32\fltLib.dll
06:22:59.0705 2700 C:\Windows\System32\fltLib.dll - ok
06:22:59.0721 2700 [ 70932D6C3D59B416CBD2BE5A3B3D4BE6 ] C:\Windows\System32\shacct.dll
06:22:59.0721 2700 C:\Windows\System32\shacct.dll - ok
06:22:59.0721 2700 [ 7DACD94118E2D8B6D72F47ADEB0367BF ] C:\Windows\System32\propsys.dll
06:22:59.0721 2700 C:\Windows\System32\propsys.dll - ok
06:22:59.0736 2700 [ 00A0231FCA55C815853B957767E34B02 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
06:22:59.0736 2700 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
06:22:59.0752 2700 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] C:\Windows\System32\drivers\MpFilter.sys
06:22:59.0752 2700 C:\Windows\System32\drivers\MpFilter.sys - ok
06:22:59.0752 2700 [ 2EF4E53ACB0DF0B34091335BB26C2BC2 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
06:22:59.0752 2700 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
06:22:59.0768 2700 [ 56B5914070B2C243DFB3D186070DA89D ] C:\Windows\System32\MMDevAPI.dll
06:22:59.0768 2700 C:\Windows\System32\MMDevAPI.dll - ok
06:22:59.0768 2700 [ A99871BA522CB2539AE275AC18CACC8F ] C:\Windows\System32\cabinet.dll
06:22:59.0768 2700 C:\Windows\System32\cabinet.dll - ok
06:22:59.0783 2700 [ 11F06C27DAD83CD5E907D664CA591805 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77787304-FA52-4B24-861C-5BDAD3043CE7}\mpengine.dll
06:22:59.0783 2700 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77787304-FA52-4B24-861C-5BDAD3043CE7}\mpengine.dll - ok
06:22:59.0783 2700 [ C9244BCAC83B259B920BBEE18A97BFE1 ] C:\Windows\System32\avrt.dll
06:22:59.0783 2700 C:\Windows\System32\avrt.dll - ok
06:22:59.0799 2700 [ EC43D9CC95C3BB5FEFDBCF22D375E1F5 ] C:\Windows\System32\adtschema.dll
06:22:59.0799 2700 C:\Windows\System32\adtschema.dll - ok
06:22:59.0799 2700 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] C:\Windows\System32\drivers\fltMgr.sys
06:22:59.0799 2700 C:\Windows\System32\drivers\fltMgr.sys - ok
06:22:59.0814 2700 [ 57418956DDAE128D1023C508E7D07071 ] C:\Windows\System32\PSHED.DLL
06:22:59.0814 2700 C:\Windows\System32\PSHED.DLL - ok
06:22:59.0830 2700 [ 3437B9E218A2E4586BEF4F7A3BD00777 ] C:\Windows\System32\audiodg.exe
06:22:59.0830 2700 C:\Windows\System32\audiodg.exe - ok
06:22:59.0830 2700 [ 4DF066ECEE5A7B20BF8B39EF4D646600 ] C:\Windows\System32\wdmaud.drv
06:22:59.0830 2700 C:\Windows\System32\wdmaud.drv - ok
06:22:59.0846 2700 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] C:\Windows\System32\gpsvc.dll
06:22:59.0846 2700 C:\Windows\System32\gpsvc.dll - ok
06:22:59.0846 2700 [ 409F36C8BD06FCE184631EB4142B009A ] C:\Windows\System32\atl.dll
06:22:59.0846 2700 C:\Windows\System32\atl.dll - ok
06:22:59.0861 2700 [ D1A84F7D4CAFCFE2A32149FF418056E5 ] C:\Windows\System32\nlaapi.dll
06:22:59.0861 2700 C:\Windows\System32\nlaapi.dll - ok
06:22:59.0877 2700 [ 919CC2A0476D5A6A4C935D4B88E29912 ] C:\Windows\System32\ksuser.dll
06:22:59.0877 2700 C:\Windows\System32\ksuser.dll - ok
06:22:59.0877 2700 [ DB7F4AB85298F3FE522C5512B8B0F56D ] C:\Windows\System32\AudioEng.dll
06:22:59.0877 2700 C:\Windows\System32\AudioEng.dll - ok
06:22:59.0892 2700 [ 7258434974EA735725FD2D4A65C5E821 ] C:\Windows\System32\AudioSes.dll
06:22:59.0892 2700 C:\Windows\System32\AudioSes.dll - ok
06:22:59.0892 2700 [ 67058C46504BC12D821F38CF99B7B28F ] C:\Windows\System32\es.dll
06:22:59.0892 2700 C:\Windows\System32\es.dll - ok
06:22:59.0908 2700 [ A7F8BAD9590ADDC425B4003E94780DFA ] C:\Windows\System32\drivers\spsys.sys
06:22:59.0908 2700 C:\Windows\System32\drivers\spsys.sys - ok
06:22:59.0908 2700 [ 1509E705F3AC1D474C92454A5C2DD81F ] C:\Windows\System32\uxsms.dll
06:22:59.0908 2700 C:\Windows\System32\uxsms.dll - ok
06:22:59.0924 2700 [ 3404BB885D265549C2FCC7CB24B4828D ] C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
06:22:59.0924 2700 C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe - ok
06:22:59.0924 2700 [ BDBB449425991154135E5ED1559927E6 ] C:\Windows\System32\msacm32.dll
06:22:59.0924 2700 C:\Windows\System32\msacm32.dll - ok
06:22:59.0939 2700 [ 166F004D73EA2CF4AC61800CA469458D ] C:\Windows\System32\msacm32.drv
06:22:59.0939 2700 C:\Windows\System32\msacm32.drv - ok
06:22:59.0939 2700 [ 83199EF88D691E730B80666E29F90D58 ] C:\Windows\System32\midimap.dll
06:22:59.0939 2700 C:\Windows\System32\midimap.dll - ok
06:22:59.0955 2700 [ 6836D001FC733F205ACB80A7986CB6C9 ] C:\Windows\System32\WindowsCodecs.dll
06:22:59.0955 2700 C:\Windows\System32\WindowsCodecs.dll - ok
06:22:59.0970 2700 [ E1B80644E7125231AAEF62FC2C81C8FE ] C:\Windows\System32\newdev.dll
06:22:59.0970 2700 C:\Windows\System32\newdev.dll - ok
06:22:59.0986 2700 [ E582816A4855914DEFFC212E12B3B744 ] C:\Windows\System32\wsock32.dll
06:22:59.0986 2700 C:\Windows\System32\wsock32.dll - ok
06:22:59.0986 2700 [ 296937202E4D930AAE98085B99D744D8 ] C:\Windows\System32\AUDIOKSE.dll
06:22:59.0986 2700 C:\Windows\System32\AUDIOKSE.dll - ok
06:23:00.0002 2700 [ A3DE2F23A49AB90E929BD6D1B5B91443 ] C:\Program Files\DisplayLink Core Software\DisplayLinkusb.dll
06:23:00.0002 2700 C:\Program Files\DisplayLink Core Software\DisplayLinkusb.dll - ok
06:23:00.0017 2700 [ 8269CC01940A202BBB9FDF26705DBD67 ] C:\Windows\System32\hid.dll
06:23:00.0017 2700 C:\Windows\System32\hid.dll - ok
06:23:00.0017 2700 [ F3F940C6F1EDC2EF2B96BC05F1F8CE8E ] C:\Windows\System32\stapo.dll
06:23:00.0017 2700 C:\Windows\System32\stapo.dll - ok
06:23:00.0033 2700 [ 5EF35DBD3B14B1E595712C92949C349E ] C:\Windows\System32\ctapo32.dll
06:23:00.0033 2700 C:\Windows\System32\ctapo32.dll - ok
06:23:00.0033 2700 [ 5CAAE5333EF36DB4A8D294418AB37E80 ] C:\Windows\System32\p2pcollab.dll
06:23:00.0033 2700 C:\Windows\System32\p2pcollab.dll - ok
06:23:00.0048 2700 [ 0727200F10320A6BA7E59433094FBBA7 ] C:\Windows\System32\WMALFXGFXDSP.dll
06:23:00.0048 2700 C:\Windows\System32\WMALFXGFXDSP.dll - ok
06:23:00.0048 2700 [ BF142D4F8C61ED3629A9CDD7BA867900 ] C:\Windows\System32\mfplat.dll
06:23:00.0048 2700 C:\Windows\System32\mfplat.dll - ok
06:23:00.0064 2700 [ AB4BC1F10FF8273D4B54DAC4DE4B7AA4 ] C:\Windows\System32\aestaren.dll
06:23:00.0064 2700 C:\Windows\System32\aestaren.dll - ok
06:23:00.0080 2700 [ 399BB52AD0668472717498E97CF28341 ] C:\Windows\System32\WUDFPlatform.dll
06:23:00.0080 2700 C:\Windows\System32\WUDFPlatform.dll - ok
06:23:00.0080 2700 [ D1C5883087A0C3F1344D9D55A44901F6 ] C:\Windows\System32\drivers\lltdio.sys
06:23:00.0080 2700 C:\Windows\System32\drivers\lltdio.sys - ok
06:23:00.0095 2700 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] C:\Windows\System32\drivers\nwifi.sys
06:23:00.0095 2700 C:\Windows\System32\drivers\nwifi.sys - ok
06:23:00.0095 2700 [ D6973AA34C4D5D76C0430B181C3CD389 ] C:\Windows\System32\drivers\ndisuio.sys
06:23:00.0095 2700 C:\Windows\System32\drivers\ndisuio.sys - ok
06:23:00.0111 2700 [ 9C508F4074A39E8B4B31D27198146FAD ] C:\Windows\System32\drivers\rspndr.sys
06:23:00.0111 2700 C:\Windows\System32\drivers\rspndr.sys - ok
06:23:00.0126 2700 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] C:\Windows\System32\dnsrslvr.dll
06:23:00.0126 2700 C:\Windows\System32\dnsrslvr.dll - ok
06:23:00.0142 2700 [ 640CF62D79F05B29080E9036A5E84D2C ] C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
06:23:00.0142 2700 C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe - ok
06:23:00.0142 2700 [ 3AB4023CBD406AC33AB8CDFF6C8079A0 ] C:\Windows\System32\eapphost.dll
06:23:00.0142 2700 C:\Windows\System32\eapphost.dll - ok
06:23:00.0158 2700 [ 3B0489DE8CC3058B48471660C60A7B75 ] C:\Windows\System32\rastls.dll
06:23:00.0158 2700 C:\Windows\System32\rastls.dll - ok
06:23:00.0158 2700 [ 82A79D5BE740D0AE9C91AA6DE4B3AC5A ] C:\Windows\System32\raschap.dll
06:23:00.0158 2700 C:\Windows\System32\raschap.dll - ok
06:23:00.0173 2700 [ 3727F8B85E24BBDD325BFF75F029DDE3 ] C:\Windows\System32\wlanmsm.dll
06:23:00.0173 2700 C:\Windows\System32\wlanmsm.dll - ok
06:23:00.0189 2700 [ 4662AF853DFAD5648CE3814E7D9EF3D6 ] C:\Windows\System32\wlansec.dll
06:23:00.0189 2700 C:\Windows\System32\wlansec.dll - ok
06:23:00.0189 2700 [ E45051C374F845EDF3DB02A35BA13193 ] C:\Windows\System32\umb.dll
06:23:00.0189 2700 C:\Windows\System32\umb.dll - ok
06:23:00.0204 2700 [ B64AC7967D6B9FB2D6152AC768A1CB88 ] C:\Windows\System32\onex.dll
06:23:00.0204 2700 C:\Windows\System32\onex.dll - ok
06:23:00.0204 2700 [ 9D9FFC923FADBB575E0452EA0BBB15BD ] C:\Windows\System32\eappprxy.dll
06:23:00.0204 2700 C:\Windows\System32\eappprxy.dll - ok
06:23:00.0220 2700 [ 5D0FE613570CABE3992F7DBCD68E61D1 ] C:\Windows\System32\eappcfg.dll
06:23:00.0220 2700 C:\Windows\System32\eappcfg.dll - ok
06:23:00.0220 2700 [ 91D995A67D9447592A1BF21CBC15C628 ] C:\Windows\System32\wlgpclnt.dll
06:23:00.0220 2700 C:\Windows\System32\wlgpclnt.dll - ok
06:23:00.0236 2700 [ 19FFAD68A02AF1BF0BC336EE26CD6767 ] C:\Windows\System32\l2gpstore.dll
06:23:00.0236 2700 C:\Windows\System32\l2gpstore.dll - ok
06:23:00.0236 2700 [ EB2170D0DDF3B2A92506AE16BC524B0B ] C:\Windows\System32\wlanutil.dll
06:23:00.0236 2700 C:\Windows\System32\wlanutil.dll - ok
06:23:00.0251 2700 [ 024528E25BBE8768536861EA09BE1672 ] C:\Windows\System32\msxml6.dll
06:23:00.0251 2700 C:\Windows\System32\msxml6.dll - ok
06:23:00.0251 2700 [ CA0B849566776A17F35F0339BE17DFD9 ] C:\Windows\System32\ktmw32.dll
06:23:00.0251 2700 C:\Windows\System32\ktmw32.dll - ok
06:23:00.0267 2700 [ 35ACD5EA63D75E97DD0E9A1629E582B2 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
06:23:00.0267 2700 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll - ok
06:23:00.0282 2700 [ 73FE2E5FA55088A241AA2732F5D387D6 ] C:\Windows\System32\wiarpc.dll
06:23:00.0282 2700 C:\Windows\System32\wiarpc.dll - ok
06:23:00.0282 2700 [ 2A6A2C09ECC2CB495628E45F1379ECE8 ] C:\Windows\System32\taskcomp.dll
06:23:00.0282 2700 C:\Windows\System32\taskcomp.dll - ok
06:23:00.0298 2700 [ F870AA3E254628EBEAFE754108D664DE ] C:\Windows\System32\drivers\http.sys
06:23:00.0298 2700 C:\Windows\System32\drivers\http.sys - ok
06:23:00.0298 2700 [ C8DBFEF835FF54467425C8F3ABCF7046 ] C:\Windows\System32\dssenh.dll
06:23:00.0298 2700 C:\Windows\System32\dssenh.dll - ok
06:23:00.0314 2700 [ 23C3A0680042C0D1DE1F360F8B62BC57 ] C:\Windows\System32\wlanext.exe
06:23:00.0314 2700 C:\Windows\System32\wlanext.exe - ok
06:23:00.0314 2700 [ 09469B8EDD2755143FDA06867AAD7E73 ] C:\Windows\System32\cryptnet.dll
06:23:00.0314 2700 C:\Windows\System32\cryptnet.dll - ok
06:23:00.0329 2700 [ EC760B0B76A4353DE49D66520EB2141F ] C:\Windows\System32\SensApi.dll
06:23:00.0329 2700 C:\Windows\System32\SensApi.dll - ok
06:23:00.0345 2700 [ 4D9665D4DEDDFF2AEE23E43BB9626D84 ] C:\Windows\System32\IWMSSvc.dll
06:23:00.0345 2700 C:\Windows\System32\IWMSSvc.dll - ok
06:23:00.0345 2700 [ E79FDA8D320147FDC347C504B3487F87 ] C:\Windows\System32\spoolss.dll
06:23:00.0345 2700 C:\Windows\System32\spoolss.dll - ok
06:23:00.0360 2700 [ 7605C0E1D01A08F3ECD743F38B834A44 ] C:\Windows\System32\drivers\srvnet.sys
06:23:00.0360 2700 C:\Windows\System32\drivers\srvnet.sys - ok
06:23:00.0360 2700 [ B0D12F4344EB2AE96E487D2DF6F74413 ] C:\Windows\System32\FWPUCLNT.DLL
06:23:00.0360 2700 C:\Windows\System32\FWPUCLNT.DLL - ok
06:23:00.0376 2700 [ 5EC8FB83F31AA2D6F421F02C3F4F4475 ] C:\Windows\System32\winspool.drv
06:23:00.0376 2700 C:\Windows\System32\winspool.drv - ok
06:23:00.0392 2700 [ 35F376253F687BDE63976CCB3F2108CA ] C:\Windows\System32\drivers\bowser.sys
06:23:00.0392 2700 C:\Windows\System32\drivers\bowser.sys - ok
06:23:00.0392 2700 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] C:\Windows\System32\drivers\mpsdrv.sys
06:23:00.0392 2700 C:\Windows\System32\drivers\mpsdrv.sys - ok
06:23:00.0407 2700 [ 5DE62C6E9108F14F6794060A9BDECAEC ] C:\Windows\System32\MPSSVC.dll
06:23:00.0407 2700 C:\Windows\System32\MPSSVC.dll - ok
06:23:00.0407 2700 [ 82CEA0395524AACFEB58BA1448E8325C ] C:\Windows\System32\drivers\mrxdav.sys
06:23:00.0407 2700 C:\Windows\System32\drivers\mrxdav.sys - ok
06:23:00.0423 2700 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] C:\Windows\System32\drivers\mrxsmb.sys
06:23:00.0423 2700 C:\Windows\System32\drivers\mrxsmb.sys - ok
06:23:00.0423 2700 [ 4FCCB34D793B116423209C0F8B7A3B03 ] C:\Windows\System32\drivers\mrxsmb10.sys
06:23:00.0423 2700 C:\Windows\System32\drivers\mrxsmb10.sys - ok
06:23:00.0438 2700 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] C:\Windows\System32\drivers\mrxsmb20.sys
06:23:00.0438 2700 C:\Windows\System32\drivers\mrxsmb20.sys - ok
06:23:00.0454 2700 [ FF33AFF99564B1AA534F58868CBE41EF ] C:\Windows\System32\drivers\srv2.sys
06:23:00.0454 2700 C:\Windows\System32\drivers\srv2.sys - ok
06:23:00.0454 2700 [ 17C0E094BEE5BC03CF491972F71AA6EF ] C:\Windows\System32\wlanapi.dll
06:23:00.0454 2700 C:\Windows\System32\wlanapi.dll - ok
06:23:00.0470 2700 [ 41987F9FC0E61ADF54F581E15029AD91 ] C:\Windows\System32\drivers\srv.sys
06:23:00.0470 2700 C:\Windows\System32\drivers\srv.sys - ok
06:23:00.0470 2700 [ 3EB250ECA245444DD4CACBA04AACD2CD ] C:\Program Files\Intel\Wireless\Bin\TraceAPI.dll
06:23:00.0470 2700 C:\Program Files\Intel\Wireless\Bin\TraceAPI.dll - ok
06:23:00.0485 2700 [ 15CEDF98BC21B54940298E4FE2CBFD95 ] C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll
06:23:00.0485 2700 C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll - ok
06:23:00.0501 2700 [ 9C9388C22E6C1367E1513926EF51EFF7 ] C:\Program Files\Common Files\System\ado\msado15.dll
06:23:00.0501 2700 C:\Program Files\Common Files\System\ado\msado15.dll - ok
06:23:00.0501 2700 [ 554ED6988E44FDF18941429E8B2CB652 ] C:\Windows\System32\msdart.dll
06:23:00.0501 2700 C:\Windows\System32\msdart.dll - ok
06:23:00.0516 2700 [ 951F36219C7384C6ED6C9F44D45C5235 ] C:\Program Files\Common Files\System\Ole DB\oledb32.dll
06:23:00.0516 2700 C:\Program Files\Common Files\System\Ole DB\oledb32.dll - ok
06:23:00.0532 2700 [ 892125B60BA6C2A66F485A89C4A6B918 ] C:\Program Files\Common Files\System\Ole DB\oledb32r.dll
06:23:00.0532 2700 C:\Program Files\Common Files\System\Ole DB\oledb32r.dll - ok
06:23:00.0548 2700 [ 95A5497D129D95D12A46F7848AFFE1DB ] C:\Windows\System32\comsvcs.dll
06:23:00.0548 2700 C:\Windows\System32\comsvcs.dll - ok
06:23:00.0548 2700 [ 2B13E9849ACC136E65AAE5ACC6A89826 ] C:\Program Files\Common Files\System\Ole DB\msdasql.dll
06:23:00.0548 2700 C:\Program Files\Common Files\System\Ole DB\msdasql.dll - ok
06:23:00.0563 2700 [ C3D821190C04C6782B65CDF00896A7B0 ] C:\Program Files\Common Files\System\Ole DB\msdatl3.dll
06:23:00.0563 2700 C:\Program Files\Common Files\System\Ole DB\msdatl3.dll - ok
06:23:00.0563 2700 [ 862363973DCBCC31DD161EF41A69153C ] C:\Windows\System32\odbc32.dll
06:23:00.0563 2700 C:\Windows\System32\odbc32.dll - ok
06:23:00.0579 2700 [ A324D72A06C110152E7607745F39BFA1 ] C:\Windows\System32\netmsg.dll
06:23:00.0579 2700 C:\Windows\System32\netmsg.dll - ok
06:23:00.0579 2700 [ 0DAAF8032546D1B4543D7B101B53FD6C ] C:\Windows\System32\odbcint.dll
06:23:00.0579 2700 C:\Windows\System32\odbcint.dll - ok
06:23:00.0594 2700 [ A0F4852A5DB9754BEC06F84B400AE743 ] C:\Windows\System32\wscapi.dll
06:23:00.0594 2700 C:\Windows\System32\wscapi.dll - ok
06:23:00.0594 2700 [ FC5372FD2DEB28E847C8394C58BC76FA ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
06:23:00.0594 2700 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
06:23:00.0610 2700 [ 3E2F2CD837734A0577C9E392D7E73886 ] C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll
06:23:00.0610 2700 C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll - ok
06:23:00.0610 2700 [ 452341E471D2D961229DFE0842957272 ] C:\Windows\System32\sscore.dll
06:23:00.0610 2700 C:\Windows\System32\sscore.dll - ok
06:23:00.0626 2700 [ AA9AF23BD99F81784AF0C8F1EF4702AD ] C:\Windows\System32\odbcjt32.dll
06:23:00.0626 2700 C:\Windows\System32\odbcjt32.dll - ok
06:23:00.0641 2700 [ D333058925CE305E39DE8D5AD2B52A46 ] C:\Windows\System32\clusapi.dll
06:23:00.0641 2700 C:\Windows\System32\clusapi.dll - ok
06:23:00.0641 2700 [ 0745D6EAD386710110817FBEC03F5161 ] C:\Windows\System32\wfapigp.dll
06:23:00.0641 2700 C:\Windows\System32\wfapigp.dll - ok
06:23:00.0657 2700 [ 7CE1E4240F9FA41EE85683B9EEAB8767 ] C:\Windows\System32\msjet40.dll
06:23:00.0657 2700 C:\Windows\System32\msjet40.dll - ok
06:23:00.0657 2700 [ 6468C3FF6D0C7874FA8C619AF3E23B22 ] C:\Windows\System32\activeds.dll
06:23:00.0657 2700 C:\Windows\System32\activeds.dll - ok
06:23:00.0672 2700 [ 5F1DEC3824E566457F53F24F493FEF08 ] C:\Windows\System32\mscms.dll
06:23:00.0672 2700 C:\Windows\System32\mscms.dll - ok
06:23:00.0672 2700 [ E9B9C1B98C8D6D48407E1C1203EAC659 ] C:\Windows\System32\adsldpc.dll
06:23:00.0672 2700 C:\Windows\System32\adsldpc.dll - ok
06:23:00.0688 2700 [ 93E317D7AD783D8EAEE2E3500BFE889D ] C:\Windows\System32\credui.dll
06:23:00.0688 2700 C:\Windows\System32\credui.dll - ok
06:23:00.0704 2700 [ E0B787702BAF0CF4CEDF8F61B71F8383 ] C:\Windows\System32\mswstr10.dll
06:23:00.0704 2700 C:\Windows\System32\mswstr10.dll - ok
06:23:00.0704 2700 [ 9371540C7231BC156501AB933F269762 ] C:\Windows\System32\msjint40.dll
06:23:00.0704 2700 C:\Windows\System32\msjint40.dll - ok
06:23:00.0719 2700 [ 534FD777CB2684392411CE7BCBBDF78E ] C:\Windows\System32\msjter40.dll
06:23:00.0719 2700 C:\Windows\System32\msjter40.dll - ok
06:23:00.0719 2700 [ DA5599911D138F6A2B471B3A60478022 ] C:\Windows\System32\odbcji32.dll
06:23:00.0719 2700 C:\Windows\System32\odbcji32.dll - ok
06:23:00.0735 2700 [ A1B46928E107D770053E6B4D248298A5 ] C:\Windows\System32\odbccp32.dll
06:23:00.0735 2700 C:\Windows\System32\odbccp32.dll - ok
06:23:00.0735 2700 [ B9F3FF52B84FD9E3CAFB29B8EE385E5B ] C:\Windows\System32\resutils.dll
06:23:00.0735 2700 C:\Windows\System32\resutils.dll - ok
06:23:00.0750 2700 [ E223D2851906B84F52E1B75EA16198F9 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
06:23:00.0750 2700 C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll - ok
06:23:00.0766 2700 [ 1311171CF8F6D2954441EF2A42693035 ] C:\Windows\System32\WsmRes.dll
06:23:00.0766 2700 C:\Windows\System32\WsmRes.dll - ok
06:23:00.0766 2700 [ D4DAA80B44A6C904D87A79CCD10FF911 ] C:\Program Files\Common Files\System\msadc\msadce.dll
06:23:00.0766 2700 C:\Program Files\Common Files\System\msadc\msadce.dll - ok
06:23:00.0782 2700 [ 9E064B07B1625BFF18393917519A73CD ] C:\Program Files\Common Files\System\msadc\msadcer.dll
06:23:00.0782 2700 C:\Program Files\Common Files\System\msadc\msadcer.dll - ok
06:23:00.0782 2700 [ E230F3776F373F4C5E788794B53101E4 ] C:\Windows\System32\plasrv.exe
06:23:00.0782 2700 C:\Windows\System32\plasrv.exe - ok
06:23:00.0797 2700 [ 0FA9B5055484649D63C303FE404E5F4D ] C:\Windows\System32\drivers\parport.sys
06:23:00.0797 2700 C:\Windows\System32\drivers\parport.sys - ok
06:23:00.0797 2700 [ EF1142512BEC12F1C2C87735DA1755BE ] C:\Windows\System32\AEstSrv.exe
06:23:00.0797 2700 C:\Windows\System32\AEstSrv.exe - ok
06:23:00.0813 2700 [ A5299D04ED225D64CF07A568A3E1BF8C ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:23:00.0813 2700 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
06:23:00.0828 2700 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
06:23:00.0828 2700 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
06:23:00.0828 2700 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
06:23:00.0828 2700 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
06:23:00.0844 2700 [ 60C079CB2150760263D1FE5FF6218961 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
06:23:00.0844 2700 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
06:23:00.0844 2700 [ 7290A6DD34862278DF9E26D96E5A95D8 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
06:23:00.0844 2700 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
06:23:00.0860 2700 [ 3B47E60E1012B23873ED2E4A9B4F2310 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
06:23:00.0860 2700 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
06:23:00.0875 2700 [ 5F3347EBA403EE64780980A5BAF10304 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
06:23:00.0875 2700 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
06:23:00.0875 2700 [ DA887F28054D78EE8637BEBB924A2DB5 ] C:\Windows\System32\slwga.dll
06:23:00.0875 2700 C:\Windows\System32\slwga.dll - ok
06:23:00.0891 2700 [ DF1C1CD0C7EE95CC00D71E9E415E7BCD ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
06:23:00.0891 2700 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
06:23:00.0891 2700 [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
06:23:00.0891 2700 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
06:23:00.0906 2700 [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
06:23:00.0906 2700 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
06:23:00.0922 2700 [ FD86C605FD7AD4A41C01EC7A4A1E1C5D ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
06:23:00.0922 2700 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
06:23:00.0922 2700 [ A3609397EF273B03295DBB10274BE12C ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
06:23:00.0922 2700 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
06:23:00.0938 2700 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
06:23:00.0938 2700 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
06:23:00.0953 2700 [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
06:23:00.0953 2700 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
06:23:00.0953 2700 [ 4E4EDF9CA82E95BAB2977DD9F21B00F6 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
06:23:00.0953 2700 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
06:23:00.0969 2700 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\System32\dnssd.dll
06:23:00.0969 2700 C:\Windows\System32\dnssd.dll - ok
06:23:00.0969 2700 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
06:23:00.0969 2700 C:\Program Files\Bonjour\mDNSResponder.exe - ok
06:23:00.0984 2700 [ 0E1B02C9CC352A1F61703B7D1A8A2C45 ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
06:23:00.0984 2700 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
06:23:01.0000 2700 [ B78436CA173FF723A1EACE5CD4900375 ] C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
06:23:01.0000 2700 C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe - ok
06:23:01.0000 2700 [ 17FC3EDA0162F513E858B8C8FA7FA6E0 ] C:\Windows\System32\vssapi.dll
06:23:01.0000 2700 C:\Windows\System32\vssapi.dll - ok
06:23:01.0016 2700 [ E7D0F91E44D9D3B2116FA549BDCDB756 ] C:\Windows\System32\wdscore.dll
06:23:01.0016 2700 C:\Windows\System32\wdscore.dll - ok
06:23:01.0016 2700 [ 52E129522C1775DBB8CC252E7A0655C7 ] C:\Windows\System32\taskschd.dll
06:23:01.0016 2700 C:\Windows\System32\taskschd.dll - ok
06:23:01.0031 2700 [ A56CCBBFCCEDCE2FD9C69FED24E035E3 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
06:23:01.0031 2700 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
06:23:01.0047 2700 [ AF54247F97CCF3539DE7505C09972FF9 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
06:23:01.0047 2700 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
06:23:01.0047 2700 [ DC3AE9F1554DCD97F90983DDBDACD83D ] C:\Windows\System32\vsstrace.dll
06:23:01.0047 2700 C:\Windows\System32\vsstrace.dll - ok
06:23:01.0062 2700 [ C411C80F90D6732380352B98B37BBD53 ] C:\Windows\System32\winrnr.dll
06:23:01.0062 2700 C:\Windows\System32\winrnr.dll - ok
06:23:01.0062 2700 [ EFA80360111D8D179E39E314A49C9ED4 ] C:\Windows\System32\wshbth.dll
06:23:01.0062 2700 C:\Windows\System32\wshbth.dll - ok
06:23:01.0078 2700 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
06:23:01.0078 2700 C:\Program Files\Bonjour\mdnsNSP.dll - ok
06:23:01.0078 2700 [ A7D525E5C0D91C8C1D84C6BCD25AD77D ] C:\Windows\System32\rasadhlp.dll
06:23:01.0078 2700 C:\Windows\System32\rasadhlp.dll - ok
06:23:01.0094 2700 [ 63396CBB1365769D520E0FD89C2419F2 ] C:\Windows\System32\localspl.dll
06:23:01.0094 2700 C:\Windows\System32\localspl.dll - ok
06:23:01.0109 2700 [ F4E1AA5D59C849A4AB47E895DC76B9C8 ] C:\Windows\System32\sfc.dll
06:23:01.0109 2700 C:\Windows\System32\sfc.dll - ok
06:23:01.0109 2700 [ D914A720ACDDDA8D9E9F4A32EE2D3BC0 ] C:\Windows\System32\E_TLBHVA.DLL
06:23:01.0109 2700 C:\Windows\System32\E_TLBHVA.DLL - ok
06:23:01.0125 2700 [ C28FD3B37B6F18751C99E6022A2A9782 ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
06:23:01.0125 2700 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
06:23:01.0125 2700 [ 18301B40411B2108076AB685B4E4B6DC ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
06:23:01.0125 2700 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
06:23:01.0140 2700 [ 70787C4E10E5F54C26B42A50EB1CE63C ] C:\Program Files\Intel\Wireless\Bin\Dot1xCfg.dll
06:23:01.0140 2700 C:\Program Files\Intel\Wireless\Bin\Dot1xCfg.dll - ok
06:23:01.0140 2700 [ E71B03FF6B819AE1A286AA27E956D523 ] C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
06:23:01.0140 2700 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - ok
06:23:01.0156 2700 [ 336B96830AC7A93800A76BD4ADFA1B9F ] C:\Windows\System32\enppmon.dll
06:23:01.0156 2700 C:\Windows\System32\enppmon.dll - ok
06:23:01.0172 2700 [ BED7741C3668517B13A1D15600CA60DC ] C:\Windows\System32\enpres.dll
06:23:01.0172 2700 C:\Windows\System32\enpres.dll - ok
06:23:01.0172 2700 [ 1E9B9A70D332103C52995E957DC09EF8 ] C:\Windows\System32\drivers\fastfat.sys
06:23:01.0172 2700 C:\Windows\System32\drivers\fastfat.sys - ok
06:23:01.0187 2700 [ 3F304D10C79811DCB008D043B548B6BB ] C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll
06:23:01.0187 2700 C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll - ok
06:23:01.0187 2700 [ 11ADD8816D61A6025844EB5123EC92D3 ] C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
06:23:01.0187 2700 C:\Program Files\Intel\Wireless\Bin\Libeay32.dll - ok
06:23:01.0203 2700 [ 6FE5C4B61EC85D746ADFA9FFF8C2AC58 ] C:\Windows\System32\HPZ3LLHN.DLL
06:23:01.0203 2700 C:\Windows\System32\HPZ3LLHN.DLL - ok
06:23:01.0203 2700 [ 9A3053C8B97B5F8D2191DF4F3D868EEE ] C:\Windows\System32\LMIport.dll
06:23:01.0203 2700 C:\Windows\System32\LMIport.dll - ok
06:23:01.0218 2700 [ 2C6786656869093C521337D6AC813BC6 ] C:\Windows\System32\Primomonnt.dll
06:23:01.0218 2700 C:\Windows\System32\Primomonnt.dll - ok
06:23:01.0218 2700 [ 98606059BF69ED5BD13FD973F9652564 ] C:\Program Files\Intel\Wireless\Bin\acAuth.dll
06:23:01.0218 2700 C:\Program Files\Intel\Wireless\Bin\acAuth.dll - ok
06:23:01.0234 2700 [ C52CE534397E1D3A442FB4C88A3CBE42 ] C:\Windows\System32\msonpmon.dll
06:23:01.0234 2700 C:\Windows\System32\msonpmon.dll - ok
06:23:01.0250 2700 [ 401DFFDBBBD3F07C747ED1AE2BB88106 ] C:\Windows\System32\msi.dll
06:23:01.0250 2700 C:\Windows\System32\msi.dll - ok
06:23:01.0250 2700 [ 817F7C4381BDD6E566849BC3CF342AB1 ] C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
06:23:01.0250 2700 C:\Program Files\Intel\Wireless\Bin\IntStngs.dll - ok
06:23:01.0265 2700 [ 55E19ED4F7754DDBE40C4FE02AABBA2E ] C:\Program Files\Intel\Wireless\Bin\DbEngine.dll
06:23:01.0265 2700 C:\Program Files\Intel\Wireless\Bin\DbEngine.dll - ok
06:23:01.0265 2700 [ 9B05398900081B5F2D9470196C7C38C3 ] C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
06:23:01.0265 2700 C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll - ok
06:23:01.0281 2700 [ AF24A9DF84637BF9858EC6FB88EBA7B2 ] C:\Windows\System32\snmpapi.dll
06:23:01.0281 2700 C:\Windows\System32\snmpapi.dll - ok
06:23:01.0296 2700 [ BB0EB921877A1A7EF15AE2D97A71CBA9 ] C:\Windows\System32\tcpmon.dll
06:23:01.0296 2700 C:\Windows\System32\tcpmon.dll - ok
06:23:01.0296 2700 [ 1EDE113859276E4B0F19B80F39E2CC95 ] C:\Windows\System32\wsnmp32.dll
06:23:01.0296 2700 C:\Windows\System32\wsnmp32.dll - ok
06:23:01.0312 2700 [ B4F5DE3DAD8E6B97272F45DB97674878 ] C:\Windows\System32\mgmtapi.dll
06:23:01.0312 2700 C:\Windows\System32\mgmtapi.dll - ok
06:23:01.0312 2700 [ 5091452DC719281CF1DD69367E13B494 ] C:\Windows\System32\tcpmib.dll
06:23:01.0312 2700 C:\Windows\System32\tcpmib.dll - ok
06:23:01.0328 2700 [ 0BF0BB276F17B6AD61A8694D2551EC28 ] C:\Windows\System32\usbmon.dll
06:23:01.0328 2700 C:\Windows\System32\usbmon.dll - ok
06:23:01.0343 2700 [ 0EB1CC5EBFCAAB7DBAEE881E2887F7F9 ] C:\Windows\System32\WSDMon.dll
06:23:01.0343 2700 C:\Windows\System32\WSDMon.dll - ok
06:23:01.0343 2700 [ 1A09CB187440993FA5E24DE1EEB7B916 ] C:\Windows\System32\cfgmgr32.dll
06:23:01.0343 2700 C:\Windows\System32\cfgmgr32.dll - ok
06:23:01.0359 2700 [ F86293D93760C70ADF4F19E66E3FA5E8 ] C:\Windows\System32\httpapi.dll
06:23:01.0359 2700 C:\Windows\System32\httpapi.dll - ok
06:23:01.0359 2700 [ AD48183027CAFCEBC322CB9CAC60F9B8 ] C:\Windows\System32\WSDApi.dll
06:23:01.0359 2700 C:\Windows\System32\WSDApi.dll - ok
06:23:01.0374 2700 [ 4EDA94333BDB75B1BC0A7610BED34F00 ] C:\Windows\System32\fundisc.dll
06:23:01.0374 2700 C:\Windows\System32\fundisc.dll - ok
06:23:01.0390 2700 [ 42F0B70C3812EDC39527BCC18F5473E3 ] C:\Program Files\Intel\Wireless\Bin\MurocApi.dll
06:23:01.0390 2700 C:\Program Files\Intel\Wireless\Bin\MurocApi.dll - ok
06:23:01.0390 2700 [ 6ABD253226770EAE1292B4C945ED4B4B ] C:\Windows\System32\msxml3.dll
06:23:01.0390 2700 C:\Windows\System32\msxml3.dll - ok
06:23:01.0406 2700 [ 248A34CB266FF0CC1E75364DEEAA74BC ] C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll
06:23:01.0406 2700 C:\Program Files\Intel\Wireless\Bin\C1XStngs.dll - ok
06:23:01.0406 2700 [ 80BD4B26E2CBC0D65445D0463DFF6FC2 ] C:\Windows\System32\oledlg.dll
06:23:01.0406 2700 C:\Windows\System32\oledlg.dll - ok
06:23:01.0421 2700 [ 81B6EA759F600B7CD880DF5C5FE9CA93 ] C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll
06:23:01.0421 2700 C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll - ok
06:23:01.0421 2700 [ DCA3FA9F9DD103DC39C24C85EF073DB1 ] C:\Windows\System32\icmp.dll
06:23:01.0421 2700 C:\Windows\System32\icmp.dll - ok
06:23:01.0437 2700 [ AE38A12F79A4980DDB88F36514F8A1DA ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
06:23:01.0437 2700 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe - ok
06:23:01.0452 2700 [ 7B8F78DBC1087A172874F8791B13A973 ] C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll
06:23:01.0452 2700 C:\Program Files\Intel\Wireless\Bin\LSAWRAPI.dll - ok
06:23:01.0452 2700 [ 46DD33E12D12A03CABF009FBB3F3D0E4 ] C:\Windows\System32\mpnotify.exe
06:23:01.0452 2700 C:\Windows\System32\mpnotify.exe - ok
06:23:01.0468 2700 [ 4DBA143F06BAD1DF935CB9603140CF2A ] C:\Windows\System32\wsdchngr.dll
06:23:01.0468 2700 C:\Windows\System32\wsdchngr.dll - ok
06:23:01.0468 2700 [ A800036D0E071CBE08C144E110A71A35 ] C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
06:23:01.0468 2700 C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll - ok
06:23:01.0484 2700 [ 140A9D67F1BAFE14B798C71139DE5601 ] C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_ENU.dll
06:23:01.0484 2700 C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID_ENU.dll - ok
06:23:01.0499 2700 [ 74B8C2EA72D43727142D12397D5A49F9 ] C:\Windows\System32\wbemcomn.dll
06:23:01.0499 2700 C:\Windows\System32\wbemcomn.dll - ok
06:23:01.0499 2700 [ 30F0DC266B46118E9FBCF5B2A30EB1DB ] C:\Windows\System32\wbem\wbemprox.dll
06:23:01.0499 2700 C:\Windows\System32\wbem\wbemprox.dll - ok
06:23:01.0515 2700 [ 3D67740573A70C6C9B1614982CFAC4C5 ] C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
06:23:01.0515 2700 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe - ok
06:23:01.0515 2700 [ 6E067E803B1A2E77AC58ADC787B65D3D ] C:\Windows\System32\LMIRfsClientNP.dll
06:23:01.0515 2700 C:\Windows\System32\LMIRfsClientNP.dll - ok
06:23:01.0530 2700 [ 801DECF3A583C270E5C398FCD082E3DD ] C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
06:23:01.0530 2700 C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL - ok
06:23:01.0546 2700 [ 375B160A176359B8F92CBE38B920065E ] C:\Windows\System32\spool\prtprocs\w32x86\LMIproc.dll
06:23:01.0546 2700 C:\Windows\System32\spool\prtprocs\w32x86\LMIproc.dll - ok
06:23:01.0546 2700 [ F348280907B38FDBDB3CEF55D456E149 ] C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
06:23:01.0546 2700 C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll - ok
06:23:01.0562 2700 [ 1ECAD6CDB2CEE77C847BF579482B3270 ] C:\Program Files\Intel\Wireless\Bin\acCTA.dll
06:23:01.0562 2700 C:\Program Files\Intel\Wireless\Bin\acCTA.dll - ok
06:23:01.0562 2700 [ 2135894A03850D9AC641E4EF9A1759C6 ] C:\Program Files\LogMeIn\x86\LMIGuardianDll.dll
06:23:01.0562 2700 C:\Program Files\LogMeIn\x86\LMIGuardianDll.dll - ok
06:23:01.0577 2700 [ 2E8E30F3B318A9FDA5A2485723F4C2B3 ] C:\Windows\System32\inetpp.dll
06:23:01.0577 2700 C:\Windows\System32\inetpp.dll - ok
06:23:01.0577 2700 [ C90B296C43EDD9DD1751AD3B590ACDE6 ] C:\Windows\System32\win32spl.dll
06:23:01.0577 2700 C:\Windows\System32\win32spl.dll - ok
06:23:01.0593 2700 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] C:\Program Files\LogMeIn\x86\rainfo.sys
06:23:01.0593 2700 C:\Program Files\LogMeIn\x86\rainfo.sys - ok
06:23:01.0608 2700 [ 3FAA563DDF853320F90259D455A01D79 ] C:\Windows\System32\drivers\LMIRfsDriver.sys
06:23:01.0608 2700 C:\Windows\System32\drivers\LMIRfsDriver.sys - ok
06:23:01.0608 2700 [ 4BF053944E973C073339BE841C9ECF28 ] C:\Windows\System32\netrap.dll
06:23:01.0608 2700 C:\Windows\System32\netrap.dll - ok
06:23:01.0624 2700 [ E340845C8E96D107C36420065D7A5733 ] C:\Windows\System32\printcom.dll
06:23:01.0624 2700 C:\Windows\System32\printcom.dll - ok
06:23:01.0640 2700 [ 0E6633DE8597E7CC2A3F8EB3B5D92F6F ] C:\Windows\System32\spool\drivers\w32x86\3\E_TMAIHVA.DLL
06:23:01.0640 2700 C:\Windows\System32\spool\drivers\w32x86\3\E_TMAIHVA.DLL - ok
06:23:01.0640 2700 [ 3E38B2F7979E3CD56ACF5ECC68BB7125 ] C:\Windows\System32\spool\drivers\w32x86\3\E_TUICHVA.DLL
06:23:01.0640 2700 C:\Windows\System32\spool\drivers\w32x86\3\E_TUICHVA.DLL - ok
06:23:01.0655 2700 [ 432618FA75B61059D2C57D6A7E55147A ] C:\Program Files\LogMeIn\x86\LogMeIn.exe
06:23:01.0655 2700 C:\Program Files\LogMeIn\x86\LogMeIn.exe - ok
06:23:01.0655 2700 [ BE01E566D1F569AAB32D0335613E1EEA ] C:\Windows\System32\dllhost.exe
06:23:01.0655 2700 C:\Windows\System32\dllhost.exe - ok
06:23:01.0671 2700 [ 1DACD1530C6E58AEAE9F6DE7DA851935 ] C:\Windows\System32\shimeng.dll
06:23:01.0671 2700 C:\Windows\System32\shimeng.dll - ok
06:23:01.0686 2700 [ 1990D2D3400CBAF16876D5F482162239 ] C:\Windows\System32\spool\drivers\w32x86\3\E_TAUDHVA.DLL
06:23:01.0686 2700 C:\Windows\System32\spool\drivers\w32x86\3\E_TAUDHVA.DLL - ok
06:23:01.0686 2700 [ ABC374AA8131359FD2E47434CF4D41BA ] C:\Windows\System32\bidispl.dll
06:23:01.0686 2700 C:\Windows\System32\bidispl.dll - ok
06:23:01.0702 2700 [ 310BFC42996EE090F7D8AD702ED716E1 ] C:\Windows\System32\spool\drivers\w32x86\3\E_TASKHVA.DLL
06:23:01.0702 2700 C:\Windows\System32\spool\drivers\w32x86\3\E_TASKHVA.DLL - ok
06:23:01.0702 2700 [ C495E56EC22596E67BCEF3AF2344AF53 ] C:\Windows\System32\spool\drivers\w32x86\3\E_TAPRHVA.DLL
06:23:01.0702 2700 C:\Windows\System32\spool\drivers\w32x86\3\E_TAPRHVA.DLL - ok
06:23:01.0718 2700 [ AFE3216962358970410F69559F0C518B ] C:\Windows\System32\spool\drivers\w32x86\3\E_TBA7HVA.DLL
06:23:01.0718 2700 C:\Windows\System32\spool\drivers\w32x86\3\E_TBA7HVA.DLL - ok
06:23:01.0733 2700 [ 3CD1B69551236977918E60F9543C89A2 ] C:\Windows\System32\AtBroker.exe
06:23:01.0733 2700 C:\Windows\System32\AtBroker.exe - ok
06:23:01.0733 2700 [ 33CD12979BD4AE881F3C097905BBCFF9 ] C:\Program Files\LogMeIn\x86\LogMeIn.dll
06:23:01.0733 2700 C:\Program Files\LogMeIn\x86\LogMeIn.dll - ok
06:23:01.0749 2700 [ 3A2EEE8444A8E5C1A454C57B2198F5FC ] C:\Windows\System32\ntlanman.dll
06:23:01.0749 2700 C:\Windows\System32\ntlanman.dll - ok
06:23:01.0749 2700 [ 582EFE56FC0858E58A6CEBA2A64B02C7 ] C:\Windows\System32\drprov.dll
06:23:01.0749 2700 C:\Windows\System32\drprov.dll - ok
06:23:01.0764 2700 [ CFBD2E1FE18B50748A76703A2DC6D4E3 ] C:\Windows\System32\davclnt.dll
06:23:01.0764 2700 C:\Windows\System32\davclnt.dll - ok
06:23:01.0764 2700 [ D922592AB65C5D9B88B30B4510A3464E ] C:\Windows\System32\cscapi.dll
06:23:01.0764 2700 C:\Windows\System32\cscapi.dll - ok
06:23:01.0780 2700 [ 3C1BED97CB3242C83570A25E66A6D0C4 ] C:\Windows\System32\spool\drivers\w32x86\3\E_TABRHVA.DLL
06:23:01.0780 2700 C:\Windows\System32\spool\drivers\w32x86\3\E_TABRHVA.DLL - ok
06:23:01.0780 2700 [ 0E135526E9785D085BCD9AEDE6FBCBF9 ] C:\Windows\System32\userinit.exe
06:23:01.0780 2700 C:\Windows\System32\userinit.exe - ok
06:23:01.0796 2700 [ 9B96F6952186336CC6E3D4E08BE2E0AF ] C:\Windows\System32\dwmapi.dll
06:23:01.0796 2700 C:\Windows\System32\dwmapi.dll - ok
06:23:01.0811 2700 [ 3D50C4B10352367D5CB20ED1F50F8DA2 ] C:\Windows\System32\taskeng.exe
06:23:01.0811 2700 C:\Windows\System32\taskeng.exe - ok
06:23:01.0811 2700 [ D80C6539C00CB4F5D59066865479C308 ] C:\Windows\System32\dwmredir.dll
06:23:01.0811 2700 C:\Windows\System32\dwmredir.dll - ok
06:23:01.0827 2700 [ C99403A5B641520DAED0021DDA06F272 ] C:\Windows\System32\milcore.dll
06:23:01.0827 2700 C:\Windows\System32\milcore.dll - ok
06:23:01.0827 2700 [ BC8E37ED5C47D02A1FFD859B5368E24D ] C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
06:23:01.0827 2700 C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe - ok
06:23:01.0842 2700 [ D07D4C3038F3578FFCE1C0237F2A1253 ] C:\Windows\explorer.exe
06:23:01.0842 2700 C:\Windows\explorer.exe - ok
06:23:01.0842 2700 [ C6557AB85E548F752EB905CA5EE66A34 ] C:\Windows\System32\spool\drivers\w32x86\3\E_TBL6HVA.DLL
06:23:01.0842 2700 C:\Windows\System32\spool\drivers\w32x86\3\E_TBL6HVA.DLL - ok
06:23:01.0858 2700 [ 8AAEEE8E59A70F37579993D118A34EE0 ] C:\Windows\System32\d3d9.dll
06:23:01.0858 2700 C:\Windows\System32\d3d9.dll - ok
06:23:01.0874 2700 [ 2F7A7A68ED1BFDAA65473F7E1199421A ] C:\Windows\System32\spool\drivers\w32x86\3\E_TBEWHVA.DLL
06:23:01.0874 2700 C:\Windows\System32\spool\drivers\w32x86\3\E_TBEWHVA.DLL - ok
06:23:01.0874 2700 [ 6BC5FCEF351E4CB5A269C1E84B5A06DA ] C:\Windows\System32\netcfgx.dll
06:23:01.0874 2700 C:\Windows\System32\netcfgx.dll - ok
06:23:01.0889 2700 [ 0C980D52DC6C72C027B644CD2C62E310 ] C:\Windows\System32\spool\drivers\w32x86\3\E_TERSHVA.DLL
06:23:01.0889 2700 C:\Windows\System32\spool\drivers\w32x86\3\E_TERSHVA.DLL - ok
06:23:01.0889 2700 [ 12E8A79644955A6D1D371CBD7DA7C871 ] C:\Windows\System32\inetmib1.dll
06:23:01.0889 2700 C:\Windows\System32\inetmib1.dll - ok
06:23:01.0905 2700 [ 96CD9CACF1100EBA34D9A1E80BBEEDC3 ] C:\Program Files\DisplayLink Core Software\AddOnApi.dll
06:23:01.0905 2700 C:\Program Files\DisplayLink Core Software\AddOnApi.dll - ok
06:23:01.0905 2700 [ 167AC31450C0C53A01FA1491E94D7678 ] C:\Windows\System32\shdocvw.dll
06:23:01.0905 2700 C:\Windows\System32\shdocvw.dll - ok
06:23:01.0920 2700 [ 4504819D18FAC09B6108D8728467E5B2 ] C:\Windows\System32\browseui.dll
06:23:01.0920 2700 C:\Windows\System32\browseui.dll - ok
06:23:01.0920 2700 [ CD6DA5770CAE9D5E6E86722E17B442E0 ] C:\Windows\System32\d3d8thk.dll
06:23:01.0920 2700 C:\Windows\System32\d3d8thk.dll - ok
06:23:01.0936 2700 [ B11FDCA4410D6252964EF97F9A47DE74 ] C:\Windows\System32\TSChannel.dll
06:23:01.0936 2700 C:\Windows\System32\TSChannel.dll - ok
06:23:01.0952 2700 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
06:23:01.0952 2700 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
06:23:01.0952 2700 [ A6B73FCB9496DB101F3066CAF5A7DA4B ] C:\Windows\System32\ieframe.dll
06:23:01.0952 2700 C:\Windows\System32\ieframe.dll - ok
06:23:01.0967 2700 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll
06:23:01.0967 2700 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok
06:23:01.0967 2700 [ 782C8019C89920A77B1907AD3B4C8FF9 ] C:\Windows\System32\HotStartUserAgent.dll
06:23:01.0967 2700 C:\Windows\System32\HotStartUserAgent.dll - ok
06:23:01.0983 2700 [ 57125869A7B9638A5D11DD685AA65EB4 ] C:\Windows\System32\PlaySndSrv.dll
06:23:01.0983 2700 C:\Windows\System32\PlaySndSrv.dll - ok
06:23:01.0983 2700 [ 4934241CD20AC87D78121352E3BA8318 ] C:\Windows\System32\dbghelp.dll
06:23:01.0983 2700 C:\Windows\System32\dbghelp.dll - ok
06:23:01.0998 2700 [ 43E1054C713C48D252A1826C5E14AACA ] C:\Windows\System32\MsCtfMonitor.dll
06:23:01.0998 2700 C:\Windows\System32\MsCtfMonitor.dll - ok
06:23:02.0014 2700 [ C6DA42ADA0C5FC8CB05744229D632B47 ] C:\Windows\System32\msutb.dll
06:23:02.0014 2700 C:\Windows\System32\msutb.dll - ok
06:23:02.0014 2700 [ 85B16A92B117A5A800032ECD904B86DB ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
06:23:02.0014 2700 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
06:23:02.0030 2700 [ 0A6BDDF38C7BF84C70543BF395E06880 ] C:\Windows\System32\ManageTMMLifeTime.dll
06:23:02.0030 2700 C:\Windows\System32\ManageTMMLifeTime.dll - ok
06:23:02.0045 2700 [ 6D74290856347CF8682277A54B433D4B ] C:\Users\Ira\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
06:23:02.0045 2700 C:\Users\Ira\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll - ok
06:23:02.0045 2700 [ C0F7C25EEFB1C5FD554AAA801201A83C ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
06:23:02.0045 2700 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok
06:23:02.0061 2700 [ A8AD2773202A3913D1E1564BD5703183 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
06:23:02.0061 2700 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok
06:23:02.0061 2700 [ 293C5CCD99D332ECC94637FEDA38D1F2 ] C:\Windows\System32\TMM.dll
06:23:02.0061 2700 C:\Windows\System32\TMM.dll - ok
06:23:02.0076 2700 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Users\Ira\AppData\Roaming\Dropbox\bin\msvcp71.dll
06:23:02.0076 2700 C:\Users\Ira\AppData\Roaming\Dropbox\bin\msvcp71.dll - ok
06:23:02.0076 2700 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Users\Ira\AppData\Roaming\Dropbox\bin\msvcr71.dll
06:23:02.0076 2700 C:\Users\Ira\AppData\Roaming\Dropbox\bin\msvcr71.dll - ok
06:23:02.0092 2700 [ 14E4470BF8ACA69A85D741BA99F75F96 ] C:\Windows\System32\EhStorShell.dll
06:23:02.0092 2700 C:\Windows\System32\EhStorShell.dll - ok
06:23:02.0092 2700 [ 111C47816F39A91EAAA18DA0A54E8E63 ] C:\Windows\System32\imageres.dll
06:23:02.0092 2700 C:\Windows\System32\imageres.dll - ok
06:23:02.0108 2700 [ CDE36A70A5280FC0696E6E4363C4C71D ] C:\Windows\System32\TaskSchdPS.dll
06:23:02.0108 2700 C:\Windows\System32\TaskSchdPS.dll - ok
06:23:02.0123 2700 [ 20E2469DB709FC675E655CEAA11BE312 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
06:23:02.0123 2700 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok
06:23:02.0123 2700 [ 8EB9DF4D405524D5EF69AE9ECB0EDD16 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
06:23:02.0123 2700 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok
06:23:02.0139 2700 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] C:\Windows\System32\drivers\mdmxsdk.sys
06:23:02.0139 2700 C:\Windows\System32\drivers\mdmxsdk.sys - ok
06:23:02.0154 2700 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] C:\Windows\System32\drivers\NisDrvWFP.sys
06:23:02.0154 2700 C:\Windows\System32\drivers\NisDrvWFP.sys - ok
06:23:02.0154 2700 [ 35EADEC71FC491C5CA7BDC04FD0A78E7 ] C:\Windows\System32\DLTmmB.dll
06:23:02.0154 2700 C:\Windows\System32\DLTmmB.dll - ok
06:23:02.0170 2700 [ F4D9ED6BD74AD7CC0BEC83C43A1CB76B ] C:\Windows\System32\ncsi.dll
06:23:02.0170 2700 C:\Windows\System32\ncsi.dll - ok
06:23:02.0170 2700 [ 6349F6ED9C623B44B52EA3C63C831A92 ] C:\Windows\System32\drivers\PEAuth.sys
06:23:02.0170 2700 C:\Windows\System32\drivers\PEAuth.sys - ok
06:23:02.0186 2700 [ 01BCD91CC2B0EFDA4890F547010750BD ] C:\Windows\System32\ssdpapi.dll
06:23:02.0186 2700 C:\Windows\System32\ssdpapi.dll - ok
06:23:02.0186 2700 [ 66397A699206CF9A5F9C66A79B978125 ] C:\Windows\System32\igfxTMM.dll
06:23:02.0186 2700 C:\Windows\System32\igfxTMM.dll - ok
06:23:02.0201 2700 [ 08578F3CA5365F896D90CE2BF97FD000 ] C:\Windows\System32\IconCodecService.dll
06:23:02.0201 2700 C:\Windows\System32\IconCodecService.dll - ok
06:23:02.0217 2700 [ D0494460421A03CD5225CCA0059AA146 ] C:\Windows\System32\IPSECSVC.DLL
06:23:02.0217 2700 C:\Windows\System32\IPSECSVC.DLL - ok
06:23:02.0217 2700 [ 12E33DD823D74680DE6F33BFA359EFB3 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
06:23:02.0217 2700 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok
06:23:02.0232 2700 [ BDE89AB6F15F0093A2A7861D1FC413ED ] C:\Windows\System32\QAGENT.DLL
06:23:02.0232 2700 C:\Windows\System32\QAGENT.DLL - ok
06:23:02.0232 2700 [ 0A990AFB9F2726323D61C8ECB8B70B17 ] C:\Windows\System32\security.dll
06:23:02.0232 2700 C:\Windows\System32\security.dll - ok
06:23:02.0248 2700 [ 769D027B977CED05658C85E698D3C5B1 ] C:\Windows\System32\QUTIL.DLL
06:23:02.0248 2700 C:\Windows\System32\QUTIL.DLL - ok
06:23:02.0248 2700 [ 2CF574D0965F58E514A2DC94114D7ECA ] C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
06:23:02.0248 2700 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - ok
06:23:02.0264 2700 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
06:23:02.0264 2700 C:\Windows\System32\drivers\secdrv.sys - ok
06:23:02.0264 2700 [ 42608AE9AF2641EE473A1797C25CFFC2 ] C:\Windows\System32\FwRemoteSvr.dll
06:23:02.0264 2700 C:\Windows\System32\FwRemoteSvr.dll - ok
06:23:02.0279 2700 [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] C:\Windows\System32\stacsv.exe
06:23:02.0279 2700 C:\Windows\System32\stacsv.exe - ok
06:23:02.0295 2700 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
06:23:02.0295 2700 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
06:23:02.0295 2700 [ 84B8827562B005C118CADBA0F25DB2C6 ] C:\Windows\System32\dsound.dll
06:23:02.0295 2700 C:\Windows\System32\dsound.dll - ok
06:23:02.0310 2700 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] C:\Windows\System32\drivers\tcpipreg.sys
06:23:02.0310 2700 C:\Windows\System32\drivers\tcpipreg.sys - ok
06:23:02.0310 2700 [ 9225F181166C0FD8A4763611045D3C30 ] C:\Windows\System32\stapi32.dll
06:23:02.0310 2700 C:\Windows\System32\stapi32.dll - ok
06:23:02.0326 2700 [ 428FF21418ADCD6FAD6189CD9520A67B ] C:\Windows\System32\wiatrace.dll
06:23:02.0326 2700 C:\Windows\System32\wiatrace.dll - ok
06:23:02.0326 2700 [ 0C84B6AFFA7486422235584110D7176F ] C:\Windows\System32\icaapi.dll
06:23:02.0326 2700 C:\Windows\System32\icaapi.dll - ok
06:23:02.0342 2700 [ 2205A220A264E8C8B86492BF3D112907 ] C:\Windows\System32\PortableDeviceApi.dll
06:23:02.0342 2700 C:\Windows\System32\PortableDeviceApi.dll - ok
06:23:02.0357 2700 [ DEB9D08750423069647C3A066CEC7A1B ] C:\Windows\System32\tquery.dll
06:23:02.0357 2700 C:\Windows\System32\tquery.dll - ok
06:23:02.0357 2700 [ 218B73EA8341EA9FDF018D43052E790A ] C:\Windows\System32\mssrch.dll
06:23:02.0357 2700 C:\Windows\System32\mssrch.dll - ok
06:23:02.0373 2700 [ 1F18B9EA1BBFF033413414C3BEA13AD6 ] C:\Windows\System32\wbem\WinMgmtR.dll
06:23:02.0373 2700 C:\Windows\System32\wbem\WinMgmtR.dll - ok
06:23:02.0388 2700 [ B53BD9E63867CD9FD853F666CA172713 ] C:\Windows\System32\PortableDeviceConnectApi.dll
06:23:02.0388 2700 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
06:23:02.0388 2700 [ CD5F291A1161F15896D1A4D63DAFF5DF ] C:\Windows\System32\drivers\XAudio.exe
06:23:02.0388 2700 C:\Windows\System32\drivers\XAudio.exe - ok
06:23:02.0404 2700 [ DAB33CFA9DD24251AAA389FF36B64D4B ] C:\Windows\System32\drivers\XAudio.sys
06:23:02.0404 2700 C:\Windows\System32\drivers\XAudio.sys - ok
06:23:02.0404 2700 [ AAB5FEAABF4CB6F76D794203831C8D94 ] C:\Windows\System32\msidle.dll
06:23:02.0404 2700 C:\Windows\System32\msidle.dll - ok
06:23:02.0420 2700 [ FEA6D21F78922D641A0C9346D885133B ] C:\Windows\System32\mssprxy.dll
06:23:02.0420 2700 C:\Windows\System32\mssprxy.dll - ok
06:23:02.0420 2700 [ B458B58F7BB97C48D01AC3CF5805AAAC ] C:\Windows\System32\Query.dll
06:23:02.0420 2700 C:\Windows\System32\Query.dll - ok
06:23:02.0435 2700 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] C:\Windows\System32\netprofm.dll
06:23:02.0435 2700 C:\Windows\System32\netprofm.dll - ok
06:23:02.0451 2700 [ BF7E4D6F60A6D9E866432855C6F8C262 ] C:\Windows\System32\sqmapi.dll
06:23:02.0451 2700 C:\Windows\System32\sqmapi.dll - ok
06:23:02.0466 2700 [ DFCAB29E8FD38F95650CC1E203E8D318 ] C:\Windows\System32\npmproxy.dll
06:23:02.0466 2700 C:\Windows\System32\npmproxy.dll - ok
06:23:02.0466 2700 [ A952D0DED445F26AEFCF593A935AB300 ] C:\Windows\System32\hnetcfg.dll
06:23:02.0466 2700 C:\Windows\System32\hnetcfg.dll - ok
06:23:02.0482 2700 [ B8A21907FE2F1A113F3487D9AB60BEF9 ] C:\Windows\System32\en-US\tquery.dll.mui
06:23:02.0482 2700 C:\Windows\System32\en-US\tquery.dll.mui - ok
06:23:02.0498 2700 [ FC1EEE57EB9CD57279D70BA2A9131C38 ] C:\Windows\System32\wbem\wbemcore.dll
06:23:02.0498 2700 C:\Windows\System32\wbem\wbemcore.dll - ok
06:23:02.0498 2700 [ C10E13721B0AAEBEB5EBA914F1D18181 ] C:\Windows\System32\wbem\esscli.dll
06:23:02.0498 2700 C:\Windows\System32\wbem\esscli.dll - ok
06:23:02.0513 2700 [ BC5A34B6A14C93BF04E3F4E8EA57090A ] C:\Windows\System32\wbem\fastprox.dll
06:23:02.0513 2700 C:\Windows\System32\wbem\fastprox.dll - ok
06:23:02.0529 2700 [ 22DC784B32BEE306A99F50D6DC2460BC ] C:\Windows\System32\esent.dll
06:23:02.0529 2700 C:\Windows\System32\esent.dll - ok
06:23:02.0544 2700 [ DB0F37DBA4C245C61E5936DDBDE62438 ] C:\Windows\System32\wbem\wbemsvc.dll
06:23:02.0544 2700 C:\Windows\System32\wbem\wbemsvc.dll - ok
06:23:02.0544 2700 [ 2C3B09E586BDA2CC49A292BE7BADC589 ] C:\Windows\System32\wbem\wmiutils.dll
06:23:02.0544 2700 C:\Windows\System32\wbem\wmiutils.dll - ok
06:23:02.0560 2700 [ 834933F16EA839AC5AC7CBF88638DF27 ] C:\Windows\System32\wbem\repdrvfs.dll
06:23:02.0560 2700 C:\Windows\System32\wbem\repdrvfs.dll - ok
06:23:02.0560 2700 [ F85134BF76CB335A39F8D7BC4173D4FB ] C:\Windows\System32\msscb.dll
06:23:02.0560 2700 C:\Windows\System32\msscb.dll - ok
06:23:02.0576 2700 [ C2C6C014B96581EC8BF0C8604DE1743E ] C:\Windows\System32\wbem\WmiPrvSD.dll
06:23:02.0576 2700 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
06:23:02.0591 2700 [ A609A192E98934A8D352704C99AB8577 ] C:\Windows\System32\wbem\wbemess.dll
06:23:02.0591 2700 C:\Windows\System32\wbem\wbemess.dll - ok
06:23:02.0591 2700 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\Windows\System32\wuapi.dll
06:23:02.0591 2700 C:\Windows\System32\wuapi.dll - ok
06:23:02.0591 2700 [ 73FD66B14D3C4252F7A524B8836A4359 ] C:\Windows\System32\mstask.dll
06:23:02.0591 2700 C:\Windows\System32\mstask.dll - ok
06:23:02.0607 2700 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\Windows\System32\wups.dll
06:23:02.0607 2700 C:\Windows\System32\wups.dll - ok
06:23:02.0622 2700 [ E08E02FA865C962A028CA5A874ECB56E ] C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
06:23:02.0622 2700 C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe - ok
06:23:02.0622 2700 [ 234051C0D242A6F4A79AE5212C1323D4 ] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
06:23:02.0622 2700 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe - ok
06:23:02.0638 2700 [ A944A73CEC5921B871542FE5CC5E03E4 ] C:\Windows\System32\olepro32.dll
06:23:02.0638 2700 C:\Windows\System32\olepro32.dll - ok
06:23:02.0638 2700 [ F7675B88DD03788C7EF3CE63F2E6949F ] C:\Program Files\LogMeIn\x86\LogMeInSystray.dll
06:23:02.0638 2700 C:\Program Files\LogMeIn\x86\LogMeInSystray.dll - ok
06:23:02.0654 2700 [ 22068D35A065335EAA8DDF0223C819E3 ] C:\Program Files\LogMeIn\x86\rntfywnd.dll
06:23:02.0654 2700 C:\Program Files\LogMeIn\x86\rntfywnd.dll - ok
06:23:02.0654 2700 [ 9495FCC01D7AB7B60E5B8BA7AEFE9E3D ] C:\Windows\System32\wbem\WmiPrvSE.exe
06:23:02.0654 2700 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
06:23:02.0669 2700 [ 05B6A5CE1C7767C32DF35966107CB1EC ] C:\Windows\System32\hhctrl.ocx
06:23:02.0669 2700 C:\Windows\System32\hhctrl.ocx - ok
06:23:02.0685 2700 [ 3B846434055F80D9E89D0742F3ADAD34 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
06:23:02.0685 2700 C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
06:23:02.0700 2700 [ 4C6CA0F172E264B432666A81E4B466AB ] C:\Program Files\Microsoft Security Client\NisLog.dll
06:23:02.0700 2700 C:\Program Files\Microsoft Security Client\NisLog.dll - ok
06:23:02.0700 2700 [ 7E38DA8C11833B99766A97CEE3F80F07 ] C:\Windows\System32\oleaccrc.dll
06:23:02.0700 2700 C:\Windows\System32\oleaccrc.dll - ok
06:23:02.0716 2700 [ 1DFC366D2154EF2B381A7F2CB165C7F4 ] C:\Windows\System32\diagperf.dll
06:23:02.0716 2700 C:\Windows\System32\diagperf.dll - ok
06:23:02.0732 2700 [ F0062778F50838145AC46B384FFB4FA3 ] C:\Windows\System32\pcadm.dll
06:23:02.0732 2700 C:\Windows\System32\pcadm.dll - ok
06:23:02.0732 2700 [ 053ACAAE0F10C22A00C26DD10EF394BA ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2BFB534C-3450-42B1-A340-33ED2426FE60}\gapaengine.dll
06:23:02.0732 2700 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2BFB534C-3450-42B1-A340-33ED2426FE60}\gapaengine.dll - ok
06:23:02.0747 2700 [ 21322832C99E8DE85BD047689A2A69DB ] C:\Windows\System32\pnpts.dll
06:23:02.0747 2700 C:\Windows\System32\pnpts.dll - ok
06:23:02.0747 2700 [ 5527767F1ADD169320020321EEBA581E ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2BFB534C-3450-42B1-A340-33ED2426FE60}\nisfull.vdm
06:23:02.0747 2700 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2BFB534C-3450-42B1-A340-33ED2426FE60}\nisfull.vdm - ok
06:23:02.0763 2700 [ B4AF3DC7830EFEA4E50847CF225BB7DB ] C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID.pin
06:23:02.0763 2700 C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID.pin - ok
06:23:02.0778 2700 [ 21F3375B9EBC457AE0053755D21FA547 ] C:\Windows\System32\tzres.dll
06:23:02.0778 2700 C:\Windows\System32\tzres.dll - ok
06:23:02.0778 2700 [ 46828F2E7B4D68B706BFEBC1964A7D1A ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizM.dll
06:23:02.0778 2700 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizM.dll - ok
06:23:02.0794 2700 [ 09C6750143ED0C22A5083FC5C1C90999 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizD.dll
06:23:02.0825 2700 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizD.dll - ok
06:23:02.0825 2700 [ 6AA1422C89E2C4ADACFD5B826C5E1044 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizR.dll
06:23:02.0825 2700 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizR.dll - ok
06:23:02.0825 2700 [ ABBEE3E367F6E6ED415D33C78121FFA9 ] C:\Program Files\Unlocker\UnlockerHook.dll
06:23:02.0841 2700 C:\Program Files\Unlocker\UnlockerHook.dll - ok
06:23:02.0841 2700 [ A194808A2D7726151CAA835D69605BD2 ] C:\Windows\System32\en-US\user32.dll.mui
06:23:02.0841 2700 C:\Windows\System32\en-US\user32.dll.mui - ok
06:23:02.0856 2700 [ B7A75960A62C52495C0F2F9846C48353 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RaidWizCnG.dll
06:23:02.0856 2700 C:\Program Files\Intel\Intel Matrix Storage Manager\RaidWizCnG.dll - ok
06:23:02.0856 2700 [ 3606CE1AC3D6A9A9CB7DB35D7F5C54EC ] C:\Windows\System32\shfolder.dll
06:23:02.0856 2700 C:\Windows\System32\shfolder.dll - ok
06:23:02.0872 2700 [ 66E323AA1E41CF0F67723928B250202F ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizC.dll
06:23:02.0872 2700 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizC.dll - ok
06:23:02.0872 2700 [ 81D7B74BC04E21D83603FF98AC250DA6 ] C:\Windows\System32\en-US\kernel32.dll.mui
06:23:02.0872 2700 C:\Windows\System32\en-US\kernel32.dll.mui - ok
06:23:02.0888 2700 [ 01DAAF5B3C8627B158C3FB8D6AC01EB3 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizCFE.dll
06:23:02.0888 2700 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizCFE.dll - ok
06:23:02.0903 2700 [ 09F30BCCF5D237444261FF10C19D6BF3 ] C:\Windows\System32\en-US\wsock32.dll.mui
06:23:02.0903 2700 C:\Windows\System32\en-US\wsock32.dll.mui - ok
06:23:02.0903 2700 [ F371C6DF9A810EF2E6E4FA60ACBB5C33 ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
06:23:02.0903 2700 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe - ok
06:23:02.0919 2700 [ 5E41139EC6EFBCAFFD96D46925E544AB ] C:\Windows\System32\mspatcha.dll
06:23:02.0919 2700 C:\Windows\System32\mspatcha.dll - ok
06:23:02.0919 2700 [ A44BB035874EF794CD8750579B26801A ] C:\Windows\System32\en-US\imageres.dll.mui
06:23:02.0919 2700 C:\Windows\System32\en-US\imageres.dll.mui - ok
06:23:02.0934 2700 [ 87CDFFCBD09C1CA03A068343D5D93250 ] C:\Windows\System32\wmi.dll
06:23:02.0934 2700 C:\Windows\System32\wmi.dll - ok
06:23:02.0934 2700 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\Windows\System32\wups2.dll
06:23:02.0934 2700 C:\Windows\System32\wups2.dll - ok
06:23:02.0950 2700 [ AF57B911F28750D2375B1FEB88BCCD99 ] C:\Windows\System32\en-US\userenv.dll.mui
06:23:02.0950 2700 C:\Windows\System32\en-US\userenv.dll.mui - ok
06:23:02.0966 2700 [ 35137E0AE4F85089555D121349406929 ] C:\Program Files\LogMeIn\x86\rahook.dll
06:23:02.0966 2700 C:\Program Files\LogMeIn\x86\rahook.dll - ok
06:23:02.0966 2700 [ 35137E0AE4F85089555D121349406929 ] C:\Program Files\LogMeIn\x86\LMIhook.000.dll
06:23:02.0966 2700 C:\Program Files\LogMeIn\x86\LMIhook.000.dll - ok
06:23:02.0981 2700 [ D5213329522F620A50EF2DBDC7F4D0D7 ] C:\Windows\System32\stdole2.tlb
06:23:02.0981 2700 C:\Windows\System32\stdole2.tlb - ok
06:23:02.0981 2700 [ 65918B13FC2B9E3306A5B4D3258205C8 ] C:\Windows\System32\lmimirr.dll
06:23:02.0981 2700 C:\Windows\System32\lmimirr.dll - ok
06:23:02.0997 2700 [ AB530FDD34C67B497A20171D1234CFE9 ] C:\Windows\System32\riched32.dll
06:23:02.0997 2700 C:\Windows\System32\riched32.dll - ok
06:23:02.0997 2700 [ 5ACE8FF56149524D93199E8C5B821A60 ] C:\Windows\System32\lmimirr2.dll
06:23:02.0997 2700 C:\Windows\System32\lmimirr2.dll - ok
06:23:03.0012 2700 [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D ] C:\Windows\System32\riched20.dll
06:23:03.0012 2700 C:\Windows\System32\riched20.dll - ok
06:23:03.0012 2700 [ 8BE000F9A0B0FF7194AAEFB02C9BDE99 ] C:\Windows\System32\wer.dll
06:23:03.0012 2700 C:\Windows\System32\wer.dll - ok
06:23:03.0028 2700 [ 2C7B4E944A48B9A07B7BF2AB262F197E ] C:\Windows\System32\icm32.dll
06:23:03.0028 2700 C:\Windows\System32\icm32.dll - ok
06:23:03.0028 2700 [ F723422A11CD6FA13036746272200993 ] C:\Windows\System32\wbem\cimwin32.dll
06:23:03.0028 2700 C:\Windows\System32\wbem\cimwin32.dll - ok
06:23:03.0044 2700 [ 67BB7141F7F5F37411F796943B3418B6 ] C:\Windows\System32\framedynos.dll
06:23:03.0044 2700 C:\Windows\System32\framedynos.dll - ok
06:23:03.0059 2700 [ E98E402067978DB38282158F9E8609CA ] C:\Windows\System32\netshell.dll
06:23:03.0059 2700 C:\Windows\System32\netshell.dll - ok
06:23:03.0059 2700 [ 9A6A653ADF28D9D69670B48F535E6B90 ] C:\Windows\System32\runonce.exe
06:23:03.0059 2700 C:\Windows\System32\runonce.exe - ok
06:23:03.0075 2700 [ 74F26FC01B180D4A99A168ED69C30A53 ] C:\Windows\System32\cmd.exe
06:23:03.0075 2700 C:\Windows\System32\cmd.exe - ok
06:23:03.0075 2700 [ 5FA382106B145A920E2A4F7087AF1B90 ] C:\Windows\System32\wbem\wmipcima.dll
06:23:03.0075 2700 C:\Windows\System32\wbem\wmipcima.dll - ok
06:23:03.0090 2700 [ 3192ED5E2FFDF5B630541B9643AE1AA3 ] C:\Windows\System32\upnp.dll
06:23:03.0090 2700 C:\Windows\System32\upnp.dll - ok
06:23:03.0090 2700 [ 7ADD03E75BEB9E6DD102C3081D29840A ] C:\Windows\System32\drivers\cdfs.sys
06:23:03.0090 2700 C:\Windows\System32\drivers\cdfs.sys - ok
06:23:03.0106 2700 [ F8B39BFCC6FACD5376D5C008B4BF960E ] C:\Program Files\Intel\Wireless\Bin\WiFiWMIP.dll
06:23:03.0106 2700 C:\Program Files\Intel\Wireless\Bin\WiFiWMIP.dll - ok
06:23:03.0122 2700 [ 898ABECCD5F0B9A8E8F1318DDB234685 ] C:\Windows\System32\dot3api.dll
06:23:03.0122 2700 C:\Windows\System32\dot3api.dll - ok
06:23:03.0122 2700 [ 8D544AC1B7AA7FB9DFF0C3E7DA6AD295 ] C:\Windows\System32\wlanhlp.dll
06:23:03.0122 2700 C:\Windows\System32\wlanhlp.dll - ok
06:23:03.0137 2700 [ F3870C2935A3B36117EAB30FE389461A ] C:\Windows\System32\igfxdev.dll
06:23:03.0137 2700 C:\Windows\System32\igfxdev.dll - ok
06:23:03.0137 2700 [ C6FD3425B1ADD739B95DC4D661FF4DD3 ] C:\Windows\System32\PresentationSettings.exe
06:23:03.0137 2700 C:\Windows\System32\PresentationSettings.exe - ok
06:23:03.0153 2700 [ 10DE220BDFE330073762F89974DB8403 ] C:\Windows\System32\wbem\wmiprov.dll
06:23:03.0153 2700 C:\Windows\System32\wbem\wmiprov.dll - ok
06:23:03.0168 2700 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Ira\AppData\Local\Temp\636B6BA8-B15C-4DB0-A331-FA9AFE1BC45F.exe
06:23:03.0168 2700 C:\Users\Ira\AppData\Local\Temp\636B6BA8-B15C-4DB0-A331-FA9AFE1BC45F.exe - ok
06:23:03.0168 2700 [ 254AC97C9AF4DDF3F5F57855198527B7 ] C:\Windows\System32\wermgr.exe
06:23:03.0168 2700 C:\Windows\System32\wermgr.exe - ok
06:23:03.0184 2700 [ BF899F57858B8C6F162D9EEB2370641C ] C:\Windows\System32\wercon.exe
06:23:03.0184 2700 C:\Windows\System32\wercon.exe - ok
06:23:03.0184 2700 [ DC994E0E9E45B10693D401304915BB42 ] C:\Program Files\Microsoft Office\Office12\OLKFSTUB.DLL
06:23:03.0184 2700 C:\Program Files\Microsoft Office\Office12\OLKFSTUB.DLL - ok
06:23:03.0200 2700 [ A4CAD127F0826B698D0E8DA2AC078E7B ] C:\Program Files\Microsoft Office\Office12\SSGEN.DLL
06:23:03.0200 2700 C:\Program Files\Microsoft Office\Office12\SSGEN.DLL - ok
06:23:03.0200 2700 [ 5CC3601219670472A30F46ECD1FE16BE ] C:\Program Files\Common Files\microsoft shared\OFFICE12\EXP_PDF.DLL
06:23:03.0200 2700 C:\Program Files\Common Files\microsoft shared\OFFICE12\EXP_PDF.DLL - ok
06:23:03.0215 2700 [ ADF5C22B57CD0B4E7DA993E51B25C781 ] C:\Program Files\Microsoft Office\Office12\MSOSTYLE.DLL
06:23:03.0215 2700 C:\Program Files\Microsoft Office\Office12\MSOSTYLE.DLL - ok
06:23:03.0231 2700 [ AFA7E91C8C9566E03FB1620F95230B93 ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80CHS.dll
06:23:03.0231 2700 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131\mfc80CHS.dll - ok
06:23:03.0231 2700 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll
06:23:03.0231 2700 C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll - ok
06:23:03.0246 2700 [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\msvcr80.dll
06:23:03.0246 2700 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\msvcr80.dll - ok
06:23:03.0246 2700 [ BA4593F51E7F516B1228ED908D40F56F ] C:\Program Files\Microsoft Office\Office12\SAEXT.DLL
06:23:03.0246 2700 C:\Program Files\Microsoft Office\Office12\SAEXT.DLL - ok
06:23:03.0262 2700 [ 75492CF83C1AF1C923AD2B5205249943 ] C:\Program Files\Microsoft Office\Office12\WDBIMP.DLL
06:23:03.0262 2700 C:\Program Files\Microsoft Office\Office12\WDBIMP.DLL - ok
06:23:03.0262 2700 [ FF159811CF03DD4013A562ABAA698E5A ] C:\Program Files\Common Files\microsoft shared\OFFICE12\EXP_XPS.DLL
06:23:03.0262 2700 C:\Program Files\Common Files\microsoft shared\OFFICE12\EXP_XPS.DLL - ok
06:23:03.0278 2700 [ C84E4ECE0D210489738B2F0ADB2723E8 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfcm80.dll
06:23:03.0278 2700 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfcm80.dll - ok
06:23:03.0293 2700 [ 738B7A556C3CD2ADEAE2F4F89872E589 ] C:\Windows\System32\en-US\rascfg.dll.mui
06:23:03.0293 2700 C:\Windows\System32\en-US\rascfg.dll.mui - ok
06:23:03.0293 2700 [ 87BA0576429722DF5B92FD43F55FAD77 ] C:\Program Files\Microsoft Office\Office12\OUTLFLTR.DLL
06:23:03.0293 2700 C:\Program Files\Microsoft Office\Office12\OUTLFLTR.DLL - ok
06:23:03.0309 2700 [ 0A68FB1C589869D143AFB2701B777224 ] C:\Program Files\Common Files\microsoft shared\Portal\PortalConnectCore.dll
06:23:03.0309 2700 C:\Program Files\Common Files\microsoft shared\Portal\PortalConnectCore.dll - ok
06:23:03.0309 2700 [ 12BCF4DAD8E5A1B3D5FA7AB4A79DA105 ] C:\Windows\System32\sfc_os.dll
06:23:03.0309 2700 C:\Windows\System32\sfc_os.dll - ok
06:23:03.0324 2700 [ 0767B09C74D935A590B4879D14463B64 ] C:\Windows\System32\drivers\Classpnp.sys
06:23:03.0324 2700 C:\Windows\System32\drivers\Classpnp.sys - ok
06:23:03.0340 2700 [ 70C6489D56008D75DEDF73226FA63C11 ] C:\Windows\System32\dimsjob.dll
06:23:03.0340 2700 C:\Windows\System32\dimsjob.dll - ok
06:23:03.0340 2700 [ 98638A4CA187245C469DA0DEC4F04A45 ] C:\Windows\System32\pautoenr.dll
06:23:03.0340 2700 C:\Windows\System32\pautoenr.dll - ok
06:23:03.0356 2700 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
06:23:03.0356 2700 C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe - ok
06:23:03.0371 2700 [ AC48FD62E22C4425879FCA5A63F50497 ] C:\Windows\System32\certcli.dll
06:23:03.0371 2700 C:\Windows\System32\certcli.dll - ok
06:23:03.0371 2700 [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe
06:23:03.0371 2700 C:\Windows\System32\ie4uinit.exe - ok
06:23:03.0387 2700 [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll
06:23:03.0387 2700 C:\Windows\System32\iedkcs32.dll - ok
06:23:03.0402 2700 [ 0053319C4438CDE659AA75C19BBD22F1 ] C:\Windows\System32\CertEnroll.dll
06:23:03.0402 2700 C:\Windows\System32\CertEnroll.dll - ok
06:23:03.0402 2700 [ 4B19A9A4191353007E9819A832B81186 ] C:\Windows\System32\timedate.cpl
06:23:03.0402 2700 C:\Windows\System32\timedate.cpl - ok
06:23:03.0418 2700 [ 8D78BA30DB4AE040A52EDEE725782715 ] C:\Windows\System32\actxprxy.dll
06:23:03.0418 2700 C:\Windows\System32\actxprxy.dll - ok
06:23:03.0418 2700 [ 73594DBC99E22958150192EE99BC48CE ] C:\Windows\System32\drivers\FWPKCLNT.SYS
06:23:03.0418 2700 C:\Windows\System32\drivers\FWPKCLNT.SYS - ok
06:23:03.0434 2700 [ 06B662B0B8D02A3E55725E553982C607 ] C:\Windows\System32\en-US\ESENT.dll.mui
06:23:03.0434 2700 C:\Windows\System32\en-US\ESENT.dll.mui - ok
06:23:03.0449 2700 [ FF41E1AC301F51E16F61AD7C0F45467C ] C:\Windows\System32\msshsq.dll
06:23:03.0449 2700 C:\Windows\System32\msshsq.dll - ok
06:23:03.0449 2700 [ 6429D10C5D149AC9EB2D95052A390CFF ] C:\Windows\System32\drivers\pciidex.sys
06:23:03.0449 2700 C:\Windows\System32\drivers\pciidex.sys - ok
06:23:03.0465 2700 [ 1CE4A2790EB4A96F4ED1E4264866AFE6 ] C:\Windows\System32\NaturalLanguage6.dll
06:23:03.0465 2700 C:\Windows\System32\NaturalLanguage6.dll - ok
06:23:03.0465 2700 [ AA111488C03C58A2BF66509ABB4FDE60 ] C:\Windows\System32\NlsData0009.dll
06:23:03.0465 2700 C:\Windows\System32\NlsData0009.dll - ok
06:23:03.0480 2700 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\19601385.sys
06:23:03.0480 2700 C:\Windows\System32\drivers\19601385.sys - ok
06:23:03.0480 2700 [ 8629B71343F61E1140243581C63BC0C7 ] C:\Windows\System32\NlsLexicons0009.dll
06:23:03.0480 2700 C:\Windows\System32\NlsLexicons0009.dll - ok
06:23:03.0496 2700 [ C8AE490A93C3CC2E537B6E06247785A1 ] C:\Windows\System32\wbem\NCProv.dll
06:23:03.0496 2700 C:\Windows\System32\wbem\NCProv.dll - ok
06:23:03.0496 2700 [ 24F90AEFEBE601D427CB4511E74CDCB6 ] C:\Windows\System32\linkinfo.dll
06:23:03.0496 2700 C:\Windows\System32\linkinfo.dll - ok
06:23:03.0512 2700 [ E3F535656B5ABF249702EB64F3CF9AF0 ] C:\Windows\System32\wbem\wbemcons.dll
06:23:03.0512 2700 C:\Windows\System32\wbem\wbemcons.dll - ok
06:23:03.0527 2700 [ 04044BF8E6989BE45FA718C24407CA28 ] C:\Windows\System32\networkexplorer.dll
06:23:03.0527 2700 C:\Windows\System32\networkexplorer.dll - ok
06:23:03.0527 2700 [ FE0C21131667A5860CBE56C1D0D00C66 ] C:\Program Files\iTunes\iTunes.exe
06:23:03.0527 2700 C:\Program Files\iTunes\iTunes.exe - ok
06:23:03.0543 2700 [ BA55597B5B444990C0BF2E22DD341C48 ] C:\Program Files\DellTPad\Apoint.exe
06:23:03.0543 2700 C:\Program Files\DellTPad\Apoint.exe - ok
06:23:03.0543 2700 [ F70A63E713110C6668783DB2CAE94AE8 ] C:\Windows\System32\igfxtray.exe
06:23:03.0543 2700 C:\Windows\System32\igfxtray.exe - ok
06:23:03.0558 2700 [ 99B4071862E7BEF7DD4896A3B6E3477B ] C:\Windows\System32\hkcmd.exe
06:23:03.0558 2700 C:\Windows\System32\hkcmd.exe - ok
06:23:03.0558 2700 [ 86F047B6AE9C3C7ADE3140B657F00D5A ] C:\Windows\System32\hccutils.dll
06:23:03.0558 2700 C:\Windows\System32\hccutils.dll - ok
06:23:03.0574 2700 [ 61216539E55DDF2F78E421E7EF140650 ] C:\Windows\System32\ExplorerFrame.dll
06:23:03.0574 2700 C:\Windows\System32\ExplorerFrame.dll - ok
06:23:03.0590 2700 [ 83A3890B00A43D7504C92AB474B82092 ] C:\Windows\System32\igfxpers.exe
06:23:03.0590 2700 C:\Windows\System32\igfxpers.exe - ok
06:23:03.0590 2700 [ 027E5E14C9CFF810377701BDEAD8210F ] C:\Windows\System32\control.exe
06:23:03.0590 2700 C:\Windows\System32\control.exe - ok
06:23:03.0605 2700 [ 7E1B0C85B7347D9391FE60F6DADFDDF0 ] C:\Program Files\Microsoft Security Client\msseces.exe
06:23:03.0605 2700 C:\Program Files\Microsoft Security Client\msseces.exe - ok
06:23:03.0605 2700 [ 5016B8FC59AD616F03813FBE63295081 ] C:\Windows\System32\thumbcache.dll
06:23:03.0605 2700 C:\Windows\System32\thumbcache.dll - ok
06:23:03.0621 2700 [ 37AE019B337D4533FBB6831B8954E2EF ] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
06:23:03.0621 2700 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe - ok
06:23:03.0621 2700 [ 91BE30E46577861156595BBCF34F5E71 ] C:\Windows\System32\igfxsrvc.exe
06:23:03.0621 2700 C:\Windows\System32\igfxsrvc.exe - ok
06:23:03.0636 2700 [ B5950DF243837D8217F4E597919B224A ] C:\Windows\System32\stobject.dll
06:23:03.0636 2700 C:\Windows\System32\stobject.dll - ok
06:23:03.0652 2700 [ F9F9E7F0D4EBAC06334C9BF76C9E11B4 ] C:\Windows\System32\sud.dll
06:23:03.0652 2700 C:\Windows\System32\sud.dll - ok
06:23:03.0652 2700 [ 7D274CFE454D907620D9903573E11990 ] C:\Windows\System32\spool\drivers\w32x86\3\EFXGI09A.DLL
06:23:03.0652 2700 C:\Windows\System32\spool\drivers\w32x86\3\EFXGI09A.DLL - ok
06:23:03.0668 2700 [ 1F16F20318DBFD2E2ED54406A81A92FC ] C:\Program Files\DellTPad\Apoint.dll
06:23:03.0668 2700 C:\Program Files\DellTPad\Apoint.dll - ok
06:23:03.0668 2700 [ EC69B16644C613F41A57169F8D068F1D ] C:\Windows\System32\batmeter.dll
06:23:03.0668 2700 C:\Windows\System32\batmeter.dll - ok
06:23:03.0683 2700 [ 4C96E5B53EAF63BCBEA6FA79C9A0AE59 ] C:\Windows\System32\VAN.dll
06:23:03.0683 2700 C:\Windows\System32\VAN.dll - ok
06:23:03.0683 2700 [ C6C8DB2C5BE7665768DBE2D50EA13A65 ] C:\Windows\System32\igfxsrvc.dll
06:23:03.0683 2700 C:\Windows\System32\igfxsrvc.dll - ok
06:23:03.0699 2700 [ C1CEDB366EF54F4817890CF2DF121F48 ] C:\Windows\System32\spool\drivers\w32x86\3\EFXMI09A.DLL
06:23:03.0699 2700 C:\Windows\System32\spool\drivers\w32x86\3\EFXMI09A.DLL - ok
06:23:03.0714 2700 [ E520C4B1D7B50B0585FDB7D24BF872FF ] C:\Windows\System32\Vxdif.dll
06:23:03.0714 2700 C:\Windows\System32\Vxdif.dll - ok
06:23:03.0714 2700 [ 6163C0EE9781E3DF79A18D82FCA0AA26 ] C:\Program Files\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe
06:23:03.0714 2700 C:\Program Files\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe - ok
06:23:03.0730 2700 [ A9662BCF218BC76869A8D91635D5F93A ] C:\Windows\System32\Wpc.dll
06:23:03.0730 2700 C:\Windows\System32\Wpc.dll - ok
06:23:03.0730 2700 [ 23242FD6C7D4C61807E84FD3A79248C4 ] C:\Windows\OEM02Mon.exe
06:23:03.0730 2700 C:\Windows\OEM02Mon.exe - ok
06:23:03.0746 2700 [ 255E405D801CF01247390F38F92D8042 ] C:\Program Files\Unlocker\UnlockerAssistant.exe
06:23:03.0746 2700 C:\Program Files\Unlocker\UnlockerAssistant.exe - ok
06:23:03.0746 2700 [ 697DCF498B721D4CD15D615A5EECE8E9 ] C:\Windows\System32\spool\drivers\w32x86\3\EFXUI09A.DLL
06:23:03.0746 2700 C:\Windows\System32\spool\drivers\w32x86\3\EFXUI09A.DLL - ok
06:23:03.0761 2700 [ BADC359C9A0D9C217B7E8DA17BF3F5BB ] C:\Windows\System32\ntshrui.dll
06:23:03.0761 2700 C:\Windows\System32\ntshrui.dll - ok
06:23:03.0761 2700 [ 4895E1BDA720F634ABDA31BBEC90DEAE ] C:\Program Files\DellTPad\EzAuto.dll
06:23:03.0761 2700 C:\Program Files\DellTPad\EzAuto.dll - ok
06:23:03.0777 2700 [ 790222D6CCFC576F0D07D418E6115D85 ] C:\Program Files\Windows Calendar\WinCal.exe
06:23:03.0777 2700 C:\Program Files\Windows Calendar\WinCal.exe - ok
06:23:03.0792 2700 [ F2B4A9D0D0E1FBF6CCA824EA0A76FFC0 ] C:\Program Files\Sigmatel\C-Major Audio\WDM\stlang.dll
06:23:03.0792 2700 C:\Program Files\Sigmatel\C-Major Audio\WDM\stlang.dll - ok
06:23:03.0792 2700 [ 861797D3C83A6EBA05FB2C63B1A45E82 ] C:\Windows\System32\ksproxy.ax
06:23:03.0792 2700 C:\Windows\System32\ksproxy.ax - ok
06:23:03.0808 2700 [ 1B593FBB763150BD225DF266C69A9329 ] C:\Windows\System32\mfc42u.dll
06:23:03.0808 2700 C:\Windows\System32\mfc42u.dll - ok
06:23:03.0808 2700 [ 51E6B19ACFACDBB372003EE016287E82 ] C:\Windows\System32\url.dll
06:23:03.0808 2700 C:\Windows\System32\url.dll - ok
06:23:03.0824 2700 [ 3417E5691AC9E5B6C3176D2B66DAE82D ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
06:23:03.0824 2700 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe - ok
06:23:03.0824 2700 [ 06164026C38AA5366E4D127E2E36FDE8 ] C:\Program Files\Windows Mail\wab.exe
06:23:03.0824 2700 C:\Program Files\Windows Mail\wab.exe - ok
06:23:03.0839 2700 [ 30F02D9C55053367E26A11482F51E255 ] C:\Windows\System32\SndVolSSO.dll
06:23:03.0839 2700 C:\Windows\System32\SndVolSSO.dll - ok
06:23:03.0855 2700 [ 395335431AD55C167CFDBBAB8420DA73 ] C:\Program Files\Movie Maker\DVDMaker.exe
06:23:03.0855 2700 C:\Program Files\Movie Maker\DVDMaker.exe - ok
06:23:03.0855 2700 [ E14D7143DB2FCBD1E81847A868F74DE4 ] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaamon_ENU.dll
06:23:03.0855 2700 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaamon_ENU.dll - ok
06:23:03.0870 2700 [ 52D28AE9E168BA60F2DFA00EDD101B14 ] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
06:23:03.0870 2700 C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe - ok
06:23:03.0870 2700 ============================================================
06:23:03.0870 2700 Scan finished
06:23:03.0870 2700 ============================================================
06:23:03.0886 0528 Detected object count: 0
06:23:03.0886 0528 Actual detected object count: 0
  • 0

#8
Iraboi
Posted 21 November 2012 - 08:53 AM

Iraboi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
It is a relief that it seems like I am clean. I am still a little concerned about the screenshots, and I clicked on them and noticed that a few of them had the exact same time stamp (in seconds). I called Fidelity and they said there is no automated thing set up to make those screenshot backups. As long as its not a virus doing it..

Thank you for all the help
  • 0

#9
Crag_Hack
Posted 21 November 2012 - 11:29 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
I noticed you have LogMeIn installed. Do you leave your computer on at all times even when you're not using it? Do you also not disable LogMeIn when you're not using it? If yes to both of those it is possible somebody got ahold of your LogMeIn password and remotely controlled your computer to create those Fidelity files. I think LogMeIn also keeps a log of all activity on your account so we might be able to check to make sure nobody's sneaking in unnoticed.
  • 0

#10
Crag_Hack
Posted 22 November 2012 - 04:07 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
If you're interested and you have logmein free, go to www.logmein.com, log in w/username and password, click Reports on the left side, make sure Category is Account Activity and Usage, make sure Report is Remote Access Sessions (In Last Month), and click View Report. If there are no sessions in the last month I can contact a colleague who's got more experience than me and see if he has any ideas about what might be going on. There is still one more tool we haven't run that might be able to clean any infections.
  • 0

Advertisements

#11
Iraboi
Posted 22 November 2012 - 06:50 PM

Iraboi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Just looked, 3 reports in the last month and those were me connecting to my dad's computer (I am helping him post the logs here). He keeps it disabled normally.

If there's still more that can be checked, we're glad to keep going. Thanks for your help and have a good Thanksgiving
  • 0

#12
Crag_Hack
Posted 22 November 2012 - 11:33 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
I messaged my colleague and should have a response tomorrow. Will get back to ya soon. Have a nice TG too! :beer:
  • 0

#13
Crag_Hack
Posted 23 November 2012 - 06:12 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi iraboi. I messaged my colleague. It's time to pull out the big gun - Combofix - and see what happens. Please do the following:

Download and Install Combofix - you can temporarily connect to the Internet for this procedure

Download ComboFix from one of the following locations:
Link 1

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
Also please make sure to take note of anything ComboFix says during the course of its run especially if related to your infection and report to me in your next post.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks - if the update succeeds combofix will restart - if not it will continue with the current copy

    Posted Image

    Posted Image

    Posted Image
  • Answer yes to install the Recovery Console if it asks and yes to scan for malware afterwards if prompted

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as any messages you got during the run of Combofix
  • 0

#14
Iraboi
Posted 25 November 2012 - 11:54 AM

Iraboi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Josh, I downloaded and ran combofix. It asked me to accept the disclaimer, which I did, and it immediately started a computer scan without any of the interim steps you mentioned would occur. Attached is the text file report. Also, prior to running combofix, I was unable to terminate the process msmpeng.exe, which is associated with windows defender.

Thanks, Ira

--

ComboFix 12-11-25.01 - Ira 11/25/2012 12:13:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1749 [GMT -5:00]
Running from: c:\users\Ira\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Ira\AppData\Local\assembly\tmp
c:\users\Ira\AppData\Local\assembly\tmp\85WMD2SH\__AssemblyInfo__.ini
c:\users\Ira\AppData\Local\assembly\tmp\85WMD2SH\Google.Apis.Tasks.v1.DLL
c:\users\Ira\cnet_spywareblastersetup44_exe.exe
c:\users\Ira\MozBackup-1.5.1-EN.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 )))))))))))))))))))))))))))))))
.
.
2012-11-25 16:41 . 2012-11-25 16:41 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18CA8F49-3C1F-4E41-85C6-C5B58E646AE6}\MpKsl01f5b4ef.sys
2012-11-25 16:41 . 2012-11-25 16:41 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18CA8F49-3C1F-4E41-85C6-C5B58E646AE6}\offreg.dll
2012-11-24 17:23 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18CA8F49-3C1F-4E41-85C6-C5B58E646AE6}\mpengine.dll
2012-11-23 15:54 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-16 20:26 . 2012-11-16 20:26 -------- d-----w- c:\users\Ira\AppData\Local\MicrosoftStore
2012-11-15 19:43 . 2012-11-15 19:44 -------- d-----w- C:\Jts
2012-11-14 11:43 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 11:42 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 19:01 . 2012-11-13 19:01 -------- d-----w- c:\users\Ira\AppData\Roaming\webex
2012-11-13 19:00 . 2012-11-13 19:01 -------- d-----w- c:\programdata\WebEx
2012-11-12 17:13 . 2012-11-12 17:13 -------- d-----w- c:\program files\Database Oasis
2012-11-04 00:25 . 2012-11-04 00:25 -------- d-----w- c:\users\Ben\AppData\Local\LogMeIn
2012-11-04 00:25 . 2012-11-04 00:25 -------- d-----w- c:\users\Ben\AppData\Roaming\Epson
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-20 16:03 . 2012-10-04 22:22 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-11-20 16:03 . 2012-10-04 22:22 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-20 16:03 . 2012-10-04 22:22 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-11-20 16:03 . 2012-10-04 22:22 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-10-25 13:47 . 2012-10-25 13:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-25 13:46 . 2012-07-16 13:24 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-25 13:46 . 2011-01-07 01:28 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-09 15:21 . 2012-04-12 13:35 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 15:21 . 2011-05-30 14:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 15:07 . 2012-10-22 20:46 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BFB534C-3450-42B1-A340-33ED2426FE60}\gapaengine.dll
2012-10-03 15:07 . 2011-03-25 14:23 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-29 23:54 . 2011-01-09 00:24 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 13:28 . 2012-10-10 19:48 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 02:03 . 2012-08-31 02:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2010-10-25 02:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-29 11:27 . 2012-10-10 19:48 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 19:48 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-06 01:27 . 2012-10-05 00:06 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ira\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ira\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ira\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2012-10-08 43656]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-10-24 3157856]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHVA.EXE" [2011-04-24 219008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"AffixaPersonalSettings"="c:\program files\Affixa\AffixaHandler.exe" [2012-06-24 282336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-06-08 63048]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2012-10-08 43656]
.
c:\users\Outlook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Ira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ira\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-10-26 1017184]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL01F5B4EF
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 15:21]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-13 16:01]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-13 16:01]
.
2012-11-24 c:\windows\Tasks\SyncBack Ira Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2011-01-09 20:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=869240c2-fefe-46c1-b408-214d845a4d8d&searchtype=ds&q={searchTerms}
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Ira\AppData\Roaming\Mozilla\Firefox\Profiles\w095yorr.default\
FF - prefs.js: browser.startup.homepage - hxxps://loginprodx.att.net/commonLogin/igate_edam/controller.do?TAM_OP=login&USERNAME=unauthenticated&ERROR_CODE=0x00000000&ERROR_TEXT=HPDBA0521I%20%20%20Successful%20completion&METHOD=GET&URL=%2FFIM%2Fsps%2FATTidp%2Fsaml20%2Flogininitial%3FRequestBinding%3DHTTPPost%26PartnerId%3Dhttps%3A%2F%2Flogin.yahoo.com%2Fsaml%2F2.0%2Fatt%26Target%3Dhttp%253a%2F%2Fmail.yahoo.com%253f.lts%3D1348593619%3Ftucd567%3Dw&REFERER=http%3A%2F%2Fatt.yahoo.com%2Fmail%2F&HOSTNAME=loginprodx.att.net&AUTHNLEVEL=&FAILREASON=&PROTOCOL=https&OLDSESSION=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
SafeBoot-92674928.sys
MSConfigStartUp-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
MSConfigStartUp-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-25 12:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-25 12:29:28
ComboFix-quarantined-files.txt 2012-11-25 17:29
.
Pre-Run: 103,485,947,904 bytes free
Post-Run: 103,417,024,512 bytes free
.
- - End Of File - - 104232B8426DB03D595507931FBCBFE9
  • 0

#15
Crag_Hack
Posted 25 November 2012 - 06:30 PM

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,839 posts
Hi iraboi. I analyzed your CF log and it looks clean. I am consulting my same colleague about what to do now and should have a response for you soon. I am on the road tomorrow again heading back home so I might not have time to get to you tomorrow but if not definitely the next day. Also we are almost done so hang in there :thumbsup:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP