Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Happili and google search redirect issue [Solved]


  • This topic is locked This topic is locked

#1
jkabat

jkabat

    Member

  • Member
  • PipPip
  • 98 posts
Hi,

When clicking on a result from google search I am directed to a different site. When I click back to the google search results and click the same result again I am led to the correct page.
I did a malwarebytes scan and it found Trojan Happili. Removed and restarted the computer. Google redirect continues as before. MLBT scan again turns up nothing.

OTL scan results below:


OTL logfile created on: 12/12/2012 2:42:34 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jessie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 62.47% Memory free
7.20 Gb Paging File | 5.55 Gb Available in Paging File | 77.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.38 Gb Total Space | 228.29 Gb Free Space | 80.84% Space Free | Partition Type: NTFS

Computer Name: JESSIE-PC | User Name: Jessie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/12 14:29:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jessie\Desktop\OTL.exe
PRC - [2012/11/27 22:43:18 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/27 22:43:17 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll
MOD - [2012/11/27 22:43:16 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
MOD - [2012/11/27 22:43:15 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012/11/27 22:42:30 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
MOD - [2012/11/27 22:42:29 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libegl.dll
MOD - [2012/11/27 22:42:22 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012/11/27 22:42:21 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012/11/27 22:42:21 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avformat-54.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/10 00:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/06/08 00:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/17 17:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/04/20 18:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/11 20:24:45 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/07/11 20:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/28 17:33:50 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/06/08 01:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/08 00:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/17 01:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/13 12:21:56 | 001,143,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/03/24 22:50:30 | 001,423,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/23 20:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 76 82 0E F9 D6 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {70642FB4-62CF-41F8-89A6-A9393D564588}
IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKCU\..\SearchScopes\{70642FB4-62CF-41F8-89A6-A9393D564588}: "URL" = http://www.google.co...1I7TSNO_enUS474
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2012/11/25 11:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSHIBA] rundll32.exe "C:\Users\Jessie\AppData\Local\VirtualStore\TOSHIBA\wswikaw.dll",DllRegisterServerW File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} https://mpi.dacom.ne...PI_20110503.cab (XacsPop Control)
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} https://mpi.dacom.ne...MPI/XPayMPI.cab (XPayMPIOCX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {7C98E005-7DA3-4C02-8D9F-FAA9C4D1C343} http://service.ewha..../ictReportX.cab (ReportViewerForm Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {AC2CE4A7-75CE-4B11-B245-CE697861C3C1} http://ems.shinhanli...ISAFEMailv4.cab (INISafeMailContainer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co....TLD_VISTA64.cab (KvpIspCtlD Control)
O16 - DPF: {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} https://www.isaackor...sim/ilkactx.cab (AnsimPlugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7ACCB42-994F-4EAC-8BC1-7BA8188F8953}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/12 14:42:19 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Local\Apps
[2012/12/12 14:29:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jessie\Desktop\OTL.exe
[2012/12/12 10:35:25 | 000,000,000 | ---D | C] -- C:\Users\Jessie\Desktop\Jeff's stuff
[2012/11/29 13:46:24 | 000,000,000 | ---D | C] -- C:\Users\Jessie\Desktop\abbot manor
[2012/11/26 10:32:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/25 17:05:25 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/11/25 17:05:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2012/11/25 11:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/11/25 11:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/23 15:16:07 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\27771144.sys
[2012/11/22 20:22:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/21 23:41:13 | 000,000,000 | ---D | C] -- C:\windows\Microsoft Antimalware
[2012/11/21 20:00:37 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Roaming\Malwarebytes
[2012/11/21 20:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/21 20:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/21 20:00:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/11/21 20:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/21 20:00:14 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Roaming\Optimizer Pro
[2012/11/21 20:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/11/21 20:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012/11/21 19:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012/11/21 19:54:43 | 000,000,000 | ---D | C] -- C:\eb958037f26a16806998df99
[2012/11/19 15:54:45 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/11/17 11:15:01 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/11/15 06:16:26 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012/11/15 06:16:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012/11/15 06:03:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/11/15 06:03:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/11/15 06:03:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/11/15 06:03:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/11/15 06:03:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/11/15 06:03:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/11/15 06:03:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/11/15 06:03:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/11/15 06:03:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/11/15 06:03:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/11/15 06:02:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/11/15 06:02:58 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/11/15 06:02:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/11/15 06:02:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/11/15 06:02:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/11/15 06:00:58 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012/11/15 06:00:55 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012/11/15 06:00:55 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012/11/15 06:00:54 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012/11/14 06:25:18 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012/11/14 06:25:18 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2012/11/14 06:25:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2012/11/14 06:25:08 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012/11/14 06:25:08 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2012/11/14 06:25:07 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012/11/14 06:25:07 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2012/11/14 06:25:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2012/11/14 06:25:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012/11/14 06:24:59 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012/11/14 06:24:59 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[1 C:\Users\Jessie\Desktop\*.tmp files -> C:\Users\Jessie\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/12 14:38:17 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/12 14:38:17 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/12 14:31:56 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/12 14:31:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/12 14:30:59 | 2899,468,288 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/12 14:29:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jessie\Desktop\OTL.exe
[2012/12/12 14:23:05 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/12 13:50:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/12 13:03:34 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/12 13:03:34 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/12 13:03:34 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/11 20:24:44 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/12/11 20:24:43 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/09 17:28:47 | 500,089,088 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/12/05 15:29:14 | 000,388,469 | ---- | M] () -- C:\Users\Jessie\Desktop\doc00420020121205152844.pdf
[2012/11/25 11:46:35 | 000,000,009 | ---- | M] () -- C:\END
[2012/11/23 15:16:08 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\27771144.sys
[2012/11/21 20:05:40 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware (2).lnk
[2012/11/21 20:00:34 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/21 20:00:01 | 000,001,077 | ---- | M] () -- C:\Users\Jessie\Desktop\Optimizer Pro.lnk
[2012/11/19 16:10:34 | 010,973,467 | ---- | M] () -- C:\Users\Jessie\Desktop\greencourt place.zip
[2012/11/15 06:56:51 | 000,342,664 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Jessie\Desktop\*.tmp files -> C:\Users\Jessie\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/05 15:31:52 | 000,388,469 | ---- | C] () -- C:\Users\Jessie\Desktop\doc00420020121205152844.pdf
[2012/11/25 17:05:28 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/25 11:46:34 | 000,000,009 | ---- | C] () -- C:\END
[2012/11/21 20:05:40 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware (2).lnk
[2012/11/21 20:00:34 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/21 20:00:01 | 000,001,077 | ---- | C] () -- C:\Users\Jessie\Desktop\Optimizer Pro.lnk
[2012/11/19 16:10:26 | 010,973,467 | ---- | C] () -- C:\Users\Jessie\Desktop\greencourt place.zip
[2012/11/19 15:54:39 | 500,089,088 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/11/15 06:16:34 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 06:00:54 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/09/24 18:44:46 | 002,480,232 | ---- | C] () -- C:\windows\SysWow64\ISPPopUpDlg.exe
[2012/08/04 11:27:55 | 000,000,478 | ---- | C] () -- C:\windows\SysWow64\ic32.ini
[2012/08/04 09:18:30 | 000,540,672 | ---- | C] () -- C:\windows\SysWow64\Tx32.dll
[2012/07/26 12:05:40 | 000,495,616 | ---- | C] () -- C:\windows\SysWow64\KvpUpCom.dll
[2012/04/07 15:30:19 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/19 03:42:09 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/01/19 03:33:35 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/01/19 03:30:19 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/03/24 22:48:04 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2012/12/07 16:23:42 | 000,000,580 | ---- | M] ()(C:\Users\Jessie\Desktop\????.lnk) -- C:\Users\Jessie\Desktop\겨울캠프.lnk
[2012/10/15 20:11:59 | 000,000,000 | ---D | M](C:\Users\Jessie\Desktop\????11) -- C:\Users\Jessie\Desktop\여름캠프11
[2012/10/15 16:20:56 | 000,017,368 | ---- | M] ()(C:\Users\Jessie\Desktop\?????? ?? ? ??.docx) -- C:\Users\Jessie\Desktop\미국학생비자 서류 및 절차.docx
[2012/10/15 16:20:55 | 000,017,368 | ---- | C] ()(C:\Users\Jessie\Desktop\?????? ?? ? ??.docx) -- C:\Users\Jessie\Desktop\미국학생비자 서류 및 절차.docx
[2012/10/13 07:57:47 | 000,000,580 | ---- | C] ()(C:\Users\Jessie\Desktop\????.lnk) -- C:\Users\Jessie\Desktop\겨울캠프.lnk
[2012/10/13 07:56:27 | 000,065,536 | ---- | C] ()(C:\Users\Jessie\Desktop\2010? ???.xls) -- C:\Users\Jessie\Desktop\2010년 주소록.xls
[2012/10/13 07:56:09 | 000,000,000 | ---D | C](C:\Users\Jessie\Desktop\????11) -- C:\Users\Jessie\Desktop\여름캠프11
[2012/05/05 13:25:38 | 000,019,358 | ---- | M] ()(C:\Users\Jessie\Desktop\????5~.docx) -- C:\Users\Jessie\Desktop\미대순위5~.docx
[2012/05/05 13:25:38 | 000,019,358 | ---- | C] ()(C:\Users\Jessie\Desktop\????5~.docx) -- C:\Users\Jessie\Desktop\미대순위5~.docx
[2012/05/05 13:21:58 | 000,016,438 | ---- | M] ()(C:\Users\Jessie\Desktop\2011 ??????.docx) -- C:\Users\Jessie\Desktop\2011 미국대학평가.docx
[2012/05/05 13:21:57 | 000,016,438 | ---- | C] ()(C:\Users\Jessie\Desktop\2011 ??????.docx) -- C:\Users\Jessie\Desktop\2011 미국대학평가.docx
[2011/05/17 19:28:26 | 000,065,536 | ---- | M] ()(C:\Users\Jessie\Desktop\2010? ???.xls) -- C:\Users\Jessie\Desktop\2010년 주소록.xls

< End of report >

Thank you!
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Gringo,

Thanks for your help.
I have run the programs.

1. Before running the programs I was getting this notification upon startup: Run DLL




There was a problem startingC:\Users\Jessie\AppData\Local\VirtualStore\Toshiba\wswikaw.dll
After running the programs and restarting the computer I did not see that. Nice.

2. While running adw cleaner a notification came up which said "google has blocked an attempt to change your default search settings".

3. After running all suggested programs and restarting, google search results continue to redirect.

Logs posted below in order of completion. (I have 2 roguekiller logs though I only ran it once...they might be identical. I'm posting both).


Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 6 Update 25
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.5.502.135
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````


# AdwCleaner v2.100 - Logfile created 12/12/2012 at 22:18:40
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jessie - JESSIE-PC
# Boot Mode : Normal
# Running from : C:\Users\Jessie\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1520 octets] - [23/11/2012 12:45:14]
AdwCleaner[S2].txt - [4044 octets] - [26/11/2012 10:26:24]
AdwCleaner[S3].txt - [4549 octets] - [12/12/2012 22:18:40]

########## EOF - C:\AdwCleaner[S3].txt - [4609 octets] ##########


RogueKiller V8.4.0 [Dec 12 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jessie [Admin rights]
Mode : Scan -- Date : 12/12/2012 22:24:46

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : TOSHIBA (rundll32.exe "C:\Users\Jessie\AppData\Local\VirtualStore\TOSHIBA\wswikaw.dll",DllRegisterServerW) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3270784952-2024653608-2700192650-1001[...]\Run : TOSHIBA (rundll32.exe "C:\Users\Jessie\AppData\Local\VirtualStore\TOSHIBA\wswikaw.dll",DllRegisterServerW) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{E7ACCB42-994F-4EAC-8BC1-7BA8188F8953} : NameServer (216.146.35.240,216.146.36.240,75.75.76.76,75.75.75.75) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{E7ACCB42-994F-4EAC-8BC1-7BA8188F8953} : NameServer (216.146.35.240,216.146.36.240,75.75.76.76,75.75.75.75) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3275GSX ATA Device +++++
--- User ---
[MBR] 738a2268d7090687076416015af2399d
[BSP] 61e7bdc336fdd36747720370ff24d8f5 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 289160 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 595273728 | Size: 14584 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12122012_02d2224.txt >>
RKreport[1]_S_12122012_02d2224.txt



RogueKiller V8.4.0 [Dec 12 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jessie [Admin rights]
Mode : Remove -- Date : 12/12/2012 22:25:06

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : TOSHIBA (rundll32.exe "C:\Users\Jessie\AppData\Local\VirtualStore\TOSHIBA\wswikaw.dll",DllRegisterServerW) -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{E7ACCB42-994F-4EAC-8BC1-7BA8188F8953} : NameServer (216.146.35.240,216.146.36.240,75.75.76.76,75.75.75.75) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{E7ACCB42-994F-4EAC-8BC1-7BA8188F8953} : NameServer (216.146.35.240,216.146.36.240,75.75.76.76,75.75.75.75) -> NOT REMOVED, USE DNSFIX

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3275GSX ATA Device +++++
--- User ---
[MBR] 738a2268d7090687076416015af2399d
[BSP] 61e7bdc336fdd36747720370ff24d8f5 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 289160 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 595273728 | Size: 14584 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12122012_02d2225.txt >>
RKreport[1]_S_12122012_02d2224.txt ; RKreport[2]_D_12122012_02d2225.txt




  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Hi,

Thank you.


Redirect persists with google search results.

No other issues.

Log:



ComboFix 12-12-12.01 - Jessie 12/12/2012 23:06:17.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.2475 [GMT -5:00]
Running from: c:\users\Jessie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-11-13 to 2012-12-13 )))))))))))))))))))))))))))))))
.
.
2012-12-13 04:16 . 2012-12-13 04:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-13 03:30 . 2012-12-13 03:30 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{059E7D49-B458-4B50-A2CB-A52A91F1F07E}\offreg.dll
2012-12-12 19:42 . 2012-12-12 19:42 -------- d-----w- c:\users\Jessie\AppData\Local\Apps
2012-12-12 14:01 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{059E7D49-B458-4B50-A2CB-A52A91F1F07E}\mpengine.dll
2012-12-11 10:58 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-28 19:26 . 2012-11-28 19:26 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77F67CFE-288D-4114-A80D-58BEE4B72677}\gapaengine.dll
2012-11-26 15:32 . 2012-11-26 15:32 -------- d-----w- C:\_OTL
2012-11-25 22:05 . 2012-12-12 01:24 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-25 22:05 . 2012-11-25 22:05 -------- d-----w- c:\windows\system32\Macromed
2012-11-25 16:47 . 2012-11-25 16:47 -------- d-----w- c:\program files (x86)\7-Zip
2012-11-23 20:16 . 2012-11-23 20:16 208216 ----a-w- c:\windows\system32\drivers\27771144.sys
2012-11-23 01:22 . 2012-11-24 16:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-22 04:41 . 2012-11-22 04:41 -------- d-----w- c:\windows\Microsoft Antimalware
2012-11-22 01:00 . 2012-11-22 01:00 -------- d-----w- c:\users\Jessie\AppData\Roaming\Malwarebytes
2012-11-22 01:00 . 2012-11-22 01:00 -------- d-----w- c:\programdata\Malwarebytes
2012-11-22 01:00 . 2012-11-22 01:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-22 01:00 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-22 01:00 . 2012-11-22 01:00 -------- d-----w- c:\users\Jessie\AppData\Roaming\Optimizer Pro
2012-11-22 00:59 . 2012-11-22 01:00 -------- d-----w- c:\program files (x86)\Optimizer Pro
2012-11-22 00:54 . 2012-11-22 00:55 -------- d-----w- C:\eb958037f26a16806998df99
2012-11-17 16:15 . 2012-11-17 16:15 -------- d-----w- c:\windows\Sun
2012-11-15 11:16 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 11:16 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 11:16 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 11:16 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 11:02 . 2012-10-08 11:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-15 11:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 11:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 11:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 11:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 11:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 11:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 11:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 11:24 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 11:24 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 01:24 . 2011-11-24 03:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-31 20:12 . 2012-10-31 20:12 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 08:38 . 2012-11-28 10:47 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 10:47 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 10:47 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-05 15:37 . 2012-06-13 09:44 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-24 23:44 . 2012-09-24 23:44 2480232 ----a-w- c:\windows\SysWow64\ISPPopUpDlg.exe
2012-09-14 19:19 . 2012-10-10 10:52 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 10:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2011-03-24 36992]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-07-28 313448]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-04-13 1143912]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 01:24]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 09:12]
.
2012-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 09:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-29 11905128]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{E7ACCB42-994F-4EAC-8BC1-7BA8188F8953}: NameServer = 216.146.35.240,216.146.36.240,75.75.76.76,75.75.75.75
DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxps://mpi.dacom.net/XMPI/js/LGUplus_XMPI_20110503.cab
DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxps://mpi.dacom.net/XPayMPI/XPayMPI.cab
DPF: {7C98E005-7DA3-4C02-8D9F-FAA9C4D1C343} - hxxp://service.ewha.ac.kr:88/web_kiosk_061100/ReportX/ictReportX.cab
DPF: {AC2CE4A7-75CE-4B11-B245-CE697861C3C1} - hxxp://ems.shinhanlife.co.kr/automail/initech/mail_pki/downn/INISAFEMailv4.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-10820574.sys
SafeBoot-27072901.sys
SafeBoot-42178080.sys
SafeBoot-58318857.sys
SafeBoot-99866933.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
AddRemove-Sendori - c:\program files (x86)\Sendori\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-12 23:21:05
ComboFix-quarantined-files.txt 2012-12-13 04:21
.
Pre-Run: 247,187,427,328 bytes free
Post-Run: 246,684,483,584 bytes free
.
- - End Of File - - 28E1D5E311955E5F6D3240999243DCC0
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
  • 0

#7
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Hi,

Situation persists.
OTL LOG:


OTL logfile created on: 12/13/2012 8:38:34 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jessie\Desktop\geeks 121212
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 66.64% Memory free
7.20 Gb Paging File | 5.74 Gb Available in Paging File | 79.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.38 Gb Total Space | 229.30 Gb Free Space | 81.20% Space Free | Partition Type: NTFS

Computer Name: JESSIE-PC | User Name: Jessie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jessie\Desktop\geeks 121212\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3270784952-2024653608-2700192650-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3270784952-2024653608-2700192650-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3270784952-2024653608-2700192650-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3270784952-2024653608-2700192650-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3270784952-2024653608-2700192650-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 63 24 A7 20 D9 CD 01 [binary data]
IE - HKU\S-1-5-21-3270784952-2024653608-2700192650-1001\..\SearchScopes,DefaultScope = {70642FB4-62CF-41F8-89A6-A9393D564588}
IE - HKU\S-1-5-21-3270784952-2024653608-2700192650-1001\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKU\S-1-5-21-3270784952-2024653608-2700192650-1001\..\SearchScopes\{70642FB4-62CF-41F8-89A6-A9393D564588}: "URL" = http://www.google.co...1I7TSNO_enUS474
IE - HKU\S-1-5-21-3270784952-2024653608-2700192650-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3270784952-2024653608-2700192650-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2012/11/25 11:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3270784952-2024653608-2700192650-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3270784952-2024653608-2700192650-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3270784952-2024653608-2700192650-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} https://mpi.dacom.ne...PI_20110503.cab (XacsPop Control)
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} https://mpi.dacom.ne...MPI/XPayMPI.cab (XPayMPIOCX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {7C98E005-7DA3-4C02-8D9F-FAA9C4D1C343} http://service.ewha..../ictReportX.cab (ReportViewerForm Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {AC2CE4A7-75CE-4B11-B245-CE697861C3C1} http://ems.shinhanli...ISAFEMailv4.cab (INISafeMailContainer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co....TLD_VISTA64.cab (KvpIspCtlD Control)
O16 - DPF: {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} https://www.isaackor...sim/ilkactx.cab (AnsimPlugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7ACCB42-994F-4EAC-8BC1-7BA8188F8953}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7ACCB42-994F-4EAC-8BC1-7BA8188F8953}: NameServer = 216.146.35.240,216.146.36.240,75.75.76.76,75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/13 06:03:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/12/13 06:03:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/12/13 06:03:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/12/13 06:03:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/12/13 06:03:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/12/13 06:03:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/12/13 06:03:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/12/13 06:03:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/12/13 06:03:11 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/12/13 06:03:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/12/13 06:03:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/12/13 06:03:10 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/12/13 06:03:06 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/12/13 06:03:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/12/13 06:03:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/12/12 23:23:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/12 23:21:07 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/12/12 23:02:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/12/12 23:02:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/12/12 23:02:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/12/12 23:00:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/12 23:00:18 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/12/12 22:57:49 | 005,011,070 | R--- | C] (Swearware) -- C:\Users\Jessie\Desktop\ComboFix.exe
[2012/12/12 22:41:14 | 000,000,000 | ---D | C] -- C:\Users\Jessie\Desktop\geeks 121212
[2012/12/12 22:10:03 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/12 22:10:03 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/12 22:10:03 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/12 22:10:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/12 22:09:50 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/12/12 22:09:49 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/12/12 22:09:49 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/12/12 22:09:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/12/12 22:09:47 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/12/12 22:09:47 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/12/12 22:09:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/12/12 22:09:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/12/12 22:09:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/12/12 22:09:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/12/12 22:09:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/12/12 22:09:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 22:09:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 22:09:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/12/12 22:09:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 22:09:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 22:09:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 22:09:45 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 22:09:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 22:09:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 22:09:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 22:09:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 22:09:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 22:09:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 22:09:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 22:09:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 22:09:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 22:09:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 22:09:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 22:09:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 22:09:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 22:09:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 22:09:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 22:09:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 22:09:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 22:09:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 22:09:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 22:09:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 22:09:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 22:09:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 22:09:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 22:09:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 22:09:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 22:09:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 22:09:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 22:09:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 22:09:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 22:09:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 22:09:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 22:09:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 22:09:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 22:09:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 22:09:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 22:09:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 22:09:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 22:09:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 22:09:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 22:09:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 22:09:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 22:09:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 22:09:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 22:09:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 22:09:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 22:09:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 22:09:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 22:09:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 22:09:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 22:09:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 22:09:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/12/12 22:06:39 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012/12/12 22:06:38 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
[2012/12/12 14:42:19 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Local\Apps
[2012/12/12 10:35:25 | 000,000,000 | ---D | C] -- C:\Users\Jessie\Desktop\Jeff's stuff
[2012/11/29 13:46:24 | 000,000,000 | ---D | C] -- C:\Users\Jessie\Desktop\abbot manor
[2012/11/26 10:32:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/25 17:05:25 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/11/25 17:05:10 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2012/11/25 11:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/11/25 11:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/23 15:16:07 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\27771144.sys
[2012/11/22 20:22:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/21 23:41:13 | 000,000,000 | ---D | C] -- C:\windows\Microsoft Antimalware
[2012/11/21 20:00:37 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Roaming\Malwarebytes
[2012/11/21 20:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/21 20:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/21 20:00:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/11/21 20:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/21 20:00:14 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Roaming\Optimizer Pro
[2012/11/21 20:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/11/21 20:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012/11/21 19:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012/11/21 19:54:43 | 000,000,000 | ---D | C] -- C:\eb958037f26a16806998df99
[2012/11/19 15:54:45 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/11/17 11:15:01 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/11/15 06:16:26 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012/11/15 06:16:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012/11/15 06:00:58 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012/11/15 06:00:55 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012/11/15 06:00:55 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012/11/15 06:00:54 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012/11/14 06:25:18 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll
[2012/11/14 06:25:18 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll
[2012/11/14 06:25:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll
[2012/11/14 06:25:08 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll
[2012/11/14 06:25:08 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll
[2012/11/14 06:25:07 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll
[2012/11/14 06:25:07 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll
[2012/11/14 06:25:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll
[2012/11/14 06:25:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll
[2012/11/14 06:24:59 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll
[2012/11/14 06:24:59 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll
[1 C:\Users\Jessie\Desktop\*.tmp files -> C:\Users\Jessie\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/13 08:23:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/13 08:23:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/13 07:50:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/13 07:45:49 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/13 07:45:49 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/13 07:44:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/13 06:49:59 | 000,342,664 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/12/13 06:48:56 | 2899,468,288 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/12 22:58:14 | 005,011,070 | R--- | M] (Swearware) -- C:\Users\Jessie\Desktop\ComboFix.exe
[2012/12/12 22:08:28 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/12 22:08:28 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/12 22:08:28 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/11 20:24:44 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/12/11 20:24:43 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/09 17:28:47 | 500,089,088 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/11/25 11:46:35 | 000,000,009 | ---- | M] () -- C:\END
[2012/11/23 15:16:08 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\27771144.sys
[2012/11/21 20:05:40 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware (2).lnk
[2012/11/21 20:00:34 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/21 20:00:01 | 000,001,077 | ---- | M] () -- C:\Users\Jessie\Desktop\Optimizer Pro.lnk
[2012/11/19 16:10:34 | 010,973,467 | ---- | M] () -- C:\Users\Jessie\Desktop\greencourt place.zip
[2012/11/14 01:11:44 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/11/14 01:02:49 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/11/14 01:02:04 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/11/14 00:58:36 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/11/14 00:57:46 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/11/14 00:57:35 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/11/14 00:55:26 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/11/14 00:53:22 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/11/14 00:46:25 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/11/13 20:58:15 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/11/13 20:55:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/11/13 20:49:25 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/11/13 20:49:19 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/11/13 20:45:01 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/11/13 20:41:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[1 C:\Users\Jessie\Desktop\*.tmp files -> C:\Users\Jessie\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/12 23:02:01 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/12/12 23:02:01 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/12/12 23:02:01 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/12/12 23:02:01 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/12/12 23:02:01 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/11/25 17:05:28 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/25 11:46:34 | 000,000,009 | ---- | C] () -- C:\END
[2012/11/21 20:05:40 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware (2).lnk
[2012/11/21 20:00:34 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/21 20:00:01 | 000,001,077 | ---- | C] () -- C:\Users\Jessie\Desktop\Optimizer Pro.lnk
[2012/11/19 16:10:26 | 010,973,467 | ---- | C] () -- C:\Users\Jessie\Desktop\greencourt place.zip
[2012/11/19 15:54:39 | 500,089,088 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/11/15 06:16:34 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 06:00:54 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/09/24 18:44:46 | 002,480,232 | ---- | C] () -- C:\windows\SysWow64\ISPPopUpDlg.exe
[2012/08/04 11:27:55 | 000,000,478 | ---- | C] () -- C:\windows\SysWow64\ic32.ini
[2012/08/04 09:18:30 | 000,540,672 | ---- | C] () -- C:\windows\SysWow64\Tx32.dll
[2012/07/26 12:05:40 | 000,495,616 | ---- | C] () -- C:\windows\SysWow64\KvpUpCom.dll
[2012/04/07 15:30:19 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/19 03:42:09 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/01/19 03:33:35 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/01/19 03:30:19 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/03/24 22:48:04 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2012/12/07 16:23:42 | 000,000,580 | ---- | M] ()(C:\Users\Jessie\Desktop\????.lnk) -- C:\Users\Jessie\Desktop\겨울캠프.lnk
[2012/10/15 20:11:59 | 000,000,000 | ---D | M](C:\Users\Jessie\Desktop\????11) -- C:\Users\Jessie\Desktop\여름캠프11
[2012/10/15 16:20:56 | 000,017,368 | ---- | M] ()(C:\Users\Jessie\Desktop\?????? ?? ? ??.docx) -- C:\Users\Jessie\Desktop\미국학생비자 서류 및 절차.docx
[2012/10/15 16:20:55 | 000,017,368 | ---- | C] ()(C:\Users\Jessie\Desktop\?????? ?? ? ??.docx) -- C:\Users\Jessie\Desktop\미국학생비자 서류 및 절차.docx
[2012/10/13 07:57:47 | 000,000,580 | ---- | C] ()(C:\Users\Jessie\Desktop\????.lnk) -- C:\Users\Jessie\Desktop\겨울캠프.lnk
[2012/10/13 07:56:27 | 000,065,536 | ---- | C] ()(C:\Users\Jessie\Desktop\2010? ???.xls) -- C:\Users\Jessie\Desktop\2010년 주소록.xls
[2012/10/13 07:56:09 | 000,000,000 | ---D | C](C:\Users\Jessie\Desktop\????11) -- C:\Users\Jessie\Desktop\여름캠프11
[2012/05/05 13:25:38 | 000,019,358 | ---- | M] ()(C:\Users\Jessie\Desktop\????5~.docx) -- C:\Users\Jessie\Desktop\미대순위5~.docx
[2012/05/05 13:25:38 | 000,019,358 | ---- | C] ()(C:\Users\Jessie\Desktop\????5~.docx) -- C:\Users\Jessie\Desktop\미대순위5~.docx
[2012/05/05 13:21:58 | 000,016,438 | ---- | M] ()(C:\Users\Jessie\Desktop\2011 ??????.docx) -- C:\Users\Jessie\Desktop\2011 미국대학평가.docx
[2012/05/05 13:21:57 | 000,016,438 | ---- | C] ()(C:\Users\Jessie\Desktop\2011 ??????.docx) -- C:\Users\Jessie\Desktop\2011 미국대학평가.docx
[2011/05/17 19:28:26 | 000,065,536 | ---- | M] ()(C:\Users\Jessie\Desktop\2010? ???.xls) -- C:\Users\Jessie\Desktop\2010년 주소록.xls

< End of report >
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2012/11/21 20:00:14 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Roaming\Optimizer Pro
    [2012/11/21 20:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
    [2012/11/21 19:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
    [2012/11/21 20:00:01 | 000,001,077 | ---- | M] () -- C:\Users\Jessie\Desktop\Optimizer Pro.lnk
    [2012/11/21 20:00:01 | 000,001,077 | ---- | C] () -- C:\Users\Jessie\Desktop\Optimizer Pro.lnk
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
  • 0

#9
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Hi,

I ran the fix. It lasted less than 2 seconds. I rebooted the computer.

The redirect issue continues. A few icons on my desktop have gone nearly invisible. They will not open when I click them. A word document produces a message of "there is unreadable content".

An icon that is called desktop.ini provides the following in notepad:



[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

Not sure if either of those are anything, but thought I 'd share.

THanks. OTL report to follow:



========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Jessie\AppData\Roaming\Optimizer Pro\Undo folder moved successfully.
C:\Users\Jessie\AppData\Roaming\Optimizer Pro\Log folder moved successfully.
C:\Users\Jessie\AppData\Roaming\Optimizer Pro\Backup folder moved successfully.
C:\Users\Jessie\AppData\Roaming\Optimizer Pro folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro folder moved successfully.
C:\Program Files (x86)\Optimizer Pro folder moved successfully.
C:\Users\Jessie\Desktop\Optimizer Pro.lnk moved successfully.
File C:\Users\Jessie\Desktop\Optimizer Pro.lnk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jessie\Desktop\geeks 121212\cmd.bat deleted successfully.
C:\Users\Jessie\Desktop\geeks 121212\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Jessie
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jessie
->Flash cache emptied: 12740 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12132012_201050
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

Advertisements


#11
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Tasks completed. Redirect still happening.

Logs:


20:38:08.0011 1824 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:38:08.0306 1824 ============================================================
20:38:08.0306 1824 Current date / time: 2012/12/13 20:38:08.0306
20:38:08.0306 1824 SystemInfo:
20:38:08.0306 1824
20:38:08.0306 1824 OS Version: 6.1.7601 ServicePack: 1.0
20:38:08.0307 1824 Product type: Workstation
20:38:08.0307 1824 ComputerName: JESSIE-PC
20:38:08.0308 1824 UserName: Jessie
20:38:08.0308 1824 Windows directory: C:\windows
20:38:08.0308 1824 System windows directory: C:\windows
20:38:08.0308 1824 Running under WOW64
20:38:08.0308 1824 Processor architecture: Intel x64
20:38:08.0308 1824 Number of processors: 2
20:38:08.0308 1824 Page size: 0x1000
20:38:08.0308 1824 Boot type: Normal boot
20:38:08.0308 1824 ============================================================
20:38:11.0492 1824 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:38:11.0503 1824 ============================================================
20:38:11.0503 1824 \Device\Harddisk0\DR0:
20:38:11.0504 1824 MBR partitions:
20:38:11.0504 1824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x234C4000
20:38:11.0504 1824 ============================================================
20:38:11.0526 1824 C: <-> \Device\Harddisk0\DR0\Partition1
20:38:11.0526 1824 ============================================================
20:38:11.0526 1824 Initialize success
20:38:11.0526 1824 ============================================================
20:38:36.0049 1880 Deinitialize success



20:40:39.0132 2848 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:40:41.0238 2848 ============================================================
20:40:41.0238 2848 Current date / time: 2012/12/13 20:40:41.0238
20:40:41.0238 2848 SystemInfo:
20:40:41.0238 2848
20:40:41.0238 2848 OS Version: 6.1.7601 ServicePack: 1.0
20:40:41.0238 2848 Product type: Workstation
20:40:41.0238 2848 ComputerName: JESSIE-PC
20:40:41.0238 2848 UserName: Jessie
20:40:41.0238 2848 Windows directory: C:\windows
20:40:41.0238 2848 System windows directory: C:\windows
20:40:41.0238 2848 Running under WOW64
20:40:41.0238 2848 Processor architecture: Intel x64
20:40:41.0238 2848 Number of processors: 2
20:40:41.0238 2848 Page size: 0x1000
20:40:41.0238 2848 Boot type: Normal boot
20:40:41.0238 2848 ============================================================
20:40:58.0687 2848 BG loaded
20:41:00.0076 2848 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:41:00.0122 2848 ============================================================
20:41:00.0122 2848 \Device\Harddisk0\DR0:
20:41:00.0138 2848 MBR partitions:
20:41:00.0138 2848 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x234C4000
20:41:00.0138 2848 ============================================================
20:41:00.0263 2848 C: <-> \Device\Harddisk0\DR0\Partition1
20:41:00.0263 2848 ============================================================
20:41:00.0263 2848 Initialize success
20:41:00.0263 2848 ============================================================
20:41:28.0419 4132 ============================================================
20:41:28.0419 4132 Scan started
20:41:28.0419 4132 Mode: Manual; SigCheck; TDLFS;
20:41:28.0419 4132 ============================================================
20:41:29.0885 4132 ================ Scan system memory ========================
20:41:29.0885 4132 System memory - ok
20:41:29.0901 4132 ================ Scan services =============================
20:41:30.0119 4132 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
20:41:30.0291 4132 1394ohci - ok
20:41:30.0353 4132 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
20:41:30.0400 4132 ACPI - ok
20:41:30.0431 4132 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
20:41:30.0650 4132 AcpiPmi - ok
20:41:30.0821 4132 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:41:30.0899 4132 AdobeFlashPlayerUpdateSvc - ok
20:41:30.0962 4132 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
20:41:31.0024 4132 adp94xx - ok
20:41:31.0040 4132 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
20:41:31.0086 4132 adpahci - ok
20:41:31.0102 4132 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
20:41:31.0133 4132 adpu320 - ok
20:41:31.0180 4132 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
20:41:31.0913 4132 AeLookupSvc - ok
20:41:31.0976 4132 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
20:41:32.0100 4132 AFD - ok
20:41:32.0147 4132 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
20:41:32.0194 4132 agp440 - ok
20:41:32.0210 4132 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
20:41:32.0319 4132 ALG - ok
20:41:32.0350 4132 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
20:41:32.0381 4132 aliide - ok
20:41:32.0428 4132 [ 2F2E91FD092811353C3BC968BEC274D8 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
20:41:32.0584 4132 AMD External Events Utility - ok
20:41:32.0615 4132 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
20:41:32.0646 4132 amdide - ok
20:41:32.0678 4132 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
20:41:32.0802 4132 AmdK8 - ok
20:41:33.0224 4132 [ 194D76D2083318A2E7071A988E02ECF4 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
20:41:33.0504 4132 amdkmdag - ok
20:41:33.0551 4132 [ 1EEFFCE9A3A65A56A28793EAA3F57026 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
20:41:33.0629 4132 amdkmdap - ok
20:41:33.0676 4132 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
20:41:33.0738 4132 AmdPPM - ok
20:41:33.0785 4132 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
20:41:33.0848 4132 amdsata - ok
20:41:33.0894 4132 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
20:41:33.0941 4132 amdsbs - ok
20:41:33.0957 4132 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
20:41:34.0004 4132 amdxata - ok
20:41:34.0019 4132 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
20:41:34.0487 4132 AppID - ok
20:41:34.0518 4132 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
20:41:34.0628 4132 AppIDSvc - ok
20:41:34.0659 4132 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
20:41:34.0752 4132 Appinfo - ok
20:41:34.0815 4132 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
20:41:34.0846 4132 arc - ok
20:41:34.0862 4132 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
20:41:34.0893 4132 arcsas - ok
20:41:34.0924 4132 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
20:41:35.0033 4132 AsyncMac - ok
20:41:35.0049 4132 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
20:41:35.0080 4132 atapi - ok
20:41:35.0158 4132 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:41:35.0267 4132 AudioEndpointBuilder - ok
20:41:35.0314 4132 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
20:41:35.0423 4132 AudioSrv - ok
20:41:35.0486 4132 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
20:41:35.0626 4132 AxInstSV - ok
20:41:35.0673 4132 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
20:41:35.0720 4132 b06bdrv - ok
20:41:35.0782 4132 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
20:41:35.0844 4132 b57nd60a - ok
20:41:35.0891 4132 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
20:41:35.0954 4132 BDESVC - ok
20:41:36.0000 4132 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
20:41:36.0125 4132 Beep - ok
20:41:36.0172 4132 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
20:41:36.0281 4132 BFE - ok
20:41:36.0344 4132 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
20:41:36.0484 4132 BITS - ok
20:41:36.0500 4132 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
20:41:36.0546 4132 blbdrive - ok
20:41:36.0609 4132 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
20:41:36.0702 4132 bowser - ok
20:41:36.0734 4132 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
20:41:36.0796 4132 BrFiltLo - ok
20:41:36.0827 4132 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
20:41:36.0874 4132 BrFiltUp - ok
20:41:36.0905 4132 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
20:41:36.0999 4132 BridgeMP - ok
20:41:37.0030 4132 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
20:41:37.0092 4132 Browser - ok
20:41:37.0108 4132 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
20:41:37.0186 4132 Brserid - ok
20:41:37.0217 4132 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
20:41:37.0280 4132 BrSerWdm - ok
20:41:37.0295 4132 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
20:41:37.0342 4132 BrUsbMdm - ok
20:41:37.0373 4132 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
20:41:37.0420 4132 BrUsbSer - ok
20:41:37.0436 4132 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
20:41:37.0498 4132 BTHMODEM - ok
20:41:37.0545 4132 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
20:41:37.0670 4132 bthserv - ok
20:41:37.0701 4132 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
20:41:37.0810 4132 cdfs - ok
20:41:37.0841 4132 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
20:41:37.0872 4132 cdrom - ok
20:41:37.0904 4132 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
20:41:38.0013 4132 CertPropSvc - ok
20:41:38.0028 4132 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
20:41:38.0075 4132 circlass - ok
20:41:38.0106 4132 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
20:41:38.0153 4132 CLFS - ok
20:41:38.0231 4132 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:41:38.0278 4132 clr_optimization_v2.0.50727_32 - ok
20:41:38.0325 4132 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:41:38.0372 4132 clr_optimization_v2.0.50727_64 - ok
20:41:38.0434 4132 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:41:38.0512 4132 clr_optimization_v4.0.30319_32 - ok
20:41:38.0559 4132 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:41:38.0606 4132 clr_optimization_v4.0.30319_64 - ok
20:41:38.0652 4132 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
20:41:38.0715 4132 CmBatt - ok
20:41:38.0730 4132 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
20:41:38.0762 4132 cmdide - ok
20:41:38.0808 4132 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
20:41:38.0871 4132 CNG - ok
20:41:38.0871 4132 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
20:41:38.0902 4132 Compbatt - ok
20:41:38.0933 4132 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
20:41:38.0996 4132 CompositeBus - ok
20:41:38.0996 4132 COMSysApp - ok
20:41:39.0042 4132 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
20:41:39.0074 4132 crcdisk - ok
20:41:39.0120 4132 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
20:41:39.0198 4132 CryptSvc - ok
20:41:39.0261 4132 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
20:41:39.0386 4132 DcomLaunch - ok
20:41:39.0448 4132 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
20:41:39.0557 4132 defragsvc - ok
20:41:39.0604 4132 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
20:41:39.0713 4132 DfsC - ok
20:41:39.0744 4132 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
20:41:39.0822 4132 Dhcp - ok
20:41:39.0854 4132 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
20:41:39.0947 4132 discache - ok
20:41:39.0994 4132 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
20:41:40.0025 4132 Disk - ok
20:41:40.0088 4132 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
20:41:40.0166 4132 Dnscache - ok
20:41:40.0212 4132 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
20:41:40.0306 4132 dot3svc - ok
20:41:40.0353 4132 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
20:41:40.0446 4132 DPS - ok
20:41:40.0509 4132 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
20:41:40.0556 4132 drmkaud - ok
20:41:40.0602 4132 [ 85DBF6EC7BDFA6187F4A1EC8F3145CD0 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
20:41:40.0680 4132 DXGKrnl - ok
20:41:40.0712 4132 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
20:41:40.0821 4132 EapHost - ok
20:41:40.0961 4132 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
20:41:41.0117 4132 ebdrv - ok
20:41:41.0164 4132 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
20:41:41.0258 4132 EFS - ok
20:41:41.0336 4132 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
20:41:41.0429 4132 ehRecvr - ok
20:41:41.0461 4132 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
20:41:41.0492 4132 ehSched - ok
20:41:41.0539 4132 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
20:41:41.0585 4132 elxstor - ok
20:41:41.0617 4132 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
20:41:41.0663 4132 ErrDev - ok
20:41:41.0741 4132 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
20:41:41.0835 4132 EventSystem - ok
20:41:41.0882 4132 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
20:41:41.0975 4132 exfat - ok
20:41:42.0007 4132 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
20:41:42.0116 4132 fastfat - ok
20:41:42.0163 4132 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
20:41:42.0241 4132 Fax - ok
20:41:42.0272 4132 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
20:41:42.0319 4132 fdc - ok
20:41:42.0381 4132 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
20:41:42.0459 4132 fdPHost - ok
20:41:42.0506 4132 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
20:41:42.0599 4132 FDResPub - ok
20:41:42.0646 4132 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
20:41:42.0677 4132 FileInfo - ok
20:41:42.0709 4132 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
20:41:42.0818 4132 Filetrace - ok
20:41:42.0849 4132 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
20:41:42.0880 4132 flpydisk - ok
20:41:42.0911 4132 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
20:41:42.0958 4132 FltMgr - ok
20:41:43.0021 4132 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
20:41:43.0114 4132 FontCache - ok
20:41:43.0161 4132 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:41:43.0192 4132 FontCache3.0.0.0 - ok
20:41:43.0223 4132 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
20:41:43.0255 4132 FsDepends - ok
20:41:43.0301 4132 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
20:41:43.0333 4132 Fs_Rec - ok
20:41:43.0379 4132 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
20:41:43.0426 4132 fvevol - ok
20:41:43.0473 4132 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
20:41:43.0504 4132 FwLnk - ok
20:41:43.0535 4132 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
20:41:43.0567 4132 gagp30kx - ok
20:41:43.0629 4132 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
20:41:43.0738 4132 gpsvc - ok
20:41:43.0832 4132 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:41:43.0863 4132 gupdate - ok
20:41:43.0879 4132 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:41:43.0910 4132 gupdatem - ok
20:41:43.0941 4132 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:41:43.0972 4132 gusvc - ok
20:41:44.0003 4132 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
20:41:44.0066 4132 hcw85cir - ok
20:41:44.0113 4132 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:41:44.0175 4132 HdAudAddService - ok
20:41:44.0206 4132 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
20:41:44.0253 4132 HDAudBus - ok
20:41:44.0300 4132 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
20:41:44.0347 4132 HidBatt - ok
20:41:44.0378 4132 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
20:41:44.0425 4132 HidBth - ok
20:41:44.0471 4132 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
20:41:44.0503 4132 HidIr - ok
20:41:44.0549 4132 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
20:41:44.0643 4132 hidserv - ok
20:41:44.0690 4132 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
20:41:44.0721 4132 HidUsb - ok
20:41:44.0737 4132 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
20:41:44.0846 4132 hkmsvc - ok
20:41:44.0893 4132 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:41:44.0971 4132 HomeGroupListener - ok
20:41:45.0017 4132 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:41:45.0064 4132 HomeGroupProvider - ok
20:41:45.0111 4132 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
20:41:45.0142 4132 HpSAMD - ok
20:41:45.0173 4132 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
20:41:45.0298 4132 HTTP - ok
20:41:45.0314 4132 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
20:41:45.0345 4132 hwpolicy - ok
20:41:45.0376 4132 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
20:41:45.0407 4132 i8042prt - ok
20:41:45.0454 4132 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
20:41:45.0517 4132 iaStorV - ok
20:41:45.0579 4132 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:41:45.0657 4132 idsvc - ok
20:41:45.0673 4132 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
20:41:45.0704 4132 iirsp - ok
20:41:45.0751 4132 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
20:41:45.0860 4132 IKEEXT - ok
20:41:45.0985 4132 [ 0A30A899C6295F908729EDA7F95615A8 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
20:41:46.0125 4132 IntcAzAudAddService - ok
20:41:46.0203 4132 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
20:41:46.0234 4132 intelide - ok
20:41:46.0265 4132 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
20:41:46.0297 4132 intelppm - ok
20:41:46.0328 4132 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
20:41:46.0453 4132 IPBusEnum - ok
20:41:46.0468 4132 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
20:41:46.0562 4132 IpFilterDriver - ok
20:41:46.0609 4132 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
20:41:46.0687 4132 iphlpsvc - ok
20:41:46.0718 4132 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
20:41:46.0780 4132 IPMIDRV - ok
20:41:46.0811 4132 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
20:41:46.0921 4132 IPNAT - ok
20:41:46.0952 4132 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
20:41:46.0983 4132 IRENUM - ok
20:41:47.0014 4132 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
20:41:47.0030 4132 isapnp - ok
20:41:47.0077 4132 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
20:41:47.0108 4132 iScsiPrt - ok
20:41:47.0123 4132 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
20:41:47.0155 4132 kbdclass - ok
20:41:47.0186 4132 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
20:41:47.0233 4132 kbdhid - ok
20:41:47.0248 4132 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
20:41:47.0279 4132 KeyIso - ok
20:41:47.0295 4132 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
20:41:47.0326 4132 KSecDD - ok
20:41:47.0357 4132 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
20:41:47.0389 4132 KSecPkg - ok
20:41:47.0404 4132 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
20:41:47.0513 4132 ksthunk - ok
20:41:47.0560 4132 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
20:41:47.0685 4132 KtmRm - ok
20:41:47.0716 4132 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
20:41:47.0825 4132 LanmanServer - ok
20:41:47.0857 4132 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:41:47.0950 4132 LanmanWorkstation - ok
20:41:47.0981 4132 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
20:41:48.0091 4132 lltdio - ok
20:41:48.0137 4132 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
20:41:48.0231 4132 lltdsvc - ok
20:41:48.0262 4132 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
20:41:48.0340 4132 lmhosts - ok
20:41:48.0403 4132 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
20:41:48.0434 4132 LSI_FC - ok
20:41:48.0481 4132 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
20:41:48.0543 4132 LSI_SAS - ok
20:41:48.0605 4132 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
20:41:48.0652 4132 LSI_SAS2 - ok
20:41:48.0683 4132 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
20:41:48.0730 4132 LSI_SCSI - ok
20:41:48.0886 4132 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
20:41:49.0027 4132 luafv - ok
20:41:49.0073 4132 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
20:41:49.0089 4132 MBAMProtector - ok
20:41:49.0198 4132 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:41:49.0245 4132 MBAMScheduler - ok
20:41:49.0339 4132 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:41:49.0401 4132 MBAMService - ok
20:41:49.0432 4132 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
20:41:49.0463 4132 Mcx2Svc - ok
20:41:49.0510 4132 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
20:41:49.0541 4132 megasas - ok
20:41:49.0573 4132 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
20:41:49.0635 4132 MegaSR - ok
20:41:49.0651 4132 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
20:41:49.0760 4132 MMCSS - ok
20:41:49.0791 4132 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
20:41:49.0900 4132 Modem - ok
20:41:49.0931 4132 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
20:41:49.0978 4132 monitor - ok
20:41:50.0009 4132 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
20:41:50.0025 4132 mouclass - ok
20:41:50.0056 4132 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
20:41:50.0103 4132 mouhid - ok
20:41:50.0134 4132 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
20:41:50.0181 4132 mountmgr - ok
20:41:50.0228 4132 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
20:41:50.0275 4132 MpFilter - ok
20:41:50.0321 4132 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
20:41:50.0399 4132 mpio - ok
20:41:50.0431 4132 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
20:41:50.0540 4132 mpsdrv - ok
20:41:50.0618 4132 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
20:41:50.0743 4132 MpsSvc - ok
20:41:50.0758 4132 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
20:41:50.0836 4132 MRxDAV - ok
20:41:50.0867 4132 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
20:41:50.0945 4132 mrxsmb - ok
20:41:50.0992 4132 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
20:41:51.0023 4132 mrxsmb10 - ok
20:41:51.0055 4132 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
20:41:51.0086 4132 mrxsmb20 - ok
20:41:51.0101 4132 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
20:41:51.0133 4132 msahci - ok
20:41:51.0226 4132 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
20:41:51.0289 4132 msdsm - ok
20:41:51.0351 4132 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
20:41:51.0398 4132 MSDTC - ok
20:41:51.0445 4132 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
20:41:51.0538 4132 Msfs - ok
20:41:51.0569 4132 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
20:41:51.0679 4132 mshidkmdf - ok
20:41:51.0710 4132 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
20:41:51.0741 4132 msisadrv - ok
20:41:51.0788 4132 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
20:41:51.0897 4132 MSiSCSI - ok
20:41:51.0913 4132 msiserver - ok
20:41:51.0944 4132 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
20:41:52.0053 4132 MSKSSRV - ok
20:41:52.0147 4132 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:41:52.0178 4132 MsMpSvc - ok
20:41:52.0225 4132 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
20:41:52.0334 4132 MSPCLOCK - ok
20:41:52.0349 4132 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
20:41:52.0459 4132 MSPQM - ok
20:41:52.0490 4132 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
20:41:52.0537 4132 MsRPC - ok
20:41:52.0583 4132 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
20:41:52.0615 4132 mssmbios - ok
20:41:52.0646 4132 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
20:41:52.0739 4132 MSTEE - ok
20:41:52.0755 4132 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
20:41:52.0817 4132 MTConfig - ok
20:41:52.0849 4132 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
20:41:52.0880 4132 Mup - ok
20:41:52.0942 4132 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
20:41:53.0051 4132 napagent - ok
20:41:53.0145 4132 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
20:41:53.0223 4132 NativeWifiP - ok
20:41:53.0332 4132 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
20:41:53.0410 4132 NDIS - ok
20:41:53.0457 4132 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
20:41:53.0582 4132 NdisCap - ok
20:41:53.0613 4132 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
20:41:53.0691 4132 NdisTapi - ok
20:41:53.0722 4132 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
20:41:53.0831 4132 Ndisuio - ok
20:41:53.0847 4132 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
20:41:53.0956 4132 NdisWan - ok
20:41:53.0972 4132 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
20:41:54.0065 4132 NDProxy - ok
20:41:54.0097 4132 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
20:41:54.0190 4132 NetBIOS - ok
20:41:54.0206 4132 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
20:41:54.0299 4132 NetBT - ok
20:41:54.0315 4132 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
20:41:54.0346 4132 Netlogon - ok
20:41:54.0377 4132 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
20:41:54.0487 4132 Netman - ok
20:41:54.0533 4132 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
20:41:54.0627 4132 netprofm - ok
20:41:54.0674 4132 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:41:54.0705 4132 NetTcpPortSharing - ok
20:41:54.0736 4132 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
20:41:54.0767 4132 nfrd960 - ok
20:41:54.0799 4132 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
20:41:54.0845 4132 NisDrv - ok
20:41:54.0877 4132 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:41:54.0923 4132 NisSrv - ok
20:41:54.0955 4132 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
20:41:55.0001 4132 NlaSvc - ok
20:41:55.0048 4132 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
20:41:55.0126 4132 Npfs - ok
20:41:55.0157 4132 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
20:41:55.0251 4132 nsi - ok
20:41:55.0267 4132 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
20:41:55.0376 4132 nsiproxy - ok
20:41:55.0454 4132 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
20:41:55.0547 4132 Ntfs - ok
20:41:55.0579 4132 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
20:41:55.0672 4132 Null - ok
20:41:55.0688 4132 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
20:41:55.0719 4132 nvraid - ok
20:41:55.0735 4132 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
20:41:55.0766 4132 nvstor - ok
20:41:55.0781 4132 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
20:41:55.0813 4132 nv_agp - ok
20:41:55.0828 4132 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
20:41:55.0859 4132 ohci1394 - ok
20:41:55.0922 4132 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:41:55.0953 4132 ose - ok
20:41:56.0140 4132 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:41:56.0468 4132 osppsvc - ok
20:41:56.0530 4132 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
20:41:56.0608 4132 p2pimsvc - ok
20:41:56.0639 4132 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
20:41:56.0686 4132 p2psvc - ok
20:41:56.0717 4132 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
20:41:56.0749 4132 Parport - ok
20:41:56.0780 4132 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
20:41:56.0811 4132 partmgr - ok
20:41:56.0842 4132 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
20:41:56.0905 4132 PcaSvc - ok
20:41:56.0936 4132 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
20:41:56.0967 4132 pci - ok
20:41:56.0998 4132 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
20:41:57.0014 4132 pciide - ok
20:41:57.0045 4132 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
20:41:57.0092 4132 pcmcia - ok
20:41:57.0107 4132 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
20:41:57.0139 4132 pcw - ok
20:41:57.0170 4132 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
20:41:57.0279 4132 PEAUTH - ok
20:41:57.0373 4132 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
20:41:57.0419 4132 PerfHost - ok
20:41:57.0466 4132 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
20:41:57.0497 4132 PGEffect - ok
20:41:57.0544 4132 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
20:41:57.0685 4132 pla - ok
20:41:57.0731 4132 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
20:41:57.0809 4132 PlugPlay - ok
20:41:57.0841 4132 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
20:41:57.0887 4132 PNRPAutoReg - ok
20:41:57.0919 4132 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
20:41:57.0950 4132 PNRPsvc - ok
20:41:57.0997 4132 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
20:41:58.0106 4132 PolicyAgent - ok
20:41:58.0137 4132 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
20:41:58.0246 4132 Power - ok
20:41:58.0277 4132 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
20:41:58.0371 4132 PptpMiniport - ok
20:41:58.0402 4132 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
20:41:58.0449 4132 Processor - ok
20:41:58.0480 4132 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
20:41:58.0543 4132 ProfSvc - ok
20:41:58.0574 4132 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
20:41:58.0605 4132 ProtectedStorage - ok
20:41:58.0621 4132 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
20:41:58.0730 4132 Psched - ok
20:41:58.0792 4132 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
20:41:58.0886 4132 ql2300 - ok
20:41:58.0917 4132 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
20:41:58.0948 4132 ql40xx - ok
20:41:58.0979 4132 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
20:41:59.0026 4132 QWAVE - ok
20:41:59.0042 4132 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
20:41:59.0104 4132 QWAVEdrv - ok
20:41:59.0135 4132 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
20:41:59.0229 4132 RasAcd - ok
20:41:59.0260 4132 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
20:41:59.0354 4132 RasAgileVpn - ok
20:41:59.0385 4132 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
20:41:59.0494 4132 RasAuto - ok
20:41:59.0510 4132 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
20:41:59.0619 4132 Rasl2tp - ok
20:41:59.0650 4132 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
20:41:59.0744 4132 RasMan - ok
20:41:59.0759 4132 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
20:41:59.0884 4132 RasPppoe - ok
20:41:59.0900 4132 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
20:42:00.0009 4132 RasSstp - ok
20:42:00.0040 4132 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
20:42:00.0149 4132 rdbss - ok
20:42:00.0181 4132 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
20:42:00.0227 4132 rdpbus - ok
20:42:00.0259 4132 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
20:42:00.0352 4132 RDPCDD - ok
20:42:00.0383 4132 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
20:42:00.0493 4132 RDPENCDD - ok
20:42:00.0508 4132 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
20:42:00.0602 4132 RDPREFMP - ok
20:42:00.0633 4132 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
20:42:00.0695 4132 RDPWD - ok
20:42:00.0758 4132 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
20:42:00.0805 4132 rdyboost - ok
20:42:00.0836 4132 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
20:42:00.0945 4132 RemoteAccess - ok
20:42:00.0976 4132 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
20:42:01.0070 4132 RemoteRegistry - ok
20:42:01.0101 4132 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
20:42:01.0195 4132 RpcEptMapper - ok
20:42:01.0226 4132 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
20:42:01.0257 4132 RpcLocator - ok
20:42:01.0304 4132 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
20:42:01.0397 4132 RpcSs - ok
20:42:01.0413 4132 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
20:42:01.0522 4132 rspndr - ok
20:42:01.0569 4132 [ 36FCA0C67BCDC0DA047F5F36743B5CB9 ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
20:42:01.0600 4132 RSUSBVSTOR - ok
20:42:01.0678 4132 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
20:42:01.0725 4132 RTL8167 - ok
20:42:01.0787 4132 [ 513338976B722822B555D739D78F9E9F ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
20:42:01.0850 4132 RTL8192Ce - ok
20:42:01.0881 4132 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
20:42:01.0912 4132 SamSs - ok
20:42:01.0943 4132 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
20:42:01.0975 4132 sbp2port - ok
20:42:02.0006 4132 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
20:42:02.0099 4132 SCardSvr - ok
20:42:02.0115 4132 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
20:42:02.0209 4132 scfilter - ok
20:42:02.0255 4132 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
20:42:02.0380 4132 Schedule - ok
20:42:02.0411 4132 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
20:42:02.0505 4132 SCPolicySvc - ok
20:42:02.0536 4132 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
20:42:02.0599 4132 SDRSVC - ok
20:42:02.0630 4132 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
20:42:02.0723 4132 secdrv - ok
20:42:02.0739 4132 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
20:42:02.0833 4132 seclogon - ok
20:42:02.0864 4132 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
20:42:02.0973 4132 SENS - ok
20:42:02.0989 4132 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
20:42:03.0067 4132 SensrSvc - ok
20:42:03.0098 4132 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
20:42:03.0160 4132 Serenum - ok
20:42:03.0191 4132 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
20:42:03.0238 4132 Serial - ok
20:42:03.0269 4132 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
20:42:03.0316 4132 sermouse - ok
20:42:03.0379 4132 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
20:42:03.0488 4132 SessionEnv - ok
20:42:03.0503 4132 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
20:42:03.0550 4132 sffdisk - ok
20:42:03.0566 4132 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
20:42:03.0628 4132 sffp_mmc - ok
20:42:03.0644 4132 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
20:42:03.0706 4132 sffp_sd - ok
20:42:03.0722 4132 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
20:42:03.0753 4132 sfloppy - ok
20:42:03.0800 4132 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
20:42:03.0893 4132 SharedAccess - ok
20:42:03.0940 4132 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:42:04.0049 4132 ShellHWDetection - ok
20:42:04.0081 4132 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
20:42:04.0112 4132 SiSRaid2 - ok
20:42:04.0127 4132 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
20:42:04.0159 4132 SiSRaid4 - ok
20:42:04.0190 4132 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
20:42:04.0283 4132 Smb - ok
20:42:04.0330 4132 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
20:42:04.0377 4132 SNMPTRAP - ok
20:42:04.0424 4132 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
20:42:04.0455 4132 spldr - ok
20:42:04.0502 4132 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
20:42:04.0564 4132 Spooler - ok
20:42:04.0705 4132 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
20:42:04.0876 4132 sppsvc - ok
20:42:04.0939 4132 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
20:42:05.0032 4132 sppuinotify - ok
20:42:05.0079 4132 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
20:42:05.0157 4132 srv - ok
20:42:05.0235 4132 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
20:42:05.0313 4132 srv2 - ok
20:42:05.0344 4132 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
20:42:05.0391 4132 srvnet - ok
20:42:05.0438 4132 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
20:42:05.0563 4132 SSDPSRV - ok
20:42:05.0609 4132 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
20:42:05.0719 4132 SstpSvc - ok
20:42:05.0765 4132 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
20:42:05.0781 4132 stexstor - ok
20:42:05.0890 4132 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
20:42:05.0984 4132 stisvc - ok
20:42:05.0999 4132 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
20:42:06.0031 4132 swenum - ok
20:42:06.0077 4132 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
20:42:06.0202 4132 swprv - ok
20:42:06.0343 4132 [ 06D602A637E171E151853F1D8ECD34F1 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
20:42:06.0452 4132 SynTP - ok
20:42:06.0545 4132 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
20:42:06.0670 4132 SysMain - ok
20:42:06.0717 4132 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
20:42:06.0795 4132 TabletInputService - ok
20:42:06.0842 4132 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
20:42:06.0982 4132 TapiSrv - ok
20:42:07.0045 4132 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
20:42:07.0154 4132 TBS - ok
20:42:07.0747 4132 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
20:42:07.0903 4132 Tcpip - ok
20:42:07.0981 4132 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
20:42:08.0074 4132 TCPIP6 - ok
20:42:08.0121 4132 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
20:42:08.0168 4132 tcpipreg - ok
20:42:08.0215 4132 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
20:42:08.0261 4132 tdcmdpst - ok
20:42:08.0324 4132 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
20:42:08.0402 4132 TDPIPE - ok
20:42:08.0464 4132 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
20:42:08.0558 4132 TDTCP - ok
20:42:08.0667 4132 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
20:42:08.0761 4132 tdx - ok
20:42:08.0870 4132 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
20:42:08.0917 4132 TermDD - ok
20:42:09.0026 4132 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
20:42:09.0151 4132 TermService - ok
20:42:09.0213 4132 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
20:42:09.0275 4132 Themes - ok
20:42:09.0322 4132 [ 7F35CA8296A52C7161088EB1D952E8ED ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
20:42:09.0353 4132 Thpdrv - ok
20:42:09.0400 4132 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
20:42:09.0447 4132 Thpevm - ok
20:42:09.0541 4132 [ 0B4734AE9EC70B843DF02E7B1C056377 ] Thpsrv C:\windows\system32\ThpSrv.exe
20:42:09.0603 4132 Thpsrv ( UnsignedFile.Multi.Generic ) - warning
20:42:09.0603 4132 Thpsrv - detected UnsignedFile.Multi.Generic (1)
20:42:09.0634 4132 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
20:42:09.0743 4132 THREADORDER - ok
20:42:09.0837 4132 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:42:09.0868 4132 TMachInfo - ok
20:42:09.0899 4132 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
20:42:09.0962 4132 TODDSrv - ok
20:42:10.0024 4132 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:42:10.0087 4132 TosCoSrv - ok
20:42:10.0118 4132 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
20:42:10.0211 4132 TOSHIBA HDD SSD Alert Service - ok
20:42:10.0243 4132 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
20:42:10.0383 4132 TrkWks - ok
20:42:10.0445 4132 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:42:10.0555 4132 TrustedInstaller - ok
20:42:10.0601 4132 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
20:42:10.0726 4132 tssecsrv - ok
20:42:10.0757 4132 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
20:42:10.0835 4132 TsUsbFlt - ok
20:42:10.0898 4132 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
20:42:10.0945 4132 TsUsbGD - ok
20:42:10.0991 4132 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
20:42:11.0085 4132 tunnel - ok
20:42:11.0147 4132 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:42:11.0194 4132 TVALZ - ok
20:42:11.0241 4132 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
20:42:11.0272 4132 uagp35 - ok
20:42:11.0319 4132 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
20:42:11.0491 4132 udfs - ok
20:42:11.0553 4132 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
20:42:11.0584 4132 UI0Detect - ok
20:42:11.0615 4132 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
20:42:11.0647 4132 uliagpkx - ok
20:42:11.0678 4132 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
20:42:11.0740 4132 umbus - ok
20:42:11.0771 4132 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
20:42:11.0834 4132 UmPass - ok
20:42:11.0912 4132 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
20:42:12.0037 4132 upnphost - ok
20:42:12.0099 4132 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
20:42:12.0161 4132 usbccgp - ok
20:42:12.0193 4132 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
20:42:12.0239 4132 usbcir - ok
20:42:12.0271 4132 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
20:42:12.0317 4132 usbehci - ok
20:42:12.0395 4132 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
20:42:12.0473 4132 usbhub - ok
20:42:12.0505 4132 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
20:42:12.0583 4132 usbohci - ok
20:42:12.0629 4132 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
20:42:12.0692 4132 usbprint - ok
20:42:12.0754 4132 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
20:42:12.0817 4132 usbscan - ok
20:42:12.0848 4132 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
20:42:12.0926 4132 USBSTOR - ok
20:42:12.0973 4132 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
20:42:13.0019 4132 usbuhci - ok
20:42:13.0051 4132 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
20:42:13.0097 4132 usbvideo - ok
20:42:13.0144 4132 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
20:42:13.0253 4132 UxSms - ok
20:42:13.0285 4132 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
20:42:13.0394 4132 VaultSvc - ok
20:42:13.0425 4132 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
20:42:13.0456 4132 vdrvroot - ok
20:42:13.0519 4132 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
20:42:13.0643 4132 vds - ok
20:42:13.0690 4132 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
20:42:13.0721 4132 vga - ok
20:42:13.0753 4132 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
20:42:13.0862 4132 VgaSave - ok
20:42:13.0909 4132 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
20:42:13.0940 4132 vhdmp - ok
20:42:13.0987 4132 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
20:42:14.0018 4132 viaide - ok
20:42:14.0049 4132 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
20:42:14.0080 4132 volmgr - ok
20:42:14.0127 4132 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
20:42:14.0158 4132 volmgrx - ok
20:42:14.0221 4132 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
20:42:14.0252 4132 volsnap - ok
20:42:14.0299 4132 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
20:42:14.0330 4132 vsmraid - ok
20:42:14.0408 4132 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
20:42:14.0548 4132 VSS - ok
20:42:14.0595 4132 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
20:42:14.0657 4132 vwifibus - ok
20:42:14.0689 4132 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
20:42:14.0860 4132 vwififlt - ok
20:42:14.0891 4132 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
20:42:14.0969 4132 vwifimp - ok
20:42:15.0016 4132 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
20:42:15.0125 4132 W32Time - ok
20:42:15.0188 4132 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
20:42:15.0235 4132 WacomPen - ok
20:42:15.0266 4132 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
20:42:15.0359 4132 WANARP - ok
20:42:15.0391 4132 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
20:42:15.0484 4132 Wanarpv6 - ok
20:42:15.0562 4132 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
20:42:15.0671 4132 WatAdminSvc - ok
20:42:15.0734 4132 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
20:42:15.0859 4132 wbengine - ok
20:42:15.0890 4132 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
20:42:15.0952 4132 WbioSrvc - ok
20:42:15.0999 4132 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
20:42:16.0077 4132 wcncsvc - ok
20:42:16.0124 4132 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:42:16.0171 4132 WcsPlugInService - ok
20:42:16.0217 4132 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
20:42:16.0264 4132 Wd - ok
20:42:16.0311 4132 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
20:42:16.0389 4132 Wdf01000 - ok
20:42:16.0451 4132 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
20:42:16.0561 4132 WdiServiceHost - ok
20:42:16.0576 4132 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
20:42:16.0623 4132 WdiSystemHost - ok
20:42:16.0654 4132 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
20:42:16.0763 4132 WebClient - ok
20:42:16.0826 4132 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
20:42:16.0951 4132 Wecsvc - ok
20:42:17.0013 4132 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
20:42:17.0107 4132 wercplsupport - ok
20:42:17.0169 4132 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
20:42:17.0294 4132 WerSvc - ok
20:42:17.0341 4132 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
20:42:17.0481 4132 WfpLwf - ok
20:42:17.0512 4132 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
20:42:17.0590 4132 WIMMount - ok
20:42:17.0621 4132 WinDefend - ok
20:42:17.0653 4132 WinHttpAutoProxySvc - ok
20:42:17.0731 4132 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
20:42:17.0855 4132 Winmgmt - ok
20:42:17.0965 4132 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
20:42:18.0121 4132 WinRM - ok
20:42:18.0230 4132 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
20:42:18.0308 4132 Wlansvc - ok
20:42:18.0355 4132 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:42:18.0417 4132 wlcrasvc - ok
20:42:18.0511 4132 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:42:18.0620 4132 wlidsvc - ok
20:42:18.0667 4132 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
20:42:18.0713 4132 WmiAcpi - ok
20:42:18.0807 4132 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
20:42:19.0041 4132 wmiApSrv - ok
20:42:19.0119 4132 WMPNetworkSvc - ok
20:42:19.0181 4132 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
20:42:19.0244 4132 WPCSvc - ok
20:42:19.0275 4132 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
20:42:19.0322 4132 WPDBusEnum - ok
20:42:19.0353 4132 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
20:42:19.0478 4132 ws2ifsl - ok
20:42:19.0509 4132 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
20:42:19.0571 4132 wscsvc - ok
20:42:19.0603 4132 WSearch - ok
20:42:19.0759 4132 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
20:42:19.0915 4132 wuauserv - ok
20:42:19.0961 4132 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
20:42:20.0024 4132 WudfPf - ok
20:42:20.0071 4132 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
20:42:20.0164 4132 WUDFRd - ok
20:42:20.0227 4132 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
20:42:20.0336 4132 wudfsvc - ok
20:42:20.0383 4132 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
20:42:20.0507 4132 WwanSvc - ok
20:42:20.0570 4132 ================ Scan global ===============================
20:42:20.0601 4132 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
20:42:20.0679 4132 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
20:42:20.0710 4132 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
20:42:20.0757 4132 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
20:42:20.0788 4132 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
20:42:20.0804 4132 [Global] - ok
20:42:20.0819 4132 ================ Scan MBR ==================================
20:42:20.0835 4132 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
20:42:21.0303 4132 \Device\Harddisk0\DR0 - ok
20:42:21.0303 4132 ================ Scan VBR ==================================
20:42:21.0334 4132 [ 097449B306C9E02264A8382D8BBE3894 ] \Device\Harddisk0\DR0\Partition1
20:42:21.0334 4132 \Device\Harddisk0\DR0\Partition1 - ok
20:42:21.0350 4132 ================ Scan active images ========================
20:42:21.0350 4132 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
20:42:21.0350 4132 C:\Windows\System32\drivers\crashdmp.sys - ok
20:42:21.0365 4132 [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
20:42:21.0365 4132 C:\Windows\System32\drivers\Dumpata.sys - ok
20:42:21.0381 4132 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
20:42:21.0381 4132 C:\Windows\System32\drivers\dumpfve.sys - ok
20:42:21.0412 4132 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] C:\Windows\System32\drivers\msahci.sys
20:42:21.0412 4132 C:\Windows\System32\drivers\msahci.sys - ok
20:42:21.0428 4132 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
20:42:21.0428 4132 C:\Windows\System32\drivers\cdrom.sys - ok
20:42:21.0443 4132 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
20:42:21.0443 4132 C:\Windows\System32\drivers\beep.sys - ok
20:42:21.0459 4132 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
20:42:21.0459 4132 C:\Windows\System32\drivers\null.sys - ok
20:42:21.0475 4132 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
20:42:21.0475 4132 C:\Windows\System32\drivers\vga.sys - ok
20:42:21.0506 4132 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
20:42:21.0506 4132 C:\Windows\System32\drivers\videoprt.sys - ok
20:42:21.0521 4132 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
20:42:21.0521 4132 C:\Windows\System32\drivers\watchdog.sys - ok
20:42:21.0537 4132 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
20:42:21.0537 4132 C:\Windows\System32\drivers\RDPCDD.sys - ok
20:42:21.0553 4132 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
20:42:21.0553 4132 C:\Windows\System32\drivers\RDPENCDD.sys - ok
20:42:21.0599 4132 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
20:42:21.0599 4132 C:\Windows\System32\drivers\RDPREFMP.sys - ok
20:42:21.0615 4132 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
20:42:21.0615 4132 C:\Windows\System32\drivers\msfs.sys - ok
20:42:21.0631 4132 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
20:42:21.0631 4132 C:\Windows\System32\drivers\npfs.sys - ok
20:42:21.0662 4132 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
20:42:21.0662 4132 C:\Windows\System32\drivers\tdi.sys - ok
20:42:21.0677 4132 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
20:42:21.0677 4132 C:\Windows\System32\drivers\tdx.sys - ok
20:42:21.0709 4132 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
20:42:21.0709 4132 C:\Windows\System32\drivers\afd.sys - ok
20:42:21.0755 4132 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
20:42:21.0755 4132 C:\Windows\System32\drivers\netbt.sys - ok
20:42:21.0771 4132 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
20:42:21.0771 4132 C:\Windows\System32\drivers\ws2ifsl.sys - ok
20:42:21.0787 4132 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
20:42:21.0787 4132 C:\Windows\System32\drivers\pacer.sys - ok
20:42:21.0802 4132 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
20:42:21.0802 4132 C:\Windows\System32\drivers\wfplwf.sys - ok
20:42:21.0818 4132 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
20:42:21.0818 4132 C:\Windows\System32\drivers\netbios.sys - ok
20:42:21.0833 4132 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
20:42:21.0833 4132 C:\Windows\System32\drivers\vwififlt.sys - ok
20:42:21.0880 4132 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
20:42:21.0880 4132 C:\Windows\System32\drivers\wanarp.sys - ok
20:42:21.0911 4132 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
20:42:21.0911 4132 C:\Windows\System32\drivers\termdd.sys - ok
20:42:21.0927 4132 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
20:42:21.0927 4132 C:\Windows\System32\drivers\rdbss.sys - ok
20:42:21.0943 4132 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
20:42:21.0943 4132 C:\Windows\System32\drivers\mssmbios.sys - ok
20:42:21.0989 4132 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
20:42:21.0989 4132 C:\Windows\System32\drivers\nsiproxy.sys - ok
20:42:22.0021 4132 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
20:42:22.0021 4132 C:\Windows\System32\drivers\dfsc.sys - ok
20:42:22.0036 4132 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
20:42:22.0036 4132 C:\Windows\System32\drivers\discache.sys - ok
20:42:22.0067 4132 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
20:42:22.0067 4132 C:\Windows\System32\drivers\blbdrive.sys - ok
20:42:22.0083 4132 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
20:42:22.0083 4132 C:\Windows\System32\drivers\tunnel.sys - ok
20:42:22.0099 4132 [ 1E56388B3FE0D031C44144EB8C4D6217 ] C:\Windows\System32\drivers\amdppm.sys
20:42:22.0099 4132 C:\Windows\System32\drivers\amdppm.sys - ok
20:42:22.0130 4132 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
20:42:22.0130 4132 C:\Windows\System32\smss.exe - ok
20:42:22.0145 4132 [ 1EEFFCE9A3A65A56A28793EAA3F57026 ] C:\Windows\System32\drivers\atikmpag.sys
20:42:22.0145 4132 C:\Windows\System32\drivers\atikmpag.sys - ok
20:42:22.0161 4132 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
20:42:22.0161 4132 C:\Windows\System32\ntdll.dll - ok
20:42:22.0177 4132 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
20:42:22.0177 4132 C:\Windows\System32\autochk.exe - ok
20:42:22.0208 4132 [ 194D76D2083318A2E7071A988E02ECF4 ] C:\Windows\System32\drivers\atikmdag.sys
20:42:22.0208 4132 C:\Windows\System32\drivers\atikmdag.sys - ok
20:42:22.0239 4132 [ 85DBF6EC7BDFA6187F4A1EC8F3145CD0 ] C:\Windows\System32\drivers\dxgkrnl.sys
20:42:22.0239 4132 C:\Windows\System32\drivers\dxgkrnl.sys - ok
20:42:22.0255 4132 [ D0BF5B74A3B75F5B07DF04DA258A29B9 ] C:\Windows\System32\drivers\dxgmms1.sys
20:42:22.0255 4132 C:\Windows\System32\drivers\dxgmms1.sys - ok
20:42:22.0270 4132 [ FD542B661BD22FA69CA789AD0AC58C29 ] C:\Windows\System32\drivers\tdcmdpst.sys
20:42:22.0270 4132 C:\Windows\System32\drivers\tdcmdpst.sys - ok
20:42:22.0301 4132 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
20:42:22.0301 4132 C:\Windows\System32\drivers\usbport.sys - ok
20:42:22.0317 4132 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
20:42:22.0317 4132 C:\Windows\System32\drivers\usbehci.sys - ok
20:42:22.0333 4132 [ 9840FC418B4CBD632D3D0A667A725C31 ] C:\Windows\System32\drivers\usbohci.sys
20:42:22.0333 4132 C:\Windows\System32\drivers\usbohci.sys - ok
20:42:22.0364 4132 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
20:42:22.0364 4132 C:\Windows\System32\drivers\hdaudbus.sys - ok
20:42:22.0379 4132 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
20:42:22.0379 4132 C:\Windows\System32\drivers\i8042prt.sys - ok
20:42:22.0395 4132 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
20:42:22.0395 4132 C:\Windows\System32\drivers\kbdclass.sys - ok
20:42:22.0411 4132 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
20:42:22.0411 4132 C:\Windows\System32\drivers\usbd.sys - ok
20:42:22.0426 4132 [ 06D602A637E171E151853F1D8ECD34F1 ] C:\Windows\System32\drivers\SynTP.sys
20:42:22.0426 4132 C:\Windows\System32\drivers\SynTP.sys - ok
20:42:22.0457 4132 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
20:42:22.0457 4132 C:\Windows\System32\drivers\mouclass.sys - ok
20:42:22.0473 4132 [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
20:42:22.0473 4132 C:\Windows\System32\drivers\CmBatt.sys - ok
20:42:22.0489 4132 [ 513338976B722822B555D739D78F9E9F ] C:\Windows\System32\drivers\rtl8192ce.sys
20:42:22.0489 4132 C:\Windows\System32\drivers\rtl8192ce.sys - ok
20:42:22.0504 4132 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
20:42:22.0504 4132 C:\Windows\System32\drivers\vwifibus.sys - ok
20:42:22.0520 4132 [ E50CFB92986DCAB49DE93788FD695813 ] C:\Windows\System32\drivers\Rt64win7.sys
20:42:22.0520 4132 C:\Windows\System32\drivers\Rt64win7.sys - ok
20:42:22.0535 4132 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
20:42:22.0535 4132 C:\Windows\System32\drivers\CompositeBus.sys - ok
20:42:22.0567 4132 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] C:\Windows\System32\drivers\FwLnk.sys
20:42:22.0567 4132 C:\Windows\System32\drivers\FwLnk.sys - ok
20:42:22.0582 4132 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
20:42:22.0582 4132 C:\Windows\System32\drivers\agilevpn.sys - ok
20:42:22.0598 4132 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
20:42:22.0598 4132 C:\Windows\System32\drivers\rasl2tp.sys - ok
20:42:22.0613 4132 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
20:42:22.0613 4132 C:\Windows\System32\drivers\ndistapi.sys - ok
20:42:22.0629 4132 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
20:42:22.0629 4132 C:\Windows\System32\drivers\ndiswan.sys - ok
20:42:22.0645 4132 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
20:42:22.0645 4132 C:\Windows\System32\drivers\raspppoe.sys - ok
20:42:22.0660 4132 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
20:42:22.0660 4132 C:\Windows\System32\drivers\raspptp.sys - ok
20:42:22.0691 4132 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
20:42:22.0691 4132 C:\Windows\System32\drivers\rassstp.sys - ok
20:42:22.0707 4132 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
20:42:22.0707 4132 C:\Windows\System32\drivers\ks.sys - ok
20:42:22.0723 4132 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
20:42:22.0723 4132 C:\Windows\System32\drivers\swenum.sys - ok
20:42:22.0738 4132 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
20:42:22.0738 4132 C:\Windows\System32\drivers\umbus.sys - ok
20:42:22.0754 4132 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
20:42:22.0754 4132 C:\Windows\System32\drivers\usbhub.sys - ok
20:42:22.0816 4132 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
20:42:22.0816 4132 C:\Windows\System32\lpk.dll - ok
20:42:22.0816 4132 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
20:42:22.0816 4132 C:\Windows\System32\nsi.dll - ok
20:42:22.0832 4132 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
20:42:22.0832 4132 C:\Windows\System32\ws2_32.dll - ok
20:42:22.0847 4132 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
20:42:22.0847 4132 C:\Windows\System32\Wldap32.dll - ok
20:42:22.0879 4132 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
20:42:22.0879 4132 C:\Windows\System32\clbcatq.dll - ok
20:42:22.0894 4132 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
20:42:22.0894 4132 C:\Windows\System32\msvcrt.dll - ok
20:42:22.0910 4132 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
20:42:22.0910 4132 C:\Windows\System32\drivers\ndproxy.sys - ok
20:42:22.0910 4132 [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
20:42:22.0925 4132 C:\Windows\System32\urlmon.dll - ok
20:42:22.0941 4132 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
20:42:22.0941 4132 C:\Windows\System32\rpcrt4.dll - ok
20:42:22.0957 4132 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
20:42:22.0957 4132 C:\Windows\System32\oleaut32.dll - ok
20:42:22.0972 4132 [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
20:42:22.0972 4132 C:\Windows\System32\wininet.dll - ok
20:42:22.0988 4132 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
20:42:22.0988 4132 C:\Windows\System32\user32.dll - ok
20:42:23.0003 4132 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
20:42:23.0003 4132 C:\Windows\System32\setupapi.dll - ok
20:42:23.0019 4132 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
20:42:23.0019 4132 C:\Windows\System32\msctf.dll - ok
20:42:23.0035 4132 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
20:42:23.0035 4132 C:\Windows\System32\drivers\drmk.sys - ok
20:42:23.0050 4132 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
20:42:23.0050 4132 C:\Windows\System32\drivers\portcls.sys - ok
20:42:23.0066 4132 [ 0A30A899C6295F908729EDA7F95615A8 ] C:\Windows\System32\drivers\RTKVHD64.sys
20:42:23.0066 4132 C:\Windows\System32\drivers\RTKVHD64.sys - ok
20:42:23.0081 4132 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
20:42:23.0081 4132 C:\Windows\System32\drivers\ksthunk.sys - ok
20:42:23.0081 4132 [ 36FCA0C67BCDC0DA047F5F36743B5CB9 ] C:\Windows\System32\drivers\rtsuvstor.sys
20:42:23.0081 4132 C:\Windows\System32\drivers\rtsuvstor.sys - ok
20:42:23.0097 4132 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
20:42:23.0097 4132 C:\Windows\System32\drivers\usbccgp.sys - ok
20:42:23.0113 4132 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
20:42:23.0113 4132 C:\Windows\System32\drivers\hidparse.sys - ok
20:42:23.0128 4132 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
20:42:23.0128 4132 C:\Windows\System32\drivers\hidclass.sys - ok
20:42:23.0144 4132 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
20:42:23.0144 4132 C:\Windows\System32\drivers\hidusb.sys - ok
20:42:23.0159 4132 [ 454800C2BC7F3927CE030141EE4F4C50 ] C:\Windows\System32\drivers\usbvideo.sys
20:42:23.0159 4132 C:\Windows\System32\drivers\usbvideo.sys - ok
20:42:23.0175 4132 [ 91111CEBBDE8015E822C46120ED9537C ] C:\Windows\System32\drivers\PGEffect.sys
20:42:23.0175 4132 C:\Windows\System32\drivers\PGEffect.sys - ok
20:42:23.0191 4132 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
20:42:23.0191 4132 C:\Windows\System32\drivers\mouhid.sys - ok
20:42:23.0206 4132 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
20:42:23.0206 4132 C:\Windows\System32\comdlg32.dll - ok
20:42:23.0222 4132 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
20:42:23.0222 4132 C:\Windows\System32\normaliz.dll - ok
20:42:23.0237 4132 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
20:42:23.0237 4132 C:\Windows\System32\sechost.dll - ok
20:42:23.0253 4132 [ 1DC3504CA4C57900F1557E9A3F01D272 ] C:\Windows\System32\kernel32.dll
20:42:23.0253 4132 C:\Windows\System32\kernel32.dll - ok
20:42:23.0300 4132 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
20:42:23.0300 4132 C:\Windows\System32\imm32.dll - ok
20:42:23.0378 4132 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
20:42:23.0378 4132 C:\Windows\System32\difxapi.dll - ok
20:42:23.0393 4132 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
20:42:23.0393 4132 C:\Windows\System32\shlwapi.dll - ok
20:42:23.0409 4132 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
20:42:23.0409 4132 C:\Windows\System32\ole32.dll - ok
20:42:23.0425 4132 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
20:42:23.0440 4132 C:\Windows\System32\imagehlp.dll - ok
20:42:23.0456 4132 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
20:42:23.0456 4132 C:\Windows\System32\psapi.dll - ok
20:42:23.0471 4132 [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
20:42:23.0471 4132 C:\Windows\System32\iertutil.dll - ok
20:42:23.0503 4132 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
20:42:23.0503 4132 C:\Windows\System32\advapi32.dll - ok
20:42:23.0518 4132 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
20:42:23.0518 4132 C:\Windows\System32\shell32.dll - ok
20:42:23.0534 4132 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
20:42:23.0534 4132 C:\Windows\System32\gdi32.dll - ok
20:42:23.0549 4132 [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll
20:42:23.0549 4132 C:\Windows\System32\usp10.dll - ok
20:42:23.0581 4132 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
20:42:23.0581 4132 C:\Windows\System32\cfgmgr32.dll - ok
20:42:23.0596 4132 [ 6F2E324703E6D22B9934C33DA48F1F01 ] C:\Windows\System32\KernelBase.dll
20:42:23.0596 4132 C:\Windows\System32\KernelBase.dll - ok
20:42:23.0612 4132 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
20:42:23.0612 4132 C:\Windows\System32\comctl32.dll - ok
20:42:23.0627 4132 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
20:42:23.0627 4132 C:\Windows\System32\wintrust.dll - ok
20:42:23.0659 4132 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
20:42:23.0659 4132 C:\Windows\System32\crypt32.dll - ok
20:42:23.0674 4132 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
20:42:23.0674 4132 C:\Windows\System32\devobj.dll - ok
20:42:23.0690 4132 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
20:42:23.0690 4132 C:\Windows\System32\msasn1.dll - ok
20:42:23.0705 4132 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
20:42:23.0705 4132 C:\Windows\SysWOW64\normaliz.dll - ok
20:42:23.0721 4132 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
20:42:23.0721 4132 C:\Windows\System32\drivers\dxapi.sys - ok
20:42:23.0737 4132 [ C58923115CDE6071C3BF2FF063546E9F ] C:\Windows\System32\win32k.sys
20:42:23.0737 4132 C:\Windows\System32\win32k.sys - ok
20:42:23.0752 4132 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
20:42:23.0752 4132 C:\Windows\System32\csrsrv.dll - ok
20:42:23.0768 4132 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
20:42:23.0768 4132 C:\Windows\System32\csrss.exe - ok
20:42:23.0783 4132 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
20:42:23.0783 4132 C:\Windows\System32\basesrv.dll - ok
20:42:23.0799 4132 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\System32\winsrv.dll
20:42:23.0799 4132 C:\Windows\System32\winsrv.dll - ok
20:42:23.0815 4132 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
20:42:23.0815 4132 C:\Windows\System32\drivers\monitor.sys - ok
20:42:23.0830 4132 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
20:42:23.0830 4132 C:\Windows\System32\tsddd.dll - ok
20:42:23.0846 4132 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
20:42:23.0846 4132 C:\Windows\System32\sxssrv.dll - ok
20:42:23.0846 4132 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
20:42:23.0846 4132 C:\Windows\System32\wininit.exe - ok
20:42:23.0861 4132 [ 943F527DF79E6B400104341AA7023C75 ] C:\Windows\System32\cdd.dll
20:42:23.0861 4132 C:\Windows\System32\cdd.dll - ok
20:42:23.0877 4132 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
20:42:23.0877 4132 C:\Windows\System32\profapi.dll - ok
20:42:23.0893 4132 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
20:42:23.0893 4132 C:\Windows\System32\KBDUS.DLL - ok
20:42:23.0908 4132 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
20:42:23.0908 4132 C:\Windows\System32\RpcRtRemote.dll - ok
20:42:23.0924 4132 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
20:42:23.0924 4132 C:\Windows\System32\sxs.dll - ok
20:42:23.0939 4132 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
20:42:23.0939 4132 C:\Windows\System32\WlS0WndH.dll - ok
20:42:23.0955 4132 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
20:42:23.0955 4132 C:\Windows\System32\cryptbase.dll - ok
20:42:23.0971 4132 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
20:42:23.0971 4132 C:\Windows\System32\apphelp.dll - ok
20:42:23.0986 4132 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
20:42:23.0986 4132 C:\Windows\System32\lsass.exe - ok
20:42:23.0986 4132 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
20:42:23.0986 4132 C:\Windows\System32\lsm.exe - ok
20:42:24.0002 4132 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
20:42:24.0002 4132 C:\Windows\System32\services.exe - ok
20:42:24.0017 4132 [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
20:42:24.0017 4132 C:\Windows\System32\lsasrv.dll - ok
20:42:24.0033 4132 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
20:42:24.0033 4132 C:\Windows\System32\sspisrv.dll - ok
20:42:24.0033 4132 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
20:42:24.0033 4132 C:\Windows\System32\sspicli.dll - ok
20:42:24.0064 4132 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
20:42:24.0064 4132 C:\Windows\System32\samsrv.dll - ok
20:42:24.0080 4132 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
20:42:24.0080 4132 C:\Windows\System32\scesrv.dll - ok
20:42:24.0095 4132 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
20:42:24.0095 4132 C:\Windows\System32\scext.dll - ok
20:42:24.0095 4132 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
20:42:24.0095 4132 C:\Windows\System32\secur32.dll - ok
20:42:24.0127 4132 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
20:42:24.0127 4132 C:\Windows\System32\sysntfy.dll - ok
20:42:24.0127 4132 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
20:42:24.0127 4132 C:\Windows\System32\winlogon.exe - ok
20:42:24.0142 4132 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
20:42:24.0142 4132 C:\Windows\System32\wmsgapi.dll - ok
20:42:24.0158 4132 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
20:42:24.0158 4132 C:\Windows\System32\winsta.dll - ok
20:42:24.0173 4132 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
20:42:24.0173 4132 C:\Windows\System32\srvcli.dll - ok
20:42:24.0205 4132 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
20:42:24.0205 4132 C:\Windows\System32\cryptdll.dll - ok
20:42:24.0220 4132 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
20:42:24.0220 4132 C:\Windows\System32\wevtapi.dll - ok
20:42:24.0220 4132 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
20:42:24.0220 4132 C:\Windows\System32\authz.dll - ok
20:42:24.0236 4132 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
20:42:24.0236 4132 C:\Windows\System32\cngaudit.dll - ok
20:42:24.0251 4132 [ 400645085A91BF3EB0271329B95AE0BE ] C:\Windows\System32\ncrypt.dll
20:42:24.0251 4132 C:\Windows\System32\ncrypt.dll - ok
20:42:24.0267 4132 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
20:42:24.0267 4132 C:\Windows\System32\bcrypt.dll - ok
20:42:24.0283 4132 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
20:42:24.0283 4132 C:\Windows\System32\msprivs.dll - ok
20:42:24.0298 4132 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
20:42:24.0298 4132 C:\Windows\System32\netjoin.dll - ok
20:42:24.0314 4132 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
20:42:24.0314 4132 C:\Windows\System32\negoexts.dll - ok
20:42:24.0329 4132 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
20:42:24.0329 4132 C:\Windows\System32\kerberos.dll - ok
20:42:24.0345 4132 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
20:42:24.0345 4132 C:\Windows\System32\cryptsp.dll - ok
20:42:24.0376 4132 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
20:42:24.0376 4132 C:\Windows\System32\version.dll - ok
20:42:24.0392 4132 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
20:42:24.0392 4132 C:\Windows\System32\mswsock.dll - ok
20:42:24.0407 4132 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
20:42:24.0407 4132 C:\Windows\System32\msv1_0.dll - ok
20:42:24.0407 4132 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
20:42:24.0407 4132 C:\Windows\System32\wship6.dll - ok
20:42:24.0423 4132 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
20:42:24.0423 4132 C:\Windows\System32\netlogon.dll - ok
20:42:24.0439 4132 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
20:42:24.0439 4132 C:\Windows\System32\dnsapi.dll - ok
20:42:24.0454 4132 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
20:42:24.0454 4132 C:\Windows\System32\logoncli.dll - ok
20:42:24.0470 4132 [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
20:42:24.0470 4132 C:\Windows\System32\schannel.dll - ok
20:42:24.0485 4132 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
20:42:24.0485 4132 C:\Windows\System32\wdigest.dll - ok
20:42:24.0485 4132 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
20:42:24.0485 4132 C:\Windows\System32\rsaenh.dll - ok
20:42:24.0501 4132 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
20:42:24.0501 4132 C:\Windows\System32\TSpkg.dll - ok
20:42:24.0532 4132 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
20:42:24.0532 4132 C:\Windows\System32\pku2u.dll - ok
20:42:24.0532 4132 [ 7DBA64AD70C2E2481C68D9E0F7CD7840 ] C:\Windows\System32\LIVESSP.DLL
20:42:24.0532 4132 C:\Windows\System32\LIVESSP.DLL - ok
20:42:24.0548 4132 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
20:42:24.0548 4132 C:\Windows\System32\bcryptprimitives.dll - ok
20:42:24.0563 4132 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
20:42:24.0563 4132 C:\Windows\System32\credssp.dll - ok
20:42:24.0579 4132 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
20:42:24.0579 4132 C:\Windows\System32\efslsaext.dll - ok
20:42:24.0595 4132 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
20:42:24.0595 4132 C:\Windows\System32\scecli.dll - ok
20:42:24.0610 4132 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
20:42:24.0610 4132 C:\Windows\System32\ubpm.dll - ok
20:42:24.0626 4132 [ 6F68F63794097E54F36474ED4384B759 ] C:\Windows\System32\svchost.exe
20:42:24.0626 4132 C:\Windows\System32\svchost.exe - ok
20:42:24.0641 4132 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
20:42:24.0641 4132 C:\Windows\System32\umpnpmgr.dll - ok
20:42:24.0657 4132 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
20:42:24.0657 4132 C:\Windows\System32\SPInf.dll - ok
20:42:24.0673 4132 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
20:42:24.0673 4132 C:\Windows\System32\devrtl.dll - ok
20:42:24.0688 4132 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
20:42:24.0688 4132 C:\Windows\System32\userenv.dll - ok
20:42:24.0688 4132 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
20:42:24.0688 4132 C:\Windows\System32\gpapi.dll - ok
20:42:24.0704 4132 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
20:42:24.0704 4132 C:\Windows\System32\umpo.dll - ok
20:42:24.0719 4132 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
20:42:24.0719 4132 C:\Windows\System32\pcwum.dll - ok
20:42:24.0735 4132 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
20:42:24.0735 4132 C:\Windows\System32\powrprof.dll - ok
20:42:24.0751 4132 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
20:42:24.0751 4132 C:\Windows\System32\drivers\luafv.sys - ok
20:42:24.0766 4132 [ A8FE8F2783B2929B56F5370A89356CE9 ] C:\Windows\System32\drivers\mbam.sys
20:42:24.0766 4132 C:\Windows\System32\drivers\mbam.sys - ok
20:42:24.0782 4132 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
20:42:24.0782 4132 C:\Windows\System32\rpcss.dll - ok
20:42:24.0797 4132 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
20:42:24.0797 4132 C:\Windows\System32\RpcEpMap.dll - ok
20:42:24.0813 4132 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
20:42:24.0813 4132 C:\Windows\System32\WSHTCPIP.DLL - ok
20:42:24.0829 4132 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
20:42:24.0829 4132 C:\Windows\System32\wshqos.dll - ok
20:42:24.0844 4132 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:42:24.0844 4132 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
20:42:24.0860 4132 [ BCF8F2758AA5C451F8E366C66A98BBFE ] C:\Program Files\Microsoft Security Client\MpSvc.dll
20:42:24.0860 4132 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
20:42:24.0875 4132 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
20:42:24.0875 4132 C:\Windows\System32\FirewallAPI.dll - ok
20:42:24.0891 4132 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
20:42:24.0891 4132 C:\Windows\System32\LogonUI.exe - ok
20:42:24.0891 4132 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
20:42:24.0891 4132 C:\Windows\System32\authui.dll - ok
20:42:24.0907 4132 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
20:42:24.0907 4132 C:\Windows\System32\wtsapi32.dll - ok
20:42:24.0922 4132 [ 2F67DEE6452EBC9F4A6C97A1CCC232FE ] C:\Program Files\Microsoft Security Client\MpClient.dll
20:42:24.0922 4132 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
20:42:24.0938 4132 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
20:42:24.0938 4132 C:\Windows\System32\cryptui.dll - ok
20:42:24.0953 4132 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
20:42:24.0953 4132 C:\Windows\System32\ntmarta.dll - ok
20:42:24.0969 4132 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
20:42:24.0969 4132 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
20:42:24.0985 4132 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
20:42:24.0985 4132 C:\Windows\System32\samlib.dll - ok
20:42:25.0000 4132 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
20:42:25.0000 4132 C:\Windows\System32\shacct.dll - ok
20:42:25.0016 4132 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
20:42:25.0016 4132 C:\Windows\System32\propsys.dll - ok
20:42:25.0031 4132 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
20:42:25.0031 4132 C:\Windows\System32\uxtheme.dll - ok
20:42:25.0031 4132 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
20:42:25.0031 4132 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
20:42:25.0063 4132 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
20:42:25.0063 4132 C:\Windows\System32\dui70.dll - ok
20:42:25.0063 4132 [ 5F10310A5A9273475AA04930DFE16742 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
20:42:25.0063 4132 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
20:42:25.0078 4132 [ 2F2E91FD092811353C3BC968BEC274D8 ] C:\Windows\System32\atiesrxx.exe
20:42:25.0078 4132 C:\Windows\System32\atiesrxx.exe - ok
20:42:25.0094 4132 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
20:42:25.0094 4132 C:\Windows\System32\duser.dll - ok
20:42:25.0109 4132 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
20:42:25.0109 4132 C:\Windows\System32\SndVolSSO.dll - ok
20:42:25.0109 4132 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
20:42:25.0109 4132 C:\Windows\System32\hid.dll - ok
20:42:25.0125 4132 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
20:42:25.0125 4132 C:\Windows\System32\MMDevAPI.dll - ok
20:42:25.0141 4132 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
20:42:25.0141 4132 C:\Windows\System32\dwmapi.dll - ok
20:42:25.0156 4132 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
20:42:25.0156 4132 C:\Windows\System32\xmllite.dll - ok
20:42:25.0172 4132 [ BF62F3BC1BE0700804EC394BB77F02C4 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
20:42:25.0172 4132 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
20:42:25.0187 4132 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
20:42:25.0187 4132 C:\Windows\System32\wevtsvc.dll - ok
20:42:25.0203 4132 [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
20:42:25.0203 4132 C:\Windows\System32\fltLib.dll - ok
20:42:25.0219 4132 [ FF7E814CBFEC3C27922C13BB94667416 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
20:42:25.0219 4132 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
20:42:25.0234 4132 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] C:\Windows\System32\drivers\MpFilter.sys
20:42:25.0234 4132 C:\Windows\System32\drivers\MpFilter.sys - ok
20:42:25.0250 4132 [ 12FD09889C8A6141C8D10F7AE48BBAC8 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
20:42:25.0250 4132 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
20:42:25.0265 4132 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
20:42:25.0265 4132 C:\Windows\System32\WindowsCodecs.dll - ok
20:42:25.0265 4132 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
20:42:25.0265 4132 C:\Windows\System32\wlansvc.dll - ok
20:42:25.0281 4132 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
20:42:25.0281 4132 C:\Windows\System32\audiosrv.dll - ok
20:42:25.0297 4132 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
20:42:25.0297 4132 C:\Windows\System32\avrt.dll - ok
20:42:25.0312 4132 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
20:42:25.0312 4132 C:\Windows\System32\mmcss.dll - ok
20:42:25.0328 4132 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
20:42:25.0328 4132 C:\Windows\System32\adtschema.dll - ok
20:42:25.0343 4132 [ D527EF4364D2D00443470940B177EAD4 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D4C8CB53-30D9-4625-95D7-86F80D3DC0C9}\mpengine.dll
20:42:25.0343 4132 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D4C8CB53-30D9-4625-95D7-86F80D3DC0C9}\mpengine.dll - ok
20:42:25.0359 4132 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
20:42:25.0359 4132 C:\Windows\System32\netprofm.dll - ok
20:42:25.0375 4132 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
20:42:25.0375 4132 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
20:42:25.0390 4132 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
20:42:25.0390 4132 C:\Windows\System32\drivers\fltMgr.sys - ok
20:42:25.0406 4132 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
20:42:25.0406 4132 C:\Windows\System32\PSHED.DLL - ok
20:42:25.0437 4132 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
20:42:25.0437 4132 C:\Windows\System32\winbrand.dll - ok
20:42:25.0437 4132 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
20:42:25.0437 4132 C:\Windows\System32\VaultCredProvider.dll - ok
20:42:25.0453 4132 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
20:42:25.0453 4132 C:\Windows\System32\MPSSVC.dll - ok
20:42:25.0468 4132 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
20:42:25.0468 4132 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
20:42:25.0484 4132 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
20:42:25.0484 4132 C:\Windows\System32\BioCredProv.dll - ok
20:42:25.0499 4132 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
20:42:25.0499 4132 C:\Windows\System32\winbio.dll - ok
20:42:25.0499 4132 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
20:42:25.0499 4132 C:\Windows\System32\audiodg.exe - ok
20:42:25.0531 4132 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
20:42:25.0531 4132 C:\Windows\System32\credui.dll - ok
20:42:25.0531 4132 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
20:42:25.0531 4132 C:\Windows\System32\netapi32.dll - ok
20:42:25.0546 4132 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
20:42:25.0546 4132 C:\Windows\System32\vaultcli.dll - ok
20:42:25.0562 4132 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
20:42:25.0562 4132 C:\Windows\System32\netutils.dll - ok
20:42:25.0577 4132 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
20:42:25.0577 4132 C:\Windows\System32\wkscli.dll - ok
20:42:25.0593 4132 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
20:42:25.0593 4132 C:\Windows\System32\gpsvc.dll - ok
20:42:25.0609 4132 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
20:42:25.0609 4132 C:\Windows\System32\samcli.dll - ok
20:42:25.0687 4132 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
20:42:25.0687 4132 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
20:42:25.0702 4132 [ 08D8C5E32648D6E7976F0458545EA600 ] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCP.dll
20:42:25.0702 4132 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCP.dll - ok
20:42:25.0749 4132 [ D037BEA6039248D4DE0C5F361F19970D ] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVHelper.dll
20:42:25.0749 4132 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVHelper.dll - ok
20:42:25.0765 4132 [ 7AE92C896AF9ABFBDB18C1D055B6EBA7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcp80.dll
20:42:25.0765 4132 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcp80.dll - ok
20:42:25.0765 4132 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
20:42:25.0765 4132 C:\Windows\System32\nlaapi.dll - ok
20:42:25.0780 4132 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
20:42:25.0780 4132 C:\Windows\System32\profsvc.dll - ok
20:42:25.0796 4132 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
20:42:25.0796 4132 C:\Windows\System32\atl.dll - ok
20:42:25.0811 4132 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
20:42:25.0811 4132 C:\Windows\System32\themeservice.dll - ok
20:42:25.0827 4132 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
20:42:25.0827 4132 C:\Windows\System32\dsrole.dll - ok
20:42:25.0843 4132 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
20:42:25.0843 4132 C:\Windows\System32\slc.dll - ok
20:42:25.0889 4132 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
20:42:25.0889 4132 C:\Windows\System32\es.dll - ok
20:42:25.0905 4132 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
20:42:25.0905 4132 C:\Windows\System32\comres.dll - ok
20:42:25.0921 4132 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
20:42:25.0921 4132 C:\Windows\System32\Sens.dll - ok
20:42:25.0936 4132 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
20:42:25.0936 4132 C:\Windows\System32\uxsms.dll - ok
20:42:25.0952 4132 [ 06A754FE28A06F780A099703CFCAAA22 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
20:42:25.0952 4132 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll - ok
20:42:25.0967 4132 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
20:42:25.0967 4132 C:\Windows\System32\drivers\lltdio.sys - ok
20:42:25.0983 4132 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
20:42:25.0983 4132 C:\Windows\System32\drivers\nwifi.sys - ok
20:42:25.0999 4132 [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
20:42:25.0999 4132 C:\Windows\System32\drivers\ndisuio.sys - ok
20:42:26.0014 4132 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
20:42:26.0014 4132 C:\Windows\System32\drivers\rspndr.sys - ok
20:42:26.0030 4132 [ 9AE75388EE2C110216B8319584E8AC34 ] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll
20:42:26.0030 4132 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll - ok
20:42:26.0045 4132 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
20:42:26.0045 4132 C:\Windows\System32\lmhsvc.dll - ok
20:42:26.0061 4132 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
20:42:26.0061 4132 C:\Windows\System32\IPHLPAPI.DLL - ok
20:42:26.0077 4132 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
20:42:26.0077 4132 C:\Windows\System32\nsisvc.dll - ok
20:42:26.0108 4132 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
20:42:26.0108 4132 C:\Windows\System32\dhcpcore.dll - ok
20:42:26.0123 4132 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
20:42:26.0123 4132 C:\Windows\System32\nrpsrv.dll - ok
20:42:26.0139 4132 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
20:42:26.0139 4132 C:\Windows\System32\winnsi.dll - ok
20:42:26.0155 4132 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
20:42:26.0155 4132 C:\Windows\System32\dnsrslvr.dll - ok
20:42:26.0170 4132 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
20:42:26.0186 4132 C:\Windows\System32\keyiso.dll - ok
20:42:26.0201 4132 [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
20:42:26.0201 4132 C:\Windows\System32\eapphost.dll - ok
20:42:26.0217 4132 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
20:42:26.0217 4132 C:\Windows\System32\eapsvc.dll - ok
20:42:26.0233 4132 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
20:42:26.0233 4132 C:\Windows\System32\dhcpcore6.dll - ok
20:42:26.0233 4132 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
20:42:26.0233 4132 C:\Windows\System32\FWPUCLNT.DLL - ok
20:42:26.0248 4132 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
20:42:26.0248 4132 C:\Windows\System32\umb.dll - ok
20:42:26.0264 4132 [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
20:42:26.0264 4132 C:\Windows\System32\wlanmsm.dll - ok
20:42:26.0279 4132 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
20:42:26.0279 4132 C:\Windows\System32\wlansec.dll - ok
20:42:26.0295 4132 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
20:42:26.0295 4132 C:\Windows\System32\winmm.dll - ok
20:42:26.0311 4132 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
20:42:26.0311 4132 C:\Windows\System32\dnsext.dll - ok
20:42:26.0326 4132 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
20:42:26.0326 4132 C:\Windows\System32\dhcpcsvc.dll - ok
20:42:26.0342 4132 [ 2A9238A326763122424E07EF320D5D3A ] C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll
20:42:26.0342 4132 C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll - ok
20:42:26.0373 4132 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
20:42:26.0373 4132 C:\Windows\System32\onex.dll - ok
20:42:26.0404 4132 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
20:42:26.0404 4132 C:\Windows\System32\dhcpcsvc6.dll - ok
20:42:26.0420 4132 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
20:42:26.0420 4132 C:\Windows\System32\eappprxy.dll - ok
20:42:26.0451 4132 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
20:42:26.0451 4132 C:\Windows\System32\eappcfg.dll - ok
20:42:26.0467 4132 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
20:42:26.0467 4132 C:\Windows\System32\wlgpclnt.dll - ok
20:42:26.0482 4132 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
20:42:26.0482 4132 C:\Windows\System32\l2gpstore.dll - ok
20:42:26.0482 4132 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
20:42:26.0482 4132 C:\Windows\System32\WinSCard.dll - ok
20:42:26.0513 4132 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
20:42:26.0513 4132 C:\Windows\System32\wlanutil.dll - ok
20:42:26.0529 4132 [ 91175B7E997CFAC64F271A15B4217BC7 ] C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll
20:42:26.0529 4132 C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll - ok
20:42:26.0545 4132 [ 4FFDE68C4B7C9993FA551E7E36DDB34D ] C:\Windows\System32\msxml6.dll
20:42:26.0545 4132 C:\Windows\System32\msxml6.dll - ok
20:42:26.0560 4132 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
20:42:26.0560 4132 C:\Windows\System32\shsvcs.dll - ok
20:42:26.0576 4132 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
20:42:26.0576 4132 C:\Windows\System32\schedsvc.dll - ok
20:42:26.0591 4132 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
20:42:26.0591 4132 C:\Windows\System32\ktmw32.dll - ok
20:42:26.0607 4132 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
20:42:26.0607 4132 C:\Windows\System32\fveapi.dll - ok
20:42:26.0623 4132 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
20:42:26.0623 4132 C:\Windows\System32\tbs.dll - ok
20:42:26.0638 4132 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
20:42:26.0638 4132 C:\Windows\System32\fvecerts.dll - ok
20:42:26.0654 4132 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
20:42:26.0654 4132 C:\Windows\System32\taskcomp.dll - ok
20:42:26.0654 4132 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
20:42:26.0654 4132 C:\Windows\System32\netcfgx.dll - ok
20:42:26.0685 4132 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] C:\Windows\System32\drivers\vwifimp.sys
20:42:26.0685 4132 C:\Windows\System32\drivers\vwifimp.sys - ok
20:42:26.0701 4132 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
20:42:26.0701 4132 C:\Windows\System32\wiarpc.dll - ok
20:42:26.0716 4132 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
20:42:26.0716 4132 C:\Windows\System32\drivers\http.sys - ok
20:42:26.0732 4132 [ 9C5BF3E0541B8A2F85DF1D642E495EE4 ] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVLogOn.dll
20:42:26.0732 4132 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVLogOn.dll - ok
20:42:26.0747 4132 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
20:42:26.0747 4132 C:\Windows\System32\spoolsv.exe - ok
20:42:26.0763 4132 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
20:42:26.0763 4132 C:\Windows\System32\wdmaud.drv - ok
20:42:26.0763 4132 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
20:42:26.0763 4132 C:\Windows\System32\ksuser.dll - ok
20:42:26.0779 4132 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
20:42:26.0779 4132 C:\Windows\System32\certCredProvider.dll - ok
20:42:26.0794 4132 [ 032229246107C5C7211E6D1498B52D3D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
20:42:26.0794 4132 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
20:42:26.0810 4132 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
20:42:26.0810 4132 C:\Windows\System32\UXInit.dll - ok
20:42:26.0825 4132 [ 13EB517A22F8AE2E4A02718C163BA401 ] C:\Windows\System32\atieclxx.exe
20:42:26.0825 4132 C:\Windows\System32\atieclxx.exe - ok
20:42:26.0841 4132 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
20:42:26.0841 4132 C:\Windows\System32\rasplap.dll - ok
20:42:26.0841 4132 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
20:42:26.0841 4132 C:\Windows\System32\rasapi32.dll - ok
20:42:26.0857 4132 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
20:42:26.0857 4132 C:\Windows\System32\rasman.dll - ok
20:42:26.0872 4132 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
20:42:26.0872 4132 C:\Windows\System32\rtutils.dll - ok
20:42:26.0888 4132 [ 3449B6738794D2234ED2C3FADA85D487 ] C:\Windows\System32\atiadlxx.dll
20:42:26.0888 4132 C:\Windows\System32\atiadlxx.dll - ok
20:42:26.0903 4132 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
20:42:26.0903 4132 C:\Windows\System32\AudioSes.dll - ok
20:42:26.0935 4132 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
20:42:26.0935 4132 C:\Windows\System32\msacm32.dll - ok
20:42:26.0966 4132 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
20:42:26.0966 4132 C:\Windows\System32\msacm32.drv - ok
20:42:26.0981 4132 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
20:42:26.0981 4132 C:\Windows\System32\BFE.DLL - ok
20:42:27.0013 4132 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
20:42:27.0013 4132 C:\Windows\System32\midimap.dll - ok
20:42:27.0044 4132 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
20:42:27.0044 4132 C:\Windows\System32\oleacc.dll - ok
20:42:27.0059 4132 [ 019BDD35DE269CB98B22DE8923C2AA3B ] C:\Windows\System32\UIAutomationCore.dll
20:42:27.0059 4132 C:\Windows\System32\UIAutomationCore.dll - ok
20:42:27.0091 4132 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
20:42:27.0091 4132 C:\Windows\System32\AudioEng.dll - ok
20:42:27.0106 4132 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
20:42:27.0106 4132 C:\Windows\System32\imageres.dll - ok
20:42:27.0122 4132 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
20:42:27.0122 4132 C:\Windows\System32\AUDIOKSE.dll - ok
20:42:27.0122 4132 [ B6C244055D019CAC3FE8298DAD973D6D ] C:\Windows\System32\atimuixx.dll
20:42:27.0122 4132 C:\Windows\System32\atimuixx.dll - ok
20:42:27.0137 4132 [ 706B9A55E4B1EDD2F6C2D7A1CF37E197 ] C:\Windows\System32\RtkAPO64.dll
20:42:27.0137 4132 C:\Windows\System32\RtkAPO64.dll - ok
20:42:27.0153 4132 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
20:42:27.0153 4132 C:\Windows\System32\drivers\bowser.sys - ok
20:42:27.0169 4132 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
20:42:27.0169 4132 C:\Windows\System32\drivers\mpsdrv.sys - ok
20:42:27.0184 4132 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
20:42:27.0184 4132 C:\Windows\System32\drivers\mrxsmb.sys - ok
20:42:27.0200 4132 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
20:42:27.0200 4132 C:\Windows\System32\drivers\mrxsmb10.sys - ok
20:42:27.0215 4132 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
20:42:27.0215 4132 C:\Windows\System32\drivers\mrxsmb20.sys - ok
20:42:27.0231 4132 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
20:42:27.0231 4132 C:\Windows\System32\wkssvc.dll - ok
20:42:27.0231 4132 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
20:42:27.0231 4132 C:\Windows\System32\cryptsvc.dll - ok
20:42:27.0247 4132 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
20:42:27.0247 4132 C:\Windows\System32\cryptnet.dll - ok
20:42:27.0262 4132 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
20:42:27.0262 4132 C:\Windows\System32\dps.dll - ok
20:42:27.0278 4132 [ ECAEC5FBBBEF8612AF0A866AFA5F7EF2 ] C:\Windows\System32\RTEEL64A.dll
20:42:27.0278 4132 C:\Windows\System32\RTEEL64A.dll - ok
20:42:27.0293 4132 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
20:42:27.0293 4132 C:\Windows\System32\vssapi.dll - ok
20:42:27.0309 4132 [ A6286A6C7A1BBFCBA17AA54384A21D1C ] C:\Windows\System32\RTEED64A.dll
20:42:27.0309 4132 C:\Windows\System32\RTEED64A.dll - ok
20:42:27.0325 4132 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
20:42:27.0325 4132 C:\Windows\System32\wfapigp.dll - ok
20:42:27.0340 4132 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
20:42:27.0340 4132 C:\Windows\System32\taskschd.dll - ok
20:42:27.0356 4132 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
20:42:27.0356 4132 C:\Windows\System32\FDResPub.dll - ok
20:42:27.0371 4132 [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
20:42:27.0371 4132 C:\Windows\System32\IKEEXT.DLL - ok
20:42:27.0387 4132 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
20:42:27.0387 4132 C:\Windows\System32\WSDApi.dll - ok
20:42:27.0387 4132 [ 85B16A92B117A5A800032ECD904B86DB ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:42:27.0403 4132 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
20:42:27.0403 4132 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
20:42:27.0403 4132 C:\Windows\SysWOW64\ntdll.dll - ok
20:42:27.0418 4132 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
20:42:27.0418 4132 C:\Windows\System32\webservices.dll - ok
20:42:27.0434 4132 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
20:42:27.0434 4132 C:\Windows\System32\mscms.dll - ok
20:42:27.0449 4132 [ 15B30F15BD13640B337A0FC37BD48CDE ] C:\Windows\System32\wow64.dll
20:42:27.0449 4132 C:\Windows\System32\wow64.dll - ok
20:42:27.0465 4132 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
20:42:27.0465 4132 C:\Windows\System32\vsstrace.dll - ok
20:42:27.0481 4132 [ 2970785A72054740E1A5DCEB32485486 ] C:\Windows\System32\wow64win.dll
20:42:27.0481 4132 C:\Windows\System32\wow64win.dll - ok
20:42:27.0496 4132 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
20:42:27.0496 4132 C:\Windows\System32\fundisc.dll - ok
20:42:27.0496 4132 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
20:42:27.0496 4132 C:\Windows\System32\pcasvc.dll - ok
20:42:27.0512 4132 [ 98168B9B0656A01A321FF1BECB2C03E1 ] C:\Windows\System32\wow64cpu.dll
20:42:27.0512 4132 C:\Windows\System32\wow64cpu.dll - ok
20:42:27.0527 4132 [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
20:42:27.0527 4132 C:\Windows\System32\vpnikeapi.dll - ok
20:42:27.0543 4132 [ D4F3176082566CEFA633B4945802D4C4 ] C:\Windows\SysWOW64\kernel32.dll
20:42:27.0543 4132 C:\Windows\SysWOW64\kernel32.dll - ok
20:42:27.0559 4132 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
20:42:27.0559 4132 C:\Windows\System32\snmptrap.exe - ok
20:42:27.0574 4132 [ 10EAB90C1AE8271B5FE5A8930987EE5C ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll
20:42:27.0574 4132 C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok
20:42:27.0590 4132 [ 0978C2B33BDD0A7E6C563AA337DC8BA0 ] C:\Windows\SysWOW64\KernelBase.dll
20:42:27.0590 4132 C:\Windows\SysWOW64\KernelBase.dll - ok
20:42:27.0605 4132 [ C0F7C25EEFB1C5FD554AAA801201A83C ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
20:42:27.0605 4132 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll - ok
20:42:27.0605 4132 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
20:42:27.0605 4132 C:\Windows\SysWOW64\shlwapi.dll - ok
20:42:27.0621 4132 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
20:42:27.0621 4132 C:\Windows\SysWOW64\gdi32.dll - ok
20:42:27.0637 4132 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
20:42:27.0637 4132 C:\Windows\System32\sstpsvc.dll - ok
20:42:27.0652 4132 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
20:42:27.0652 4132 C:\Windows\SysWOW64\user32.dll - ok
20:42:27.0668 4132 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
20:42:27.0668 4132 C:\Windows\System32\provsvc.dll - ok
20:42:27.0683 4132 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
20:42:27.0683 4132 C:\Windows\SysWOW64\advapi32.dll - ok
20:42:27.0699 4132 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
20:42:27.0699 4132 C:\Windows\SysWOW64\msvcrt.dll - ok
20:42:27.0699 4132 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
20:42:27.0699 4132 C:\Windows\SysWOW64\sechost.dll - ok
20:42:27.0715 4132 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
20:42:27.0715 4132 C:\Windows\SysWOW64\rpcrt4.dll - ok
20:42:27.0730 4132 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
20:42:27.0730 4132 C:\Windows\System32\winhttp.dll - ok
20:42:27.0746 4132 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
20:42:27.0746 4132 C:\Windows\SysWOW64\cryptbase.dll - ok
20:42:27.0761 4132 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
20:42:27.0761 4132 C:\Windows\SysWOW64\lpk.dll - ok
20:42:27.0777 4132 [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
20:42:27.0777 4132 C:\Windows\SysWOW64\sspicli.dll - ok
20:42:27.0793 4132 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
20:42:27.0793 4132 C:\Windows\System32\webio.dll - ok
20:42:27.0793 4132 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll
20:42:27.0793 4132 C:\Windows\SysWOW64\usp10.dll - ok
20:42:27.0808 4132 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
20:42:27.0808 4132 C:\Windows\System32\httpapi.dll - ok
20:42:27.0824 4132 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
20:42:27.0824 4132 C:\Windows\SysWOW64\shell32.dll - ok
20:42:27.0839 4132 [ A8AD2773202A3913D1E1564BD5703183 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
20:42:27.0839 4132 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll - ok
20:42:27.0855 4132 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
20:42:27.0855 4132 C:\Windows\SysWOW64\version.dll - ok
20:42:27.0871 4132 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
20:42:27.0871 4132 C:\Windows\SysWOW64\crypt32.dll - ok
20:42:27.0871 4132 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
20:42:27.0871 4132 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
20:42:27.0886 4132 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
20:42:27.0886 4132 C:\Windows\SysWOW64\msasn1.dll - ok
20:42:27.0902 4132 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
20:42:27.0902 4132 C:\Windows\SysWOW64\nsi.dll - ok
20:42:27.0917 4132 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
20:42:27.0917 4132 C:\Windows\SysWOW64\winnsi.dll - ok
20:42:27.0933 4132 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
20:42:27.0933 4132 C:\Windows\SysWOW64\ws2_32.dll - ok
20:42:27.0949 4132 [ 0E7045E24F78351E021D3C01566DBBA3 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
20:42:27.0949 4132 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
20:42:27.0964 4132 [ 5B8580B819BE32EEC18CE1FEC52A4BCE ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
20:42:27.0964 4132 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
20:42:27.0964 4132 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
20:42:27.0980 4132 C:\Windows\SysWOW64\userenv.dll - ok
20:42:27.0980 4132 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
20:42:27.0980 4132 C:\Windows\SysWOW64\wtsapi32.dll - ok
20:42:27.0995 4132 [ 3326166011C9BC13D6A8EFD856E9921C ] C:\Windows\System32\conhost.exe
20:42:27.0995 4132 C:\Windows\System32\conhost.exe - ok
20:42:28.0011 4132 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
20:42:28.0011 4132 C:\Windows\System32\wscapi.dll - ok
20:42:28.0027 4132 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
20:42:28.0027 4132 C:\Windows\SysWOW64\profapi.dll - ok
20:42:28.0042 4132 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
20:42:28.0042 4132 C:\Windows\SysWOW64\imm32.dll - ok
20:42:28.0058 4132 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
20:42:28.0058 4132 C:\Windows\SysWOW64\msctf.dll - ok
20:42:28.0073 4132 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
20:42:28.0073 4132 C:\Windows\SysWOW64\ole32.dll - ok
20:42:28.0073 4132 [ 20E2469DB709FC675E655CEAA11BE312 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:42:28.0073 4132 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe - ok
20:42:28.0089 4132 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
20:42:28.0089 4132 C:\Windows\System32\cabinet.dll - ok
20:42:28.0105 4132 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
20:42:28.0105 4132 C:\Windows\SysWOW64\cryptsp.dll - ok
20:42:28.0120 4132 [ 8EB9DF4D405524D5EF69AE9ECB0EDD16 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll
20:42:28.0120 4132 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll - ok
20:42:28.0136 4132 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
20:42:28.0136 4132 C:\Windows\SysWOW64\rsaenh.dll - ok
20:42:28.0151 4132 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
20:42:28.0151 4132 C:\Windows\SysWOW64\mpr.dll - ok
20:42:28.0151 4132 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
20:42:28.0151 4132 C:\Windows\SysWOW64\wintrust.dll - ok
20:42:28.0167 4132 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
20:42:28.0167 4132 C:\Windows\SysWOW64\psapi.dll - ok
20:42:28.0183 4132 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
20:42:28.0183 4132 C:\Windows\System32\netman.dll - ok
20:42:28.0198 4132 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] C:\Windows\System32\drivers\NisDrvWFP.sys
20:42:28.0198 4132 C:\Windows\System32\drivers\NisDrvWFP.sys - ok
20:42:28.0214 4132 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
20:42:28.0214 4132 C:\Windows\System32\nlasvc.dll - ok
20:42:28.0229 4132 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
20:42:28.0229 4132 C:\Windows\System32\ncsi.dll - ok
20:42:28.0245 4132 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
20:42:28.0245 4132 C:\Windows\System32\drivers\PEAuth.sys - ok
20:42:28.0245 4132 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
20:42:28.0245 4132 C:\Windows\System32\aepic.dll - ok
20:42:28.0261 4132 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
20:42:28.0261 4132 C:\Windows\System32\ssdpapi.dll - ok
20:42:28.0276 4132 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
20:42:28.0276 4132 C:\Windows\System32\drivers\secdrv.sys - ok
20:42:28.0292 4132 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
20:42:28.0292 4132 C:\Windows\System32\sfc.dll - ok
20:42:28.0307 4132 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
20:42:28.0307 4132 C:\Windows\System32\sfc_os.dll - ok
20:42:28.0323 4132 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
20:42:28.0323 4132 C:\Windows\System32\p2pcollab.dll - ok
20:42:28.0339 4132 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
20:42:28.0339 4132 C:\Windows\System32\drivers\srvnet.sys - ok
20:42:28.0339 4132 [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
20:42:28.0339 4132 C:\Windows\System32\seclogon.dll - ok
20:42:28.0354 4132 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
20:42:28.0354 4132 C:\Windows\System32\sysmain.dll - ok
20:42:28.0370 4132 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
20:42:28.0370 4132 C:\Windows\System32\wiaservc.dll - ok
20:42:28.0385 4132 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
20:42:28.0385 4132 C:\Windows\System32\tapisrv.dll - ok
20:42:28.0401 4132 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
20:42:28.0401 4132 C:\Windows\System32\drivers\tcpipreg.sys - ok
20:42:28.0417 4132 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
20:42:28.0417 4132 C:\Windows\System32\QAGENTRT.DLL - ok
20:42:28.0417 4132 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
20:42:28.0417 4132 C:\Windows\System32\wiatrace.dll - ok
20:42:28.0432 4132 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
20:42:28.0432 4132 C:\Windows\System32\fveui.dll - ok
20:42:28.0448 4132 [ CA9E3BD4752FA2C084F5CD35FD8D0025 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
20:42:28.0448 4132 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
20:42:28.0463 4132 [ B6D6886149573278CBA6ABD44C4317F5 ] C:\Windows\System32\slwga.dll
20:42:28.0463 4132 C:\Windows\System32\slwga.dll - ok
20:42:28.0479 4132 [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll
20:42:28.0479 4132 C:\Windows\System32\sppc.dll - ok
20:42:28.0495 4132 [ 0B4734AE9EC70B843DF02E7B1C056377 ] C:\Windows\System32\ThpSrv.exe
20:42:28.0495 4132 C:\Windows\System32\ThpSrv.exe - ok
20:42:28.0510 4132 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] C:\Windows\System32\TODDSrv.exe
20:42:28.0510 4132 C:\Windows\System32\TODDSrv.exe - ok
20:42:28.0510 4132 [ 1C73689B900428C7D054A41C4687F55C ] C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:42:28.0526 4132 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe - ok
20:42:28.0526 4132 [ 3EAE925DCD7D2704982BBCA4DC7EAE7E ] C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll
20:42:28.0526 4132 C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll - ok
20:42:28.0541 4132 [ D1103CFC8D7EA09ED22536EC301603F9 ] C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll
20:42:28.0541 4132 C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll - ok
20:42:28.0557 4132 [ DF5246F51E8557E20D40B3641CAE57B7 ] C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll
20:42:28.0557 4132 C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll - ok
20:42:28.0573 4132 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
20:42:28.0573 4132 C:\Windows\System32\winspool.drv - ok
20:42:28.0588 4132 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
20:42:28.0588 4132 C:\Windows\System32\aeevts.dll - ok
20:42:28.0604 4132 [ 2BACD71123F42CEA603F4E205E1AE337 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:42:28.0604 4132 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
20:42:28.0619 4132 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
20:42:28.0619 4132 C:\Windows\System32\trkwks.dll - ok
20:42:28.0635 4132 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
20:42:28.0635 4132 C:\Windows\System32\wbem\WMIsvc.dll - ok
20:42:28.0635 4132 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
20:42:28.0651 4132 C:\Windows\System32\wbemcomn.dll - ok
20:42:28.0651 4132 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
20:42:28.0651 4132 C:\Windows\System32\wbem\WinMgmtR.dll - ok
20:42:28.0666 4132 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
20:42:28.0666 4132 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
20:42:28.0682 4132 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
20:42:28.0682 4132 C:\Windows\System32\wbem\fastprox.dll - ok
20:42:28.0697 4132 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
20:42:28.0697 4132 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
20:42:28.0713 4132 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
20:42:28.0713 4132 C:\Windows\System32\SensApi.dll - ok
20:42:28.0713 4132 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
20:42:28.0713 4132 C:\Windows\System32\wer.dll - ok
20:42:28.0729 4132 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
20:42:28.0729 4132 C:\Windows\System32\ntdsapi.dll - ok
20:42:28.0744 4132 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
20:42:28.0744 4132 C:\Windows\System32\wbem\wbemprox.dll - ok
20:42:28.0760 4132 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
20:42:28.0760 4132 C:\Windows\System32\drivers\srv2.sys - ok
20:42:28.0775 4132 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
20:42:28.0775 4132 C:\Windows\System32\iphlpsvc.dll - ok
20:42:28.0791 4132 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
20:42:28.0791 4132 C:\Windows\System32\drivers\srv.sys - ok
20:42:28.0807 4132 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
20:42:28.0807 4132 C:\Windows\System32\sqmapi.dll - ok
20:42:28.0822 4132 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
20:42:28.0822 4132 C:\Windows\System32\wdscore.dll - ok
20:42:28.0822 4132 [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
20:42:28.0822 4132 C:\Windows\System32\rasmans.dll - ok
20:42:28.0838 4132 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
20:42:28.0838 4132 C:\Windows\System32\wbem\wbemcore.dll - ok
20:42:28.0853 4132 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
20:42:28.0853 4132 C:\Windows\System32\wbem\esscli.dll - ok
20:42:28.0869 4132 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
20:42:28.0869 4132 C:\Windows\System32\wbem\wbemsvc.dll - ok
20:42:28.0885 4132 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
20:42:28.0885 4132 C:\Windows\System32\srvsvc.dll - ok
20:42:28.0900 4132 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
20:42:28.0900 4132 C:\Windows\System32\browser.dll - ok
20:42:28.0916 4132 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
20:42:28.0916 4132 C:\Windows\System32\netmsg.dll - ok
20:42:28.0931 4132 [ 079FD1D59EAD19270C979AF174D881A3 ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
20:42:28.0931 4132 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
20:42:28.0931 4132 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
20:42:28.0931 4132 C:\Windows\System32\rastapi.dll - ok
20:42:28.0947 4132 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
20:42:28.0947 4132 C:\Windows\System32\tapi32.dll - ok
20:42:28.0963 4132 [ 0B2D65FDDE31069299AA6330F359FF9C ] C:\Windows\System32\msxml3.dll
20:42:28.0963 4132 C:\Windows\System32\msxml3.dll - ok
20:42:28.0978 4132 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
20:42:28.0978 4132 C:\Windows\System32\hnetcfg.dll - ok
20:42:28.0994 4132 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
20:42:28.0994 4132 C:\Windows\System32\wbem\wmiutils.dll - ok
20:42:29.0009 4132 [ 2A46FFE841EC43001D5A293A54DB34DE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
20:42:29.0009 4132 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
20:42:29.0025 4132 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
20:42:29.0025 4132 C:\Windows\System32\wbem\repdrvfs.dll - ok
20:42:29.0025 4132 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
20:42:29.0025 4132 C:\Windows\System32\sscore.dll - ok
20:42:29.0041 4132 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
20:42:29.0041 4132 C:\Windows\System32\clusapi.dll - ok
20:42:29.0056 4132 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
20:42:29.0056 4132 C:\Windows\System32\resutils.dll - ok
20:42:29.0072 4132 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
20:42:29.0072 4132 C:\Windows\System32\nci.dll - ok
20:42:29.0087 4132 [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
20:42:29.0087 4132 C:\Windows\System32\unimdm.tsp - ok
20:42:29.0103 4132 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
20:42:29.0103 4132 C:\Windows\System32\uniplat.dll - ok
20:42:29.0119 4132 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
20:42:29.0119 4132 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
20:42:29.0119 4132 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
20:42:29.0119 4132 C:\Windows\System32\kmddsp.tsp - ok
20:42:29.0150 4132 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
20:42:29.0150 4132 C:\Windows\System32\hidphone.tsp - ok
20:42:29.0150 4132 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
20:42:29.0150 4132 C:\Windows\System32\ndptsp.tsp - ok
20:42:29.0165 4132 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
20:42:29.0165 4132 C:\Windows\System32\ncobjapi.dll - ok
20:42:29.0181 4132 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
20:42:29.0181 4132 C:\Windows\System32\wbem\wbemess.dll - ok
20:42:29.0197 4132 [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
20:42:29.0197 4132 C:\Windows\System32\rasppp.dll - ok
20:42:29.0197 4132 [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
20:42:29.0212 4132 C:\Windows\System32\vpnike.dll - ok
20:42:29.0228 4132 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
20:42:29.0228 4132 C:\Windows\System32\raschap.dll - ok
20:42:29.0228 4132 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
20:42:29.0228 4132 C:\Windows\System32\ipnathlp.dll - ok
20:42:29.0243 4132 [ AFB5B500AD69E24ED1BC15D1161641EF ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
20:42:29.0243 4132 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
20:42:29.0259 4132 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
20:42:29.0259 4132 C:\Windows\System32\mprapi.dll - ok
20:42:29.0275 4132 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
20:42:29.0275 4132 C:\Windows\System32\rasadhlp.dll - ok
20:42:29.0290 4132 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
20:42:29.0290 4132 C:\Windows\System32\localspl.dll - ok
20:42:29.0306 4132 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
20:42:29.0306 4132 C:\Windows\System32\netshell.dll - ok
20:42:29.0321 4132 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
20:42:29.0321 4132 C:\Windows\System32\spoolss.dll - ok
20:42:29.0337 4132 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
20:42:29.0337 4132 C:\Windows\System32\PrintIsolationProxy.dll - ok
20:42:29.0337 4132 [ 5F552F1DD619482E9F37A17914B0B5CD ] C:\Windows\System32\KMPJL64.DLL
20:42:29.0337 4132 C:\Windows\System32\KMPJL64.DLL - ok
20:42:29.0353 4132 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
20:42:29.0353 4132 C:\Windows\System32\FXSMON.dll - ok
20:42:29.0368 4132 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
20:42:29.0368 4132 C:\Windows\System32\tcpmon.dll - ok
20:42:29.0384 4132 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
20:42:29.0384 4132 C:\Windows\System32\snmpapi.dll - ok
20:42:29.0399 4132 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
20:42:29.0399 4132 C:\Windows\System32\wsnmp32.dll - ok
20:42:29.0415 4132 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
20:42:29.0415 4132 C:\Windows\System32\usbmon.dll - ok
20:42:29.0431 4132 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
20:42:29.0431 4132 C:\Windows\System32\WSDMon.dll - ok
20:42:29.0431 4132 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
20:42:29.0431 4132 C:\Windows\System32\fdPnp.dll - ok
20:42:29.0446 4132 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
20:42:29.0446 4132 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
20:42:29.0462 4132 [ 548CB980D7876E207CC9F8B60C1587A3 ] C:\Windows\System32\win32spl.dll
20:42:29.0462 4132 C:\Windows\System32\win32spl.dll - ok
20:42:29.0477 4132 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
20:42:29.0477 4132 C:\Windows\System32\inetpp.dll - ok
20:42:29.0493 4132 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
20:42:29.0493 4132 C:\Windows\System32\cscapi.dll - ok
20:42:29.0509 4132 [ 79E80B10FE8F6662E0C9162A68C43444 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
20:42:29.0509 4132 C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
20:42:29.0509 4132 [ 132045285DCC8654C14F1CFB4A8DCDA1 ] C:\Program Files\Microsoft Security Client\NisLog.dll
20:42:29.0509 4132 C:\Program Files\Microsoft Security Client\NisLog.dll - ok
20:42:29.0524 4132 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
20:42:29.0524 4132 C:\Windows\System32\npmproxy.dll - ok
20:42:29.0540 4132 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
20:42:29.0540 4132 C:\Windows\System32\wdi.dll - ok
20:42:29.0555 4132 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
20:42:29.0555 4132 C:\Windows\System32\hidserv.dll - ok
20:42:29.0571 4132 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
20:42:29.0571 4132 C:\Windows\System32\perftrack.dll - ok
20:42:29.0587 4132 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
20:42:29.0587 4132 C:\Windows\System32\wpdbusenum.dll - ok
20:42:29.0602 4132 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
20:42:29.0602 4132 C:\Windows\System32\PortableDeviceApi.dll - ok
20:42:29.0618 4132 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
20:42:29.0618 4132 C:\Windows\System32\diagperf.dll - ok
20:42:29.0633 4132 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
20:42:29.0633 4132 C:\Windows\System32\IPSECSVC.DLL - ok
20:42:29.0649 4132 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
20:42:29.0649 4132 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
20:42:29.0649 4132 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
20:42:29.0649 4132 C:\Windows\System32\FwRemoteSvr.dll - ok
20:42:29.0665 4132 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
20:42:29.0665 4132 C:\Windows\System32\pnpts.dll - ok
20:42:29.0680 4132 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
20:42:29.0680 4132 C:\Windows\System32\wdiasqmmodule.dll - ok
20:42:29.0696 4132 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
20:42:29.0696 4132 C:\Windows\System32\ndiscapCfg.dll - ok
20:42:29.0711 4132 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
20:42:29.0711 4132 C:\Windows\System32\rascfg.dll - ok
20:42:29.0727 4132 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
20:42:29.0727 4132 C:\Windows\System32\Apphlpdm.dll - ok
20:42:29.0727 4132 [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
20:42:29.0727 4132 C:\Windows\System32\mprmsg.dll - ok
20:42:29.0743 4132 [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
20:42:29.0743 4132 C:\Windows\System32\tcpipcfg.dll - ok
20:42:29.0758 4132 [ 20C7F2ADAE249D6708941BC8CDD9735F ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77F67CFE-288D-4114-A80D-58BEE4B72677}\gapaengine.dll
20:42:29.0758 4132 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77F67CFE-288D-4114-A80D-58BEE4B72677}\gapaengine.dll - ok
20:42:29.0774 4132 [ D729084195C952B7ED14AA6DA4B44DCA ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77F67CFE-288D-4114-A80D-58BEE4B72677}\nisfull.vdm
20:42:29.0774 4132 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77F67CFE-288D-4114-A80D-58BEE4B72677}\nisfull.vdm - ok
20:42:29.0789 4132 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
20:42:29.0789 4132 C:\Windows\System32\NapiNSP.dll - ok
20:42:29.0805 4132 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
20:42:29.0805 4132 C:\Windows\System32\pnrpnsp.dll - ok
20:42:29.0821 4132 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
20:42:29.0821 4132 C:\Windows\System32\winrnr.dll - ok
20:42:29.0821 4132 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
20:42:29.0821 4132 C:\Program Files\Windows Defender\MpClient.dll - ok
20:42:29.0836 4132 [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll
20:42:29.0836 4132 C:\Windows\System32\tdh.dll - ok
20:42:29.0852 4132 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
20:42:29.0852 4132 C:\Windows\System32\pnidui.dll - ok
20:42:29.0867 4132 [ 517110BD83835338C037269E603DB55D ] C:\Windows\System32\taskhost.exe
20:42:29.0867 4132 C:\Windows\System32\taskhost.exe - ok
20:42:29.0883 4132 [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
20:42:29.0883 4132 C:\Windows\System32\wmp.dll - ok
20:42:29.0899 4132 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
20:42:29.0899 4132 C:\Windows\System32\dimsjob.dll - ok
20:42:29.0914 4132 [ AC0C9CEA1218DAB1994AF8B28E680BD9 ] C:\Windows\System32\wlaninst.dll
20:42:29.0914 4132 C:\Windows\System32\wlaninst.dll - ok
20:42:29.0914 4132 [ 5A406C9C8E0880D3EABADC5DFD1ACDAE ] C:\Windows\System32\wwaninst.dll
20:42:29.0914 4132 C:\Windows\System32\wwaninst.dll - ok
20:42:29.0930 4132 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
20:42:29.0930 4132 C:\Windows\System32\pautoenr.dll - ok
20:42:29.0945 4132 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
20:42:29.0945 4132 C:\Windows\System32\certcli.dll - ok
20:42:29.0961 4132 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
20:42:29.0961 4132 C:\Windows\System32\CertEnroll.dll - ok
20:42:29.0977 4132 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
20:42:29.0977 4132 C:\Windows\System32\radardt.dll - ok
20:42:29.0992 4132 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
20:42:29.0992 4132 C:\Windows\System32\dllhost.exe - ok
20:42:29.0992 4132 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
20:42:29.0992 4132 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
20:42:30.0008 4132 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
20:42:30.0008 4132 C:\Windows\System32\IDStore.dll - ok
20:42:30.0023 4132 [ D8DAD1E59B580BE2F5C079BCCE33EA96 ] C:\Windows\System32\KBDKOR.DLL
20:42:30.0023 4132 C:\Windows\System32\KBDKOR.DLL - ok
20:42:30.0039 4132 [ 4F5A3681A762FBCCC5A02D2DB3A04A79 ] C:\Windows\System32\kbd101a.dll
20:42:30.0039 4132 C:\Windows\System32\kbd101a.dll - ok
20:42:30.0055 4132 [ 06F85BA017A3D9B955AC7A00525ACF6B ] C:\Windows\System32\kbd103.dll
20:42:30.0055 4132 C:\Windows\System32\kbd103.dll - ok
20:42:30.0070 4132 [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
20:42:30.0070 4132 C:\Windows\System32\taskeng.exe - ok
20:42:30.0086 4132 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
20:42:30.0086 4132 C:\Windows\System32\PlaySndSrv.dll - ok
20:42:30.0101 4132 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
20:42:30.0101 4132 C:\Windows\System32\AtBroker.exe - ok
20:42:30.0101 4132 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
20:42:30.0101 4132 C:\Windows\System32\dssenh.dll - ok
20:42:30.0117 4132 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
20:42:30.0117 4132 C:\Windows\System32\mpr.dll - ok
20:42:30.0133 4132 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
20:42:30.0133 4132 C:\Windows\System32\MsCtfMonitor.dll - ok
20:42:30.0148 4132 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
20:42:30.0148 4132 C:\Windows\System32\msutb.dll - ok
20:42:30.0164 4132 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
20:42:30.0164 4132 C:\Windows\System32\userinit.exe - ok
20:42:30.0179 4132 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
20:42:30.0179 4132 C:\Windows\System32\dwm.exe - ok
20:42:30.0195 4132 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
20:42:30.0195 4132 C:\Windows\System32\TSChannel.dll - ok
20:42:30.0195 4132 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
20:42:30.0195 4132 C:\Windows\System32\dwmredir.dll - ok
20:42:30.0211 4132 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
20:42:30.0211 4132 C:\Windows\System32\HotStartUserAgent.dll - ok
20:42:30.0226 4132 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:42:30.0226 4132 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
20:42:30.0242 4132 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
20:42:30.0242 4132 C:\Windows\System32\dwmcore.dll - ok
20:42:30.0257 4132 [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
20:42:30.0257 4132 C:\Windows\System32\d3d10_1.dll - ok
20:42:30.0273 4132 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
20:42:30.0273 4132 C:\Windows\System32\d3d10_1core.dll - ok
20:42:30.0273 4132 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
20:42:30.0273 4132 C:\Windows\System32\dxgi.dll - ok
20:42:30.0289 4132 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll
20:42:30.0289 4132 C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll - ok
20:42:30.0304 4132 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
20:42:30.0304 4132 C:\Windows\explorer.exe - ok
20:42:30.0320 4132 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
20:42:30.0320 4132 C:\Windows\SysWOW64\netapi32.dll - ok
20:42:30.0335 4132 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
20:42:30.0335 4132 C:\Windows\SysWOW64\netutils.dll - ok
20:42:30.0351 4132 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
20:42:30.0351 4132 C:\Windows\SysWOW64\srvcli.dll - ok
20:42:30.0367 4132 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
20:42:30.0367 4132 C:\Windows\SysWOW64\wkscli.dll - ok
20:42:30.0382 4132 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
20:42:30.0382 4132 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
20:42:30.0382 4132 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
20:42:30.0382 4132 C:\Windows\System32\ExplorerFrame.dll - ok
20:42:30.0398 4132 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
20:42:30.0398 4132 C:\Windows\SysWOW64\imagehlp.dll - ok
20:42:30.0413 4132 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
20:42:30.0413 4132 C:\Windows\SysWOW64\msi.dll - ok
20:42:30.0429 4132 [ B4AC3953C16443158DCA772F187DF92C ] C:\Windows\System32\aticfx64.dll
20:42:30.0429 4132 C:\Windows\System32\aticfx64.dll - ok
20:42:30.0445 4132 [ 1D8FF340333F3D023668467574523FCF ] C:\Windows\System32\atiuxp64.dll
20:42:30.0445 4132 C:\Windows\System32\atiuxp64.dll - ok
20:42:30.0460 4132 [ 9E8CFD920F2D542FA9FE9FBD142C2B0A ] C:\Windows\System32\atidxx64.dll
20:42:30.0460 4132 C:\Windows\System32\atidxx64.dll - ok
20:42:30.0476 4132 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\SysWOW64\wininet.dll
20:42:30.0476 4132 C:\Windows\SysWOW64\wininet.dll - ok
20:42:30.0491 4132 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\SysWOW64\iertutil.dll
20:42:30.0491 4132 C:\Windows\SysWOW64\iertutil.dll - ok
20:42:30.0507 4132 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\SysWOW64\urlmon.dll
20:42:30.0507 4132 C:\Windows\SysWOW64\urlmon.dll - ok
20:42:30.0507 4132 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
20:42:30.0507 4132 C:\Windows\System32\uDWM.dll - ok
20:42:30.0523 4132 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
20:42:30.0523 4132 C:\Windows\SysWOW64\oleaut32.dll - ok
20:42:30.0538 4132 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
20:42:30.0538 4132 C:\Windows\System32\EhStorShell.dll - ok
20:42:30.0554 4132 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
20:42:30.0554 4132 C:\Windows\System32\ntshrui.dll - ok
20:42:30.0569 4132 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
20:42:30.0569 4132 C:\Windows\SysWOW64\cscapi.dll - ok
20:42:30.0569 4132 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
20:42:30.0585 4132 C:\Windows\System32\IconCodecService.dll - ok
20:42:30.0585 4132 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
20:42:30.0585 4132 C:\Windows\SysWOW64\ntmarta.dll - ok
20:42:30.0601 4132 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
20:42:30.0601 4132 C:\Windows\SysWOW64\Wldap32.dll - ok
20:42:30.0616 4132 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
20:42:30.0616 4132 C:\Windows\SysWOW64\dbghelp.dll - ok
20:42:30.0632 4132 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
20:42:30.0632 4132 C:\Windows\System32\appinfo.dll - ok
20:42:30.0647 4132 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
20:42:30.0647 4132 C:\Windows\SysWOW64\apphelp.dll - ok
20:42:30.0663 4132 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
20:42:30.0663 4132 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
20:42:30.0679 4132 [ 41938F2C1642459CBBA691B5DBD6395A ] C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
20:42:30.0679 4132 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe - ok
20:42:30.0694 4132 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
20:42:30.0694 4132 C:\Windows\SysWOW64\clbcatq.dll - ok
20:42:30.0694 4132 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll
20:42:30.0694 4132 C:\Windows\SysWOW64\mstask.dll - ok
20:42:30.0710 4132 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
20:42:30.0710 4132 C:\Windows\System32\dbghelp.dll - ok
20:42:30.0725 4132 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
20:42:30.0725 4132 C:\Windows\System32\runonce.exe - ok
20:42:30.0741 4132 [ 198803E5E93E29967DFB0BCFD0186151 ] C:\Windows\System32\spfileq.dll
20:42:30.0741 4132 C:\Windows\System32\spfileq.dll - ok
20:42:30.0757 4132 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
20:42:30.0757 4132 C:\Windows\SysWOW64\runonce.exe - ok
20:42:30.0772 4132 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
20:42:30.0772 4132 C:\Windows\SysWOW64\uxtheme.dll - ok
20:42:30.0788 4132 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
20:42:30.0788 4132 C:\Windows\SysWOW64\setupapi.dll - ok
20:42:30.0788 4132 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
20:42:30.0788 4132 C:\Windows\SysWOW64\cfgmgr32.dll - ok
20:42:30.0803 4132 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
20:42:30.0803 4132 C:\Windows\SysWOW64\devobj.dll - ok
20:42:30.0819 4132 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
20:42:30.0819 4132 C:\Windows\SysWOW64\propsys.dll - ok
20:42:30.0835 4132 [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
20:42:30.0835 4132 C:\Windows\SysWOW64\secur32.dll - ok
20:42:30.0850 4132 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
20:42:30.0850 4132 C:\Windows\SysWOW64\cmd.exe - ok
20:42:30.0850 4132 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
20:42:30.0866 4132 C:\Windows\SysWOW64\winbrand.dll - ok
20:42:30.0866 4132 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\SysWOW64\ieframe.dll
20:42:30.0866 4132 C:\Windows\SysWOW64\ieframe.dll - ok
20:42:30.0881 4132 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
20:42:30.0881 4132 C:\Windows\SysWOW64\oleacc.dll - ok
20:42:30.0897 4132 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
20:42:30.0897 4132 C:\Windows\SysWOW64\shdocvw.dll - ok
20:42:30.0913 4132 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
20:42:30.0913 4132 C:\Windows\System32\aelupsvc.dll - ok
20:42:30.0928 4132 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Jessie\AppData\Local\Temp\5835B753-77E9-4CCC-8C49-13C515CA3676.exe
20:42:30.0928 4132 C:\Users\Jessie\AppData\Local\Temp\5835B753-77E9-4CCC-8C49-13C515CA3676.exe - ok
20:42:30.0944 4132 [ 591FE0A6CEB19BF886CEB1331F591940 ] C:\Windows\SysWOW64\ncrypt.dll
20:42:30.0944 4132 C:\Windows\SysWOW64\ncrypt.dll - ok
20:42:30.0959 4132 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
20:42:30.0959 4132 C:\Windows\SysWOW64\bcrypt.dll - ok
20:42:30.0975 4132 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
20:42:30.0975 4132 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
20:42:30.0975 4132 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
20:42:30.0975 4132 C:\Windows\SysWOW64\gpapi.dll - ok
20:42:30.0991 4132 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
20:42:30.0991 4132 C:\Windows\SysWOW64\cryptnet.dll - ok
20:42:31.0006 4132 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
20:42:31.0006 4132 C:\Windows\SysWOW64\SensApi.dll - ok
20:42:31.0022 4132 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
20:42:31.0022 4132 C:\Windows\SysWOW64\winhttp.dll - ok
20:42:31.0037 4132 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
20:42:31.0037 4132 C:\Windows\SysWOW64\webio.dll - ok
20:42:31.0053 4132 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
20:42:31.0053 4132 C:\Windows\SysWOW64\credssp.dll - ok
20:42:31.0053 4132 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
20:42:31.0053 4132 C:\Windows\SysWOW64\mswsock.dll - ok
20:42:31.0069 4132 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
20:42:31.0069 4132 C:\Windows\SysWOW64\wship6.dll - ok
20:42:31.0084 4132 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
20:42:31.0084 4132 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
20:42:31.0100 4132 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
20:42:31.0100 4132 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
20:42:31.0115 4132 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
20:42:31.0115 4132 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
20:42:31.0131 4132 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
20:42:31.0131 4132 C:\Windows\SysWOW64\dnsapi.dll - ok
20:42:31.0147 4132 [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
20:42:31.0147 4132 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
20:42:31.0147 4132 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
20:42:31.0147 4132 C:\Windows\SysWOW64\rasadhlp.dll - ok
20:42:31.0162 4132 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
20:42:31.0162 4132 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
20:42:31.0178 4132 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
20:42:31.0178 4132 C:\Windows\System32\rasdlg.dll - ok
20:42:31.0193 4132 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
20:42:31.0193 4132 C:\Windows\SysWOW64\dwmapi.dll - ok
20:42:31.0209 4132 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
20:42:31.0209 4132 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
20:42:31.0225 4132 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
20:42:31.0225 4132 C:\Windows\SysWOW64\EhStorShell.dll - ok
20:42:31.0240 4132 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
20:42:31.0240 4132 C:\Windows\SysWOW64\ntshrui.dll - ok
20:42:31.0256 4132 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
20:42:31.0256 4132 C:\Windows\SysWOW64\slc.dll - ok
20:42:31.0256 4132 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
20:42:31.0256 4132 C:\Windows\SysWOW64\imageres.dll - ok
20:42:31.0271 4132 [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\SysWOW64\IconCodecService.dll
20:42:31.0271 4132 C:\Windows\SysWOW64\IconCodecService.dll - ok
20:42:31.0287 4132 [ FCE23E27F62989AD0BB88E256E847A41 ] C:\Windows\System32\CertPolEng.dll
20:42:31.0287 4132 C:\Windows\System32\CertPolEng.dll - ok
20:42:31.0303 4132 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
20:42:31.0303 4132 C:\Windows\SysWOW64\sfc.dll - ok
20:42:31.0318 4132 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
20:42:31.0318 4132 C:\Windows\SysWOW64\sfc_os.dll - ok
20:42:31.0334 4132 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
20:42:31.0334 4132 C:\Windows\SysWOW64\devrtl.dll - ok
20:42:31.0349 4132 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
20:42:31.0349 4132 C:\Windows\System32\ie4uinit.exe - ok
20:42:31.0365 4132 [ 2C647ABE9A424E55B5F3DAE4629B4277 ] C:\Windows\System32\themeui.dll
20:42:31.0365 4132 C:\Windows\System32\themeui.dll - ok
20:42:31.0365 4132 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
20:42:31.0365 4132 C:\Windows\System32\timedate.cpl - ok
20:42:31.0381 4132 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
20:42:31.0381 4132 C:\Windows\System32\actxprxy.dll - ok
20:42:31.0396 4132 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
20:42:31.0396 4132 C:\Windows\System32\shdocvw.dll - ok
20:42:31.0412 4132 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
20:42:31.0412 4132 C:\Windows\System32\linkinfo.dll - ok
20:42:31.0427 4132 [ 661CEEDE98A2E0E5CDD7DE239EB38353 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
20:42:31.0427 4132 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
20:42:31.0443 4132 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
20:42:31.0443 4132 C:\Windows\System32\msftedit.dll - ok
20:42:31.0459 4132 [ 3504B34CD2DE00BA3CC1A195F1B739BD ] C:\Windows\System32\gameux.dll
20:42:31.0459 4132 C:\Windows\System32\gameux.dll - ok
20:42:31.0474 4132 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
20:42:31.0474 4132 C:\Windows\System32\msls31.dll - ok
20:42:31.0474 4132 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
20:42:31.0474 4132 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
20:42:31.0490 4132 [ BCFF8CD24809941E28C73185FC58CA39 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:42:31.0490 4132 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - ok
20:42:31.0505 4132 [ 0BE126224273ACB0925C07B30A0E4209 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
20:42:31.0505 4132 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe - ok
20:42:31.0521 4132 [ 439669E153EF11FA16861EC33D4AFC81 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
20:42:31.0521 4132 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
20:42:31.0537 4132 [ C5BCAB2B9BD316DDFD53D4CB5E1C438D ] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
20:42:31.0537 4132 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe - ok
20:42:31.0552 4132 [ DC604BBAF9F613D150CC6060E0E47788 ] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
20:42:31.0552 4132 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe - ok
20:42:31.0568 4132 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
20:42:31.0568 4132 C:\Windows\System32\msiltcfg.dll - ok
20:42:31.0583 4132 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
20:42:31.0583 4132 C:\Windows\System32\DeviceCenter.dll - ok
20:42:31.0583 4132 [ DFD8F75F0E27D522AB8424AD71719C8B ] C:\Program Files\TOSHIBA\TBS\HSON.exe
20:42:31.0583 4132 C:\Program Files\TOSHIBA\TBS\HSON.exe - ok
20:42:31.0599 4132 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
20:42:31.0599 4132 C:\Windows\System32\msi.dll - ok
20:42:31.0615 4132 [ D70D6B42933C1174FE961F0BCA3573A3 ] C:\Program Files\TOSHIBA\FlashCards\TCrdEvnt.dll
20:42:31.0615 4132 C:\Program Files\TOSHIBA\FlashCards\TCrdEvnt.dll - ok
20:42:31.0630 4132 [ 585FED4CDB8034B8B58AEB8008255817 ] C:\Windows\System32\opengl32.dll
20:42:31.0630 4132 C:\Windows\System32\opengl32.dll - ok
20:42:31.0646 4132 [ 76849AB697E63D85CC35DD2F8AEA1C6B ] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.dll
20:42:31.0646 4132 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.dll - ok
20:42:31.0661 4132 [ 565E25C82AAE17EA97884B43F05A720E ] C:\Windows\System32\SynCOM.dll
20:42:31.0661 4132 C:\Windows\System32\SynCOM.dll - ok
20:42:31.0677 4132 [ F2967C0A97C0EA67D79D7F557213950D ] C:\Windows\System32\glu32.dll
20:42:31.0677 4132 C:\Windows\System32\glu32.dll - ok
20:42:31.0677 4132 [ 0F042176F243D71C552E9D07D2FCB141 ] C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
20:42:31.0693 4132 C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll - ok
20:42:31.0693 4132 [ 4936B83586C1F81630AE9C8EED6E356A ] C:\Windows\System32\SynTPAPI.dll
20:42:31.0693 4132 C:\Windows\System32\SynTPAPI.dll - ok
20:42:31.0708 4132 [ A6C09924C6730DE8DEED9890A12AA691 ] C:\Windows\System32\ddraw.dll
20:42:31.0708 4132 C:\Windows\System32\ddraw.dll - ok
20:42:31.0724 4132 [ EFE8A50B9AE0205D399E94E89E244E65 ] C:\Program Files\TOSHIBA\Power Saver\TCooling.dll
20:42:31.0724 4132 C:\Program Files\TOSHIBA\Power Saver\TCooling.dll - ok
20:42:31.0739 4132 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
20:42:31.0739 4132 C:\Windows\System32\thumbcache.dll - ok
20:42:31.0755 4132 [ 6B8966ECB093271DE794286850432225 ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
20:42:31.0755 4132 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
20:42:31.0771 4132 [ 29C22748937F45C26590909E9F8E7137 ] C:\Windows\System32\dciman32.dll
20:42:31.0771 4132 C:\Windows\System32\dciman32.dll - ok
20:42:31.0786 4132 [ E542A10321E884C2C50290AC67E82DAE ] C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll
20:42:31.0786 4132 C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll - ok
20:42:31.0802 4132 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
20:42:31.0802 4132 C:\Windows\System32\networkexplorer.dll - ok
20:42:31.0802 4132 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
20:42:31.0802 4132 C:\Windows\System32\msimg32.dll - ok
20:42:31.0817 4132 [ F82483A80D49ACCA81193A294FB233CD ] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
20:42:31.0817 4132 C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe - ok
20:42:31.0833 4132 [ 60FB378B6D1C80DC69DD80F8E05D4346 ] C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll
20:42:31.0833 4132 C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll - ok
20:42:31.0849 4132 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
20:42:31.0849 4132 C:\Windows\System32\oledlg.dll - ok
20:42:31.0864 4132 [ 0B5511674394666E9D221F8681B2C2E6 ] C:\Windows\System32\consent.exe
20:42:31.0864 4132 C:\Windows\System32\consent.exe - ok
20:42:31.0864 4132 [ B3F4982BD2542AB40AFA6D6E695E5E06 ] C:\Program Files\TOSHIBA\Power Saver\TPwrBrightness.dll
20:42:31.0864 4132 C:\Program Files\TOSHIBA\Power Saver\TPwrBrightness.dll - ok
20:42:31.0880 4132 [ 0805289E121F3E3C458C970B08314EB2 ] C:\Windows\System32\RtkCfg64.dll
20:42:31.0880 4132 C:\Windows\System32\RtkCfg64.dll - ok
20:42:31.0895 4132 [ F164E175B6092D3BA0DC7056487717BC ] C:\Program Files\TOSHIBA\Power Saver\T1394Pwr.dll
20:42:31.0895 4132 C:\Program Files\TOSHIBA\Power Saver\T1394Pwr.dll - ok
20:42:31.0911 4132 [ E436C2E89416F31699F2A3CA79DDC095 ] C:\Program Files\TOSHIBA\Power Saver\TKBLEDPwr.dll
20:42:31.0911 4132 C:\Program Files\TOSHIBA\Power Saver\TKBLEDPwr.dll - ok
20:42:31.0927 4132 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
20:42:31.0927 4132 C:\Windows\System32\drprov.dll - ok
20:42:31.0942 4132 [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
20:42:31.0942 4132 C:\Windows\System32\ntlanman.dll - ok
20:42:31.0958 4132 [ C4CA3DBBCEC3136D37DA20B50291E63A ] C:\Program Files\TOSHIBA\Power Saver\TSDPwr.dll
20:42:31.0958 4132 C:\Program Files\TOSHIBA\Power Saver\TSDPwr.dll - ok
20:42:31.0973 4132 [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
20:42:31.0973 4132 C:\Windows\System32\davclnt.dll - ok
20:42:31.0989 4132 [ DF987E7AA36D53411B1087B246739326 ] C:\Program Files\TOSHIBA\Power Saver\TPCIePwr.dll
20:42:31.0989 4132 C:\Program Files\TOSHIBA\Power Saver\TPCIePwr.dll - ok
20:42:31.0989 4132 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
20:42:31.0989 4132 C:\Windows\System32\davhlpr.dll - ok
20:42:32.0005 4132 [ 426350B428CD70D037A3326EB9E5EDFD ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
20:42:32.0005 4132 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe - ok
20:42:32.0020 4132 [ 76F123E491B26DAAD5DFBC20FC5996DB ] C:\Program Files\TOSHIBA\Power Saver\TScreen.dll
20:42:32.0020 4132 C:\Program Files\TOSHIBA\Power Saver\TScreen.dll - ok
20:42:32.0036 4132 [ 0DC6669BC2B552C0ECC905B6B761F508 ] C:\Program Files\Microsoft Security Client\msseces.exe
20:42:32.0036 4132 C:\Program Files\Microsoft Security Client\msseces.exe - ok
20:42:32.0051 4132 [ 5D61BE7DB55B026A5D61A3EED09D0EAD ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
20:42:32.0051 4132 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
20:42:32.0067 4132 [ BE56D0547E24644DEEB19397521B1EAA ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\gtn.dll
20:42:32.0067 4132 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\gtn.dll - ok
20:42:32.0083 4132 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
20:42:32.0083 4132 C:\Windows\SysWOW64\rasapi32.dll - ok
20:42:32.0098 4132 [ BC51263DEF5774BF213BFA05AE046705 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
20:42:32.0098 4132 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe - ok
20:42:32.0114 4132 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
20:42:32.0114 4132 C:\Windows\SysWOW64\rasman.dll - ok
20:42:32.0114 4132 [ DC5B5D3A1BF59A74ECA9C2EBB34574BE ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
20:42:32.0114 4132 C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
20:42:32.0129 4132 [ DDEA7F06F8A00E706C4DB75D7C6F2612 ] C:\Program Files\TOSHIBA\HDD Protection\Thp3dv.exe
20:42:32.0129 4132 C:\Program Files\TOSHIBA\HDD Protection\Thp3dv.exe - ok
20:42:32.0145 4132 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
20:42:32.0145 4132 C:\Windows\SysWOW64\rtutils.dll - ok
20:42:32.0161 4132 [ 494DF8940225873DE62C1A730B301F57 ] C:\Windows\SysWOW64\atiadlxy.dll
20:42:32.0161 4132 C:\Windows\SysWOW64\atiadlxy.dll - ok
20:42:32.0176 4132 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
20:42:32.0176 4132 C:\Windows\System32\stobject.dll - ok
20:42:32.0192 4132 [ EF9F69074FF0A48DD30FEF5A33518D86 ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
20:42:32.0192 4132 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll - ok
20:42:32.0207 4132 [ 1705B6E6E1D883965F32C7D3B8E78CE6 ] C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
20:42:32.0207 4132 C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe - ok
20:42:32.0223 4132 [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
20:42:32.0223 4132 C:\Windows\System32\dsound.dll - ok
20:42:32.0239 4132 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
20:42:32.0239 4132 C:\Windows\System32\batmeter.dll - ok
20:42:32.0239 4132 [ 995BEB69AE5C50D354894354F5A6CD5A ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
20:42:32.0239 4132 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
20:42:32.0254 4132 [ C861851A0BBD9903E324487011AA3705 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
20:42:32.0254 4132 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe - ok
20:42:32.0270 4132 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
20:42:32.0270 4132 C:\Windows\System32\mscoree.dll - ok
20:42:32.0285 4132 [ 0D286C0FE561D1A7EB30E83A0FF305B2 ] C:\Program Files (x86)\Internet Explorer\iexplore.exe
20:42:32.0285 4132 C:\Program Files (x86)\Internet Explorer\iexplore.exe - ok
20:42:32.0301 4132 [ 9C96B167C21F6DCCF68E96853B0A8F93 ] C:\Program Files\TOSHIBA\FlashCards\FnPRTSC.dll
20:42:32.0301 4132 C:\Program Files\TOSHIBA\FlashCards\FnPRTSC.dll - ok
20:42:32.0317 4132 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
20:42:32.0317 4132 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
20:42:32.0332 4132 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
20:42:32.0332 4132 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
20:42:32.0348 4132 [ E126445756DFE53F9788911BBD7BFF16 ] C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll
20:42:32.0348 4132 C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll - ok
20:42:32.0363 4132 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
20:42:32.0363 4132 C:\Windows\System32\prnfldr.dll - ok
20:42:32.0363 4132 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
20:42:32.0363 4132 C:\Windows\SysWOW64\sxs.dll - ok
20:42:32.0379 4132 [ CACB1FB9B211A8BEF470A78FC573AEBA ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\Brightness.dll
20:42:32.0379 4132 C:\Program Files\TOSHIBA\FlashCards\Hotkey\Brightness.dll - ok
20:42:32.0395 4132 [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll
20:42:32.0395 4132 C:\Windows\System32\fdProxy.dll - ok
20:42:32.0410 4132 [ 241AF87821FDA0F5792037B779F49BE0 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll
20:42:32.0410 4132 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll - ok
20:42:32.0426 4132 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft Security Client\sqmapi.dll
20:42:32.0426 4132 C:\Program Files\Microsoft Security Client\sqmapi.dll - ok
20:42:32.0441 4132 [ 02CD5B2C3B017122CAC00BDB520CD7AC ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
20:42:32.0441 4132 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
20:42:32.0457 4132 [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
20:42:32.0457 4132 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
20:42:32.0473 4132 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
20:42:32.0473 4132 C:\Windows\System32\DXP.dll - ok
20:42:32.0473 4132 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
20:42:32.0473 4132 C:\Windows\System32\Syncreg.dll - ok
20:42:32.0488 4132 [ 1C937AA6A3E2E5F5F650686437AE2854 ] C:\Program Files\TOSHIBA\FlashCards\SmoothView.dll
20:42:32.0488 4132 C:\Program Files\TOSHIBA\FlashCards\SmoothView.dll - ok
20:42:32.0504 4132 [ D66423EB59EA81B1D9C0DE0AAFE2EB25 ] C:\Program Files\TOSHIBA\TBS\TBSMain.dll
20:42:32.0504 4132 C:\Program Files\TOSHIBA\TBS\TBSMain.dll - ok
20:42:32.0519 4132 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
20:42:32.0519 4132 C:\Windows\ehome\ehSSO.dll - ok
20:42:32.0535 4132 [ 43AA2EFD14590DE58A545BF3B28ED09F ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll
20:42:32.0535 4132 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll - ok
20:42:32.0551 4132 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
20:42:32.0551 4132 C:\Windows\System32\WPDShServiceObj.dll - ok
20:42:32.0566 4132 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
20:42:32.0566 4132 C:\Windows\System32\PortableDeviceTypes.dll - ok
20:42:32.0582 4132 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
20:42:32.0582 4132 C:\Windows\System32\wlanapi.dll - ok
20:42:32.0582 4132 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
20:42:32.0582 4132 C:\Windows\System32\srchadmin.dll - ok
20:42:32.0597 4132 [ 11615D80DC10ABB83D2A9002B70A4E36 ] C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
20:42:32.0597 4132 C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll - ok
20:42:32.0613 4132 [ 1AC9B56AC7E043AC2874D61CBCED5F49 ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\Mute.dll
20:42:32.0613 4132 C:\Program Files\TOSHIBA\FlashCards\Hotkey\Mute.dll - ok
20:42:32.0629 4132 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
20:42:32.0629 4132 C:\Windows\System32\ActionCenter.dll - ok
20:42:32.0644 4132 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
20:42:32.0644 4132 C:\Windows\System32\SearchIndexer.exe - ok
20:42:32.0660 4132 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
20:42:32.0660 4132 C:\Windows\System32\AltTab.dll - ok
20:42:32.0660 4132 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
20:42:32.0660 4132 C:\Windows\System32\QUTIL.DLL - ok
20:42:32.0675 4132 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
20:42:32.0675 4132 C:\Windows\System32\tquery.dll - ok
20:42:32.0691 4132 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
20:42:32.0691 4132 C:\Windows\System32\bthprops.cpl - ok
20:42:32.0707 4132 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
20:42:32.0707 4132 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
20:42:32.0722 4132 [ C71E7ABB1A34E56CE73AE117C8DD566F ] C:\Windows\System32\ieframe.dll
20:42:32.0722 4132 C:\Windows\System32\ieframe.dll - ok
20:42:32.0738 4132 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
20:42:32.0738 4132 C:\Windows\System32\wbem\wmiprov.dll - ok
20:42:32.0753 4132 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
20:42:32.0753 4132 C:\Windows\System32\mssrch.dll - ok
20:42:32.0769 4132 [ 01AEA2F16FE0C522DDFD7FAFFC959C6A ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll
20:42:32.0769 4132 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll - ok
20:42:32.0769 4132 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
20:42:32.0769 4132 C:\Windows\System32\esent.dll - ok
20:42:32.0785 4132 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
20:42:32.0785 4132 C:\Windows\System32\msidle.dll - ok
20:42:32.0800 4132 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
20:42:32.0800 4132 C:\Windows\System32\mssprxy.dll - ok
20:42:32.0816 4132 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
20:42:32.0816 4132 C:\Windows\System32\en-US\tquery.dll.mui - ok
20:42:32.0831 4132 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
20:42:32.0831 4132 C:\Windows\System32\FXSST.dll - ok
20:42:32.0847 4132 [ 3ABB7ADB9CCBCD24D6C55201A3842A94 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
20:42:32.0847 4132 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
20:42:32.0863 4132 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
20:42:32.0863 4132 C:\Windows\System32\FXSAPI.dll - ok
20:42:32.0878 4132 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
20:42:32.0878 4132 C:\Windows\System32\FXSRESM.dll - ok
20:42:32.0878 4132 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
20:42:32.0878 4132 C:\Windows\System32\FXSSVC.exe - ok
20:42:32.0894 4132 [ 8BE887F1743FBB39ED2C9CA2937742D6 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll
20:42:32.0894 4132 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll - ok
20:42:32.0909 4132 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
20:42:32.0909 4132 C:\Windows\System32\dot3api.dll - ok
20:42:32.0925 4132 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
20:42:32.0925 4132 C:\Windows\System32\wlanhlp.dll - ok
20:42:32.0941 4132 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
20:42:32.0941 4132 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
20:42:32.0956 4132 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
20:42:32.0956 4132 C:\Windows\System32\WWanAPI.dll - ok
20:42:32.0972 4132 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
20:42:32.0972 4132 C:\Windows\System32\wwapi.dll - ok
20:42:32.0972 4132 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
20:42:32.0972 4132 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
20:42:32.0987 4132 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
20:42:32.0987 4132 C:\Windows\System32\QAGENT.DLL - ok
20:42:33.0003 4132 [ A9F3BFC9345F49614D5859EC95B9E994 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
20:42:33.0003 4132 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
20:42:33.0019 4132 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
20:42:33.0019 4132 C:\Windows\System32\wsock32.dll - ok
20:42:33.0034 4132 [ 423982DD851406A52B6399DDB196C606 ] C:\Windows\System32\wmdrmdev.dll
20:42:33.0034 4132 C:\Windows\System32\wmdrmdev.dll - ok
20:42:33.0050 4132 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
20:42:33.0050 4132 C:\Windows\System32\drmv2clt.dll - ok
20:42:33.0065 4132 [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
20:42:33.0065 4132 C:\Windows\System32\wmploc.DLL - ok
20:42:33.0081 4132 [ D79D19EC66106119DCD45D042C6B5170 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\88f8a6436dc95497fce0dae347646e53\System.Drawing.ni.dll
20:42:33.0081 4132 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\88f8a6436dc95497fce0dae347646e53\System.Drawing.ni.dll - ok
20:42:33.0081 4132 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
20:42:33.0081 4132 C:\Windows\System32\mfplat.dll - ok
20:42:33.0097 4132 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\24661680.sys
20:42:33.0097 4132 C:\Windows\System32\drivers\24661680.sys - ok
20:42:33.0112 4132 [ EADFC95980BC24DF3C7EE5B2CD38F043 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\d6af7216038720b1adeca71e81c14bd6\System.Windows.Forms.ni.dll
20:42:33.0112 4132 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\d6af7216038720b1adeca71e81c14bd6\System.Windows.Forms.ni.dll - ok
20:42:33.0128 4132 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
20:42:33.0128 4132 C:\Windows\SysWOW64\riched20.dll - ok
20:42:33.0143 4132 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
20:42:33.0143 4132 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
20:42:33.0159 4132 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
20:42:33.0159 4132 C:\Windows\SysWOW64\duser.dll - ok
20:42:33.0175 4132 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
20:42:33.0175 4132 C:\Windows\SysWOW64\dui70.dll - ok
20:42:33.0175 4132 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
20:42:33.0175 4132 C:\Windows\System32\UIAnimation.dll - ok
20:42:33.0190 4132 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
20:42:33.0190 4132 C:\Windows\System32\webcheck.dll - ok
20:42:33.0206 4132 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
20:42:33.0206 4132 C:\Windows\System32\mlang.dll - ok
20:42:33.0221 4132 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
20:42:33.0221 4132 C:\Windows\System32\SyncCenter.dll - ok
20:42:33.0237 4132 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
20:42:33.0237 4132 C:\Windows\System32\imapi2.dll - ok
20:42:33.0253 4132 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
20:42:33.0253 4132 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
20:42:33.0268 4132 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
20:42:33.0268 4132 C:\Windows\System32\hgcpl.dll - ok
20:42:33.0268 4132 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
20:42:33.0268 4132 C:\Windows\System32\fdPHost.dll - ok
20:42:33.0284 4132 [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll
20:42:33.0284 4132 C:\Windows\System32\fdWSD.dll - ok
20:42:33.0299 4132 [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll
20:42:33.0299 4132 C:\Windows\System32\fdSSDP.dll - ok
20:42:33.0315 4132 [ EFDFB3DD38A4376F93E7985173813ABD ] C:\Windows\System32\ListSvc.dll
20:42:33.0315 4132 C:\Windows\System32\ListSvc.dll - ok
20:42:33.0331 4132 [ B6411CED931AFD059E48C52DBFBA95B4 ] C:\Windows\System32\P2P.dll
20:42:33.0331 4132 C:\Windows\System32\P2P.dll - ok
20:42:33.0346 4132 [ 5DCD11D0B1CB71E2B035B30670365C35 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\6c3851b925e2a31ddefb3d36bb9163cb\System.Runtime.Remoting.ni.dll
20:42:33.0346 4132 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\6c3851b925e2a31ddefb3d36bb9163cb\System.Runtime.Remoting.ni.dll - ok
20:42:33.0362 4132 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
20:42:33.0362 4132 C:\Windows\System32\wbem\NCProv.dll - ok
20:42:33.0377 4132 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
20:42:33.0377 4132 C:\Windows\System32\pnrpsvc.dll - ok
20:42:33.0393 4132 [ 4A82EA2807B16FF577AEAF8ADB8779FF ] C:\Windows\System32\IdListen.dll
20:42:33.0393 4132 C:\Windows\System32\IdListen.dll - ok
20:42:33.0393 4132 [ A0524499F4C63CADA7E1529FC77F5DC1 ] C:\Windows\System32\hgprint.dll
20:42:33.0393 4132 C:\Windows\System32\hgprint.dll - ok
20:42:33.0409 4132 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
20:42:33.0409 4132 C:\Windows\System32\shfolder.dll - ok
20:42:33.0424 4132 [ B0F69B9DE0AEBFD7E4CEADE6758DF627 ] C:\Windows\System32\SearchFolder.dll
20:42:33.0424 4132 C:\Windows\System32\SearchFolder.dll - ok
20:42:33.0440 4132 [ C1D0691BE5DDB0C230D8370BD96BBE8B ] C:\Program Files\Internet Explorer\ieproxy.dll
20:42:33.0440 4132 C:\Program Files\Internet Explorer\ieproxy.dll - ok
20:42:33.0455 4132 [ D28C5A1411BB0B47E05E0D6AAF896690 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
20:42:33.0455 4132 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe - ok
20:42:33.0471 4132 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll
20:42:33.0471 4132 C:\Windows\System32\p2psvc.dll - ok
20:42:33.0471 4132 [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1 ] C:\Windows\System32\P2PGraph.dll
20:42:33.0471 4132 C:\Windows\System32\P2PGraph.dll - ok
20:42:33.0487 4132 [ E63EAF09FC29954D7F8EAB2DEF495062 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\193e9d54d5a1785730cc76195c3ed9c6\System.Web.ni.dll
20:42:33.0487 4132 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\193e9d54d5a1785730cc76195c3ed9c6\System.Web.ni.dll - ok
20:42:33.0502 4132 [ B2833CF2297A69854353660214BFA93C ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
20:42:33.0502 4132 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe - ok
20:42:33.0518 4132 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\msvcr100.dll
20:42:33.0518 4132 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\msvcr100.dll - ok
20:42:33.0533 4132 [ 0AE0C4955E1DE29CCDC9DA1B816FE5EE ] C:\Windows\SysWOW64\quartz.dll
20:42:33.0533 4132 C:\Windows\SysWOW64\quartz.dll - ok
20:42:33.0549 4132 [ A4B3A9FFA483F8CB36E56C19448DDE36 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll
20:42:33.0549 4132 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll - ok
20:42:33.0565 4132 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
20:42:33.0565 4132 C:\Windows\SysWOW64\winmm.dll - ok
20:42:33.0580 4132 [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\SysWOW64\d3d9.dll
20:42:33.0580 4132 C:\Windows\SysWOW64\d3d9.dll - ok
20:42:33.0596 4132 [ 97A891E2BF7FDA830BCFC6269DA3F5E9 ] C:\Windows\System32\blackbox.dll
20:42:33.0596 4132 C:\Windows\System32\blackbox.dll - ok
20:42:33.0611 4132 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\SysWOW64\d3d8thk.dll
20:42:33.0611 4132 C:\Windows\SysWOW64\d3d8thk.dll - ok
20:42:33.0611 4132 [ FF855B794961EC8785FD5CCB7B8285D3 ] C:\Windows\SysWOW64\aticfx32.dll
20:42:33.0611 4132 C:\Windows\SysWOW64\aticfx32.dll - ok
20:42:33.0627 4132 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
20:42:33.0627 4132 C:\Windows\System32\upnp.dll - ok
20:42:33.0643 4132 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
20:42:33.0643 4132 C:\Windows\System32\ssdpsrv.dll - ok
20:42:33.0658 4132 [ 06D3E7B7A0637653B4BE150343C446DD ] C:\Windows\SysWOW64\atiu9pag.dll
20:42:33.0658 4132 C:\Windows\SysWOW64\atiu9pag.dll - ok
20:42:33.0674 4132 [ EC6E496F31542484F3A4E9DBB8BEE881 ] C:\Windows\SysWOW64\atiumdag.dll
20:42:33.0674 4132 C:\Windows\SysWOW64\atiumdag.dll - ok
20:42:33.0689 4132 [ D4C846383EB421AB36C403C6543279C6 ] C:\Windows\SysWOW64\atiumdva.dll
20:42:33.0689 4132 C:\Windows\SysWOW64\atiumdva.dll - ok
20:42:33.0705 4132 [ 355A138ABDFD43FBABCAE3A1B06AB93D ] C:\Windows\System32\wmpps.dll
20:42:33.0705 4132 C:\Windows\System32\wmpps.dll - ok
20:42:33.0705 4132 [ F149E8CAE538DBF7059B00326673F602 ] C:\Windows\System32\wmpmde.dll
20:42:33.0705 4132 C:\Windows\System32\wmpmde.dll - ok
20:42:33.0721 4132 [ 1F27643C4C626457FCE8F047AE1CD7E1 ] C:\Windows\SysWOW64\dxva2.dll
20:42:33.0721 4132 C:\Windows\SysWOW64\dxva2.dll - ok
20:42:33.0736 4132 [ 021287C2050FD5DB4A8B084E2C38139C ] C:\Windows\System32\WinSATAPI.dll
20:42:33.0736 4132 C:\Windows\System32\WinSATAPI.dll - ok
20:42:33.0752 4132 [ 66C87DB880052104808507D6FA84D68E ] C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
20:42:33.0752 4132 C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL - ok
20:42:33.0767 4132 [ 28A7D7C7E2FDD1D55F12F750CD6331EC ] C:\Windows\System32\MSMPEG2ENC.DLL
20:42:33.0767 4132 C:\Windows\System32\MSMPEG2ENC.DLL - ok
20:42:33.0783 4132 [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll
20:42:33.0783 4132 C:\Windows\System32\devenum.dll - ok
20:42:33.0799 4132 [ 558C42D165DB5799B4072DC0A9C27C0B ] C:\Windows\System32\msdmo.dll
20:42:33.0799 4132 C:\Windows\System32\msdmo.dll - ok
20:42:33.0799 4132 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
20:42:33.0799 4132 C:\Windows\System32\upnphost.dll - ok
20:42:33.0814 4132 [ 5D0E28A22860E487148B2820309C0063 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ac14913a11af4bfae0b8eb913a46a161\System.Configuration.ni.dll
20:42:33.0814 4132 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ac14913a11af4bfae0b8eb913a46a161\System.Configuration.ni.dll - ok
20:42:33.0830 4132 [ 7ADAAE8157F303854B9944529D4C50C9 ] C:\Windows\System32\atipdl64.dll
20:42:33.0830 4132 C:\Windows\System32\atipdl64.dll - ok
20:42:33.0845 4132 [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
20:42:33.0845 4132 C:\Windows\System32\udhisapi.dll - ok
20:42:33.0861 4132 [ 2E7ADF9B0389CD94605717784D7E416A ] C:\Windows\System32\drttransport.dll
20:42:33.0861 4132 C:\Windows\System32\drttransport.dll - ok
20:42:33.0877 4132 [ C57BC99A4467B3E8F1CC2184A3F46729 ] C:\Windows\System32\drt.dll
20:42:33.0877 4132 C:\Windows\System32\drt.dll - ok
20:42:33.0892 4132 [ 76F39902E25F43FE9450AD3D6A14D0D8 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\60ab562d9fe10d1782ed705ef2beb95a\WindowsBase.ni.dll
20:42:33.0892 4132 C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\60ab562d9fe10d1782ed705ef2beb95a\WindowsBase.ni.dll - ok
20:42:33.0892 4132 ============================================================
20:42:33.0892 4132 Scan finished
20:42:33.0892 4132 ============================================================
20:42:33.0923 4124 Detected object count: 1
20:42:33.0923 4124 Actual detected object count: 1
20:42:46.0809 4124 Thpsrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:42:46.0809 4124 Thpsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:43:58.0834 2252 Deinitialize success



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-13 20:46:42
-----------------------------
20:46:42.368 OS Version: Windows x64 6.1.7601 Service Pack 1
20:46:42.368 Number of processors: 2 586 0x200
20:46:42.368 ComputerName: JESSIE-PC UserName: Jessie
20:46:44.224 Initialize success
20:48:06.185 AVAST engine defs: 12121301
20:48:16.512 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:48:16.528 Disk 0 Vendor: TOSHIBA_MK3275GSX GT001M Size: 305245MB BusType: 11
20:48:16.590 Disk 0 MBR read successfully
20:48:16.590 Disk 0 MBR scan
20:48:16.621 Disk 0 Windows VISTA default MBR code
20:48:16.637 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:48:16.746 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289160 MB offset 3074048
20:48:16.840 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14584 MB offset 595273728
20:48:16.996 Disk 0 scanning C:\windows\system32\drivers
20:48:39.881 Service scanning
20:49:37.835 Modules scanning
20:49:37.866 Disk 0 trace - called modules:
20:49:37.944 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:49:37.960 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800413e060]
20:49:37.991 3 CLASSPNP.SYS[fffff88001b5c43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa800413c060]
20:49:38.022 5 thpdrv.sys[fffff88001aa56c0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003bfe290]
20:49:39.567 AVAST engine scan C:\windows
20:49:50.222 AVAST engine scan C:\windows\system32
20:57:41.483 AVAST engine scan C:\windows\system32\drivers
20:58:07.863 AVAST engine scan C:\Users\Jessie
21:00:38.450 Disk 0 MBR has been saved successfully to "C:\Users\Jessie\Desktop\MBR.dat"
21:00:38.481 The log file has been saved successfully to "C:\Users\Jessie\Desktop\aswMBR.txt"


  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
in which browser does this happen in



gringo
  • 0

#13
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Google chrome. Not Internet Explorer.
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
I want you to uninstall CHROME AND IF ASKED ABOUT USER DATA OR SETTINGS THEN REMOVE THAT ALSO

restart THE COMPUTER and reinstall chrome
  • 0

#15
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Chrome uninstalled. Chrome reinstalled. Redirect problem does not recur. Chrome browser working very well.

Thank you for the help. Any further steps? The ghost icons are still there, but aren't interfering with computer usage.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP