Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google/Yahoo/http://63.209.69.107 Redirect [Solved]

Started by v-twinrider , Apr 14 2013 07:36 AM

  • This topic is locked This topic is locked

#1
v-twinrider
Posted 14 April 2013 - 07:36 AM

v-twinrider

    Member

  • Member
  • PipPip
  • 61 posts
I have been experiencing some redirect issues. I hope they are all connected and can be cleaned at one time. A search with Google or Yahoo results in a redirect about 50% of the time it is tried. Sometimes I see the IP address http://8.26.70.252 or http://63.209.69.107 sometimes I don't see them but get redirected just the same.

I have tried to follow instructions for fixing the Google Redirect Virus on Youtube videos and other sites related to fixing redirect problems but have had no luck.

Thanks for the help in advance.
  • 0

Advertisements

#2
gringo_pr
Posted 14 April 2013 - 07:40 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello v-twinrider

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo
  • 0

#3
v-twinrider
Posted 14 April 2013 - 08:13 AM

v-twinrider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Thank you Gringo!


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.17.2
Run by Home8 at 9:53:17 on 2013-04-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.2134 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=7ACECFEFE74C567CC3EEFC512C0237BB
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C288EECE-9172-4BBD-8BF4-BEEE0EA6E837} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home8\AppData\Roaming\Mozilla\Firefox\Profiles\bfd6wqr6.default\
FF - prefs.js: browser.startup.homepage - hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=7ACECFEFE74C567CC3EEFC512C0237BB
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-25 19:30; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\Home8\AppData\Roaming\Mozilla\Firefox\Profiles\bfd6wqr6.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-2-25 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-12-5 98888]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-10-28 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-10-28 128512]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-1-13 1128952]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-13 2656536]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-12-23 104048]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-2-26 38456]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-1-13 158976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-27 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-27 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-27 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-04-14 13:04:44 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00EF733-04A7-4C91-B940-BF96820668C6}\mpengine.dll
2013-04-10 23:49:05 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 23:49:04 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 23:49:04 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 23:49:03 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 23:49:03 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 23:49:03 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 23:49:03 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-10 23:49:02 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-10 01:03:57 9311288 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-23 17:46:02 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3ECF44A5-BC17-401C-9154-923D0DF6F300}\gapaengine.dll
2013-03-23 17:44:29 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-03-23 17:44:28 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-03-23 13:19:09 -------- d-----w- C:\Program Files (x86)\MSECache
2013-03-23 01:11:18 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9C95798F-B961-43D8-8452-A5C7D0333C95}\mpengine.dll
2013-03-22 00:56:57 19632 ----a-w- C:\Windows\System32\roboot64.exe
2013-03-22 00:56:57 -------- d-----w- C:\Users\Home8\AppData\Roaming\PerformerSoft
2013-03-22 00:56:51 -------- d-----w- C:\Users\Home8\AppData\Roaming\File Scout
2013-03-22 00:56:51 -------- d-----w- C:\ProgramData\IBUpdaterService
2013-03-20 10:57:41 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
.
==================== Find3M ====================
.
2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-16 01:27:52 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-16 01:27:52 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-05 02:08:23 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-05 02:08:21 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-05 02:08:20 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-26 00:26:38 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-11 16:28:41 38456 ----a-w- C:\Windows\System32\drivers\gfiark.sys
2013-01-20 19:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 19:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 9:53:39.89 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/26/2012 6:29:45 PM
System Uptime: 4/14/2013 8:53:21 AM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2AD4
Processor: Intel® Pentium® CPU G630T @ 2.30GHz | CPU 1 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 449 GiB total, 399.398 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 2.055 GiB free.
E: is CDROM (UDF)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP49: 3/18/2013 7:29:23 PM - Windows Update
RP50: 3/20/2013 6:57:51 AM - Windows Update
RP51: 3/21/2013 9:01:53 PM - PC Performer Thu, Mar 21, 13 21:01
RP52: 3/23/2013 9:19:12 AM - Installed Compatibility Pack for the 2007 Office system
RP53: 3/23/2013 1:45:39 PM - Windows Update
RP54: 3/24/2013 9:39:00 AM - Windows Update
RP55: 3/29/2013 9:44:17 AM - Windows Update
RP56: 4/2/2013 7:43:22 PM - Windows Update
RP57: 4/6/2013 9:01:30 AM - Windows Update
RP58: 4/9/2013 9:03:39 PM - Windows Update
RP59: 4/10/2013 8:27:08 PM - Windows Update
RP60: 4/14/2013 9:04:32 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blio
Chuzzle Deluxe
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Compaq Setup Manager
Compatibility Pack for the 2007 Office system
Cradle of Rome 2
D3DX10
DirectX for Managed Code Update (Summer 2004)
Dora's World Adventure
Epson Event Manager
EPSON NX420 Series Printer Uninstall
EPSON Scan
Facebook
Farm Frenzy
Farmscapes
FATE
Final Drive Fury
Hewlett-Packard ACLM.NET v1.2.1.1
Hoyle Card Games
HP Application Assistant
HP Auto
HP Calendar
HP Client Services
HP Clock
HP Customer Experience Enhancements
HP Games
HP LinkUp
HP Magic Canvas
HP Magic Canvas Tutorials
HP MovieStore
HP Notes
HP Odometer
HP RSS
HP Setup
HP Support Assistant
HP Support Information
HP TouchSmart RecipeBox
HP Update
HP Vision Hardware Diagnostics
HP Weather
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Java 7 Update 17
Java Auto Updater
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
Kobo
LabelPrint
Letters from Nowhere 2
Luxor HD
Mah Jong Medley
Mesh Runtime
Metric Converter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Mathematics
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Online Backup
Online Plug-in
opensource
PDF Complete Special Edition
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PressReader
Realtek High Definition Audio Driver
Recovery Manager
Remote Graphics Receiver
RollerCoaster Tycoon 3: Platinum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Self-service Plug-in
Skype™ 5.10
Spot
Tap Tap Bear
The Treasures of Mystery Island: The Ghost Ship
Torchlight
TSHostedAppLauncher
Uninstall Helper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
VideoBuzz
Virtual Villagers 4 - The Tree of Life
VLC media player 2.0.1
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
4/8/2013 7:18:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1220.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================





Results of screen317's Security Check version 0.99.62
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 17
Adobe Flash Player 11.6.602.180
Mozilla Firefox 19.0.2 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#4
gringo_pr
Posted 14 April 2013 - 08:18 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello v-twinrider


These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#5
v-twinrider
Posted 14 April 2013 - 09:18 AM

v-twinrider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
# AdwCleaner v2.200 - Logfile created 04/14/2013 at 10:23:45
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Home8 - HOME-HP
# Boot Mode : Normal
# Running from : C:\Users\Home8\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\Users\Home8\AppData\Roaming\file scout
Folder Deleted : C:\Users\Home8\AppData\Roaming\PerformerSoft

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Home8\AppData\Roaming\Mozilla\Firefox\Profiles\bfd6wqr6.default\prefs.js

C:\Users\Home8\AppData\Roaming\Mozilla\Firefox\Profiles\bfd6wqr6.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1694 octets] - [14/04/2013 10:23:45]

########## EOF - C:\AdwCleaner[S1].txt - [1754 octets] ##########





The RogueKiller Texts are numbered 6 & 7. I had tried running this before I posted my question to this forum in hopes that it would clean the malware. I have reports 1 2 3 & 5 from a few weeks ago. I don't know where #4 went.

Report #6 today:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Home8 [Admin rights]
Mode : Scan -- Date : 04/14/2013 10:50:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500413AS +++++
--- User ---
[MBR] 7ab3c80fb136631e486a824e682721a9
[BSP] af534a1a1c8552b6d4b306ca3e4eb09b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 459982 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 942249984 | Size: 16856 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 6c95b323f2b02ce2a50283e6adceea7a
[BSP] b7baf5e6577d5469f89431f90a55d4a3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 205154304 | Size: 300 Mo

Finished : << RKreport[6]_S_04142013_02d1050.txt >>
RKreport[1]_S_03212013_02d2107.txt ; RKreport[2]_D_03212013_02d2108.txt ; RKreport[3]_H_03212013_02d2108.txt ; RKreport[4]_PR_03212013_02d2109.txt ; RKreport[5]_DN_03212013_02d2110.txt ;
RKreport[6]_S_04142013_02d1050.txt



Report #7 today:
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Home8 [Admin rights]
Mode : Remove -- Date : 04/14/2013 11:06:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500413AS +++++
--- User ---
[MBR] 7ab3c80fb136631e486a824e682721a9
[BSP] af534a1a1c8552b6d4b306ca3e4eb09b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 459982 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 942249984 | Size: 16856 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 6c95b323f2b02ce2a50283e6adceea7a
[BSP] b7baf5e6577d5469f89431f90a55d4a3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 205154304 | Size: 300 Mo

Finished : << RKreport[7]_D_04142013_02d1106.txt >>
RKreport[1]_S_03212013_02d2107.txt ; RKreport[2]_D_03212013_02d2108.txt ; RKreport[3]_H_03212013_02d2108.txt ; RKreport[4]_PR_03212013_02d2109.txt ; RKreport[5]_DN_03212013_02d2110.txt ;
RKreport[6]_S_04142013_02d1050.txt ; RKreport[7]_D_04142013_02d1106.txt
  • 0

#6
gringo_pr
Posted 14 April 2013 - 10:02 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello v-twinrider

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#7
v-twinrider
Posted 14 April 2013 - 10:35 AM

v-twinrider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
There were no problems running Combofix. The redirection continues.



ComboFix 13-04-14.01 - Home8 04/14/2013 12:20:36.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.2624 [GMT -4:00]
Running from: c:\users\Home8\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-14 to 2013-04-14 )))))))))))))))))))))))))))))))
.
.
2013-04-14 16:24 . 2013-04-14 16:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-14 16:24 . 2013-04-14 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-14 13:04 . 2013-03-15 03:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B00EF733-04A7-4C91-B940-BF96820668C6}\mpengine.dll
2013-04-10 23:49 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 23:49 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 23:49 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 23:49 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 23:49 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 23:49 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 23:49 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 23:49 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 01:03 . 2013-03-15 03:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-23 17:46 . 2013-03-23 17:45 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3ECF44A5-BC17-401C-9154-923D0DF6F300}\gapaengine.dll
2013-03-23 17:44 . 2013-03-23 17:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-23 17:44 . 2013-03-23 17:44 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-23 13:19 . 2013-03-23 13:19 -------- d-----w- c:\program files (x86)\MSECache
2013-03-23 01:11 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C95798F-B961-43D8-8452-A5C7D0333C95}\mpengine.dll
2013-03-22 00:56 . 2012-12-19 19:53 19632 ----a-w- c:\windows\system32\roboot64.exe
2013-03-20 10:57 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 00:28 . 2012-10-27 02:45 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-16 01:27 . 2012-11-04 14:35 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-16 01:27 . 2012-01-13 20:15 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 02:08 . 2013-03-05 02:08 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-05 02:08 . 2012-11-20 00:00 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-05 02:08 . 2012-11-20 00:00 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-26 00:26 . 2013-02-26 00:26 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-02-12 05:45 . 2013-03-13 23:41 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 23:41 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 23:41 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 23:41 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 23:41 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 23:41 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-11 16:28 . 2013-02-26 07:01 38456 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-01-20 19:59 . 2013-01-20 19:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 19:59 . 2013-01-20 19:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-02-11 38456]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-07-07 158976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-27 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-02-26 14456]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-12-05 98888]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-12 1128952]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-06-01 2656536]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-12-23 104048]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 01:27]
.
2013-04-14 c:\windows\Tasks\HPCeeScheduleForHome8.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-07 168216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-07 416024]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=7ACECFEFE74C567CC3EEFC512C0237BB
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Home8\AppData\Roaming\Mozilla\Firefox\Profiles\bfd6wqr6.default\
FF - prefs.js: browser.startup.homepage - hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=7ACECFEFE74C567CC3EEFC512C0237BB
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: 2013-02-25 19:30; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Home8\AppData\Roaming\Mozilla\Firefox\Profiles\bfd6wqr6.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-14 12:26:49
ComboFix-quarantined-files.txt 2013-04-14 16:26
ComboFix2.txt 2013-03-10 23:29
ComboFix3.txt 2013-03-10 04:57
ComboFix4.txt 2013-03-10 04:35
ComboFix5.txt 2013-04-14 16:19
.
Pre-Run: 428,018,905,088 bytes free
Post-Run: 427,799,486,464 bytes free
.
- - End Of File - - A437FE708BCDFB710D1231D5DEEACDA9
  • 0

#8
gringo_pr
Posted 14 April 2013 - 11:18 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello v-twinrider


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================

and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo
  • 0

#9
v-twinrider
Posted 14 April 2013 - 01:56 PM

v-twinrider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
15:50:30.0909 3316 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:50:31.0268 3316 ============================================================
15:50:31.0268 3316 Current date / time: 2013/04/14 15:50:31.0268
15:50:31.0268 3316 SystemInfo:
15:50:31.0268 3316
15:50:31.0268 3316 OS Version: 6.1.7601 ServicePack: 1.0
15:50:31.0268 3316 Product type: Workstation
15:50:31.0268 3316 ComputerName: HOME-HP
15:50:31.0268 3316 UserName: Home8
15:50:31.0268 3316 Windows directory: C:\Windows
15:50:31.0268 3316 System windows directory: C:\Windows
15:50:31.0268 3316 Running under WOW64
15:50:31.0268 3316 Processor architecture: Intel x64
15:50:31.0268 3316 Number of processors: 2
15:50:31.0268 3316 Page size: 0x1000
15:50:31.0268 3316 Boot type: Normal boot
15:50:31.0268 3316 ============================================================
15:50:31.0954 3316 BG loaded
15:50:32.0318 3316 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:50:32.0328 3316 ============================================================
15:50:32.0328 3316 \Device\Harddisk0\DR0:
15:50:32.0328 3316 MBR partitions:
15:50:32.0328 3316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:50:32.0328 3316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38267000
15:50:32.0328 3316 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38299800, BlocksNum 0x20EC000
15:50:32.0328 3316 ============================================================
15:50:32.0368 3316 C: <-> \Device\Harddisk0\DR0\Partition2
15:50:32.0448 3316 D: <-> \Device\Harddisk0\DR0\Partition3
15:50:32.0448 3316 ============================================================
15:50:32.0448 3316 Initialize success
15:50:32.0448 3316 ============================================================
15:51:22.0952 4156 ============================================================
15:51:22.0952 4156 Scan started
15:51:22.0952 4156 Mode: Manual; SigCheck; TDLFS;
15:51:22.0952 4156 ============================================================
15:51:25.0214 4156 ================ Scan system memory ========================
15:51:25.0214 4156 System memory - ok
15:51:25.0230 4156 ================ Scan services =============================
15:51:25.0448 4156 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:51:25.0557 4156 1394ohci - ok
15:51:25.0604 4156 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:51:25.0620 4156 ACPI - ok
15:51:25.0635 4156 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:51:25.0713 4156 AcpiPmi - ok
15:51:25.0807 4156 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:51:25.0838 4156 AdobeFlashPlayerUpdateSvc - ok
15:51:25.0869 4156 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:51:25.0901 4156 adp94xx - ok
15:51:25.0916 4156 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:51:25.0947 4156 adpahci - ok
15:51:25.0979 4156 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:51:25.0994 4156 adpu320 - ok
15:51:26.0010 4156 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:51:26.0119 4156 AeLookupSvc - ok
15:51:26.0166 4156 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:51:26.0213 4156 AFD - ok
15:51:26.0228 4156 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:51:26.0244 4156 agp440 - ok
15:51:26.0275 4156 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:51:26.0322 4156 ALG - ok
15:51:26.0353 4156 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:51:26.0369 4156 aliide - ok
15:51:26.0384 4156 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:51:26.0400 4156 amdide - ok
15:51:26.0431 4156 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:51:26.0462 4156 AmdK8 - ok
15:51:26.0478 4156 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:51:26.0509 4156 AmdPPM - ok
15:51:26.0525 4156 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:51:26.0540 4156 amdsata - ok
15:51:26.0571 4156 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:51:26.0587 4156 amdsbs - ok
15:51:26.0603 4156 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:51:26.0603 4156 amdxata - ok
15:51:26.0634 4156 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:51:26.0743 4156 AppID - ok
15:51:26.0759 4156 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:51:26.0821 4156 AppIDSvc - ok
15:51:26.0837 4156 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:51:26.0899 4156 Appinfo - ok
15:51:26.0946 4156 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:51:26.0961 4156 arc - ok
15:51:26.0977 4156 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:51:26.0977 4156 arcsas - ok
15:51:27.0039 4156 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:51:27.0071 4156 aspnet_state - ok
15:51:27.0086 4156 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:51:27.0149 4156 AsyncMac - ok
15:51:27.0180 4156 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:51:27.0195 4156 atapi - ok
15:51:27.0211 4156 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:51:27.0273 4156 AudioEndpointBuilder - ok
15:51:27.0273 4156 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:51:27.0320 4156 AudioSrv - ok
15:51:27.0351 4156 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:51:27.0414 4156 AxInstSV - ok
15:51:27.0461 4156 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:51:27.0507 4156 b06bdrv - ok
15:51:27.0523 4156 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:51:27.0554 4156 b57nd60a - ok
15:51:27.0617 4156 [ 28A4012E68BC9597BCB9B26B51AAC4B6 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:51:27.0632 4156 BBSvc - ok
15:51:27.0648 4156 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:51:27.0663 4156 BBUpdate - ok
15:51:27.0695 4156 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:51:27.0741 4156 BDESVC - ok
15:51:27.0773 4156 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:51:27.0819 4156 Beep - ok
15:51:27.0866 4156 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:51:27.0913 4156 BFE - ok
15:51:27.0944 4156 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
15:51:27.0991 4156 BITS - ok
15:51:28.0022 4156 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:51:28.0038 4156 blbdrive - ok
15:51:28.0053 4156 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:51:28.0085 4156 bowser - ok
15:51:28.0116 4156 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:51:28.0131 4156 BrFiltLo - ok
15:51:28.0147 4156 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:51:28.0163 4156 BrFiltUp - ok
15:51:28.0194 4156 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:51:28.0256 4156 BridgeMP - ok
15:51:28.0303 4156 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:51:28.0319 4156 Browser - ok
15:51:28.0334 4156 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:51:28.0381 4156 Brserid - ok
15:51:28.0397 4156 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:51:28.0428 4156 BrSerWdm - ok
15:51:28.0443 4156 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:51:28.0490 4156 BrUsbMdm - ok
15:51:28.0506 4156 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:51:28.0537 4156 BrUsbSer - ok
15:51:28.0568 4156 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:51:28.0599 4156 BTHMODEM - ok
15:51:28.0646 4156 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:51:28.0709 4156 bthserv - ok
15:51:28.0771 4156 [ A3AD13CA2747953DDD4C9AE4FB925BEC ] CalendarSynchService C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
15:51:28.0787 4156 CalendarSynchService ( UnsignedFile.Multi.Generic ) - warning
15:51:28.0787 4156 CalendarSynchService - detected UnsignedFile.Multi.Generic (1)
15:51:28.0802 4156 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:51:28.0849 4156 cdfs - ok
15:51:28.0865 4156 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:51:28.0896 4156 cdrom - ok
15:51:28.0927 4156 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:51:28.0989 4156 CertPropSvc - ok
15:51:29.0036 4156 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:51:29.0067 4156 circlass - ok
15:51:29.0083 4156 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:51:29.0099 4156 CLFS - ok
15:51:29.0145 4156 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:51:29.0161 4156 clr_optimization_v2.0.50727_32 - ok
15:51:29.0177 4156 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:51:29.0192 4156 clr_optimization_v2.0.50727_64 - ok
15:51:29.0255 4156 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:51:29.0317 4156 clr_optimization_v4.0.30319_32 - ok
15:51:29.0333 4156 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:51:29.0348 4156 clr_optimization_v4.0.30319_64 - ok
15:51:29.0379 4156 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:51:29.0411 4156 CmBatt - ok
15:51:29.0442 4156 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:51:29.0457 4156 cmdide - ok
15:51:29.0489 4156 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
15:51:29.0520 4156 CNG - ok
15:51:29.0535 4156 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:51:29.0535 4156 Compbatt - ok
15:51:29.0567 4156 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:51:29.0582 4156 CompositeBus - ok
15:51:29.0598 4156 COMSysApp - ok
15:51:29.0629 4156 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:51:29.0629 4156 crcdisk - ok
15:51:29.0660 4156 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:51:29.0707 4156 CryptSvc - ok
15:51:29.0754 4156 [ C20E2A7A29F06A69C40E949255257B01 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
15:51:29.0769 4156 ctxusbm - ok
15:51:29.0832 4156 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:51:29.0863 4156 cvhsvc - ok
15:51:29.0894 4156 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:51:29.0941 4156 DcomLaunch - ok
15:51:29.0957 4156 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:51:30.0003 4156 defragsvc - ok
15:51:30.0035 4156 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:51:30.0066 4156 DfsC - ok
15:51:30.0097 4156 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:51:30.0144 4156 Dhcp - ok
15:51:30.0144 4156 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:51:30.0191 4156 discache - ok
15:51:30.0222 4156 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:51:30.0237 4156 Disk - ok
15:51:30.0253 4156 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:51:30.0300 4156 Dnscache - ok
15:51:30.0331 4156 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:51:30.0393 4156 dot3svc - ok
15:51:30.0393 4156 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:51:30.0456 4156 DPS - ok
15:51:30.0487 4156 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:51:30.0503 4156 drmkaud - ok
15:51:30.0534 4156 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:51:30.0549 4156 DXGKrnl - ok
15:51:30.0565 4156 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:51:30.0612 4156 EapHost - ok
15:51:30.0659 4156 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:51:30.0737 4156 ebdrv - ok
15:51:30.0768 4156 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:51:30.0799 4156 EFS - ok
15:51:30.0846 4156 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:51:30.0924 4156 ehRecvr - ok
15:51:30.0939 4156 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:51:30.0955 4156 ehSched - ok
15:51:30.0986 4156 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:51:31.0002 4156 elxstor - ok
15:51:31.0064 4156 [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
15:51:31.0111 4156 EPSON_EB_RPCV4_04 - ok
15:51:31.0111 4156 [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
15:51:31.0127 4156 EPSON_PM_RPCV4_04 - ok
15:51:31.0158 4156 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:51:31.0189 4156 ErrDev - ok
15:51:31.0220 4156 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:51:31.0267 4156 EventSystem - ok
15:51:31.0298 4156 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:51:31.0329 4156 exfat - ok
15:51:31.0345 4156 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:51:31.0392 4156 fastfat - ok
15:51:31.0423 4156 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:51:31.0470 4156 Fax - ok
15:51:31.0485 4156 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:51:31.0501 4156 fdc - ok
15:51:31.0517 4156 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:51:31.0548 4156 fdPHost - ok
15:51:31.0563 4156 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:51:31.0595 4156 FDResPub - ok
15:51:31.0610 4156 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:51:31.0626 4156 FileInfo - ok
15:51:31.0626 4156 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:51:31.0673 4156 Filetrace - ok
15:51:31.0688 4156 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:51:31.0704 4156 flpydisk - ok
15:51:31.0719 4156 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:51:31.0735 4156 FltMgr - ok
15:51:31.0844 4156 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
15:51:31.0938 4156 FontCache - ok
15:51:32.0000 4156 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:51:32.0000 4156 FontCache3.0.0.0 - ok
15:51:32.0063 4156 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:51:32.0063 4156 FsDepends - ok
15:51:32.0094 4156 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:51:32.0109 4156 Fs_Rec - ok
15:51:32.0203 4156 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:51:32.0234 4156 fvevol - ok
15:51:32.0250 4156 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:51:32.0265 4156 gagp30kx - ok
15:51:32.0297 4156 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:51:32.0312 4156 GamesAppService - ok
15:51:32.0375 4156 [ BA5996C46AF098047A0337A540180B71 ] gfiark C:\Windows\system32\drivers\gfiark.sys
15:51:32.0390 4156 gfiark - ok
15:51:32.0406 4156 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\Windows\system32\drivers\gfibto.sys
15:51:32.0406 4156 gfibto - ok
15:51:32.0453 4156 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:51:32.0499 4156 gpsvc - ok
15:51:32.0515 4156 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:51:32.0562 4156 hcw85cir - ok
15:51:32.0593 4156 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:51:32.0624 4156 HdAudAddService - ok
15:51:32.0655 4156 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:51:32.0671 4156 HDAudBus - ok
15:51:32.0702 4156 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:51:32.0718 4156 HidBatt - ok
15:51:32.0733 4156 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:51:32.0765 4156 HidBth - ok
15:51:32.0796 4156 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:51:32.0811 4156 HidIr - ok
15:51:32.0827 4156 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:51:32.0889 4156 hidserv - ok
15:51:32.0921 4156 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:51:32.0921 4156 HidUsb - ok
15:51:32.0936 4156 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:51:32.0999 4156 hkmsvc - ok
15:51:33.0014 4156 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:51:33.0061 4156 HomeGroupListener - ok
15:51:33.0092 4156 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:51:33.0123 4156 HomeGroupProvider - ok
15:51:33.0170 4156 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:51:33.0186 4156 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
15:51:33.0186 4156 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
15:51:33.0233 4156 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
15:51:33.0248 4156 HPClientSvc - ok
15:51:33.0295 4156 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:51:33.0326 4156 hpqwmiex - ok
15:51:33.0357 4156 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:51:33.0357 4156 HpSAMD - ok
15:51:33.0389 4156 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:51:33.0435 4156 HTTP - ok
15:51:33.0451 4156 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:51:33.0467 4156 hwpolicy - ok
15:51:33.0482 4156 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:51:33.0498 4156 i8042prt - ok
15:51:33.0529 4156 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
15:51:33.0545 4156 iaStor - ok
15:51:33.0560 4156 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:51:33.0576 4156 iaStorV - ok
15:51:33.0607 4156 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:51:33.0638 4156 idsvc - ok
15:51:33.0825 4156 [ 6383899C5F964D71B0F96B81FBE59BB8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:51:33.0997 4156 igfx - ok
15:51:34.0028 4156 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:51:34.0044 4156 iirsp - ok
15:51:34.0075 4156 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:51:34.0122 4156 IKEEXT - ok
15:51:34.0169 4156 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
15:51:34.0200 4156 Impcd - ok
15:51:34.0309 4156 [ 91ED47813243B455E2D81115A8255F0E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:51:34.0387 4156 IntcAzAudAddService - ok
15:51:34.0418 4156 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:51:34.0418 4156 intelide - ok
15:51:34.0434 4156 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
15:51:34.0465 4156 intelppm - ok
15:51:34.0481 4156 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:51:34.0527 4156 IPBusEnum - ok
15:51:34.0543 4156 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:51:34.0574 4156 IpFilterDriver - ok
15:51:34.0605 4156 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:51:34.0652 4156 iphlpsvc - ok
15:51:34.0668 4156 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:51:34.0699 4156 IPMIDRV - ok
15:51:34.0715 4156 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:51:34.0746 4156 IPNAT - ok
15:51:34.0777 4156 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:51:34.0793 4156 IRENUM - ok
15:51:34.0808 4156 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:51:34.0808 4156 isapnp - ok
15:51:34.0839 4156 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:51:34.0855 4156 iScsiPrt - ok
15:51:34.0871 4156 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:51:34.0886 4156 kbdclass - ok
15:51:34.0886 4156 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:51:34.0917 4156 kbdhid - ok
15:51:34.0933 4156 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:51:34.0949 4156 KeyIso - ok
15:51:34.0964 4156 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:51:34.0964 4156 KSecDD - ok
15:51:34.0980 4156 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:51:34.0995 4156 KSecPkg - ok
15:51:34.0995 4156 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:51:35.0042 4156 ksthunk - ok
15:51:35.0073 4156 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:51:35.0120 4156 KtmRm - ok
15:51:35.0167 4156 [ BD56BAE4403497E31727096CEBC42956 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
15:51:35.0183 4156 L1C - ok
15:51:35.0214 4156 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:51:35.0245 4156 LanmanServer - ok
15:51:35.0261 4156 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:51:35.0307 4156 LanmanWorkstation - ok
15:51:35.0354 4156 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:51:35.0417 4156 lltdio - ok
15:51:35.0432 4156 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:51:35.0479 4156 lltdsvc - ok
15:51:35.0510 4156 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:51:35.0541 4156 lmhosts - ok
15:51:35.0588 4156 [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:51:35.0604 4156 LMS - ok
15:51:35.0619 4156 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:51:35.0635 4156 LSI_FC - ok
15:51:35.0651 4156 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:51:35.0666 4156 LSI_SAS - ok
15:51:35.0666 4156 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:51:35.0682 4156 LSI_SAS2 - ok
15:51:35.0697 4156 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:51:35.0713 4156 LSI_SCSI - ok
15:51:35.0729 4156 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:51:35.0760 4156 luafv - ok
15:51:35.0838 4156 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:51:35.0853 4156 Mcx2Svc - ok
15:51:35.0869 4156 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:51:35.0885 4156 megasas - ok
15:51:35.0916 4156 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:51:35.0931 4156 MegaSR - ok
15:51:35.0978 4156 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
15:51:35.0994 4156 MEIx64 - ok
15:51:36.0009 4156 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:51:36.0103 4156 MMCSS - ok
15:51:36.0150 4156 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:51:36.0243 4156 Modem - ok
15:51:36.0275 4156 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:51:36.0321 4156 monitor - ok
15:51:36.0353 4156 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:51:36.0353 4156 mouclass - ok
15:51:36.0446 4156 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:51:36.0477 4156 mouhid - ok
15:51:36.0493 4156 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:51:36.0509 4156 mountmgr - ok
15:51:36.0555 4156 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:51:36.0555 4156 MozillaMaintenance - ok
15:51:36.0602 4156 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:51:36.0618 4156 MpFilter - ok
15:51:36.0633 4156 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:51:36.0649 4156 mpio - ok
15:51:36.0665 4156 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:51:36.0696 4156 mpsdrv - ok
15:51:36.0743 4156 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:51:36.0789 4156 MpsSvc - ok
15:51:36.0821 4156 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:51:36.0852 4156 MRxDAV - ok
15:51:36.0867 4156 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:51:36.0899 4156 mrxsmb - ok
15:51:36.0914 4156 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:51:36.0930 4156 mrxsmb10 - ok
15:51:36.0930 4156 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:51:36.0945 4156 mrxsmb20 - ok
15:51:36.0961 4156 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:51:36.0961 4156 msahci - ok
15:51:36.0977 4156 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:51:36.0992 4156 msdsm - ok
15:51:37.0008 4156 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:51:37.0023 4156 MSDTC - ok
15:51:37.0055 4156 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:51:37.0086 4156 Msfs - ok
15:51:37.0101 4156 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:51:37.0133 4156 mshidkmdf - ok
15:51:37.0133 4156 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:51:37.0148 4156 msisadrv - ok
15:51:37.0164 4156 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:51:37.0211 4156 MSiSCSI - ok
15:51:37.0211 4156 msiserver - ok
15:51:37.0242 4156 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:51:37.0304 4156 MSKSSRV - ok
15:51:37.0351 4156 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:51:37.0367 4156 MsMpSvc - ok
15:51:37.0382 4156 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:51:37.0445 4156 MSPCLOCK - ok
15:51:37.0445 4156 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:51:37.0476 4156 MSPQM - ok
15:51:37.0491 4156 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:51:37.0507 4156 MsRPC - ok
15:51:37.0538 4156 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:51:37.0538 4156 mssmbios - ok
15:51:37.0554 4156 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:51:37.0601 4156 MSTEE - ok
15:51:37.0616 4156 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:51:37.0632 4156 MTConfig - ok
15:51:37.0647 4156 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:51:37.0663 4156 Mup - ok
15:51:37.0679 4156 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:51:37.0741 4156 napagent - ok
15:51:37.0757 4156 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:51:37.0788 4156 NativeWifiP - ok
15:51:37.0835 4156 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:51:37.0866 4156 NDIS - ok
15:51:37.0881 4156 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:51:37.0913 4156 NdisCap - ok
15:51:37.0928 4156 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:51:37.0959 4156 NdisTapi - ok
15:51:37.0975 4156 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:51:38.0022 4156 Ndisuio - ok
15:51:38.0037 4156 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:51:38.0069 4156 NdisWan - ok
15:51:38.0084 4156 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:51:38.0115 4156 NDProxy - ok
15:51:38.0131 4156 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:51:38.0162 4156 NetBIOS - ok
15:51:38.0178 4156 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:51:38.0225 4156 NetBT - ok
15:51:38.0225 4156 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:51:38.0240 4156 Netlogon - ok
15:51:38.0271 4156 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:51:38.0318 4156 Netman - ok
15:51:38.0349 4156 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:51:38.0381 4156 NetMsmqActivator - ok
15:51:38.0381 4156 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:51:38.0396 4156 NetPipeActivator - ok
15:51:38.0412 4156 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:51:38.0459 4156 netprofm - ok
15:51:38.0459 4156 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:51:38.0474 4156 NetTcpActivator - ok
15:51:38.0474 4156 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:51:38.0490 4156 NetTcpPortSharing - ok
15:51:38.0521 4156 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:51:38.0537 4156 nfrd960 - ok
15:51:38.0568 4156 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:51:38.0583 4156 NisDrv - ok
15:51:38.0615 4156 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
15:51:38.0630 4156 NisSrv - ok
15:51:38.0661 4156 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:51:38.0677 4156 NlaSvc - ok
15:51:38.0755 4156 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:51:38.0817 4156 NOBU - ok
15:51:38.0849 4156 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:51:38.0880 4156 Npfs - ok
15:51:38.0895 4156 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:51:38.0942 4156 nsi - ok
15:51:38.0958 4156 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:51:39.0005 4156 nsiproxy - ok
15:51:39.0051 4156 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:51:39.0098 4156 Ntfs - ok
15:51:39.0114 4156 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:51:39.0145 4156 Null - ok
15:51:39.0161 4156 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:51:39.0161 4156 nvraid - ok
15:51:39.0192 4156 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:51:39.0207 4156 nvstor - ok
15:51:39.0239 4156 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:51:39.0239 4156 nv_agp - ok
15:51:39.0254 4156 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:51:39.0270 4156 ohci1394 - ok
15:51:39.0285 4156 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:51:39.0285 4156 ose - ok
15:51:39.0395 4156 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:51:39.0519 4156 osppsvc - ok
15:51:39.0551 4156 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:51:39.0582 4156 p2pimsvc - ok
15:51:39.0597 4156 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:51:39.0613 4156 p2psvc - ok
15:51:39.0629 4156 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:51:39.0644 4156 Parport - ok
15:51:39.0660 4156 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:51:39.0675 4156 partmgr - ok
15:51:39.0675 4156 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:51:39.0707 4156 PcaSvc - ok
15:51:39.0738 4156 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:51:39.0753 4156 pci - ok
15:51:39.0769 4156 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:51:39.0769 4156 pciide - ok
15:51:39.0785 4156 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:51:39.0800 4156 pcmcia - ok
15:51:39.0800 4156 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:51:39.0816 4156 pcw - ok
15:51:39.0847 4156 pdfcDispatcher - ok
15:51:39.0863 4156 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:51:39.0909 4156 PEAUTH - ok
15:51:39.0956 4156 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:51:39.0972 4156 PerfHost - ok
15:51:40.0019 4156 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:51:40.0081 4156 pla - ok
15:51:40.0112 4156 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:51:40.0143 4156 PlugPlay - ok
15:51:40.0159 4156 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:51:40.0175 4156 PNRPAutoReg - ok
15:51:40.0190 4156 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:51:40.0206 4156 PNRPsvc - ok
15:51:40.0237 4156 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:51:40.0268 4156 PolicyAgent - ok
15:51:40.0299 4156 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:51:40.0362 4156 Power - ok
15:51:40.0393 4156 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:51:40.0440 4156 PptpMiniport - ok
15:51:40.0455 4156 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:51:40.0487 4156 Processor - ok
15:51:40.0518 4156 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:51:40.0565 4156 ProfSvc - ok
15:51:40.0565 4156 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:51:40.0580 4156 ProtectedStorage - ok
15:51:40.0596 4156 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:51:40.0643 4156 Psched - ok
15:51:40.0689 4156 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:51:40.0736 4156 ql2300 - ok
15:51:40.0752 4156 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:51:40.0767 4156 ql40xx - ok
15:51:40.0783 4156 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:51:40.0799 4156 QWAVE - ok
15:51:40.0814 4156 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:51:40.0830 4156 QWAVEdrv - ok
15:51:40.0861 4156 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:51:40.0892 4156 RasAcd - ok
15:51:40.0908 4156 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:51:40.0939 4156 RasAgileVpn - ok
15:51:40.0955 4156 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:51:41.0001 4156 RasAuto - ok
15:51:41.0017 4156 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:51:41.0048 4156 Rasl2tp - ok
15:51:41.0079 4156 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:51:41.0111 4156 RasMan - ok
15:51:41.0126 4156 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:51:41.0173 4156 RasPppoe - ok
15:51:41.0204 4156 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:51:41.0251 4156 RasSstp - ok
15:51:41.0267 4156 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:51:41.0298 4156 rdbss - ok
15:51:41.0329 4156 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:51:41.0329 4156 rdpbus - ok
15:51:41.0360 4156 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:51:41.0391 4156 RDPCDD - ok
15:51:41.0407 4156 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:51:41.0454 4156 RDPENCDD - ok
15:51:41.0469 4156 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:51:41.0501 4156 RDPREFMP - ok
15:51:41.0532 4156 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:51:41.0563 4156 RdpVideoMiniport - ok
15:51:41.0579 4156 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:51:41.0610 4156 RDPWD - ok
15:51:41.0641 4156 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:51:41.0657 4156 rdyboost - ok
15:51:41.0672 4156 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:51:41.0719 4156 RemoteAccess - ok
15:51:41.0750 4156 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:51:41.0797 4156 RemoteRegistry - ok
15:51:41.0828 4156 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:51:41.0875 4156 RpcEptMapper - ok
15:51:41.0891 4156 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:51:41.0891 4156 RpcLocator - ok
15:51:41.0906 4156 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:51:41.0953 4156 RpcSs - ok
15:51:41.0953 4156 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:51:41.0984 4156 rspndr - ok
15:51:42.0000 4156 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:51:42.0015 4156 SamSs - ok
15:51:42.0031 4156 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:51:42.0031 4156 sbp2port - ok
15:51:42.0062 4156 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:51:42.0093 4156 SCardSvr - ok
15:51:42.0093 4156 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:51:42.0140 4156 scfilter - ok
15:51:42.0156 4156 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:51:42.0218 4156 Schedule - ok
15:51:42.0249 4156 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:51:42.0281 4156 SCPolicySvc - ok
15:51:42.0296 4156 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:51:42.0312 4156 SDRSVC - ok
15:51:42.0327 4156 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:51:42.0374 4156 secdrv - ok
15:51:42.0390 4156 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:51:42.0421 4156 seclogon - ok
15:51:42.0437 4156 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:51:42.0483 4156 SENS - ok
15:51:42.0499 4156 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:51:42.0546 4156 SensrSvc - ok
15:51:42.0561 4156 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
15:51:42.0593 4156 Serenum - ok
15:51:42.0624 4156 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
15:51:42.0655 4156 Serial - ok
15:51:42.0686 4156 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:51:42.0717 4156 sermouse - ok
15:51:42.0733 4156 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:51:42.0795 4156 SessionEnv - ok
15:51:42.0811 4156 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:51:42.0811 4156 sffdisk - ok
15:51:42.0827 4156 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:51:42.0842 4156 sffp_mmc - ok
15:51:42.0858 4156 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:51:42.0873 4156 sffp_sd - ok
15:51:42.0873 4156 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:51:42.0889 4156 sfloppy - ok
15:51:42.0936 4156 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
15:51:42.0951 4156 Sftfs - ok
15:51:42.0983 4156 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:51:42.0998 4156 sftlist - ok
15:51:43.0014 4156 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:51:43.0029 4156 Sftplay - ok
15:51:43.0045 4156 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:51:43.0045 4156 Sftredir - ok
15:51:43.0076 4156 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
15:51:43.0076 4156 Sftvol - ok
15:51:43.0092 4156 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:51:43.0107 4156 sftvsa - ok
15:51:43.0139 4156 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:51:43.0170 4156 SharedAccess - ok
15:51:43.0185 4156 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:51:43.0232 4156 ShellHWDetection - ok
15:51:43.0263 4156 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:51:43.0279 4156 SiSRaid2 - ok
15:51:43.0295 4156 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:51:43.0310 4156 SiSRaid4 - ok
15:51:43.0326 4156 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:51:43.0326 4156 SkypeUpdate - ok
15:51:43.0357 4156 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:51:43.0404 4156 Smb - ok
15:51:43.0435 4156 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:51:43.0451 4156 SNMPTRAP - ok
15:51:43.0466 4156 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:51:43.0466 4156 spldr - ok
15:51:43.0497 4156 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:51:43.0513 4156 Spooler - ok
15:51:43.0575 4156 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:51:43.0700 4156 sppsvc - ok
15:51:43.0716 4156 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:51:43.0747 4156 sppuinotify - ok
15:51:43.0763 4156 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:51:43.0809 4156 srv - ok
15:51:43.0825 4156 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:51:43.0856 4156 srv2 - ok
15:51:43.0872 4156 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:51:43.0872 4156 srvnet - ok
15:51:43.0903 4156 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:51:43.0950 4156 SSDPSRV - ok
15:51:43.0965 4156 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:51:43.0997 4156 SstpSvc - ok
15:51:44.0012 4156 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:51:44.0028 4156 stexstor - ok
15:51:44.0043 4156 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:51:44.0059 4156 stisvc - ok
15:51:44.0075 4156 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:51:44.0090 4156 swenum - ok
15:51:44.0106 4156 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:51:44.0153 4156 swprv - ok
15:51:44.0199 4156 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:51:44.0246 4156 SysMain - ok
15:51:44.0262 4156 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:51:44.0277 4156 TabletInputService - ok
15:51:44.0293 4156 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:51:44.0340 4156 TapiSrv - ok
15:51:44.0340 4156 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:51:44.0387 4156 TBS - ok
15:51:44.0433 4156 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:51:44.0496 4156 Tcpip - ok
15:51:44.0527 4156 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:51:44.0574 4156 TCPIP6 - ok
15:51:44.0589 4156 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:51:44.0589 4156 tcpipreg - ok
15:51:44.0621 4156 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:51:44.0652 4156 TDPIPE - ok
15:51:44.0683 4156 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:51:44.0699 4156 TDTCP - ok
15:51:44.0730 4156 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:51:44.0777 4156 tdx - ok
15:51:44.0792 4156 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:51:44.0792 4156 TermDD - ok
15:51:44.0823 4156 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:51:44.0855 4156 TermService - ok
15:51:44.0870 4156 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:51:44.0886 4156 Themes - ok
15:51:44.0901 4156 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:51:44.0933 4156 THREADORDER - ok
15:51:44.0948 4156 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:51:44.0995 4156 TrkWks - ok
15:51:45.0042 4156 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:51:45.0089 4156 TrustedInstaller - ok
15:51:45.0104 4156 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:51:45.0135 4156 tssecsrv - ok
15:51:45.0167 4156 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:51:45.0198 4156 TsUsbFlt - ok
15:51:45.0213 4156 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:51:45.0229 4156 TsUsbGD - ok
15:51:45.0276 4156 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:51:45.0323 4156 tunnel - ok
15:51:45.0338 4156 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:51:45.0354 4156 uagp35 - ok
15:51:45.0369 4156 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:51:45.0416 4156 udfs - ok
15:51:45.0447 4156 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:51:45.0463 4156 UI0Detect - ok
15:51:45.0479 4156 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:51:45.0494 4156 uliagpkx - ok
15:51:45.0510 4156 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:51:45.0541 4156 umbus - ok
15:51:45.0557 4156 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:51:45.0572 4156 UmPass - ok
15:51:45.0666 4156 [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:51:45.0744 4156 UNS - ok
15:51:45.0759 4156 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:51:45.0822 4156 upnphost - ok
15:51:45.0837 4156 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:51:45.0869 4156 usbccgp - ok
15:51:45.0884 4156 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:51:45.0900 4156 usbcir - ok
15:51:45.0915 4156 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:51:45.0931 4156 usbehci - ok
15:51:45.0947 4156 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:51:45.0962 4156 usbhub - ok
15:51:45.0993 4156 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:51:46.0009 4156 usbohci - ok
15:51:46.0040 4156 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:51:46.0071 4156 usbprint - ok
15:51:46.0087 4156 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:51:46.0118 4156 usbscan - ok
15:51:46.0134 4156 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:51:46.0181 4156 USBSTOR - ok
15:51:46.0196 4156 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:51:46.0212 4156 usbuhci - ok
15:51:46.0227 4156 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:51:46.0274 4156 UxSms - ok
15:51:46.0290 4156 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:51:46.0290 4156 VaultSvc - ok
15:51:46.0321 4156 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:51:46.0337 4156 vdrvroot - ok
15:51:46.0352 4156 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:51:46.0399 4156 vds - ok
15:51:46.0430 4156 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:51:46.0446 4156 vga - ok
15:51:46.0461 4156 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:51:46.0508 4156 VgaSave - ok
15:51:46.0524 4156 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:51:46.0539 4156 vhdmp - ok
15:51:46.0571 4156 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:51:46.0586 4156 viaide - ok
15:51:46.0602 4156 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:51:46.0602 4156 volmgr - ok
15:51:46.0617 4156 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:51:46.0633 4156 volmgrx - ok
15:51:46.0649 4156 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:51:46.0664 4156 volsnap - ok
15:51:46.0680 4156 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:51:46.0695 4156 vsmraid - ok
15:51:46.0742 4156 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:51:46.0805 4156 VSS - ok
15:51:46.0836 4156 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:51:46.0867 4156 vwifibus - ok
15:51:46.0898 4156 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:51:46.0945 4156 W32Time - ok
15:51:46.0961 4156 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:51:46.0976 4156 WacomPen - ok
15:51:47.0007 4156 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:51:47.0054 4156 WANARP - ok
15:51:47.0054 4156 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:51:47.0085 4156 Wanarpv6 - ok
15:51:47.0132 4156 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:51:47.0195 4156 WatAdminSvc - ok
15:51:47.0226 4156 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:51:47.0288 4156 wbengine - ok
15:51:47.0304 4156 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:51:47.0319 4156 WbioSrvc - ok
15:51:47.0335 4156 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:51:47.0382 4156 wcncsvc - ok
15:51:47.0397 4156 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:51:47.0413 4156 WcsPlugInService - ok
15:51:47.0429 4156 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:51:47.0444 4156 Wd - ok
15:51:47.0475 4156 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:51:47.0491 4156 Wdf01000 - ok
15:51:47.0507 4156 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:51:47.0585 4156 WdiServiceHost - ok
15:51:47.0585 4156 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:51:47.0616 4156 WdiSystemHost - ok
15:51:47.0631 4156 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:51:47.0647 4156 WebClient - ok
15:51:47.0663 4156 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:51:47.0709 4156 Wecsvc - ok
15:51:47.0725 4156 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:51:47.0772 4156 wercplsupport - ok
15:51:47.0772 4156 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:51:47.0803 4156 WerSvc - ok
15:51:47.0819 4156 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:51:47.0850 4156 WfpLwf - ok
15:51:47.0865 4156 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:51:47.0881 4156 WIMMount - ok
15:51:47.0897 4156 WinDefend - ok
15:51:47.0912 4156 WinHttpAutoProxySvc - ok
15:51:47.0959 4156 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:51:48.0006 4156 Winmgmt - ok
15:51:48.0037 4156 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:51:48.0115 4156 WinRM - ok
15:51:48.0146 4156 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:51:48.0177 4156 Wlansvc - ok
15:51:48.0240 4156 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:51:48.0255 4156 wlcrasvc - ok
15:51:48.0318 4156 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:51:48.0349 4156 wlidsvc - ok
15:51:48.0380 4156 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:51:48.0411 4156 WmiAcpi - ok
15:51:48.0443 4156 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:51:48.0474 4156 wmiApSrv - ok
15:51:48.0505 4156 WMPNetworkSvc - ok
15:51:48.0521 4156 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:51:48.0552 4156 WPCSvc - ok
15:51:48.0552 4156 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:51:48.0583 4156 WPDBusEnum - ok
15:51:48.0583 4156 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:51:48.0614 4156 ws2ifsl - ok
15:51:48.0630 4156 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:51:48.0661 4156 wscsvc - ok
15:51:48.0661 4156 WSearch - ok
15:51:48.0723 4156 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:51:48.0786 4156 wuauserv - ok
15:51:48.0801 4156 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:51:48.0833 4156 WudfPf - ok
15:51:48.0864 4156 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:51:48.0879 4156 WUDFRd - ok
15:51:48.0895 4156 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:51:48.0926 4156 wudfsvc - ok
15:51:48.0942 4156 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:51:48.0973 4156 WwanSvc - ok
15:51:48.0989 4156 ================ Scan global ===============================
15:51:49.0004 4156 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:51:49.0020 4156 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:51:49.0035 4156 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:51:49.0051 4156 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:51:49.0067 4156 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:51:49.0082 4156 [Global] - ok
15:51:49.0082 4156 ================ Scan MBR ==================================
15:51:49.0082 4156 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:51:49.0269 4156 \Device\Harddisk0\DR0 - ok
15:51:49.0269 4156 ================ Scan VBR ==================================
15:51:49.0269 4156 [ 8B2CADBF599EB402F83A4B49D4644420 ] \Device\Harddisk0\DR0\Partition1
15:51:49.0285 4156 \Device\Harddisk0\DR0\Partition1 - ok
15:51:49.0301 4156 [ D33133EA7EC16EEE358A88974C83AAB6 ] \Device\Harddisk0\DR0\Partition2
15:51:49.0301 4156 \Device\Harddisk0\DR0\Partition2 - ok
15:51:49.0332 4156 [ 283B7EF861B902C5A838B0A6D26B9598 ] \Device\Harddisk0\DR0\Partition3
15:51:49.0332 4156 \Device\Harddisk0\DR0\Partition3 - ok
15:51:49.0332 4156 ================ Scan active images ========================
15:51:49.0332 4156 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
15:51:49.0332 4156 C:\Windows\System32\drivers\crashdmp.sys - ok
15:51:49.0347 4156 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
15:51:49.0347 4156 C:\Windows\System32\drivers\dumpfve.sys - ok
15:51:49.0347 4156 [ 26CF4275034214ECEDD8EC17B0A18A99 ] C:\Windows\System32\drivers\iaStor.sys
15:51:49.0347 4156 C:\Windows\System32\drivers\iaStor.sys - ok
15:51:49.0347 4156 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
15:51:49.0347 4156 C:\Windows\System32\drivers\cdrom.sys - ok
15:51:49.0363 4156 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
15:51:49.0363 4156 C:\Windows\System32\drivers\null.sys - ok
15:51:49.0363 4156 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
15:51:49.0363 4156 C:\Windows\System32\drivers\beep.sys - ok
15:51:49.0363 4156 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
15:51:49.0363 4156 C:\Windows\System32\drivers\RDPCDD.sys - ok
15:51:49.0379 4156 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
15:51:49.0379 4156 C:\Windows\System32\drivers\RDPENCDD.sys - ok
15:51:49.0379 4156 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
15:51:49.0379 4156 C:\Windows\System32\drivers\vga.sys - ok
15:51:49.0379 4156 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
15:51:49.0379 4156 C:\Windows\System32\drivers\videoprt.sys - ok
15:51:49.0379 4156 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
15:51:49.0379 4156 C:\Windows\System32\drivers\watchdog.sys - ok
15:51:49.0379 4156 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
15:51:49.0379 4156 C:\Windows\System32\drivers\RDPREFMP.sys - ok
15:51:49.0394 4156 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
15:51:49.0394 4156 C:\Windows\System32\drivers\msfs.sys - ok
15:51:49.0394 4156 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
15:51:49.0394 4156 C:\Windows\System32\drivers\npfs.sys - ok
15:51:49.0394 4156 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
15:51:49.0394 4156 C:\Windows\System32\drivers\tdi.sys - ok
15:51:49.0394 4156 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
15:51:49.0394 4156 C:\Windows\System32\drivers\tdx.sys - ok
15:51:49.0410 4156 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
15:51:49.0410 4156 C:\Windows\System32\drivers\afd.sys - ok
15:51:49.0410 4156 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
15:51:49.0410 4156 C:\Windows\System32\drivers\netbt.sys - ok
15:51:49.0410 4156 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
15:51:49.0410 4156 C:\Windows\System32\drivers\wfplwf.sys - ok
15:51:49.0410 4156 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
15:51:49.0410 4156 C:\Windows\System32\drivers\ws2ifsl.sys - ok
15:51:49.0425 4156 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
15:51:49.0425 4156 C:\Windows\System32\drivers\netbios.sys - ok
15:51:49.0425 4156 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
15:51:49.0425 4156 C:\Windows\System32\drivers\pacer.sys - ok
15:51:49.0425 4156 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
15:51:49.0425 4156 C:\Windows\System32\drivers\wanarp.sys - ok
15:51:49.0425 4156 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
15:51:49.0425 4156 C:\Windows\System32\drivers\termdd.sys - ok
15:51:49.0441 4156 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
15:51:49.0441 4156 C:\Windows\System32\drivers\nsiproxy.sys - ok
15:51:49.0441 4156 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
15:51:49.0441 4156 C:\Windows\System32\drivers\rdbss.sys - ok
15:51:49.0441 4156 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
15:51:49.0441 4156 C:\Windows\System32\drivers\dfsc.sys - ok
15:51:49.0441 4156 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
15:51:49.0441 4156 C:\Windows\System32\drivers\discache.sys - ok
15:51:49.0441 4156 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
15:51:49.0441 4156 C:\Windows\System32\drivers\mssmbios.sys - ok
15:51:49.0457 4156 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
15:51:49.0457 4156 C:\Windows\System32\drivers\blbdrive.sys - ok
15:51:49.0457 4156 [ C20E2A7A29F06A69C40E949255257B01 ] C:\Windows\System32\drivers\ctxusbm.sys
15:51:49.0457 4156 C:\Windows\System32\drivers\ctxusbm.sys - ok
15:51:49.0457 4156 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
15:51:49.0457 4156 C:\Windows\System32\drivers\tunnel.sys - ok
15:51:49.0457 4156 [ 6383899C5F964D71B0F96B81FBE59BB8 ] C:\Windows\System32\drivers\igdkmd64.sys
15:51:49.0457 4156 C:\Windows\System32\drivers\igdkmd64.sys - ok
15:51:49.0472 4156 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
15:51:49.0472 4156 C:\Windows\System32\ntdll.dll - ok
15:51:49.0472 4156 [ F0371DE302FFFF8F086661611BE60848 ] C:\Windows\System32\smss.exe
15:51:49.0472 4156 C:\Windows\System32\smss.exe - ok
15:51:49.0472 4156 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
15:51:49.0472 4156 C:\Windows\System32\drivers\dxgkrnl.sys - ok
15:51:49.0472 4156 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
15:51:49.0472 4156 C:\Windows\System32\drivers\dxgmms1.sys - ok
15:51:49.0488 4156 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
15:51:49.0488 4156 C:\Windows\System32\autochk.exe - ok
15:51:49.0488 4156 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] C:\Windows\System32\drivers\HECIx64.sys
15:51:49.0488 4156 C:\Windows\System32\drivers\HECIx64.sys - ok
15:51:49.0488 4156 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
15:51:49.0488 4156 C:\Windows\System32\drivers\hdaudbus.sys - ok
15:51:49.0488 4156 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
15:51:49.0488 4156 C:\Windows\System32\drivers\usbehci.sys - ok
15:51:49.0503 4156 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
15:51:49.0503 4156 C:\Windows\System32\drivers\usbport.sys - ok
15:51:49.0503 4156 [ BD56BAE4403497E31727096CEBC42956 ] C:\Windows\System32\drivers\L1C62x64.sys
15:51:49.0503 4156 C:\Windows\System32\drivers\L1C62x64.sys - ok
15:51:49.0503 4156 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
15:51:49.0503 4156 C:\Windows\System32\drivers\agilevpn.sys - ok
15:51:49.0503 4156 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
15:51:49.0503 4156 C:\Windows\System32\drivers\CompositeBus.sys - ok
15:51:49.0519 4156 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
15:51:49.0519 4156 C:\Windows\System32\drivers\intelppm.sys - ok
15:51:49.0519 4156 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
15:51:49.0519 4156 C:\Windows\System32\drivers\rasl2tp.sys - ok
15:51:49.0519 4156 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
15:51:49.0519 4156 C:\Windows\System32\drivers\ndistapi.sys - ok
15:51:49.0519 4156 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
15:51:49.0519 4156 C:\Windows\System32\drivers\ndiswan.sys - ok
15:51:49.0519 4156 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
15:51:49.0519 4156 C:\Windows\System32\drivers\raspppoe.sys - ok
15:51:49.0535 4156 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
15:51:49.0535 4156 C:\Windows\System32\drivers\raspptp.sys - ok
15:51:49.0535 4156 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
15:51:49.0535 4156 C:\Windows\System32\drivers\rassstp.sys - ok
15:51:49.0535 4156 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
15:51:49.0535 4156 C:\Windows\System32\drivers\kbdclass.sys - ok
15:51:49.0535 4156 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
15:51:49.0535 4156 C:\Windows\System32\drivers\mouclass.sys - ok
15:51:49.0550 4156 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
15:51:49.0550 4156 C:\Windows\System32\drivers\ks.sys - ok
15:51:49.0550 4156 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
15:51:49.0550 4156 C:\Windows\System32\drivers\swenum.sys - ok
15:51:49.0550 4156 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
15:51:49.0550 4156 C:\Windows\System32\drivers\umbus.sys - ok
15:51:49.0550 4156 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
15:51:49.0550 4156 C:\Windows\System32\drivers\usbhub.sys - ok
15:51:49.0566 4156 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
15:51:49.0566 4156 C:\Windows\System32\drivers\ndproxy.sys - ok
15:51:49.0566 4156 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
15:51:49.0566 4156 C:\Windows\System32\drivers\drmk.sys - ok
15:51:49.0566 4156 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
15:51:49.0566 4156 C:\Windows\System32\drivers\portcls.sys - ok
15:51:49.0566 4156 [ 91ED47813243B455E2D81115A8255F0E ] C:\Windows\System32\drivers\RTKVHD64.sys
15:51:49.0566 4156 C:\Windows\System32\drivers\RTKVHD64.sys - ok
15:51:49.0581 4156 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
15:51:49.0581 4156 C:\Windows\System32\drivers\ksthunk.sys - ok
15:51:49.0581 4156 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
15:51:49.0581 4156 C:\Windows\System32\clbcatq.dll - ok
15:51:49.0581 4156 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
15:51:49.0581 4156 C:\Windows\System32\sechost.dll - ok
15:51:49.0581 4156 [ 753C0848AE7872A3F59663078A517293 ] C:\Windows\System32\wininet.dll
15:51:49.0581 4156 C:\Windows\System32\wininet.dll - ok
15:51:49.0581 4156 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
15:51:49.0581 4156 C:\Windows\System32\drivers\usbccgp.sys - ok
15:51:49.0597 4156 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
15:51:49.0597 4156 C:\Windows\System32\drivers\usbd.sys - ok
15:51:49.0597 4156 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
15:51:49.0597 4156 C:\Windows\System32\drivers\hidclass.sys - ok
15:51:49.0597 4156 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
15:51:49.0597 4156 C:\Windows\System32\drivers\hidparse.sys - ok
15:51:49.0597 4156 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
15:51:49.0597 4156 C:\Windows\System32\drivers\hidusb.sys - ok
15:51:49.0613 4156 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys
15:51:49.0613 4156 C:\Windows\System32\drivers\kbdhid.sys - ok
15:51:49.0613 4156 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
15:51:49.0613 4156 C:\Windows\System32\drivers\mouhid.sys - ok
15:51:49.0613 4156 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
15:51:49.0613 4156 C:\Windows\System32\rpcrt4.dll - ok
15:51:49.0613 4156 [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS
15:51:49.0613 4156 C:\Windows\System32\drivers\USBSTOR.SYS - ok
15:51:49.0628 4156 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
15:51:49.0628 4156 C:\Windows\System32\ole32.dll - ok
15:51:49.0628 4156 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
15:51:49.0628 4156 C:\Windows\System32\gdi32.dll - ok
15:51:49.0628 4156 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
15:51:49.0628 4156 C:\Windows\System32\advapi32.dll - ok
15:51:49.0628 4156 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
15:51:49.0628 4156 C:\Windows\System32\shell32.dll - ok
15:51:49.0628 4156 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
15:51:49.0628 4156 C:\Windows\System32\imm32.dll - ok
15:51:49.0644 4156 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
15:51:49.0644 4156 C:\Windows\System32\setupapi.dll - ok
15:51:49.0644 4156 [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
15:51:49.0644 4156 C:\Windows\System32\usp10.dll - ok
15:51:49.0644 4156 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
15:51:49.0644 4156 C:\Windows\System32\comdlg32.dll - ok
15:51:49.0644 4156 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
15:51:49.0644 4156 C:\Windows\System32\difxapi.dll - ok
15:51:49.0659 4156 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
15:51:49.0659 4156 C:\Windows\System32\imagehlp.dll - ok
15:51:49.0659 4156 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
15:51:49.0659 4156 C:\Windows\System32\normaliz.dll - ok
15:51:49.0659 4156 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
15:51:49.0659 4156 C:\Windows\System32\psapi.dll - ok
15:51:49.0659 4156 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
15:51:49.0659 4156 C:\Windows\System32\user32.dll - ok
15:51:49.0675 4156 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
15:51:49.0675 4156 C:\Windows\System32\Wldap32.dll - ok
15:51:49.0675 4156 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
15:51:49.0675 4156 C:\Windows\System32\oleaut32.dll - ok
15:51:49.0675 4156 [ 85F1FE2D5EDBFD26066F5ABB9504A69C ] C:\Windows\System32\iertutil.dll
15:51:49.0675 4156 C:\Windows\System32\iertutil.dll - ok
15:51:49.0675 4156 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
15:51:49.0675 4156 C:\Windows\System32\nsi.dll - ok
15:51:49.0675 4156 [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
15:51:49.0675 4156 C:\Windows\System32\kernel32.dll - ok
15:51:49.0691 4156 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
15:51:49.0691 4156 C:\Windows\System32\lpk.dll - ok
15:51:49.0691 4156 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
15:51:49.0691 4156 C:\Windows\System32\msctf.dll - ok
15:51:49.0691 4156 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
15:51:49.0691 4156 C:\Windows\System32\shlwapi.dll - ok
15:51:49.0691 4156 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
15:51:49.0691 4156 C:\Windows\System32\msvcrt.dll - ok
15:51:49.0706 4156 [ 29812E9971077BE3F8B9DC225CF9D454 ] C:\Windows\System32\urlmon.dll
15:51:49.0706 4156 C:\Windows\System32\urlmon.dll - ok
15:51:49.0706 4156 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
15:51:49.0706 4156 C:\Windows\System32\ws2_32.dll - ok
15:51:49.0706 4156 [ F49E92B50CED5C9F1725D3C0329FD933 ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
15:51:49.0706 4156 C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
15:51:49.0706 4156 [ 64A4AB126E24FD3F58EBE64852773DB5 ] C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
15:51:49.0706 4156 C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
15:51:49.0722 4156 [ AFC3DB5C6EB8CA8017DDB81D6C0AD02A ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
15:51:49.0722 4156 C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
15:51:49.0722 4156 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
15:51:49.0722 4156 C:\Windows\System32\comctl32.dll - ok
15:51:49.0722 4156 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
15:51:49.0722 4156 C:\Windows\System32\devobj.dll - ok
15:51:49.0722 4156 [ 0E6FBF19D9DFBB77316C23DF91F8A101 ] C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
15:51:49.0722 4156 C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
15:51:49.0737 4156 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
15:51:49.0737 4156 C:\Windows\System32\crypt32.dll - ok
15:51:49.0737 4156 [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
15:51:49.0737 4156 C:\Windows\System32\KernelBase.dll - ok
15:51:49.0737 4156 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
15:51:49.0737 4156 C:\Windows\System32\wintrust.dll - ok
15:51:49.0737 4156 [ 72723D3E4781BADC62C3180C137E7B23 ] C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
15:51:49.0737 4156 C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll - ok
15:51:49.0737 4156 [ 9094039A00485F71C4DE64BF51F64C46 ] C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
15:51:49.0737 4156 C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll - ok
15:51:49.0753 4156 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
15:51:49.0753 4156 C:\Windows\System32\cfgmgr32.dll - ok
15:51:49.0753 4156 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
15:51:49.0753 4156 C:\Windows\System32\msasn1.dll - ok
15:51:49.0753 4156 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
15:51:49.0753 4156 C:\Windows\SysWOW64\normaliz.dll - ok
15:51:49.0753 4156 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
15:51:49.0753 4156 C:\Windows\System32\drivers\dxapi.sys - ok
15:51:49.0769 4156 [ 86F96630D28523F1C402C783F046DEF1 ] C:\Windows\System32\win32k.sys
15:51:49.0769 4156 C:\Windows\System32\win32k.sys - ok
15:51:49.0769 4156 [ CEC1EDF4022DC4DCA40384DCEC672B0E ] C:\Windows\System32\csrsrv.dll
15:51:49.0769 4156 C:\Windows\System32\csrsrv.dll - ok
15:51:49.0769 4156 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
15:51:49.0769 4156 C:\Windows\System32\csrss.exe - ok
15:51:49.0769 4156 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
15:51:49.0769 4156 C:\Windows\System32\basesrv.dll - ok
15:51:49.0784 4156 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\System32\winsrv.dll
15:51:49.0784 4156 C:\Windows\System32\winsrv.dll - ok
15:51:49.0784 4156 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
15:51:49.0784 4156 C:\Windows\System32\drivers\monitor.sys - ok
15:51:49.0784 4156 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
15:51:49.0784 4156 C:\Windows\System32\tsddd.dll - ok
15:51:49.0784 4156 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
15:51:49.0784 4156 C:\Windows\System32\sxssrv.dll - ok
15:51:49.0784 4156 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
15:51:49.0784 4156 C:\Windows\System32\wininit.exe - ok
15:51:49.0800 4156 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
15:51:49.0800 4156 C:\Windows\System32\cdd.dll - ok
15:51:49.0800 4156 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
15:51:49.0800 4156 C:\Windows\System32\KBDUS.DLL - ok
15:51:49.0800 4156 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
15:51:49.0800 4156 C:\Windows\System32\profapi.dll - ok
15:51:49.0800 4156 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
15:51:49.0800 4156 C:\Windows\System32\RpcRtRemote.dll - ok
15:51:49.0815 4156 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
15:51:49.0815 4156 C:\Windows\System32\sxs.dll - ok
15:51:49.0815 4156 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
15:51:49.0815 4156 C:\Windows\System32\WlS0WndH.dll - ok
15:51:49.0815 4156 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
15:51:49.0815 4156 C:\Windows\System32\cryptbase.dll - ok
15:51:49.0815 4156 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
15:51:49.0815 4156 C:\Windows\System32\apphelp.dll - ok
15:51:49.0831 4156 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
15:51:49.0831 4156 C:\Windows\System32\lsass.exe - ok
15:51:49.0831 4156 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
15:51:49.0831 4156 C:\Windows\System32\services.exe - ok
15:51:49.0831 4156 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
15:51:49.0831 4156 C:\Windows\System32\lsm.exe - ok
15:51:49.0831 4156 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
15:51:49.0831 4156 C:\Windows\System32\sspisrv.dll - ok
15:51:49.0831 4156 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
15:51:49.0831 4156 C:\Windows\System32\sysntfy.dll - ok
15:51:49.0847 4156 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
15:51:49.0847 4156 C:\Windows\System32\wmsgapi.dll - ok
15:51:49.0847 4156 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
15:51:49.0847 4156 C:\Windows\System32\sspicli.dll - ok
15:51:49.0847 4156 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
15:51:49.0847 4156 C:\Windows\System32\scext.dll - ok
15:51:49.0847 4156 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
15:51:49.0847 4156 C:\Windows\System32\scesrv.dll - ok
15:51:49.0862 4156 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
15:51:49.0862 4156 C:\Windows\System32\secur32.dll - ok
15:51:49.0862 4156 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
15:51:49.0862 4156 C:\Windows\System32\srvcli.dll - ok
15:51:49.0862 4156 [ 685527DA09EBFB681E98C515978BDEE2 ] C:\Windows\System32\lsasrv.dll
15:51:49.0862 4156 C:\Windows\System32\lsasrv.dll - ok
15:51:49.0862 4156 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
15:51:49.0862 4156 C:\Windows\System32\samsrv.dll - ok
15:51:49.0878 4156 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
15:51:49.0878 4156 C:\Windows\System32\cryptdll.dll - ok
15:51:49.0878 4156 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
15:51:49.0878 4156 C:\Windows\System32\wevtapi.dll - ok
15:51:49.0878 4156 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
15:51:49.0878 4156 C:\Windows\System32\winlogon.exe - ok
15:51:49.0878 4156 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
15:51:49.0878 4156 C:\Windows\System32\cngaudit.dll - ok
15:51:49.0878 4156 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
15:51:49.0878 4156 C:\Windows\System32\authz.dll - ok
15:51:49.0893 4156 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
15:51:49.0893 4156 C:\Windows\System32\bcrypt.dll - ok
15:51:49.0893 4156 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
15:51:49.0893 4156 C:\Windows\System32\msprivs.dll - ok
15:51:49.0893 4156 [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
15:51:49.0893 4156 C:\Windows\System32\ncrypt.dll - ok
15:51:49.0893 4156 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
15:51:49.0893 4156 C:\Windows\System32\netjoin.dll - ok
15:51:49.0909 4156 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
15:51:49.0909 4156 C:\Windows\System32\winsta.dll - ok
15:51:49.0909 4156 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
15:51:49.0909 4156 C:\Windows\System32\kerberos.dll - ok
15:51:49.0909 4156 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
15:51:49.0909 4156 C:\Windows\System32\negoexts.dll - ok
15:51:49.0909 4156 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
15:51:49.0909 4156 C:\Windows\System32\cryptsp.dll - ok
15:51:49.0909 4156 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
15:51:49.0925 4156 C:\Windows\System32\mswsock.dll - ok
15:51:49.0925 4156 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
15:51:49.0925 4156 C:\Windows\System32\wship6.dll - ok
15:51:49.0925 4156 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
15:51:49.0925 4156 C:\Windows\System32\msv1_0.dll - ok
15:51:49.0925 4156 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
15:51:49.0925 4156 C:\Windows\System32\netlogon.dll - ok
15:51:49.0925 4156 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
15:51:49.0925 4156 C:\Windows\System32\dnsapi.dll - ok
15:51:49.0940 4156 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
15:51:49.0940 4156 C:\Windows\System32\logoncli.dll - ok
15:51:49.0940 4156 [ B7D42CB36C08FA017E73FF2433CD7287 ] C:\Windows\System32\schannel.dll
15:51:49.0940 4156 C:\Windows\System32\schannel.dll - ok
15:51:49.0940 4156 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
15:51:49.0940 4156 C:\Windows\System32\wdigest.dll - ok
15:51:49.0940 4156 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
15:51:49.0940 4156 C:\Windows\System32\rsaenh.dll - ok
15:51:49.0956 4156 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
15:51:49.0956 4156 C:\Windows\System32\TSpkg.dll - ok
15:51:49.0956 4156 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
15:51:49.0956 4156 C:\Windows\System32\pku2u.dll - ok
15:51:49.0956 4156 [ 7DBA64AD70C2E2481C68D9E0F7CD7840 ] C:\Windows\System32\LIVESSP.DLL
15:51:49.0956 4156 C:\Windows\System32\LIVESSP.DLL - ok
15:51:49.0956 4156 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
15:51:49.0956 4156 C:\Windows\System32\bcryptprimitives.dll - ok
15:51:49.0956 4156 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
15:51:49.0956 4156 C:\Windows\System32\credssp.dll - ok
15:51:49.0971 4156 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
15:51:49.0971 4156 C:\Windows\System32\efslsaext.dll - ok
15:51:49.0971 4156 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
15:51:49.0971 4156 C:\Windows\System32\ubpm.dll - ok
15:51:49.0971 4156 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
15:51:49.0971 4156 C:\Windows\System32\scecli.dll - ok
15:51:49.0971 4156 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
15:51:49.0971 4156 C:\Windows\System32\svchost.exe - ok
15:51:49.0987 4156 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
15:51:49.0987 4156 C:\Windows\System32\umpnpmgr.dll - ok
15:51:49.0987 4156 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
15:51:49.0987 4156 C:\Windows\System32\devrtl.dll - ok
15:51:49.0987 4156 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
15:51:49.0987 4156 C:\Windows\System32\SPInf.dll - ok
15:51:49.0987 4156 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
15:51:49.0987 4156 C:\Windows\System32\gpapi.dll - ok
15:51:50.0003 4156 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
15:51:50.0003 4156 C:\Windows\System32\userenv.dll - ok
15:51:50.0003 4156 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
15:51:50.0003 4156 C:\Windows\System32\umpo.dll - ok
15:51:50.0003 4156 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
15:51:50.0003 4156 C:\Windows\System32\pcwum.dll - ok
15:51:50.0003 4156 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
15:51:50.0003 4156 C:\Windows\System32\powrprof.dll - ok
15:51:50.0003 4156 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
15:51:50.0003 4156 C:\Windows\System32\drivers\luafv.sys - ok
15:51:50.0018 4156 [ 8F571F016FA1976F445147E9E6C8AE9B ] C:\Windows\System32\drivers\Sftvollh.sys
15:51:50.0018 4156 C:\Windows\System32\drivers\Sftvollh.sys - ok
15:51:50.0018 4156 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
15:51:50.0018 4156 C:\Windows\System32\rpcss.dll - ok
15:51:50.0018 4156 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
15:51:50.0018 4156 C:\Windows\System32\RpcEpMap.dll - ok
15:51:50.0018 4156 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
15:51:50.0018 4156 C:\Windows\System32\wshqos.dll - ok
15:51:50.0018 4156 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
15:51:50.0034 4156 C:\Windows\System32\WSHTCPIP.DLL - ok
15:51:50.0034 4156 [ E07DEC52FF801841BA9B6878A60304FB ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
15:51:50.0034 4156 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
15:51:50.0034 4156 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
15:51:50.0034 4156 C:\Windows\System32\FirewallAPI.dll - ok
15:51:50.0034 4156 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
15:51:50.0034 4156 C:\Windows\System32\version.dll - ok
15:51:50.0034 4156 [ 905601FFF40D8DA9FA82CBE77D1F5EB1 ] C:\Program Files\Microsoft Security Client\MpSvc.dll
15:51:50.0034 4156 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
15:51:50.0049 4156 [ 2D4230F2F1D204A523998DF93F9DF066 ] C:\Program Files\Microsoft Security Client\MpClient.dll
15:51:50.0049 4156 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
15:51:50.0049 4156 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
15:51:50.0049 4156 C:\Windows\System32\wtsapi32.dll - ok
15:51:50.0049 4156 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
15:51:50.0049 4156 C:\Windows\System32\ntmarta.dll - ok
15:51:50.0049 4156 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
15:51:50.0049 4156 C:\Windows\System32\LogonUI.exe - ok
15:51:50.0065 4156 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
15:51:50.0065 4156 C:\Windows\System32\authui.dll - ok
15:51:50.0065 4156 [ 9121C2E2507AD0BCBF9A7438051BEF34 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
15:51:50.0065 4156 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
15:51:50.0065 4156 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
15:51:50.0065 4156 C:\Windows\System32\wevtsvc.dll - ok
15:51:50.0065 4156 [ 2F034150ECCBC498C53B61F98C5378AC ] C:\Program Files\Microsoft Security Client\MpRTP.dll
15:51:50.0065 4156 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
15:51:50.0065 4156 [ C4C1947985144721A809965A19D616BC ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
15:51:50.0065 4156 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
15:51:50.0081 4156 [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
15:51:50.0081 4156 C:\Windows\System32\fltLib.dll - ok
15:51:50.0081 4156 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] C:\Windows\System32\drivers\MpFilter.sys
15:51:50.0081 4156 C:\Windows\System32\drivers\MpFilter.sys - ok
15:51:50.0081 4156 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
15:51:50.0081 4156 C:\Windows\System32\audiosrv.dll - ok
15:51:50.0081 4156 [ C4C183E6551084039EC862DA1C945E3D ] C:\Windows\System32\FntCache.dll
15:51:50.0081 4156 C:\Windows\System32\FntCache.dll - ok
15:51:50.0081 4156 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
15:51:50.0081 4156 C:\Windows\System32\avrt.dll - ok
15:51:50.0096 4156 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
15:51:50.0096 4156 C:\Windows\System32\mmcss.dll - ok
15:51:50.0096 4156 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
15:51:50.0096 4156 C:\Windows\System32\MMDevAPI.dll - ok
15:51:50.0096 4156 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
15:51:50.0096 4156 C:\Windows\System32\propsys.dll - ok
15:51:50.0096 4156 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
15:51:50.0096 4156 C:\Windows\System32\cryptui.dll - ok
15:51:50.0096 4156 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
15:51:50.0096 4156 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
15:51:50.0112 4156 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
15:51:50.0112 4156 C:\Windows\System32\samlib.dll - ok
15:51:50.0112 4156 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
15:51:50.0112 4156 C:\Windows\System32\shacct.dll - ok
15:51:50.0112 4156 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
15:51:50.0112 4156 C:\Windows\System32\uxtheme.dll - ok
15:51:50.0112 4156 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
15:51:50.0112 4156 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
15:51:50.0127 4156 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
15:51:50.0127 4156 C:\Windows\System32\dui70.dll - ok
15:51:50.0127 4156 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
15:51:50.0127 4156 C:\Windows\System32\duser.dll - ok
15:51:50.0127 4156 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
15:51:50.0127 4156 C:\Windows\System32\SndVolSSO.dll - ok
15:51:50.0127 4156 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
15:51:50.0127 4156 C:\Windows\System32\hid.dll - ok
15:51:50.0143 4156 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
15:51:50.0143 4156 C:\Windows\System32\dwmapi.dll - ok
15:51:50.0143 4156 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
15:51:50.0143 4156 C:\Windows\System32\xmllite.dll - ok
15:51:50.0143 4156 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
15:51:50.0143 4156 C:\Windows\System32\audiodg.exe - ok
15:51:50.0143 4156 [ BDDF242A49E7B7DC5CCEC291BCE53ACB ] C:\Windows\System32\WindowsCodecs.dll
15:51:50.0143 4156 C:\Windows\System32\WindowsCodecs.dll - ok
15:51:50.0159 4156 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
15:51:50.0159 4156 C:\Windows\System32\winbrand.dll - ok
15:51:50.0159 4156 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
15:51:50.0159 4156 C:\Windows\System32\VaultCredProvider.dll - ok
15:51:50.0159 4156 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
15:51:50.0159 4156 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
15:51:50.0159 4156 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
15:51:50.0159 4156 C:\Windows\System32\BioCredProv.dll - ok
15:51:50.0174 4156 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
15:51:50.0174 4156 C:\Windows\System32\credui.dll - ok
15:51:50.0174 4156 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
15:51:50.0174 4156 C:\Windows\System32\winbio.dll - ok
15:51:50.0174 4156 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
15:51:50.0174 4156 C:\Windows\System32\netapi32.dll - ok
15:51:50.0174 4156 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
15:51:50.0174 4156 C:\Windows\System32\vaultcli.dll - ok
15:51:50.0190 4156 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
15:51:50.0190 4156 C:\Windows\System32\gpsvc.dll - ok
15:51:50.0190 4156 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
15:51:50.0190 4156 C:\Windows\System32\netutils.dll - ok
15:51:50.0190 4156 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
15:51:50.0190 4156 C:\Windows\System32\profsvc.dll - ok
15:51:50.0190 4156 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
15:51:50.0190 4156 C:\Windows\System32\samcli.dll - ok
15:51:50.0190 4156 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
15:51:50.0190 4156 C:\Windows\System32\wkscli.dll - ok
15:51:50.0205 4156 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
15:51:50.0205 4156 C:\Windows\System32\certCredProvider.dll - ok
15:51:50.0205 4156 [ 032229246107C5C7211E6D1498B52D3D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
15:51:50.0205 4156 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
15:51:50.0205 4156 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
15:51:50.0205 4156 C:\Windows\System32\atl.dll - ok
15:51:50.0205 4156 [ 747E9FD93A32202BE6DC5D1321BE977C ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00EF733-04A7-4C91-B940-BF96820668C6}\mpengine.dll
15:51:50.0205 4156 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00EF733-04A7-4C91-B940-BF96820668C6}\mpengine.dll - ok
15:51:50.0221 4156 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
15:51:50.0221 4156 C:\Windows\System32\dsrole.dll - ok
15:51:50.0221 4156 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
15:51:50.0221 4156 C:\Windows\System32\nlaapi.dll - ok
15:51:50.0221 4156 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
15:51:50.0221 4156 C:\Windows\System32\slc.dll - ok
15:51:50.0221 4156 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
15:51:50.0221 4156 C:\Windows\System32\themeservice.dll - ok
15:51:50.0237 4156 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
15:51:50.0237 4156 C:\Windows\System32\es.dll - ok
15:51:50.0237 4156 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
15:51:50.0237 4156 C:\Windows\System32\Sens.dll - ok
15:51:50.0237 4156 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
15:51:50.0237 4156 C:\Windows\System32\uxsms.dll - ok
15:51:50.0237 4156 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
15:51:50.0237 4156 C:\Windows\System32\comres.dll - ok
15:51:50.0252 4156 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
15:51:50.0252 4156 C:\Windows\System32\rasplap.dll - ok
15:51:50.0252 4156 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
15:51:50.0252 4156 C:\Windows\System32\netprofm.dll - ok
15:51:50.0252 4156 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
15:51:50.0252 4156 C:\Windows\System32\adtschema.dll - ok
15:51:50.0252 4156 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
15:51:50.0252 4156 C:\Windows\System32\MPSSVC.dll - ok
15:51:50.0268 4156 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
15:51:50.0268 4156 C:\Windows\System32\drivers\lltdio.sys - ok
15:51:50.0268 4156 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
15:51:50.0268 4156 C:\Windows\System32\drivers\rspndr.sys - ok
15:51:50.0268 4156 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
15:51:50.0268 4156 C:\Windows\System32\IPHLPAPI.DLL - ok
15:51:50.0268 4156 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
15:51:50.0268 4156 C:\Windows\System32\lmhsvc.dll - ok
15:51:50.0268 4156 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
15:51:50.0268 4156 C:\Windows\System32\nrpsrv.dll - ok
15:51:50.0283 4156 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
15:51:50.0283 4156 C:\Windows\System32\winnsi.dll - ok
15:51:50.0283 4156 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
15:51:50.0283 4156 C:\Windows\System32\dnsrslvr.dll - ok
15:51:50.0283 4156 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
15:51:50.0283 4156 C:\Windows\System32\nsisvc.dll - ok
15:51:50.0283 4156 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
15:51:50.0283 4156 C:\Windows\System32\dhcpcore.dll - ok
15:51:50.0299 4156 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
15:51:50.0299 4156 C:\Windows\System32\dhcpcore6.dll - ok
15:51:50.0299 4156 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
15:51:50.0299 4156 C:\Windows\System32\FWPUCLNT.DLL - ok
15:51:50.0299 4156 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
15:51:50.0299 4156 C:\Windows\System32\dhcpcsvc.dll - ok
15:51:50.0299 4156 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
15:51:50.0299 4156 C:\Windows\System32\dhcpcsvc6.dll - ok
15:51:50.0315 4156 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
15:51:50.0315 4156 C:\Windows\System32\dnsext.dll - ok
15:51:50.0315 4156 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
15:51:50.0315 4156 C:\Windows\System32\rasapi32.dll - ok
15:51:50.0315 4156 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
15:51:50.0315 4156 C:\Windows\System32\rasman.dll - ok
15:51:50.0315 4156 [ A58F4E888905822C479B4CDC642AE278 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00EF733-04A7-4C91-B940-BF96820668C6}\mpasbase.vdm
15:51:50.0315 4156 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00EF733-04A7-4C91-B940-BF96820668C6}\mpasbase.vdm - ok
15:51:50.0330 4156 [ D7FA906E8FAE0442EF7DEE44AC75FAA5 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00EF733-04A7-4C91-B940-BF96820668C6}\mpasdlta.vdm
15:51:50.0330 4156 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00EF733-04A7-4C91-B940-BF96820668C6}\mpasdlta.vdm - ok
15:51:50.0330 4156 [ 00000000000000000000000000000000 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00EF733-04A7-4C91-B940-BF96820668C6}\mpavbase.vdm
15:51:50.0330 4156 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00EF733-04A7-4C91-B940-BF96820668C6}\mpavbase.vdm - ok
15:51:50.0330 4156 [ E24B948A6CCAF6EA4BF08C9BDD20CF42 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00EF733-04A7-4C91-B940-BF96820668C6}\mpavdlta.vdm
15:51:50.0330 4156 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B00EF733-04A7-4C91-B940-BF96820668C6}\mpavdlta.vdm - ok
15:51:50.0330 4156 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
15:51:50.0330 4156 C:\Windows\System32\rtutils.dll - ok
15:51:50.0346 4156 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
15:51:50.0346 4156 C:\Windows\System32\winmm.dll - ok
15:51:50.0346 4156 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
15:51:50.0346 4156 C:\Windows\System32\wdmaud.drv - ok
15:51:50.0346 4156 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
15:51:50.0346 4156 C:\Windows\System32\ksuser.dll - ok
15:51:50.0346 4156 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
15:51:50.0346 4156 C:\Windows\System32\shsvcs.dll - ok
15:51:50.0361 4156 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
15:51:50.0361 4156 C:\Windows\System32\UXInit.dll - ok
15:51:50.0361 4156 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
15:51:50.0361 4156 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
15:51:50.0361 4156 [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
15:51:50.0361 4156 C:\Windows\System32\WUDFPlatform.dll - ok
15:51:50.0361 4156 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
15:51:50.0361 4156 C:\Windows\System32\drivers\fltMgr.sys - ok
15:51:50.0377 4156 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
15:51:50.0377 4156 C:\Windows\System32\PSHED.DLL - ok
15:51:50.0377 4156 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
15:51:50.0377 4156 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
15:51:50.0377 4156 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
15:51:50.0377 4156 C:\Windows\System32\schedsvc.dll - ok
15:51:50.0377 4156 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
15:51:50.0377 4156 C:\Windows\System32\ktmw32.dll - ok
15:51:50.0393 4156 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
15:51:50.0393 4156 C:\Windows\System32\AudioSes.dll - ok
15:51:50.0393 4156 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
15:51:50.0393 4156 C:\Windows\System32\msacm32.dll - ok
15:51:50.0393 4156 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
15:51:50.0393 4156 C:\Windows\System32\msacm32.drv - ok
15:51:50.0393 4156 [ 0BEB0C931BC24F610EE87179F31A8A42 ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
15:51:50.0393 4156 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
15:51:50.0408 4156 [ E3BF12C68F844E689D1A9D7E6B54742A ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
15:51:50.0408 4156 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
15:51:50.0408 4156 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
15:51:50.0408 4156 C:\Windows\System32\fveapi.dll - ok
15:51:50.0408 4156 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
15:51:50.0408 4156 C:\Windows\System32\tbs.dll - ok
15:51:50.0408 4156 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
15:51:50.0408 4156 C:\Windows\System32\fvecerts.dll - ok
15:51:50.0424 4156 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
15:51:50.0424 4156 C:\Windows\System32\taskcomp.dll - ok
15:51:50.0424 4156 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
15:51:50.0424 4156 C:\Windows\System32\wiarpc.dll - ok
15:51:50.0424 4156 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
15:51:50.0424 4156 C:\Windows\System32\drivers\http.sys - ok
15:51:50.0424 4156 [ 1BCDB508143B517F21BBDAC10F5777BF ] C:\Windows\System32\conhost.exe
15:51:50.0424 4156 C:\Windows\System32\conhost.exe - ok
15:51:50.0439 4156 [ F5CEF064C7E6D95DA86B9D064A56A969 ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
15:51:50.0439 4156 C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
15:51:50.0439 4156 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
15:51:50.0439 4156 C:\Windows\System32\wscapi.dll - ok
15:51:50.0439 4156 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
15:51:50.0439 4156 C:\Windows\System32\midimap.dll - ok
15:51:50.0439 4156 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
15:51:50.0439 4156 C:\Windows\System32\AudioEng.dll - ok
15:51:50.0455 4156 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
15:51:50.0455 4156 C:\Windows\System32\AUDIOKSE.dll - ok
15:51:50.0455 4156 [ 2B7939F5D336C5DBF5C3A7ECB5D4CCE8 ] C:\Windows\System32\RtkAPO64.dll
15:51:50.0455 4156 C:\Windows\System32\RtkAPO64.dll - ok
15:51:50.0455 4156 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
15:51:50.0455 4156 C:\Windows\System32\imageres.dll - ok
15:51:50.0455 4156 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
15:51:50.0455 4156 C:\Windows\System32\cabinet.dll - ok
15:51:50.0471 4156 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
15:51:50.0471 4156 C:\Windows\System32\p2pcollab.dll - ok
15:51:50.0471 4156 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
15:51:50.0471 4156 C:\Windows\System32\WMALFXGFXDSP.dll - ok
15:51:50.0471 4156 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
15:51:50.0471 4156 C:\Windows\System32\mfplat.dll - ok
15:51:50.0471 4156 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
15:51:50.0471 4156 C:\Windows\System32\spoolsv.exe - ok
15:51:50.0486 4156 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
15:51:50.0486 4156 C:\Windows\System32\BFE.DLL - ok
15:51:50.0486 4156 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
15:51:50.0486 4156 C:\Windows\System32\QAGENTRT.DLL - ok
15:51:50.0486 4156 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
15:51:50.0486 4156 C:\Windows\System32\drivers\bowser.sys - ok
15:51:50.0486 4156 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
15:51:50.0486 4156 C:\Windows\System32\drivers\mpsdrv.sys - ok
15:51:50.0502 4156 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
15:51:50.0502 4156 C:\Windows\System32\fveui.dll - ok
15:51:50.0502 4156 [ 577D0DC85524A16FE29D7956B22974C4 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
15:51:50.0502 4156 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
15:51:50.0502 4156 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
15:51:50.0502 4156 C:\Windows\System32\drivers\mrxsmb.sys - ok
15:51:50.0502 4156 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
15:51:50.0502 4156 C:\Windows\System32\drivers\mrxsmb10.sys - ok
15:51:50.0502 4156 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
15:51:50.0517 4156 C:\Windows\System32\drivers\mrxsmb20.sys - ok
15:51:50.0517 4156 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
15:51:50.0517 4156 C:\Windows\System32\wfapigp.dll - ok
15:51:50.0517 4156 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
15:51:50.0517 4156 C:\Windows\System32\wkssvc.dll - ok
15:51:50.0517 4156 [ 785DE7ABDA13309D6065305542829E76 ] C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:51:50.0517 4156 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE - ok
15:51:50.0517 4156 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
15:51:50.0533 4156 C:\Windows\SysWOW64\ntdll.dll - ok
15:51:50.0533 4156 [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
15:51:50.0533 4156 C:\Windows\System32\wow64.dll - ok
15:51:50.0533 4156 [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
15:51:50.0533 4156 C:\Windows\System32\wow64cpu.dll - ok
15:51:50.0533 4156 [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
15:51:50.0533 4156 C:\Windows\System32\wow64win.dll - ok
15:51:50.0549 4156 [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
15:51:50.0549 4156 C:\Windows\SysWOW64\kernel32.dll - ok
15:51:50.0549 4156 [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
15:51:50.0549 4156 C:\Windows\SysWOW64\KernelBase.dll - ok
15:51:50.0549 4156 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
15:51:50.0549 4156 C:\Windows\SysWOW64\advapi32.dll - ok
15:51:50.0549 4156 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
15:51:50.0549 4156 C:\Windows\SysWOW64\msvcrt.dll - ok
15:51:50.0549 4156 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
15:51:50.0549 4156 C:\Windows\SysWOW64\rpcrt4.dll - ok
15:51:50.0564 4156 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
15:51:50.0564 4156 C:\Windows\SysWOW64\sechost.dll - ok
15:51:50.0564 4156 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
15:51:50.0564 4156 C:\Windows\System32\mscms.dll - ok
15:51:50.0564 4156 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
15:51:50.0564 4156 C:\Windows\System32\pcasvc.dll - ok
15:51:50.0564 4156 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
15:51:50.0564 4156 C:\Windows\System32\snmptrap.exe - ok
15:51:50.0580 4156 [ 10EAB90C1AE8271B5FE5A8930987EE5C ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll
15:51:50.0580 4156 C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok
15:51:50.0580 4156 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
15:51:50.0580 4156 C:\Windows\System32\iphlpsvc.dll - ok
15:51:50.0580 4156 [ E9A0777DCA9148157E0EF9B71D7DE353 ] C:\Windows\System32\RdpGroupPolicyExtension.dll
15:51:50.0580 4156 C:\Windows\System32\RdpGroupPolicyExtension.dll - ok
15:51:50.0580 4156 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
15:51:50.0580 4156 C:\Windows\SysWOW64\cryptbase.dll - ok
15:51:50.0595 4156 [ BFB26890612FB8AE8B0463EBEBE84B7E ] C:\Windows\SysWOW64\sspicli.dll
15:51:50.0595 4156 C:\Windows\SysWOW64\sspicli.dll - ok
15:51:50.0595 4156 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
15:51:50.0595 4156 C:\Windows\SysWOW64\user32.dll - ok
15:51:50.0595 4156 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
15:51:50.0595 4156 C:\Windows\SysWOW64\gdi32.dll - ok
15:51:50.0595 4156 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
15:51:50.0595 4156 C:\Windows\SysWOW64\lpk.dll - ok
15:51:50.0611 4156 [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
15:51:50.0611 4156 C:\Windows\SysWOW64\usp10.dll - ok
15:51:50.0611 4156 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
15:51:50.0611 4156 C:\Windows\SysWOW64\shell32.dll - ok
15:51:50.0611 4156 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
15:51:50.0611 4156 C:\Windows\SysWOW64\ole32.dll - ok
15:51:50.0611 4156 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
15:51:50.0611 4156 C:\Windows\SysWOW64\shlwapi.dll - ok
15:51:50.0627 4156 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
15:51:50.0627 4156 C:\Windows\SysWOW64\oleaut32.dll - ok
15:51:50.0627 4156 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
15:51:50.0627 4156 C:\Windows\SysWOW64\winhttp.dll - ok
15:51:50.0627 4156 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
15:51:50.0627 4156 C:\Windows\SysWOW64\webio.dll - ok
15:51:50.0627 4156 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
15:51:50.0627 4156 C:\Windows\SysWOW64\crypt32.dll - ok
15:51:50.0642 4156 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
15:51:50.0642 4156 C:\Windows\SysWOW64\SensApi.dll - ok
15:51:50.0642 4156 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
15:51:50.0642 4156 C:\Windows\SysWOW64\wintrust.dll - ok
15:51:50.0642 4156 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
15:51:50.0642 4156 C:\Windows\SysWOW64\imm32.dll - ok
15:51:50.0642 4156 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
15:51:50.0642 4156 C:\Windows\SysWOW64\msasn1.dll - ok
15:51:50.0658 4156 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
15:51:50.0658 4156 C:\Windows\SysWOW64\msctf.dll - ok
15:51:50.0658 4156 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
15:51:50.0658 4156 C:\Windows\SysWOW64\clbcatq.dll - ok
15:51:50.0658 4156 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
15:51:50.0658 4156 C:\Windows\SysWOW64\profapi.dll - ok
15:51:50.0658 4156 [ EAADD6E47ED2A7003ACE1793B98CF63F ] C:\Windows\SysWOW64\msxml6.dll
15:51:50.0658 4156 C:\Windows\SysWOW64\msxml6.dll - ok
15:51:50.0673 4156 [ 7C00C608FE4C8EDE9E30940837B9AC8B ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
15:51:50.0673 4156 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll - ok
15:51:50.0673 4156 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
15:51:50.0673 4156 C:\Windows\System32\cryptsvc.dll - ok
15:51:50.0673 4156 [ B6D6886149573278CBA6ABD44C4317F5 ] C:\Windows\System32\slwga.dll
15:51:50.0673 4156 C:\Windows\System32\slwga.dll - ok
15:51:50.0673 4156 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
15:51:50.0673 4156 C:\Windows\System32\dps.dll - ok
15:51:50.0689 4156 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
15:51:50.0689 4156 C:\Windows\SysWOW64\cryptsp.dll - ok
15:51:50.0689 4156 [ 7DB097F4F6786307168C0DDDEC43A565 ] C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
15:51:50.0689 4156 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE - ok
15:51:50.0689 4156 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
15:51:50.0689 4156 C:\Windows\System32\cryptnet.dll - ok
15:51:50.0689 4156 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
15:51:50.0689 4156 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
15:51:50.0705 4156 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
15:51:50.0705 4156 C:\Windows\SysWOW64\rsaenh.dll - ok
15:51:50.0705 4156 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
15:51:50.0705 4156 C:\Windows\System32\winspool.drv - ok
15:51:50.0705 4156 [ D222579C912E5871100838F5A4FCCA77 ] C:\Windows\System32\RpcNs4.dll
15:51:50.0705 4156 C:\Windows\System32\RpcNs4.dll - ok
15:51:50.0705 4156 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
15:51:50.0705 4156 C:\Windows\System32\vssapi.dll - ok
15:51:50.0720 4156 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
15:51:50.0720 4156 C:\Windows\System32\vsstrace.dll - ok
15:51:50.0720 4156 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
15:51:50.0720 4156 C:\Windows\System32\taskschd.dll - ok
15:51:50.0720 4156 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
15:51:50.0720 4156 C:\Windows\System32\provsvc.dll - ok
15:51:50.0720 4156 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
15:51:50.0720 4156 C:\Windows\System32\sstpsvc.dll - ok
15:51:50.0720 4156 [ 258AA65A0862E19B7DE6981FDA3758AD ] C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
15:51:50.0720 4156 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE - ok
15:51:50.0736 4156 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
15:51:50.0736 4156 C:\Windows\System32\FDResPub.dll - ok
15:51:50.0736 4156 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
15:51:50.0736 4156 C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe - ok
15:51:50.0736 4156 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
15:51:50.0736 4156 C:\Windows\System32\winhttp.dll - ok
15:51:50.0736 4156 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
15:51:50.0751 4156 C:\Windows\System32\webio.dll - ok
15:51:50.0751 4156 [ 4BD79D03984226DB22D19BBE79369E0E ] C:\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\mfc90u.dll
15:51:50.0751 4156 C:\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\mfc90u.dll - ok
15:51:50.0751 4156 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
15:51:50.0751 4156 C:\Windows\System32\WSDApi.dll - ok
15:51:50.0751 4156 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
15:51:50.0751 4156 C:\Windows\System32\webservices.dll - ok
15:51:50.0751 4156 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
15:51:50.0751 4156 C:\Windows\System32\fundisc.dll - ok
15:51:50.0767 4156 [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll
15:51:50.0767 4156 C:\Windows\System32\sppc.dll - ok
15:51:50.0767 4156 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
15:51:50.0767 4156 C:\Windows\System32\httpapi.dll - ok
15:51:50.0767 4156 [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
15:51:50.0767 4156 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
15:51:50.0767 4156 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
15:51:50.0767 4156 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
15:51:50.0783 4156 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
15:51:50.0783 4156 C:\Windows\System32\msimg32.dll - ok
15:51:50.0783 4156 [ 241AF87821FDA0F5792037B779F49BE0 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll
15:51:50.0783 4156 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll - ok
15:51:50.0783 4156 [ D918AF3EA07D248F911F7C6B801AA1E3 ] C:\Windows\winsxs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_01c9581e60cbee58\MFC90ENU.DLL
15:51:50.0783 4156 C:\Windows\winsxs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_01c9581e60cbee58\MFC90ENU.DLL - ok
15:51:50.0783 4156 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
15:51:50.0783 4156 C:\Windows\System32\netman.dll - ok
15:51:50.0798 4156 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
15:51:50.0798 4156 C:\Windows\System32\nlasvc.dll - ok
15:51:50.0798 4156 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
15:51:50.0798 4156 C:\Windows\System32\ncsi.dll - ok
15:51:50.0798 4156 [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
15:51:50.0798 4156 C:\Windows\System32\IKEEXT.DLL - ok
15:51:50.0798 4156 [ 99B91C5D2FCEF218CAD3600ECB62A799 ] C:\Windows\System32\msxml6.dll
15:51:50.0798 4156 C:\Windows\System32\msxml6.dll - ok
15:51:50.0814 4156 [ 5839A8027D6D324A7CD494051A96628C ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:51:50.0814 4156 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe - ok
15:51:50.0814 4156 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
15:51:50.0814 4156 C:\Windows\System32\ssdpapi.dll - ok
15:51:50.0814 4156 [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
15:51:50.0814 4156 C:\Windows\System32\vpnikeapi.dll - ok
15:51:50.0814 4156 [ 5672C775FAB584EB5BABBB79C74C530E ] C:\Program Files (x86)\Symantec\Norton Online Backup\BuEng.dll
15:51:50.0814 4156 C:\Program Files (x86)\Symantec\Norton Online Backup\BuEng.dll - ok
15:51:50.0829 4156 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
15:51:50.0829 4156 C:\Windows\System32\wsock32.dll - ok
15:51:50.0829 4156 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
15:51:50.0829 4156 C:\Windows\System32\aepic.dll - ok
15:51:50.0829 4156 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
15:51:50.0829 4156 C:\Windows\System32\sfc.dll - ok
15:51:50.0829 4156 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
15:51:50.0829 4156 C:\Windows\System32\sfc_os.dll - ok
15:51:50.0829 4156 [ 20B5060889E5BB239AF87E3E57B97867 ] C:\Program Files (x86)\PDF Complete\pdfsvc.exe
15:51:50.0829 4156 C:\Program Files (x86)\PDF Complete\pdfsvc.exe - ok
15:51:50.0845 4156 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
15:51:50.0845 4156 C:\Windows\SysWOW64\mpr.dll - ok
15:51:50.0845 4156 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
15:51:50.0845 4156 C:\Windows\SysWOW64\version.dll - ok
15:51:50.0845 4156 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
15:51:50.0845 4156 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
15:51:50.0845 4156 [ CFE0CEE587F9CEA4C29DEEC6D85FC91C ] C:\Windows\SysWOW64\wininet.dll
15:51:50.0845 4156 C:\Windows\SysWOW64\wininet.dll - ok
15:51:50.0861 4156 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
15:51:50.0861 4156 C:\Windows\SysWOW64\winspool.drv - ok
15:51:50.0861 4156 [ 6A13B4F3B3F575F1E24B877B9359AABA ] C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
15:51:50.0861 4156 C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
15:51:50.0861 4156 [ 589CBC4989F750E1DA35625AB481CF43 ] C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
15:51:50.0861 4156 C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll - ok
15:51:50.0861 4156 [ 2E33DFD10F28F86C3FC40EE123CC3904 ] C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
15:51:50.0861 4156 C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
15:51:50.0876 4156 [ 6951562DC4625EEFC6EACD52AD165866 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
15:51:50.0876 4156 C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
15:51:50.0876 4156 [ 3BE0D923AA45A4DBE091C2D84F0B4FE7 ] C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
15:51:50.0876 4156 C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll - ok
15:51:50.0876 4156 [ B5DEC0D4CBBC333CA99FE10B06D4747E ] C:\Windows\SysWOW64\iertutil.dll
15:51:50.0876 4156 C:\Windows\SysWOW64\iertutil.dll - ok
15:51:50.0876 4156 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
15:51:50.0876 4156 C:\Windows\SysWOW64\wtsapi32.dll - ok
15:51:50.0892 4156 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
15:51:50.0892 4156 C:\Windows\System32\drivers\PEAuth.sys - ok
15:51:50.0892 4156 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
15:51:50.0892 4156 C:\Windows\System32\drivers\secdrv.sys - ok
15:51:50.0892 4156 [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
15:51:50.0892 4156 C:\Windows\System32\seclogon.dll - ok
15:51:50.0892 4156 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
15:51:50.0892 4156 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
15:51:50.0907 4156 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
15:51:50.0907 4156 C:\Windows\SysWOW64\setupapi.dll - ok
15:51:50.0907 4156 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
15:51:50.0907 4156 C:\Windows\SysWOW64\cfgmgr32.dll - ok
15:51:50.0907 4156 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
15:51:50.0907 4156 C:\Windows\SysWOW64\devobj.dll - ok
15:51:50.0907 4156 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
15:51:50.0907 4156 C:\Windows\System32\aeevts.dll - ok
15:51:50.0923 4156 [ C6CC9297BD53E5229653303E556AA539 ] C:\Windows\System32\drivers\Sftfslh.sys
15:51:50.0923 4156 C:\Windows\System32\drivers\Sftfslh.sys - ok
15:51:50.0923 4156 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
15:51:50.0923 4156 C:\Windows\System32\dllhost.exe - ok
15:51:50.0923 4156 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
15:51:50.0923 4156 C:\Windows\System32\IDStore.dll - ok
15:51:50.0923 4156 [ 639774C9ACD063F028F6084ABF5593AD ] C:\Windows\System32\taskhost.exe
15:51:50.0923 4156 C:\Windows\System32\taskhost.exe - ok
15:51:50.0923 4156 [ AFB5B500AD69E24ED1BC15D1161641EF ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
15:51:50.0923 4156 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
15:51:50.0939 4156 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
15:51:50.0939 4156 C:\Windows\System32\mpr.dll - ok
15:51:50.0939 4156 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
15:51:50.0939 4156 C:\Windows\System32\PlaySndSrv.dll - ok
15:51:50.0939 4156 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
15:51:50.0939 4156 C:\Windows\System32\rasadhlp.dll - ok
15:51:50.0939 4156 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
15:51:50.0939 4156 C:\Windows\System32\umb.dll - ok
15:51:50.0954 4156 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
15:51:50.0954 4156 C:\Windows\System32\userinit.exe - ok
15:51:50.0954 4156 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
15:51:50.0954 4156 C:\Windows\System32\dwm.exe - ok
15:51:50.0954 4156 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
15:51:50.0954 4156 C:\Windows\System32\dwmredir.dll - ok
15:51:50.0954 4156 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
15:51:50.0954 4156 C:\Windows\System32\dwmcore.dll - ok
15:51:50.0970 4156 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
15:51:50.0970 4156 C:\Windows\System32\MsCtfMonitor.dll - ok
15:51:50.0970 4156 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
15:51:50.0970 4156 C:\Windows\System32\msutb.dll - ok
15:51:50.0970 4156 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
15:51:50.0970 4156 C:\Windows\System32\HotStartUserAgent.dll - ok
15:51:50.0970 4156 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
15:51:50.0970 4156 C:\Windows\System32\esent.dll - ok
15:51:50.0970 4156 [ 9AE80F6A66B30E3ED8CDF858CF28B11B ] C:\Windows\System32\d3d10_1.dll
15:51:50.0970 4156 C:\Windows\System32\d3d10_1.dll - ok
15:51:50.0985 4156 [ 63F72417CA38D8FC8F53709649B589E3 ] C:\Windows\System32\d3d10_1core.dll
15:51:50.0985 4156 C:\Windows\System32\d3d10_1core.dll - ok
15:51:50.0985 4156 [ 8DFB5752FCE145A6B295093C0A8BE131 ] C:\Windows\System32\dxgi.dll
15:51:50.0985 4156 C:\Windows\System32\dxgi.dll - ok
15:51:50.0985 4156 [ 448B02AD260EC3E1E892FCE6DFDDEEBD ] C:\Windows\System32\d3d11.dll
15:51:50.0985 4156 C:\Windows\System32\d3d11.dll - ok
15:51:50.0985 4156 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
15:51:50.0985 4156 C:\Windows\System32\localspl.dll - ok
15:51:51.0001 4156 [ 059B16DB7FD14D38B7F4E312D793B972 ] C:\Windows\System32\E_ILMGCA.DLL
15:51:51.0001 4156 C:\Windows\System32\E_ILMGCA.DLL - ok
15:51:51.0001 4156 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
15:51:51.0001 4156 C:\Windows\System32\PrintIsolationProxy.dll - ok
15:51:51.0001 4156 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
15:51:51.0001 4156 C:\Windows\System32\spoolss.dll - ok
15:51:51.0001 4156 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
15:51:51.0001 4156 C:\Windows\System32\FXSMON.dll - ok
15:51:51.0001 4156 [ 3757A25805E1E61547EE2D776D1E6D7D ] C:\Windows\System32\pdfc_port.dll
15:51:51.0017 4156 C:\Windows\System32\pdfc_port.dll - ok
15:51:51.0017 4156 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
15:51:51.0017 4156 C:\Windows\System32\snmpapi.dll - ok
15:51:51.0017 4156 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
15:51:51.0017 4156 C:\Windows\System32\tcpmon.dll - ok
15:51:51.0017 4156 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
15:51:51.0017 4156 C:\Windows\System32\usbmon.dll - ok
15:51:51.0017 4156 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
15:51:51.0017 4156 C:\Windows\System32\wsnmp32.dll - ok
15:51:51.0032 4156 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
15:51:51.0032 4156 C:\Windows\System32\WSDMon.dll - ok
15:51:51.0032 4156 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
15:51:51.0032 4156 C:\Windows\System32\fdPnp.dll - ok
15:51:51.0032 4156 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
15:51:51.0032 4156 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
15:51:51.0032 4156 [ 0353B239C28B0E9EBC7FA3D1F6181661 ] C:\Windows\System32\win32spl.dll
15:51:51.0032 4156 C:\Windows\System32\win32spl.dll - ok
15:51:51.0048 4156 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
15:51:51.0048 4156 C:\Windows\System32\inetpp.dll - ok
15:51:51.0048 4156 [ 390AA7BC52CEE43F6790CDEA1E776703 ] C:\Windows\System32\drivers\Sftplaylh.sys
15:51:51.0048 4156 C:\Windows\System32\drivers\Sftplaylh.sys - ok
15:51:51.0048 4156 [ C3CDDD18F43D44AB713CF8C4916F7696 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:51:51.0048 4156 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe - ok
15:51:51.0048 4156 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
15:51:51.0048 4156 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
15:51:51.0063 4156 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
15:51:51.0063 4156 C:\Windows\SysWOW64\userenv.dll - ok
15:51:51.0063 4156 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
15:51:51.0063 4156 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
15:51:51.0063 4156 [ F07AF60B152221472FBDB2FECEC4896D ] C:\Program Files (x86)\Skype\Updater\Updater.exe
15:51:51.0063 4156 C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
15:51:51.0063 4156 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
15:51:51.0063 4156 C:\Windows\SysWOW64\credssp.dll - ok
15:51:51.0063 4156 [ A113AFEED3159A1ED52D78CB0226006D ] C:\Windows\SysWOW64\secur32.dll
15:51:51.0079 4156 C:\Windows\SysWOW64\secur32.dll - ok
15:51:51.0079 4156 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
15:51:51.0079 4156 C:\Windows\SysWOW64\psapi.dll - ok
15:51:51.0079 4156 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
15:51:51.0079 4156 C:\Windows\System32\drivers\srvnet.sys - ok
15:51:51.0079 4156 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
15:51:51.0079 4156 C:\Windows\System32\drivers\tcpipreg.sys - ok
15:51:51.0079 4156 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
15:51:51.0079 4156 C:\Windows\System32\tapisrv.dll - ok
15:51:51.0095 4156 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
15:51:51.0095 4156 C:\Windows\System32\wbem\WMIsvc.dll - ok
15:51:51.0095 4156 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
15:51:51.0095 4156 C:\Windows\System32\wiaservc.dll - ok
15:51:51.0095 4156 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
15:51:51.0095 4156 C:\Windows\System32\sysmain.dll - ok
15:51:51.0095 4156 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
15:51:51.0095 4156 C:\Windows\System32\wiatrace.dll - ok
15:51:51.0110 4156 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
15:51:51.0110 4156 C:\Windows\System32\trkwks.dll - ok
15:51:51.0110 4156 [ 2BACD71123F42CEA603F4E205E1AE337 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:51:51.0110 4156 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
15:51:51.0110 4156 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
15:51:51.0110 4156 C:\Windows\System32\wbemcomn.dll - ok
15:51:51.0110 4156 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
15:51:51.0110 4156 C:\Windows\explorer.exe - ok
15:51:51.0110 4156 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
15:51:51.0126 4156 C:\Windows\System32\ExplorerFrame.dll - ok
15:51:51.0126 4156 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
15:51:51.0126 4156 C:\Windows\System32\EhStorShell.dll - ok
15:51:51.0126 4156 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
15:51:51.0126 4156 C:\Windows\System32\ntshrui.dll - ok
15:51:51.0126 4156 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
15:51:51.0126 4156 C:\Windows\System32\cscapi.dll - ok
15:51:51.0126 4156 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
15:51:51.0126 4156 C:\Windows\System32\IconCodecService.dll - ok
15:51:51.0141 4156 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
15:51:51.0141 4156 C:\Windows\System32\wbem\WinMgmtR.dll - ok
15:51:51.0141 4156 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
15:51:51.0141 4156 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
15:51:51.0141 4156 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
15:51:51.0141 4156 C:\Windows\System32\wbem\fastprox.dll - ok
15:51:51.0141 4156 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
15:51:51.0141 4156 C:\Windows\System32\ntdsapi.dll - ok
15:51:51.0157 4156 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
15:51:51.0157 4156 C:\Windows\System32\wbem\wbemprox.dll - ok
15:51:51.0157 4156 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
15:51:51.0157 4156 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
15:51:51.0157 4156 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
15:51:51.0157 4156 C:\Windows\System32\SensApi.dll - ok
15:51:51.0157 4156 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
15:51:51.0157 4156 C:\Windows\System32\wer.dll - ok
15:51:51.0173 4156 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
15:51:51.0173 4156 C:\Windows\System32\WinSCard.dll - ok
15:51:51.0173 4156 [ 13693B6354DD6E72DC5131DA7D764B90 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:51:51.0173 4156 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe - ok
15:51:51.0173 4156 [ 6177E1A8F215576A56D437B48A00848B ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftsync.dll
15:51:51.0173 4156 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftsync.dll - ok
15:51:51.0173 4156 [ E2102B5AC1303C2E045B926B9C745F6F ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
15:51:51.0173 4156 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
15:51:51.0188 4156 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
15:51:51.0188 4156 C:\Windows\System32\wbem\wbemcore.dll - ok
15:51:51.0188 4156 [ 295E1F2BC1AFDAFD98FF426BCE524BA9 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftuser.dll
15:51:51.0188 4156 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftuser.dll - ok
15:51:51.0188 4156 [ A733CC986EB51F8FBF598B981DC19FBA ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcore.dll
15:51:51.0188 4156 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcore.dll - ok
15:51:51.0188 4156 [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
15:51:51.0188 4156 C:\Windows\System32\msxml3.dll - ok
15:51:51.0204 4156 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
15:51:51.0204 4156 C:\Windows\System32\wbem\esscli.dll - ok
15:51:51.0204 4156 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
15:51:51.0204 4156 C:\Windows\System32\sqmapi.dll - ok
15:51:51.0204 4156 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
15:51:51.0204 4156 C:\Windows\System32\wdscore.dll - ok
15:51:51.0204 4156 [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
15:51:51.0204 4156 C:\Windows\System32\rasmans.dll - ok
15:51:51.0204 4156 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
15:51:51.0219 4156 C:\Windows\System32\eappprxy.dll - ok
15:51:51.0219 4156 [ 2A46FFE841EC43001D5A293A54DB34DE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
15:51:51.0219 4156 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
15:51:51.0219 4156 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
15:51:51.0219 4156 C:\Windows\System32\rastapi.dll - ok
15:51:51.0219 4156 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
15:51:51.0219 4156 C:\Windows\System32\tapi32.dll - ok
15:51:51.0219 4156 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
15:51:51.0219 4156 C:\Windows\System32\wbem\wbemsvc.dll - ok
15:51:51.0235 4156 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
15:51:51.0235 4156 C:\Windows\System32\wbem\wmiutils.dll - ok
15:51:51.0235 4156 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
15:51:51.0235 4156 C:\Windows\System32\netcfgx.dll - ok
15:51:51.0235 4156 [ 32BFCF1CA719F2A3A31C721BD5F90303 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftpsr.dll
15:51:51.0235 4156 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftpsr.dll - ok
15:51:51.0235 4156 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
15:51:51.0235 4156 C:\Windows\SysWOW64\netapi32.dll - ok
15:51:51.0251 4156 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
15:51:51.0251 4156 C:\Windows\SysWOW64\netutils.dll - ok
15:51:51.0251 4156 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
15:51:51.0251 4156 C:\Windows\SysWOW64\srvcli.dll - ok
15:51:51.0251 4156 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
15:51:51.0251 4156 C:\Windows\SysWOW64\wkscli.dll - ok
15:51:51.0251 4156 [ 40EE4E67311F4019CCA2120D88C60576 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftfsi_wow64.dll
15:51:51.0251 4156 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftfsi_wow64.dll - ok
15:51:51.0266 4156 [ 09AB81CEE443569D9A3CC151DDF70444 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcomp.dll
15:51:51.0266 4156 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcomp.dll - ok
15:51:51.0266 4156 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
15:51:51.0266 4156 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
15:51:51.0266 4156 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
15:51:51.0266 4156 C:\Windows\SysWOW64\nsi.dll - ok
15:51:51.0266 4156 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
15:51:51.0266 4156 C:\Windows\SysWOW64\winnsi.dll - ok
15:51:51.0282 4156 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
15:51:51.0282 4156 C:\Windows\SysWOW64\ws2_32.dll - ok
15:51:51.0282 4156 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
15:51:51.0282 4156 C:\Windows\SysWOW64\wsock32.dll - ok
15:51:51.0282 4156 [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\SysWOW64\logoncli.dll
15:51:51.0282 4156 C:\Windows\SysWOW64\logoncli.dll - ok
15:51:51.0282 4156 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
15:51:51.0282 4156 C:\Windows\SysWOW64\msi.dll - ok
15:51:51.0282 4156 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
15:51:51.0282 4156 C:\Windows\System32\drivers\srv2.sys - ok
15:51:51.0297 4156 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\SysWOW64\fltLib.dll
15:51:51.0297 4156 C:\Windows\SysWOW64\fltLib.dll - ok
15:51:51.0297 4156 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
15:51:51.0297 4156 C:\Windows\System32\drivers\srv.sys - ok
15:51:51.0297 4156 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
15:51:51.0297 4156 C:\Windows\System32\wbem\repdrvfs.dll - ok
15:51:51.0297 4156 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
15:51:51.0297 4156 C:\Windows\System32\hnetcfg.dll - ok
15:51:51.0313 4156 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
15:51:51.0313 4156 C:\Windows\System32\nci.dll - ok
15:51:51.0313 4156 [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
15:51:51.0313 4156 C:\Windows\System32\unimdm.tsp - ok
15:51:51.0313 4156 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
15:51:51.0313 4156 C:\Windows\System32\kmddsp.tsp - ok
15:51:51.0313 4156 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
15:51:51.0313 4156 C:\Windows\System32\ndptsp.tsp - ok
15:51:51.0313 4156 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
15:51:51.0329 4156 C:\Windows\System32\uniplat.dll - ok
15:51:51.0329 4156 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
15:51:51.0329 4156 C:\Windows\System32\hidphone.tsp - ok
15:51:51.0329 4156 [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
15:51:51.0329 4156 C:\Windows\System32\rasppp.dll - ok
15:51:51.0329 4156 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
15:51:51.0329 4156 C:\Windows\System32\eappcfg.dll - ok
15:51:51.0329 4156 [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
15:51:51.0329 4156 C:\Windows\System32\vpnike.dll - ok
15:51:51.0344 4156 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
15:51:51.0344 4156 C:\Windows\System32\raschap.dll - ok
15:51:51.0344 4156 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
15:51:51.0344 4156 C:\Windows\System32\srvsvc.dll - ok
15:51:51.0344 4156 [ 617E29A0B0A2807466560D4C4E338D3E ] C:\Windows\System32\drivers\Sftredirlh.sys
15:51:51.0344 4156 C:\Windows\System32\drivers\Sftredirlh.sys - ok
15:51:51.0344 4156 [ AF78F66116814FDD6677CEBD73035CDD ] C:\Windows\SysWOW64\schannel.dll
15:51:51.0344 4156 C:\Windows\SysWOW64\schannel.dll - ok
15:51:51.0360 4156 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
15:51:51.0360 4156 C:\Windows\System32\browser.dll - ok
15:51:51.0360 4156 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
15:51:51.0360 4156 C:\Windows\System32\dssenh.dll - ok
15:51:51.0360 4156 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
15:51:51.0360 4156 C:\Windows\System32\ipnathlp.dll - ok
15:51:51.0360 4156 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
15:51:51.0360 4156 C:\Windows\System32\mprapi.dll - ok
15:51:51.0375 4156 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
15:51:51.0375 4156 C:\Windows\System32\netshell.dll - ok
15:51:51.0375 4156 [ 69CB1A65B835EE6ADF9E16ED6D443072 ] C:\Windows\SysWOW64\urlmon.dll
15:51:51.0375 4156 C:\Windows\SysWOW64\urlmon.dll - ok
15:51:51.0375 4156 [ 1C60E09CA1C3A045BC4D367F67C915B7 ] C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
15:51:51.0375 4156 C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
15:51:51.0375 4156 [ 007863E45F25AA47A4C30D0930BBFD85 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
15:51:51.0375 4156 C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
15:51:51.0391 4156 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
15:51:51.0391 4156 C:\Windows\System32\netmsg.dll - ok
15:51:51.0391 4156 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
15:51:51.0391 4156 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
15:51:51.0391 4156 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
15:51:51.0391 4156 C:\Windows\System32\ncobjapi.dll - ok
15:51:51.0391 4156 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
15:51:51.0391 4156 C:\Windows\System32\sscore.dll - ok
15:51:51.0391 4156 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
15:51:51.0391 4156 C:\Windows\System32\clusapi.dll - ok
15:51:51.0407 4156 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
15:51:51.0407 4156 C:\Windows\System32\resutils.dll - ok
15:51:51.0407 4156 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
15:51:51.0407 4156 C:\Windows\System32\wbem\wbemess.dll - ok
15:51:51.0407 4156 [ C572D2A4AD9C7A332DFE1C6FD215A8F5 ] C:\Windows\System32\igd10umd64.dll
15:51:51.0407 4156 C:\Windows\System32\igd10umd64.dll - ok
15:51:51.0407 4156 [ 72794D112CBAFF3BC0C29BF7350D4741 ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
15:51:51.0407 4156 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE - ok
15:51:51.0422 4156 [ C797D1677BA81306AFBB9FA8A9A8F483 ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSHARED.DLL
15:51:51.0422 4156 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSHARED.DLL - ok
15:51:51.0422 4156 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
15:51:51.0422 4156 C:\Windows\SysWOW64\dbghelp.dll - ok
15:51:51.0422 4156 [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\SysWOW64\credui.dll
15:51:51.0422 4156 C:\Windows\SysWOW64\credui.dll - ok
15:51:51.0422 4156 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
15:51:51.0422 4156 C:\Windows\SysWOW64\oleacc.dll - ok
15:51:51.0438 4156 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
15:51:51.0438 4156 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
15:51:51.0438 4156 [ 565A30B70BE8A9B171839003F2D69683 ] C:\Windows\SysWOW64\hlink.dll
15:51:51.0438 4156 C:\Windows\SysWOW64\hlink.dll - ok
15:51:51.0438 4156 [ 74AF1FFCAFD60DA88A386AE161F56438 ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\en-us\CVHIntl.dll
15:51:51.0438 4156 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\en-us\CVHIntl.dll - ok
15:51:51.0438 4156 [ B08E3476F0874DBAD672D0AC4FB2580B ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftintf.dll
15:51:51.0438 4156 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftintf.dll - ok
15:51:51.0453 4156 [ 4C1E16B9A53102C8D6FBA587CBCB95DE ] C:\Windows\SysWOW64\msv1_0.dll
15:51:51.0453 4156 C:\Windows\SysWOW64\msv1_0.dll - ok
15:51:51.0453 4156 [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\SysWOW64\cryptdll.dll
15:51:51.0453 4156 C:\Windows\SysWOW64\cryptdll.dll - ok
15:51:51.0453 4156 [ 21D3A18769EC2C4E56756D04E989A221 ] C:\Windows\SysWOW64\msxml3.dll
15:51:51.0453 4156 C:\Windows\SysWOW64\msxml3.dll - ok
15:51:51.0453 4156 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
15:51:51.0453 4156 C:\Windows\System32\hidserv.dll - ok
15:51:51.0469 4156 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
15:51:51.0469 4156 C:\Windows\System32\wdi.dll - ok
15:51:51.0469 4156 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
15:51:51.0469 4156 C:\Windows\System32\Apphlpdm.dll - ok
15:51:51.0469 4156 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
15:51:51.0469 4156 C:\Windows\System32\appinfo.dll - ok
15:51:51.0469 4156 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
15:51:51.0469 4156 C:\Windows\System32\IPSECSVC.DLL - ok
15:51:51.0469 4156 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
15:51:51.0469 4156 C:\Windows\System32\npmproxy.dll - ok
15:51:51.0485 4156 [ 1EA7969E3271CBC59E1730697DC74682 ] C:\Windows\System32\qmgr.dll
15:51:51.0485 4156 C:\Windows\System32\qmgr.dll - ok
15:51:51.0485 4156 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
15:51:51.0485 4156 C:\Windows\System32\wpdbusenum.dll - ok
15:51:51.0485 4156 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
15:51:51.0485 4156 C:\Windows\System32\PortableDeviceApi.dll - ok
15:51:51.0485 4156 [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll
15:51:51.0485 4156 C:\Windows\System32\bitsigd.dll - ok
15:51:51.0500 4156 [ 29409ED7400CA5BCCC30C0EE5147A60D ] C:\Windows\System32\bitsperf.dll
15:51:51.0500 4156 C:\Windows\System32\bitsperf.dll - ok
15:51:51.0500 4156 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
15:51:51.0500 4156 C:\Windows\System32\FwRemoteSvr.dll - ok
15:51:51.0500 4156 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
15:51:51.0500 4156 C:\Windows\System32\upnp.dll - ok
15:51:51.0500 4156 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
15:51:51.0500 4156 C:\Windows\System32\ssdpsrv.dll - ok
15:51:51.0516 4156 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
15:51:51.0516 4156 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
15:51:51.0516 4156 [ DDA4CAF29D8C0A297F886BFE561E6659 ] C:\Windows\System32\drivers\WUDFRd.sys
15:51:51.0516 4156 C:\Windows\System32\drivers\WUDFRd.sys - ok
15:51:51.0516 4156 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
15:51:51.0516 4156 C:\Windows\System32\diagperf.dll - ok
15:51:51.0516 4156 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
15:51:51.0516 4156 C:\Windows\System32\pnpts.dll - ok
15:51:51.0531 4156 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
15:51:51.0531 4156 C:\Windows\System32\radardt.dll - ok
15:51:51.0531 4156 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
15:51:51.0531 4156 C:\Windows\System32\wdiasqmmodule.dll - ok
15:51:51.0531 4156 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
15:51:51.0531 4156 C:\Windows\System32\NapiNSP.dll - ok
15:51:51.0531 4156 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
15:51:51.0531 4156 C:\Windows\System32\perftrack.dll - ok
15:51:51.0531 4156 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
15:51:51.0531 4156 C:\Windows\System32\pnrpnsp.dll - ok
15:51:51.0547 4156 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
15:51:51.0547 4156 C:\Windows\System32\winrnr.dll - ok
15:51:51.0547 4156 [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
15:51:51.0547 4156 C:\Windows\System32\drivers\WUDFPf.sys - ok
15:51:51.0547 4156 [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
15:51:51.0547 4156 C:\Windows\System32\WUDFSvc.dll - ok
15:51:51.0547 4156 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
15:51:51.0547 4156 C:\Windows\System32\dimsjob.dll - ok
15:51:51.0563 4156 [ 8ABFE00F213F2571498F1B8FD7939A98 ] C:\Windows\System32\WUDFHost.exe
15:51:51.0563 4156 C:\Windows\System32\WUDFHost.exe - ok
15:51:51.0563 4156 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
15:51:51.0563 4156 C:\Windows\System32\pautoenr.dll - ok
15:51:51.0563 4156 [ 25AE683DCB4AE7E6F1B193A0CB9DB35F ] C:\Windows\System32\WUDFx.dll
15:51:51.0563 4156 C:\Windows\System32\WUDFx.dll - ok
15:51:51.0563 4156 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
15:51:51.0563 4156 C:\Windows\System32\runonce.exe - ok
15:51:51.0578 4156 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
15:51:51.0578 4156 C:\Windows\SysWOW64\runonce.exe - ok
15:51:51.0578 4156 [ 862586AD4B1355F7DCDE111EE0AAF350 ] C:\Windows\System32\d3dx10_40.dll
15:51:51.0578 4156 C:\Windows\System32\d3dx10_40.dll - ok
15:51:51.0578 4156 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
15:51:51.0578 4156 C:\Windows\System32\uDWM.dll - ok
15:51:51.0578 4156 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
15:51:51.0578 4156 C:\Windows\System32\certcli.dll - ok
15:51:51.0578 4156 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
15:51:51.0578 4156 C:\Windows\System32\CertEnroll.dll - ok
15:51:51.0594 4156 [ AC5DF873913B00E554D8F553459BC431 ] C:\Windows\System32\qmgrprxy.dll
15:51:51.0594 4156 C:\Windows\System32\qmgrprxy.dll - ok
15:51:51.0594 4156 [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\SysWOW64\qmgrprxy.dll
15:51:51.0594 4156 C:\Windows\SysWOW64\qmgrprxy.dll - ok
15:51:51.0594 4156 [ 91D6F0AB79AA36FFB932157865206F35 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
15:51:51.0594 4156 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
15:51:51.0594 4156 [ 9864D52F15AD32094A636C6B5281D9E7 ] C:\Windows\System32\WMVCORE.DLL
15:51:51.0594 4156 C:\Windows\System32\WMVCORE.DLL - ok
15:51:51.0609 4156 [ AACC48FE239F0DF126DA2F28930A5B83 ] C:\Windows\System32\WMASF.DLL
15:51:51.0609 4156 C:\Windows\System32\WMASF.DLL - ok
15:51:51.0609 4156 [ 389CA818132C1D7DCF0C791E8D9035DE ] C:\Windows\System32\PortableDeviceClassExtension.dll
15:51:51.0609 4156 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
15:51:51.0609 4156 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
15:51:51.0609 4156 C:\Windows\System32\PortableDeviceTypes.dll - ok
15:51:51.0609 4156 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
15:51:51.0609 4156 C:\Windows\SysWOW64\uxtheme.dll - ok
15:51:51.0625 4156 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
15:51:51.0625 4156 C:\Windows\SysWOW64\propsys.dll - ok
15:51:51.0625 4156 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
15:51:51.0625 4156 C:\Windows\SysWOW64\ntmarta.dll - ok
15:51:51.0625 4156 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
15:51:51.0625 4156 C:\Windows\SysWOW64\Wldap32.dll - ok
15:51:51.0625 4156 [ 49ACA548B2423F1C67898E6AC719A9A6 ] C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
15:51:51.0625 4156 C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
15:51:51.0641 4156 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
15:51:51.0641 4156 C:\Windows\SysWOW64\apphelp.dll - ok
15:51:51.0641 4156 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
15:51:51.0641 4156 C:\Windows\SysWOW64\cmd.exe - ok
15:51:51.0641 4156 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
15:51:51.0641 4156 C:\Windows\System32\aelupsvc.dll - ok
15:51:51.0641 4156 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
15:51:51.0641 4156 C:\Windows\SysWOW64\winbrand.dll - ok
15:51:51.0641 4156 [ 0B6118058942961D504AAEA04FECB116 ] C:\Windows\SysWOW64\ieframe.dll
15:51:51.0641 4156 C:\Windows\SysWOW64\ieframe.dll - ok
15:51:51.0656 4156 [ 60F4AEFA103D421EA4A40E31409B4756 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
15:51:51.0656 4156 C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
15:51:51.0656 4156 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
15:51:51.0656 4156 C:\Windows\SysWOW64\shdocvw.dll - ok
15:51:51.0656 4156 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Home8\AppData\Local\Temp\39F86390-6823-4DDD-BD23-32852612D58F.exe
15:51:51.0656 4156 C:\Users\Home8\AppData\Local\Temp\39F86390-6823-4DDD-BD23-32852612D58F.exe - ok
15:51:51.0656 4156 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
15:51:51.0656 4156 C:\Windows\SysWOW64\imagehlp.dll - ok
15:51:51.0672 4156 [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\SysWOW64\ncrypt.dll
15:51:51.0672 4156 C:\Windows\SysWOW64\ncrypt.dll - ok
15:51:51.0672 4156 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
15:51:51.0672 4156 C:\Windows\SysWOW64\bcrypt.dll - ok
15:51:51.0672 4156 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
15:51:51.0672 4156 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
15:51:51.0672 4156 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
15:51:51.0672 4156 C:\Windows\SysWOW64\gpapi.dll - ok
15:51:51.0687 4156 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
15:51:51.0687 4156 C:\Windows\SysWOW64\cryptnet.dll - ok
15:51:51.0687 4156 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
15:51:51.0687 4156 C:\Windows\SysWOW64\dwmapi.dll - ok
15:51:51.0687 4156 [ 3BCECD87AB4E6743BFB45B352AD1A529 ] C:\Windows\SysWOW64\WindowsCodecs.dll
15:51:51.0687 4156 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
15:51:51.0687 4156 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
15:51:51.0687 4156 C:\Windows\SysWOW64\EhStorShell.dll - ok
15:51:51.0687 4156 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
15:51:51.0687 4156 C:\Windows\SysWOW64\ntshrui.dll - ok
15:51:51.0703 4156 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
15:51:51.0703 4156 C:\Windows\SysWOW64\cscapi.dll - ok
15:51:51.0703 4156 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
15:51:51.0703 4156 C:\Windows\SysWOW64\slc.dll - ok
15:51:51.0703 4156 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
15:51:51.0703 4156 C:\Windows\SysWOW64\imageres.dll - ok
15:51:51.0703 4156 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
15:51:51.0703 4156 C:\Windows\SysWOW64\mswsock.dll - ok
15:51:51.0719 4156 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
15:51:51.0719 4156 C:\Windows\SysWOW64\wship6.dll - ok
15:51:51.0719 4156 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
15:51:51.0719 4156 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
15:51:51.0719 4156 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
15:51:51.0719 4156 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
15:51:51.0719 4156 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
15:51:51.0719 4156 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
15:51:51.0734 4156 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
15:51:51.0734 4156 C:\Windows\SysWOW64\dnsapi.dll - ok
15:51:51.0734 4156 [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
15:51:51.0734 4156 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
15:51:51.0734 4156 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
15:51:51.0734 4156 C:\Windows\SysWOW64\rasadhlp.dll - ok
15:51:51.0734 4156 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
15:51:51.0734 4156 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
15:51:51.0750 4156 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
15:51:51.0750 4156 C:\Windows\SysWOW64\sfc.dll - ok
15:51:51.0750 4156 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
15:51:51.0750 4156 C:\Windows\SysWOW64\sfc_os.dll - ok
15:51:51.0750 4156 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
15:51:51.0750 4156 C:\Windows\SysWOW64\devrtl.dll - ok
15:51:51.0750 4156 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
15:51:51.0750 4156 C:\Windows\System32\timedate.cpl - ok
15:51:51.0750 4156 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
15:51:51.0750 4156 C:\Windows\System32\actxprxy.dll - ok
15:51:51.0765 4156 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
15:51:51.0765 4156 C:\Windows\System32\shdocvw.dll - ok
15:51:51.0765 4156 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
15:51:51.0765 4156 C:\Windows\System32\linkinfo.dll - ok
15:51:51.0765 4156 [ 661CEEDE98A2E0E5CDD7DE239EB38353 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
15:51:51.0765 4156 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
15:51:51.0765 4156 [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
15:51:51.0765 4156 C:\Windows\System32\gameux.dll - ok
15:51:51.0781 4156 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
15:51:51.0781 4156 C:\Windows\System32\msi.dll - ok
15:51:51.0781 4156 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
15:51:51.0781 4156 C:\Windows\System32\msiltcfg.dll - ok
15:51:51.0781 4156 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
15:51:51.0781 4156 C:\Windows\System32\msftedit.dll - ok
15:51:51.0781 4156 [ 112183DF91C9BAECB498E4A86ECDE598 ] C:\Windows\System32\msls31.dll
15:51:51.0781 4156 C:\Windows\System32\msls31.dll - ok
15:51:51.0797 4156 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
15:51:51.0797 4156 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
15:51:51.0797 4156 [ C782A1C6E83520641E7BF7A496CA1CEE ] C:\Windows\System32\igfxtray.exe
15:51:51.0797 4156 C:\Windows\System32\igfxtray.exe - ok
15:51:51.0797 4156 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
15:51:51.0797 4156 C:\Windows\System32\DeviceCenter.dll - ok
15:51:51.0797 4156 [ 1E91D7C797290115BB082AD5C1BF6106 ] C:\Windows\System32\hccutils.dll
15:51:51.0797 4156 C:\Windows\System32\hccutils.dll - ok
15:51:51.0797 4156 [ 09295A6471D132FFDCA5A6E78682A5A9 ] C:\Windows\System32\igfxpers.exe
15:51:51.0812 4156 C:\Windows\System32\igfxpers.exe - ok
15:51:51.0812 4156 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
15:51:51.0812 4156 C:\Windows\System32\networkexplorer.dll - ok
15:51:51.0812 4156 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
15:51:51.0812 4156 C:\Windows\System32\thumbcache.dll - ok
15:51:51.0812 4156 [ 078C3578012E733D892AB826C9FAB5BF ] C:\Windows\System32\igfxsrvc.exe
15:51:51.0812 4156 C:\Windows\System32\igfxsrvc.exe - ok
15:51:51.0812 4156 [ 554A50B5310E702029D3A675459108FF ] C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
15:51:51.0812 4156 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe - ok
15:51:51.0828 4156 [ 3911917B93DD9023DAA8258147AA7BCF ] C:\Program Files\Microsoft Security Client\msseces.exe
15:51:51.0828 4156 C:\Program Files\Microsoft Security Client\msseces.exe - ok
15:51:51.0828 4156 [ 05D6C6C15BBA54F0021E997E4A4837E2 ] C:\Windows\System32\igfxsrvc.dll
15:51:51.0828 4156 C:\Windows\System32\igfxsrvc.dll - ok
15:51:51.0828 4156 [ B28D1EE1884D065D791253C4E95D17EC ] C:\Windows\System32\igfxdev.dll
15:51:51.0828 4156 C:\Windows\System32\igfxdev.dll - ok
15:51:51.0828 4156 [ C637FC4638A96165256B28D38DE7B953 ] C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
15:51:51.0828 4156 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe - ok
15:51:51.0843 4156 [ D3E69D500466C17498AAF7F83D12FFF0 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
15:51:51.0843 4156 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe - ok
15:51:51.0843 4156 [ 29BAD398C82369BFC1E709B536520960 ] C:\Program Files (x86)\PDF Complete\pdfsty.exe
15:51:51.0843 4156 C:\Program Files (x86)\PDF Complete\pdfsty.exe - ok
15:51:51.0843 4156 [ 1568FF282E268082C67CF0C3EBCC9179 ] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
15:51:51.0843 4156 C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe - ok
15:51:51.0843 4156 [ 105CFE016CCB20175BEACEC146F175AB ] C:\Windows\System32\IccLibDll_x64.dll
15:51:51.0843 4156 C:\Windows\System32\IccLibDll_x64.dll - ok
15:51:51.0859 4156 [ F0AD6FB996D4BE1E364934FA7A6BD094 ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
15:51:51.0859 4156 C:\Program Files (x86)\Citrix\ICA Client\concentr.exe - ok
15:51:51.0859 4156 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
15:51:51.0859 4156 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
15:51:51.0859 4156 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
15:51:51.0859 4156 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
15:51:51.0859 4156 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
15:51:51.0859 4156 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
15:51:51.0875 4156 [ A905E156A7D52B55892C3255670FE97B ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
15:51:51.0875 4156 C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
15:51:51.0875 4156 [ DBC8C303281D0D6D5421DB7EE2B200A1 ] C:\Program Files (x86)\Citrix\ICA Client\ctxmui.dll
15:51:51.0875 4156 C:\Program Files (x86)\Citrix\ICA Client\ctxmui.dll - ok
15:51:51.0875 4156 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
15:51:51.0875 4156 C:\Windows\SysWOW64\msimg32.dll - ok
15:51:51.0875 4156 [ 87F20C71E9A429F7E5D1ABE486025F0E ] C:\Program Files (x86)\Citrix\ICA Client\CCMSDK.dll
15:51:51.0875 4156 C:\Program Files (x86)\Citrix\ICA Client\CCMSDK.dll - ok
15:51:51.0890 4156 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
15:51:51.0890 4156 C:\Windows\SysWOW64\shfolder.dll - ok
15:51:51.0890 4156 [ 2031DCC0083A134AF9451CD1402FFCE3 ] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
15:51:51.0890 4156 C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll - ok
15:51:51.0890 4156 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
15:51:51.0890 4156 C:\Windows\SysWOW64\comdlg32.dll - ok
15:51:51.0890 4156 [ A8A86A8EF957899930F77FAC85D7651C ] C:\Program Files (x86)\Citrix\ICA Client\resource\en\concenUI.dll
15:51:51.0890 4156 C:\Program Files (x86)\Citrix\ICA Client\resource\en\concenUI.dll - ok
15:51:51.0906 4156 [ 31D0F1020BA9B007DC347F27E680AA84 ] C:\Program Files (x86)\Citrix\ICA Client\resource\en\ctxmuiUI.dll
15:51:51.0906 4156 C:\Program Files (x86)\Citrix\ICA Client\resource\en\ctxmuiUI.dll - ok
15:51:51.0906 4156 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
15:51:51.0906 4156 C:\Windows\SysWOW64\oledlg.dll - ok
15:51:51.0906 4156 [ 70939CBCFD57DA39B62F925410B92D76 ] C:\Users\Home8\AppData\Local\Citrix\Receiver\WindowsAppRHelper_concentr.exe.dll
15:51:51.0906 4156 C:\Users\Home8\AppData\Local\Citrix\Receiver\WindowsAppRHelper_concentr.exe.dll - ok
15:51:51.0906 4156 [ 850F2CE45D14BEA56C6BB42680516D3E ] C:\Windows\System32\igfxrenu.lrc
15:51:51.0906 4156 C:\Windows\System32\igfxrenu.lrc - ok
15:51:51.0921 4156 [ EF22596B7C443716F5F97DCA1ED7A1E2 ] C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
15:51:51.0921 4156 C:\Program Files (x86)\Citrix\Receiver\Receiver.exe - ok
15:51:51.0921 4156 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
15:51:51.0921 4156 C:\Windows\SysWOW64\winsta.dll - ok
15:51:51.0921 4156 [ F2A24E4AEC0F8D5DBAB10CB87A8EFED2 ] C:\Windows\SysWOW64\sti.dll
15:51:51.0921 4156 C:\Windows\SysWOW64\sti.dll - ok
15:51:51.0921 4156 [ 5046E55184021406C27E8D48A1B2C9D2 ] C:\Windows\System32\l3codeca.acm
15:51:51.0921 4156 C:\Windows\System32\l3codeca.acm - ok
15:51:51.0921 4156 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\96628936.sys
15:51:51.0921 4156 C:\Windows\System32\drivers\96628936.sys - ok
15:51:51.0937 4156 [ 4956C57498AD08724AE41920A81B6963 ] C:\Program Files (x86)\Epson Software\Event Manager\ScanEngine30.dll
15:51:51.0937 4156 C:\Program Files (x86)\Epson Software\Event Manager\ScanEngine30.dll - ok
15:51:51.0937 4156 [ 17386C6E17A26BB0C9765577E446E7D9 ] C:\Program Files (x86)\Epson Software\Event Manager\ScnMgr10.dll
15:51:51.0937 4156 C:\Program Files (x86)\Epson Software\Event Manager\ScnMgr10.dll - ok
15:51:51.0937 4156 [ 2D5AAFECAEE330D8A57C53D5FCC44F5F ] C:\Program Files (x86)\Citrix\Receiver\Xerces-c_3_1.dll
15:51:51.0937 4156 C:\Program Files (x86)\Citrix\Receiver\Xerces-c_3_1.dll - ok
15:51:51.0937 4156 [ 163A95975E1D8819E653AA3E961371CA ] C:\Windows\twain_32.dll
15:51:51.0937 4156 C:\Windows\twain_32.dll - ok
15:51:51.0953 4156 [ 535010EEE51B6F8D029167F5C0A8589E ] C:\Windows\twain_32\escndv\nx420.ds
15:51:51.0953 4156 C:\Windows\twain_32\escndv\nx420.ds - ok
15:51:51.0953 4156 [ 0503D60AFCED7CB601C7CA70C08E8CAC ] C:\Windows\twain_32\wiatwain.ds
15:51:51.0953 4156 C:\Windows\twain_32\wiatwain.ds - ok
15:51:51.0953 4156 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft Security Client\SqmApi.dll
15:51:51.0953 4156 C:\Program Files\Microsoft Security Client\SqmApi.dll - ok
15:51:51.0953 4156 [ EFAAC839BAB1FCA26768913289BD3474 ] C:\Program Files (x86)\Citrix\Receiver\ResourceKeeper.dll
15:51:51.0953 4156 C:\Program Files (x86)\Citrix\Receiver\ResourceKeeper.dll - ok
15:51:51.0968 4156 [ 98AFAA462C5F08F44DC7AC09C6C327F3 ] C:\Program Files (x86)\Citrix\Receiver\NativeMessageBox.dll
15:51:51.0968 4156 C:\Program Files (x86)\Citrix\Receiver\NativeMessageBox.dll - ok
15:51:51.0968 4156 [ 6A4BC7CDF2833063F79A9FF2CBD1A3B5 ] C:\Program Files (x86)\Citrix\Receiver\NativeSystrayUE.dll
15:51:51.0968 4156 C:\Program Files (x86)\Citrix\Receiver\NativeSystrayUE.dll - ok
15:51:51.0968 4156 [ D642715F68EFBF35869F8F24AD8E5E14 ] C:\Program Files (x86)\Citrix\Receiver\ProgressNotification.dll
15:51:51.0968 4156 C:\Program Files (x86)\Citrix\Receiver\ProgressNotification.dll - ok
15:51:51.0968 4156 [ 409E9E5357DAB450FB3C3A4BF2CE245B ] C:\Program Files (x86)\Citrix\Receiver\Toaster.dll
15:51:51.0968 4156 C:\Program Files (x86)\Citrix\Receiver\Toaster.dll - ok
15:51:51.0984 4156 [ 80279007CAB3549A5999348BD0C23732 ] C:\Windows\SysWOW64\wiadss.dll
15:51:51.0984 4156 C:\Windows\SysWOW64\wiadss.dll - ok
15:51:51.0984 4156 [ 2E483EC51216B52C711C7EC642798BB7 ] C:\Windows\System32\sti.dll
15:51:51.0984 4156 C:\Windows\System32\sti.dll - ok
15:51:51.0984 4156 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
15:51:51.0984 4156 C:\Windows\SysWOW64\winmm.dll - ok
15:51:51.0984 4156 [ 70939CBCFD57DA39B62F925410B92D76 ] C:\Program Files (x86)\Citrix\Receiver\WindowsAppRHelper.dll
15:51:51.0984 4156 C:\Program Files (x86)\Citrix\Receiver\WindowsAppRHelper.dll - ok
15:51:51.0999 4156 [ B087F2B901570F6EF62F6C2E01A480F3 ] C:\Windows\SysWOW64\wiatrace.dll
15:51:51.0999 4156 C:\Windows\SysWOW64\wiatrace.dll - ok
15:51:51.0999 4156 [ FB8B3E6BF6445C22F30DFC26B200E569 ] C:\Program Files (x86)\Epson Software\Event Manager\EPNSM.dll
15:51:51.0999 4156 C:\Program Files (x86)\Epson Software\Event Manager\EPNSM.dll - ok
15:51:51.0999 4156 [ 637124CDBFF5819CB8A8478838A33048 ] C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
15:51:51.0999 4156 C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll - ok
15:51:51.0999 4156 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
15:51:51.0999 4156 C:\Windows\SysWOW64\NapiNSP.dll - ok
15:51:51.0999 4156 [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll
15:51:51.0999 4156 C:\Windows\SysWOW64\nlaapi.dll - ok
15:51:52.0015 4156 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
15:51:52.0015 4156 C:\Windows\SysWOW64\pnrpnsp.dll - ok
15:51:52.0015 4156 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
15:51:52.0015 4156 C:\Windows\SysWOW64\winrnr.dll - ok
15:51:52.0015 4156 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
15:51:52.0015 4156 C:\Windows\SysWOW64\riched20.dll - ok
15:51:52.0015 4156 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
15:51:52.0015 4156 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
15:51:52.0031 4156 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
15:51:52.0031 4156 C:\Windows\SysWOW64\duser.dll - ok
15:51:52.0031 4156 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
15:51:52.0031 4156 C:\Windows\SysWOW64\dui70.dll - ok
15:51:52.0031 4156 [ 04CB7C8FDC6D9640DD82A527208F72C4 ] C:\Windows\System32\UIAnimation.dll
15:51:52.0031 4156 C:\Windows\System32\UIAnimation.dll - ok
15:51:52.0031 4156 [ 3EA89C7B886D13AD24AE4A47F79A4BE8 ] C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
15:51:52.0031 4156 C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe - ok
15:51:52.0046 4156 [ 9E049D0A4F2D1712C0BEA12060F10489 ] C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
15:51:52.0046 4156 C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe - ok
15:51:52.0046 4156 [ 1F5AFD468EB5E09E9ED75A087529EAB5 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
15:51:52.0046 4156 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
15:51:52.0046 4156 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
15:51:52.0046 4156 C:\Windows\SysWOW64\mscoree.dll - ok
15:51:52.0046 4156 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
15:51:52.0046 4156 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
15:51:52.0062 4156 [ E1AECB7DE4AA5B5A99D3FA048456ECF1 ] C:\Program Files (x86)\Citrix\ICA Client\ProgressNotificationCommon.dll
15:51:52.0062 4156 C:\Program Files (x86)\Citrix\ICA Client\ProgressNotificationCommon.dll - ok
15:51:52.0062 4156 [ 8B92BED5B8D4A8480E7AA631F35A6F35 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
15:51:52.0062 4156 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
15:51:52.0062 4156 [ C930EBE2469C0D82AC771ED697160D0F ] C:\Program Files (x86)\Citrix\ICA Client\wfcwinn.dll
15:51:52.0062 4156 C:\Program Files (x86)\Citrix\ICA Client\wfcwinn.dll - ok
15:51:52.0062 4156 [ 6266A4D40FD2ED5444A3956F90F2E534 ] C:\Program Files (x86)\Citrix\ICA Client\acrdlg.dll
15:51:52.0062 4156 C:\Program Files (x86)\Citrix\ICA Client\acrdlg.dll - ok
15:51:52.0077 4156 [ 9253214C4354F5B5F1406EDE48935490 ] C:\Program Files (x86)\Citrix\ICA Client\confmgr.dll
15:51:52.0077 4156 C:\Program Files (x86)\Citrix\ICA Client\confmgr.dll - ok
15:51:52.0077 4156 [ B6C39B98F6CC854539AB26AAE67D0B34 ] C:\Program Files (x86)\Citrix\ICA Client\statuin.dll
15:51:52.0077 4156 C:\Program Files (x86)\Citrix\ICA Client\statuin.dll - ok
15:51:52.0077 4156 [ 2F8939A8CAC217017790845D5D3E3060 ] C:\Program Files (x86)\Citrix\ICA Client\ctxlogging.dll
15:51:52.0077 4156 C:\Program Files (x86)\Citrix\ICA Client\ctxlogging.dll - ok
15:51:52.0077 4156 [ 4847930CE4649E89C656C8D590E391FD ] C:\Program Files (x86)\Citrix\ICA Client\icafile.dll
15:51:52.0077 4156 C:\Program Files (x86)\Citrix\ICA Client\icafile.dll - ok
15:51:52.0093 4156 [ 2B21C65ACA43BDF8E00D1A9940A7372A ] C:\Program Files (x86)\Citrix\ICA Client\RSManager.dll
15:51:52.0093 4156 C:\Program Files (x86)\Citrix\ICA Client\RSManager.dll - ok
15:51:52.0093 4156 [ 0009B941739774FF55CF41D8DBBDF9B9 ] C:\Program Files (x86)\Citrix\ICA Client\cst.dll
15:51:52.0093 4156 C:\Program Files (x86)\Citrix\ICA Client\cst.dll - ok
15:51:52.0093 4156 [ 84390A58F5418DA4AC6AE45F5B378F07 ] C:\Program Files (x86)\Citrix\ICA Client\RSMHook.dll
15:51:52.0093 4156 C:\Program Files (x86)\Citrix\ICA Client\RSMHook.dll - ok
15:51:52.0093 4156 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\SysWOW64\cryptui.dll
15:51:52.0093 4156 C:\Windows\SysWOW64\cryptui.dll - ok
15:51:52.0109 4156 [ C3E39FB1398EEE8E612C2FE53A9192EF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
15:51:52.0109 4156 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll - ok
15:51:52.0109 4156 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
15:51:52.0109 4156 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
15:51:52.0109 4156 [ 6D249582140A02D25133A054ABDABB44 ] C:\Program Files (x86)\Citrix\ICA Client\resource\en\ProgressNotificationCommonUI.dll
15:51:52.0109 4156 C:\Program Files (x86)\Citrix\ICA Client\resource\en\ProgressNotificationCommonUI.dll - ok
15:51:52.0109 4156 [ 5E6D20A8D3CEDA47904D94E810C93886 ] C:\Program Files (x86)\Citrix\ICA Client\resource\en\statuiUI.dll
15:51:52.0109 4156 C:\Program Files (x86)\Citrix\ICA Client\resource\en\statuiUI.dll - ok
15:51:52.0124 4156 [ D9415D557AF4B6626C6BD98ACFEF736F ] C:\Program Files (x86)\Citrix\ICA Client\resource\en\cstUI.dll
15:51:52.0124 4156 C:\Program Files (x86)\Citrix\ICA Client\resource\en\cstUI.dll - ok
15:51:52.0124 4156 [ 09A116FB06C5E362EF8938D29CDAB27B ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
15:51:52.0124 4156 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
15:51:52.0124 4156 [ 63BAFB88856400814CF6E698AE5CB6EF ] C:\Program Files (x86)\Citrix\ICA Client\resource\en\wfcrunUI.dll
15:51:52.0124 4156 C:\Program Files (x86)\Citrix\ICA Client\resource\en\wfcrunUI.dll - ok
15:51:52.0124 4156 [ 3518CB4E2D896CAB53D5386F15AC0566 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
15:51:52.0124 4156 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll - ok
15:51:52.0124 4156 [ 70939CBCFD57DA39B62F925410B92D76 ] C:\Users\Home8\AppData\Local\Citrix\Receiver\WindowsAppRHelper_wfcrun32.exe.dll
15:51:52.0124 4156 C:\Users\Home8\AppData\Local\Citrix\Receiver\WindowsAppRHelper_wfcrun32.exe.dll - ok
15:51:52.0140 4156 [ 27E79A455EF80647F4F57FA3C2B09C94 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
15:51:52.0140 4156 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll - ok
15:51:52.0140 4156 [ 8B1590C627138166C015A5680ABF6BB2 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
15:51:52.0140 4156 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll - ok
15:51:52.0140 4156 [ 026928BD0684D98084187D01EC83D9E9 ] C:\Program Files (x86)\Citrix\ICA Client\CCMProxy.dll
15:51:52.0140 4156 C:\Program Files (x86)\Citrix\ICA Client\CCMProxy.dll - ok
15:51:52.0140 4156 [ D920ABF7DFF28CB7D67C19E16632559C ] C:\Program Files (x86)\Citrix\SelfServicePlugin\DazzleConfig.dll
15:51:52.0140 4156 C:\Program Files (x86)\Citrix\SelfServicePlugin\DazzleConfig.dll - ok
15:51:52.0155 4156 [ 21E110FF1C0E948860458BD7B692DE13 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
15:51:52.0155 4156 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll - ok
15:51:52.0155 4156 [ BCC3CFD1802516C88B283E6C733EAC92 ] C:\Program Files (x86)\Citrix\SelfServicePlugin\ReceiverShim.dll
15:51:52.0155 4156 C:\Program Files (x86)\Citrix\SelfServicePlugin\ReceiverShim.dll - ok
15:51:52.0155 4156 [ 871F7F32E3441580138E61A4AA072DF6 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
15:51:52.0155 4156 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll - ok
15:51:52.0171 4156 [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
15:51:52.0171 4156 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
15:51:52.0171 4156 [ 8EC67ADA75B3EBE0AB818453675D4883 ] C:\Users\Home8\AppData\Local\Citrix\Receiver\WindowsAppRHelper_SelfServicePlugin.exe.dll
15:51:52.0171 4156 C:\Users\Home8\AppData\Local\Citrix\Receiver\WindowsAppRHelper_SelfServicePlugin.exe.dll - ok
15:51:52.0171 4156 [ EB210DF5D1C232C0A02FF268E6E8E1CF ] C:\Program Files (x86)\Citrix\SelfServicePlugin\BaseClassLibrary.dll
15:51:52.0171 4156 C:\Program Files (x86)\Citrix\SelfServicePlugin\BaseClassLibrary.dll - ok
15:51:52.0171 4156 [ F1DB5FF94B1A5866E315AF48D6660DF9 ] C:\Program Files (x86)\Citrix\SelfServicePlugin\PreLaunchConfig.dll
15:51:52.0171 4156 C:\Program Files (x86)\Citrix\SelfServicePlugin\PreLaunchConfig.dll - ok
15:51:52.0187 4156 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
15:51:52.0187 4156 C:\Windows\System32\batmeter.dll - ok
15:51:52.0187 4156 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
15:51:52.0187 4156 C:\Windows\System32\stobject.dll - ok
15:51:52.0187 4156 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
15:51:52.0187 4156 C:\Windows\System32\prnfldr.dll - ok
15:51:52.0187 4156 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
15:51:52.0187 4156 C:\Windows\System32\DXP.dll - ok
15:51:52.0187 4156 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
15:51:52.0187 4156 C:\Windows\System32\Syncreg.dll - ok
15:51:52.0202 4156 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
15:51:52.0202 4156 C:\Windows\ehome\ehSSO.dll - ok
15:51:52.0202 4156 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
15:51:52.0202 4156 C:\Windows\System32\AltTab.dll - ok
15:51:52.0202 4156 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
15:51:52.0202 4156 C:\Windows\System32\WPDShServiceObj.dll - ok
15:51:52.0202 4156 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
15:51:52.0202 4156 C:\Windows\System32\SearchIndexer.exe - ok
15:51:52.0218 4156 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
15:51:52.0218 4156 C:\Windows\System32\tquery.dll - ok
15:51:52.0218 4156 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
15:51:52.0218 4156 C:\Windows\System32\pnidui.dll - ok
15:51:52.0218 4156 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
15:51:52.0218 4156 C:\Windows\System32\mssrch.dll - ok
15:51:52.0218 4156 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
15:51:52.0218 4156 C:\Windows\System32\QUTIL.DLL - ok
15:51:52.0233 4156 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
15:51:52.0233 4156 C:\Windows\System32\srchadmin.dll - ok
15:51:52.0233 4156 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
15:51:52.0233 4156 C:\Windows\System32\msidle.dll - ok
15:51:52.0233 4156 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
15:51:52.0233 4156 C:\Windows\System32\rasdlg.dll - ok
15:51:52.0233 4156 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
15:51:52.0233 4156 C:\Windows\System32\mssprxy.dll - ok
15:51:52.0233 4156 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
15:51:52.0233 4156 C:\Windows\System32\dot3api.dll - ok
15:51:52.0249 4156 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
15:51:52.0249 4156 C:\Windows\System32\wlanapi.dll - ok
15:51:52.0249 4156 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
15:51:52.0249 4156 C:\Windows\System32\wlanhlp.dll - ok
15:51:52.0249 4156 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
15:51:52.0249 4156 C:\Windows\System32\wlanutil.dll - ok
15:51:52.0249 4156 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
15:51:52.0249 4156 C:\Windows\System32\onex.dll - ok
15:51:52.0265 4156 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
15:51:52.0265 4156 C:\Windows\System32\en-US\tquery.dll.mui - ok
15:51:52.0265 4156 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
15:51:52.0265 4156 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
15:51:52.0265 4156 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
15:51:52.0265 4156 C:\Windows\System32\WWanAPI.dll - ok
15:51:52.0265 4156 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
15:51:52.0265 4156 C:\Windows\System32\QAGENT.DLL - ok
15:51:52.0280 4156 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
15:51:52.0280 4156 C:\Windows\System32\wwapi.dll - ok
15:51:52.0280 4156 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
15:51:52.0280 4156 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
15:51:52.0280 4156 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
15:51:52.0280 4156 C:\Windows\System32\ActionCenter.dll - ok
15:51:52.0280 4156 [ A9F3BFC9345F49614D5859EC95B9E994 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
15:51:52.0280 4156 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
15:51:52.0280 4156 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
15:51:52.0280 4156 C:\Windows\System32\bthprops.cpl - ok
15:51:52.0296 4156 [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe
15:51:52.0296 4156 C:\Windows\System32\SearchProtocolHost.exe - ok
15:51:52.0296 4156 [ D744D5B8145C2303B19A288AF695E9AD ] C:\Windows\System32\ieframe.dll
15:51:52.0296 4156 C:\Windows\System32\ieframe.dll - ok
15:51:52.0296 4156 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
15:51:52.0296 4156 C:\Windows\System32\msshooks.dll - ok
15:51:52.0296 4156 [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
15:51:52.0296 4156 C:\Windows\System32\SearchFilterHost.exe - ok
15:51:52.0311 4156 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
15:51:52.0311 4156 C:\Windows\System32\mscoree.dll - ok
15:51:52.0311 4156 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
15:51:52.0311 4156 C:\Windows\System32\drmv2clt.dll - ok
15:51:52.0311 4156 [ 423982DD851406A52B6399DDB196C606 ] C:\Windows\System32\wmdrmdev.dll
15:51:52.0311 4156 C:\Windows\System32\wmdrmdev.dll - ok
15:51:52.0311 4156 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
15:51:52.0311 4156 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
15:51:52.0327 4156 [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll
15:51:52.0327 4156 C:\Windows\System32\mssph.dll - ok
15:51:52.0327 4156 [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
15:51:52.0327 4156 C:\Windows\System32\mapi32.dll - ok
15:51:52.0327 4156 [ 97A891E2BF7FDA830BCFC6269DA3F5E9 ] C:\Windows\System32\blackbox.dll
15:51:52.0327 4156 C:\Windows\System32\blackbox.dll - ok
15:51:52.0327 4156 [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
15:51:52.0327 4156 C:\Windows\System32\wmp.dll - ok
15:51:52.0327 4156 [ FF2B106909EED48C536DA04742C0324A ] C:\Windows\System32\Query.dll
15:51:52.0343 4156 C:\Windows\System32\Query.dll - ok
15:51:52.0343 4156 [ 9108540E866F75C7AF2B91DD921A8091 ] C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
15:51:52.0343 4156 C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
15:51:52.0343 4156 [ FB4045578F5180BDB1963AB352B78548 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
15:51:52.0343 4156 C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
15:51:52.0343 4156 [ BC0D4AFBE94D8E1F81C8926D805C3366 ] C:\Windows\System32\webcheck.dll
15:51:52.0343 4156 C:\Windows\System32\webcheck.dll - ok
15:51:52.0343 4156 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
15:51:52.0343 4156 C:\Windows\System32\mlang.dll - ok
15:51:52.0358 4156 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
15:51:52.0358 4156 C:\Windows\System32\SyncCenter.dll - ok
15:51:52.0358 4156 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
15:51:52.0358 4156 C:\Windows\System32\imapi2.dll - ok
15:51:52.0358 4156 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
15:51:52.0358 4156 C:\Windows\System32\FXSST.dll - ok
15:51:52.0358 4156 [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
15:51:52.0358 4156 C:\Windows\System32\wmploc.DLL - ok
15:51:52.0374 4156 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
15:51:52.0374 4156 C:\Windows\System32\FXSAPI.dll - ok
15:51:52.0374 4156 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
15:51:52.0374 4156 C:\Windows\System32\FXSRESM.dll - ok
15:51:52.0374 4156 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
15:51:52.0374 4156 C:\Windows\System32\hgcpl.dll - ok
15:51:52.0374 4156 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
15:51:52.0374 4156 C:\Windows\System32\FXSSVC.exe - ok
15:51:52.0374 4156 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
15:51:52.0374 4156 C:\Windows\System32\fdPHost.dll - ok
15:51:52.0389 4156 [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll
15:51:52.0389 4156 C:\Windows\System32\fdWSD.dll - ok
15:51:52.0389 4156 [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll
15:51:52.0389 4156 C:\Windows\System32\fdSSDP.dll - ok
15:51:52.0389 4156 [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll
15:51:52.0389 4156 C:\Windows\System32\fdProxy.dll - ok
15:51:52.0389 4156 [ EFDFB3DD38A4376F93E7985173813ABD ] C:\Windows\System32\ListSvc.dll
15:51:52.0389 4156 C:\Windows\System32\ListSvc.dll - ok
15:51:52.0405 4156 [ B6411CED931AFD059E48C52DBFBA95B4 ] C:\Windows\System32\P2P.dll
15:51:52.0405 4156 C:\Windows\System32\P2P.dll - ok
15:51:52.0405 4156 [ 4A82EA2807B16FF577AEAF8ADB8779FF ] C:\Windows\System32\IdListen.dll
15:51:52.0405 4156 C:\Windows\System32\IdListen.dll - ok
15:51:52.0405 4156 [ A0524499F4C63CADA7E1529FC77F5DC1 ] C:\Windows\System32\hgprint.dll
15:51:52.0405 4156 C:\Windows\System32\hgprint.dll - ok
15:51:52.0405 4156 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
15:51:52.0405 4156 C:\Windows\System32\pnrpsvc.dll - ok
15:51:52.0405 4156 [ 41446E7545BB7B4167DE8A274CC924E3 ] C:\Program Files\Internet Explorer\ieproxy.dll
15:51:52.0405 4156 C:\Program Files\Internet Explorer\ieproxy.dll - ok
15:51:52.0421 4156 [ 355A138ABDFD43FBABCAE3A1B06AB93D ] C:\Windows\System32\wmpps.dll
15:51:52.0421 4156 C:\Windows\System32\wmpps.dll - ok
15:51:52.0421 4156 [ F149E8CAE538DBF7059B00326673F602 ] C:\Windows\System32\wmpmde.dll
15:51:52.0421 4156 C:\Windows\System32\wmpmde.dll - ok
15:51:52.0421 4156 [ 021287C2050FD5DB4A8B084E2C38139C ] C:\Windows\System32\WinSATAPI.dll
15:51:52.0421 4156 C:\Windows\System32\WinSATAPI.dll - ok
15:51:52.0421 4156 [ 28A7D7C7E2FDD1D55F12F750CD6331EC ] C:\Windows\System32\MSMPEG2ENC.DLL
15:51:52.0421 4156 C:\Windows\System32\MSMPEG2ENC.DLL - ok
15:51:52.0436 4156 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll
15:51:52.0436 4156 C:\Windows\System32\p2psvc.dll - ok
15:51:52.0436 4156 [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1 ] C:\Windows\System32\P2PGraph.dll
15:51:52.0436 4156 C:\Windows\System32\P2PGraph.dll - ok
15:51:52.0436 4156 [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll
15:51:52.0436 4156 C:\Windows\System32\devenum.dll - ok
15:51:52.0436 4156 [ 558C42D165DB5799B4072DC0A9C27C0B ] C:\Windows\System32\msdmo.dll
15:51:52.0436 4156 C:\Windows\System32\msdmo.dll - ok
15:51:52.0452 4156 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
15:51:52.0452 4156 C:\Windows\System32\upnphost.dll - ok
15:51:52.0452 4156 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
15:51:52.0452 4156 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
15:51:52.0452 4156 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
15:51:52.0452 4156 C:\Windows\System32\wbem\wmiprov.dll - ok
15:51:52.0452 4156 [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
15:51:52.0452 4156 C:\Windows\System32\udhisapi.dll - ok
15:51:52.0452 4156 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
15:51:52.0467 4156 C:\Windows\System32\drprov.dll - ok
15:51:52.0467 4156 [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
15:51:52.0467 4156 C:\Windows\System32\davclnt.dll - ok
15:51:52.0467 4156 [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
15:51:52.0467 4156 C:\Windows\System32\ntlanman.dll - ok
15:51:52.0467 4156 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
15:51:52.0467 4156 C:\Windows\System32\davhlpr.dll - ok
15:51:52.0467 4156 [ C57BC99A4467B3E8F1CC2184A3F46729 ] C:\Windows\System32\drt.dll
15:51:52.0467 4156 C:\Windows\System32\drt.dll - ok
15:51:52.0483 4156 [ 2E7ADF9B0389CD94605717784D7E416A ] C:\Windows\System32\drttransport.dll
15:51:52.0483 4156 C:\Windows\System32\drttransport.dll - ok
15:51:52.0483 4156 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
15:51:52.0483 4156 C:\Windows\System32\keyiso.dll - ok
15:51:52.0483 4156 [ 0C15DB6FF927935F0ECA52FEEA40E6C2 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
15:51:52.0483 4156 C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll - ok
15:51:52.0483 4156 [ 3C06536A9AA332E9E0CEBDE5A596822A ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
15:51:52.0483 4156 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL - ok
15:51:52.0499 4156 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
15:51:52.0499 4156 C:\Windows\System32\oleacc.dll - ok
15:51:52.0499 4156 ============================================================
15:51:52.0499 4156 Scan finished
15:51:52.0499 4156 ============================================================
15:51:52.0499 4148 Detected object count: 2
15:51:52.0499 4148 Actual detected object count: 2
15:52:05.0556 4148 CalendarSynchService ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:05.0556 4148 CalendarSynchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:05.0556 4148 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:05.0556 4148 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#10
gringo_pr
Posted 14 April 2013 - 02:19 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello v-twinrider

I would like you to rerun OTL for me and send me the fresh scan for me.

Run New OTL Scan


  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
  • 0

Advertisements

#11
v-twinrider
Posted 14 April 2013 - 02:41 PM

v-twinrider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Here is the Old Timer report. Malwarebytes did not find anything on its scan. The redirection remains. It has never been consistent, maybe half of my searches get redirected.


OTL logfile created on: 4/14/2013 4:31:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home8\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 57.65% Memory free
7.82 Gb Paging File | 6.02 Gb Available in Paging File | 77.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.20 Gb Total Space | 398.46 Gb Free Space | 88.70% Space Free | Partition Type: NTFS
Drive D: | 16.46 Gb Total Space | 2.05 Gb Free Space | 12.48% Space Free | Partition Type: NTFS

Computer Name: HOME-HP | User Name: Home8 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Home8\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Home8\Desktop\New folder mbam\mbar\mbar.exe (Malwarebytes Corporation)
PRC - C:\Users\Home8\AppData\Local\Temp\39F86390-6823-4DDD-BD23-32852612D58F.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Citrix\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Java\jre7\bin\jp2native.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c1b67737c13c99776cde5989ec2885c8\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a0445401f2473a1aa4b66c9c0791c7f6\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\ac23cd46d40b425c4826acadd481cfc0\ReachFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (CalendarSynchService) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (mbamswissarmy) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV:64bit: - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys ()
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (gfiark) -- C:\Windows\SysNative\drivers\gfiark.sys (GFI Software)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{817EBD61-96F6-497A-9431-912307C0A779}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{817EBD61-96F6-497A-9431-912307C0A779}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2703488885-2810264334-4265067819-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch....3EEFC512C0237BB
IE - HKU\S-1-5-21-2703488885-2810264334-4265067819-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2703488885-2810264334-4265067819-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2703488885-2810264334-4265067819-1001\..\SearchScopes\{817EBD61-96F6-497A-9431-912307C0A779}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKU\S-1-5-21-2703488885-2810264334-4265067819-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPDTDF
IE - HKU\S-1-5-21-2703488885-2810264334-4265067819-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-2703488885-2810264334-4265067819-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKU\S-1-5-21-2703488885-2810264334-4265067819-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://securesearch....EEFC512C0237BB"
FF - prefs.js..extensions.enabledAddons: bpdrjczpol%40bpdrjczpol.org:2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/14 09:33:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/14 09:33:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/10/28 12:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home8\AppData\Roaming\Mozilla\Extensions
[2013/03/10 13:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home8\AppData\Roaming\Mozilla\Firefox\Profiles\bfd6wqr6.default\extensions
[2013/02/25 20:30:53 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Home8\AppData\Roaming\Mozilla\Firefox\Profiles\bfd6wqr6.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[1637/07/24 07:46:43 | 000,004,815 | ---- | M] () (No name found) -- C:\Users\Home8\AppData\Roaming\Mozilla\Firefox\Profiles\bfd6wqr6.default\extensions\[email protected]
[2013/04/14 09:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/14 09:33:58 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/25 20:30:52 | 000,000,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2013/02/17 19:20:03 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/19 21:02:35 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/21 21:08:56 | 000,000,841 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2703488885-2810264334-4265067819-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2703488885-2810264334-4265067819-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2703488885-2810264334-4265067819-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2703488885-2810264334-4265067819-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKU\S-1-5-21-2703488885-2810264334-4265067819-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C288EECE-9172-4BBD-8BF4-BEEE0EA6E837}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/17 14:39:30 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/14 16:03:56 | 000,000,000 | ---D | C] -- C:\Users\Home8\Desktop\New folder mbam
[2013/04/14 15:18:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/14 12:26:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/14 10:27:34 | 000,000,000 | ---D | C] -- C:\Users\Home8\Desktop\Google_Yahoo_http _63.209.69.107 Redirect - Geeks to Go Forums_files
[2013/04/14 09:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/10 20:27:48 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/10 20:27:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/10 20:27:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/04/10 20:27:47 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/04/10 20:27:46 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/10 20:27:46 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/04/10 20:27:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/04/10 20:27:46 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/04/10 20:27:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/10 20:27:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/04/10 20:27:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/04/10 20:27:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/04/10 20:27:43 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/10 20:27:43 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/10 20:27:43 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/10 19:49:04 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 19:49:03 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 19:49:03 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 19:49:03 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 19:49:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 19:49:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/03/23 13:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/03/23 13:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/03/23 09:19:49 | 069,796,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2013/03/23 09:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/03/23 09:17:17 | 000,000,000 | ---D | C] -- C:\Users\Home8\Desktop\How to fix Google Redirects - Geeks to Go Forums_files
[2013/03/21 21:06:01 | 000,000,000 | ---D | C] -- C:\Users\Home8\Desktop\RK_Quarantine
[2013/03/21 20:56:57 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2013/03/20 06:59:46 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/20 06:59:46 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/20 06:59:46 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/20 06:59:46 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/20 06:59:46 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/20 06:59:46 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/20 06:59:46 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/20 06:59:46 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/20 06:59:46 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/20 06:59:46 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/20 06:59:46 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/20 06:59:46 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/20 06:59:46 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/20 06:59:46 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/20 06:59:46 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/20 06:59:46 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/20 06:59:46 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/20 06:59:46 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/20 06:59:46 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/20 06:59:46 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/20 06:59:46 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/20 06:59:46 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/20 06:59:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/20 06:59:46 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/20 06:59:46 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/20 06:59:46 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/20 06:59:46 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/20 06:59:46 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/20 06:59:46 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/20 06:59:46 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/20 06:59:46 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/20 06:59:46 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/20 06:59:46 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/20 06:59:46 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/20 06:59:46 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/20 06:59:46 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/20 06:59:46 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/20 06:59:46 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/20 06:59:46 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/20 06:59:46 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/20 06:59:46 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/20 06:59:46 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/20 06:59:46 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/20 06:59:46 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/20 06:59:46 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/20 06:59:46 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/20 06:59:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/20 06:59:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/20 06:59:46 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/20 06:59:46 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/20 06:59:46 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/20 06:59:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/20 06:59:46 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/20 06:59:10 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/03/20 06:59:10 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/03/20 06:59:10 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/03/20 06:59:10 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/03/20 06:59:10 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/03/20 06:59:10 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/03/20 06:59:10 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/03/20 06:59:10 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/03/20 06:59:10 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/03/20 06:59:10 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/03/20 06:59:10 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/03/20 06:59:10 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/03/20 06:59:10 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/03/20 06:59:10 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/03/20 06:59:10 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/03/20 06:59:10 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/03/20 06:59:10 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/03/20 06:59:10 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/03/20 06:59:10 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/03/20 06:59:10 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/03/20 06:59:10 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/03/20 06:59:10 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/03/20 06:59:10 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/03/20 06:59:10 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/20 06:59:10 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/20 06:59:10 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/20 06:59:10 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/20 06:59:10 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/20 06:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/20 06:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/20 06:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/20 06:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/20 06:59:10 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/20 06:57:41 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/14 16:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/14 15:57:11 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/14 15:57:11 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/14 15:54:19 | 000,779,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/14 15:54:19 | 000,660,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/14 15:54:19 | 000,121,182 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/14 15:49:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/14 15:49:36 | 3147,714,560 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/14 12:19:26 | 005,052,676 | R--- | M] (Swearware) -- C:\Users\Home8\Desktop\ComboFix.exe
[2013/04/14 10:29:39 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHome8.job
[2013/04/14 10:27:36 | 000,152,298 | ---- | M] () -- C:\Users\Home8\Desktop\Google_Yahoo_http _63.209.69.107 Redirect - Geeks to Go Forums.htm
[2013/04/14 09:55:57 | 000,000,000 | ---- | M] () -- C:\Users\Home8\defogger_reenable
[2013/04/14 08:53:46 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/30 23:01:40 | 000,532,196 | ---- | M] () -- C:\Users\Home8\Desktop\photovir.JPG
[2013/03/30 22:53:08 | 000,699,919 | ---- | M] () -- C:\Users\Home8\Desktop\photo.JPG
[2013/03/23 13:44:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/23 09:17:19 | 000,132,239 | ---- | M] () -- C:\Users\Home8\Desktop\How to fix Google Redirects - Geeks to Go Forums.htm
[2013/03/21 20:56:44 | 010,560,233 | ---- | M] () -- C:\Users\Home8\Desktop\unhackme.zip
[2013/03/20 06:59:46 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/20 06:59:46 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/20 06:59:46 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/20 06:59:46 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/20 06:59:46 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/20 06:59:46 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/20 06:59:46 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/20 06:59:46 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/20 06:59:46 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/20 06:59:46 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/20 06:59:46 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/20 06:59:46 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/20 06:59:46 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/20 06:59:46 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/20 06:59:46 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/20 06:59:46 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/20 06:59:46 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/20 06:59:46 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/20 06:59:46 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/20 06:59:46 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/20 06:59:46 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/20 06:59:46 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/20 06:59:46 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/20 06:59:46 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/20 06:59:46 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/20 06:59:46 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/20 06:59:46 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/20 06:59:46 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/20 06:59:46 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/20 06:59:46 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/20 06:59:46 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/20 06:59:46 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/20 06:59:46 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/20 06:59:46 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/20 06:59:46 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/20 06:59:46 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/20 06:59:46 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/20 06:59:46 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/20 06:59:46 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/20 06:59:46 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/20 06:59:46 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/20 06:59:46 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/20 06:59:46 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/20 06:59:46 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/20 06:59:46 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/20 06:59:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/20 06:59:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/20 06:59:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/20 06:59:46 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/20 06:59:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/20 06:59:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/20 06:59:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/20 06:59:46 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/20 06:59:46 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/20 06:59:46 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/20 06:59:10 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/03/20 06:59:10 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/03/20 06:59:10 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/03/20 06:59:10 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/03/20 06:59:10 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/03/20 06:59:10 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/03/20 06:59:10 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/03/20 06:59:10 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/03/20 06:59:10 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/03/20 06:59:10 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/03/20 06:59:10 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/03/20 06:59:10 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/03/20 06:59:10 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/03/20 06:59:10 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/03/20 06:59:10 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/03/20 06:59:10 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/03/20 06:59:10 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/03/20 06:59:10 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/03/20 06:59:10 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/03/20 06:59:10 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/03/20 06:59:10 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/03/20 06:59:10 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/03/20 06:59:10 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/03/20 06:59:10 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/20 06:59:10 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/20 06:59:10 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/20 06:59:10 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/20 06:59:10 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/20 06:59:10 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/20 06:59:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/20 06:59:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/20 06:59:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/20 06:59:10 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/20 06:59:10 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/19 02:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/03/19 01:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/03/19 01:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/03/19 01:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/03/19 00:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/03/18 23:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/03/15 21:27:52 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/15 21:27:52 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/14 10:27:34 | 000,152,298 | ---- | C] () -- C:\Users\Home8\Desktop\Google_Yahoo_http _63.209.69.107 Redirect - Geeks to Go Forums.htm
[2013/04/14 09:55:57 | 000,000,000 | ---- | C] () -- C:\Users\Home8\defogger_reenable
[2013/03/30 23:01:39 | 000,532,196 | ---- | C] () -- C:\Users\Home8\Desktop\photovir.JPG
[2013/03/30 22:53:03 | 000,699,919 | ---- | C] () -- C:\Users\Home8\Desktop\photo.JPG
[2013/03/23 13:44:42 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/03/23 13:44:33 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/03/23 09:17:17 | 000,132,239 | ---- | C] () -- C:\Users\Home8\Desktop\How to fix Google Redirects - Geeks to Go Forums.htm
[2013/03/21 20:56:38 | 010,560,233 | ---- | C] () -- C:\Users\Home8\Desktop\unhackme.zip
[2013/03/20 06:59:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/20 06:59:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/10 00:23:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/10 00:23:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/10 00:23:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/10 00:23:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/10 00:23:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/12 21:31:37 | 000,949,049 | ---- | C] () -- C:\Users\Home8\AppData\Local\census.cache
[2013/02/12 21:31:32 | 000,090,570 | ---- | C] () -- C:\Users\Home8\AppData\Local\ars.cache
[2013/02/12 21:26:47 | 000,000,036 | ---- | C] () -- C:\Users\Home8\AppData\Local\housecall.guid.cache
[2012/10/28 09:48:04 | 000,000,088 | ---- | C] () -- C:\Windows\ENX420.ini
[2012/01/13 15:51:23 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/01/13 15:51:23 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/01/13 15:51:23 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/01/13 15:51:23 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/01/13 15:51:22 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/10/12 19:33:22 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

#12
gringo_pr
Posted 14 April 2013 - 03:00 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello v-twinrider

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image text box.
    :OTL
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O3 - HKU\S-1-5-21-2703488885-2810264334-4265067819-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
FF - prefs.js..extensions.enabledAddons: bpdrjczpol%40bpdrjczpol.org:2.5
[1637/07/24 07:46:43 | 000,004,815 | ---- | M] () (No name found) -- C:\Users\Home8\AppData\Roaming\Mozilla\Firefox\Profiles\bfd6wqr6.default\extensions\[email protected]
  

:Files
ipconfig /flushdns /c

:Commands
[PURITY]
[emptyjava]
[EMPTYFLASH]
[reboot]
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo
  • 0

#13
v-twinrider
Posted 14 April 2013 - 03:25 PM

v-twinrider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
The Redirection is still happening but seems less frequent.


========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2703488885-2810264334-4265067819-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Prefs.js: bpdrjczpol%40bpdrjczpol.org:2.5 removed from extensions.enabledAddons
C:\Users\Home8\AppData\Roaming\Mozilla\Firefox\Profiles\bfd6wqr6.default\extensions\[email protected] moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Home8\Downloads\cmd.bat deleted successfully.
C:\Users\Home8\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Home8
->Java cache emptied: 208762 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Home8
->Flash cache emptied: 91078 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04142013_170530
  • 0

#14
gringo_pr
Posted 14 April 2013 - 07:28 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello v-twinrider

I want you to reset firefox back to defaults, this will remove everything from Firefox

I will let you keep your bookmarks so to do that you can go here - Export BookMarks

Now to reset firefox do the following.

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo
  • 0

#15
v-twinrider
Posted 15 April 2013 - 04:41 PM

v-twinrider

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Hello Gringo,

Since my last post I have not been redirected using IE or Firefox. Everything seems to be working fine!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP