Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI Warning and more fun bad stuff [Solved]


  • This topic is locked This topic is locked

#1
mewsick75

mewsick75

    Member

  • Member
  • PipPipPip
  • 258 posts
Hi again,

I keep getting the FBI Warning and other bad stuff on this computer. I work for a non-profit organization and my resources to fix this stuff is extremely small so I'm turning to the help of the Geeks to Go community.
Here are the OTL logs:

Any and all help is greatly appreciated.

OTL logfile created on: 6/20/2013 4:45:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\rec therapy
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.41 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 79.38% Memory free
5.25 Gb Paging File | 4.70 Gb Available in Paging File | 89.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 211.13 Gb Free Space | 90.66% Space Free | Partition Type: NTFS
Drive E: | 7.44 Gb Total Space | 1.28 Gb Free Space | 17.15% Space Free | Partition Type: FAT32

Computer Name: FVDT181 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/07 10:25:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\rec therapy\OTL.exe
PRC - [2013/06/04 14:17:33 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\pmurphy\Application Data\Microsoft\WIN2AC.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/05 14:45:25 | 000,283,888 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
PRC - [2012/09/05 14:45:25 | 000,274,432 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\Ppcl.exe
PRC - [2012/09/05 10:28:53 | 000,389,960 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoTask.exe
PRC - [2012/09/05 10:26:38 | 000,208,896 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe
PRC - [2012/09/05 10:26:38 | 000,192,512 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRPC.exe
PRC - [2012/09/05 08:45:49 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/07/27 15:00:28 | 000,073,728 | ---- | M] (PrintFleet Inc) -- C:\Program Files\Local Print Agent\Local Print Agent.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/07/20 18:27:00 | 002,697,832 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTDCPL.EXE
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/08 17:58:44 | 000,407,368 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\Realmon.exe
PRC - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/04 14:17:33 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\pmurphy\Application Data\Microsoft\WIN2AC.exe
MOD - [2013/05/16 03:13:11 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll
MOD - [2013/05/16 03:04:52 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll
MOD - [2013/05/16 03:03:06 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/02/14 04:05:17 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8a0eba3c8f881dd718ab4d1bb5118f15\System.Web.Services.ni.dll
MOD - [2013/02/14 04:04:47 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013/02/14 04:04:35 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/14 04:04:17 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/09 04:13:39 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013/01/09 04:07:50 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/09 04:07:40 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/09 04:07:29 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll
MOD - [2013/01/09 04:06:55 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/09 04:06:40 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012/03/11 14:55:40 | 000,088,656 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2007/02/05 07:57:22 | 000,974,848 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_crypto.dll
MOD - [2007/02/05 07:57:22 | 000,798,720 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\libeay32.dll
MOD - [2007/02/05 07:57:22 | 000,184,320 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_ssl.dll
MOD - [2007/02/05 07:57:22 | 000,155,648 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\ssleay32.dll
MOD - [2007/02/05 07:57:22 | 000,073,728 | ---- | M] () -- C:\Program Files\CA\SharedComponents\iTechnology\zlib.dll


========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/05 14:45:25 | 000,283,888 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2012/09/05 10:28:53 | 000,389,960 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask)
SRV - [2012/09/05 10:26:38 | 000,208,896 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT)
SRV - [2012/09/05 10:26:38 | 000,192,512 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRPC.exe -- (InoRPC)
SRV - [2012/09/05 08:45:49 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/03 13:25:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 15:00:28 | 000,073,728 | ---- | M] (PrintFleet Inc) [Auto | Running] -- C:\Program Files\Local Print Agent\Local Print Agent.exe -- (Local Print Agent)
SRV - [2007/02/05 07:57:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/07 15:50:16 | 006,346,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtDHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/12/06 03:24:14 | 000,270,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011/11/30 15:04:42 | 000,202,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)
DRV - [2007/10/18 21:14:32 | 000,184,080 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2007/08/06 22:07:02 | 000,027,536 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\ino_flpy.sys -- (INO_FLPY)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E B3 7C 55 2A 85 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [2991324506] "C:\Documents and Settings\pmurphy\Application Data\Datuunti\exmywi.exe" File not found
O4 - HKLM..\Run: [FVLogonAgent] C:\Program Files\Fellowship Village Network Agent\agent.exe ()
O4 - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrustITM\realmon.exe (CA)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TimeServer] C:\Documents and Settings\pmurphy\Application Data\Microsoft\WIN2AC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: fellowshipvillage.local ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: fellowshipvillage.local ([jenga] http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1342793406843 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1342810066390 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FellowshipVillage.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54587493-6004-467E-932C-A9061B09C1D5}: NameServer = 192.168.1.5,192.168.1.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files\Citrix\GoToAssist Remote Support Customer\461\g2ax_winlogon.dll) - C:\Program Files\Citrix\GoToAssist Remote Support Customer\461\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/20 09:21:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/20 12:39:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2013/06/19 13:23:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe
[2013/06/04 15:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\16933a1a-d44c-45e3-a584-8ab332da6b38ad
[2013/06/04 14:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\16933a1a-d44c-45e3-a584-8ab332da6b38ad
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/20 16:37:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/20 16:33:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/20 16:25:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/20 16:00:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 77774949.job
[2013/06/20 16:00:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 3530754759.job
[2013/06/20 16:00:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 3360000272.job
[2013/06/20 16:00:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 313416954.job
[2013/06/20 16:00:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 2370236077.job
[2013/06/20 16:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 841015428.job
[2013/06/20 16:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 296954445.job
[2013/06/20 16:00:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\{737DD5F1-A1C2-4068-9E64-FB83334A0BB5}.job
[2013/06/20 16:00:00 | 000,000,404 | -H-- | M] () -- C:\WINDOWS\tasks\{8E1AF6EB-B872-4574-9355-6C40CEA7C385}.job
[2013/06/20 12:39:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/20 12:12:23 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\4eot7.pad
[2013/06/19 13:23:42 | 000,003,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\4eot7.js
[2013/06/13 03:00:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/04 14:54:18 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\tasks\{D7ADE528-1454-4254-B0F0-5CA364A0E1C8}.job
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/19 13:23:42 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\4eot7.js
[2013/06/19 13:23:41 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\4eot7.pad
[2013/06/04 15:04:48 | 000,000,434 | -H-- | C] () -- C:\WINDOWS\tasks\{737DD5F1-A1C2-4068-9E64-FB83334A0BB5}.job
[2013/06/04 14:54:17 | 000,000,378 | -H-- | C] () -- C:\WINDOWS\tasks\{D7ADE528-1454-4254-B0F0-5CA364A0E1C8}.job
[2013/06/04 14:50:42 | 000,000,404 | -H-- | C] () -- C:\WINDOWS\tasks\{8E1AF6EB-B872-4574-9355-6C40CEA7C385}.job
[2012/09/05 10:08:39 | 000,008,794 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/08/03 12:54:31 | 000,088,656 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/07/20 10:28:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/20 09:38:09 | 000,732,392 | ---- | C] () -- C:\WINDOWS\System32\igkrng700.bin
[2012/07/20 09:38:09 | 000,561,112 | ---- | C] () -- C:\WINDOWS\System32\igfcg700m.bin
[2012/07/20 09:38:09 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2012/07/20 09:38:09 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2012/07/20 09:23:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/20 09:18:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/07/19 13:54:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/07/19 13:53:33 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/07/20 10:07:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/04/20 15:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 6/20/2013 4:45:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\rec therapy
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.41 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 79.38% Memory free
5.25 Gb Paging File | 4.70 Gb Available in Paging File | 89.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 211.13 Gb Free Space | 90.66% Space Free | Partition Type: NTFS
Drive E: | 7.44 Gb Total Space | 1.28 Gb Free Space | 17.15% Space Free | Partition Type: FAT32

Computer Name: FVDT181 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"35:UDP" = 35:UDP:*:Enabled:PFLAUDP
"35:TCP" = 35:TCP:*:Enabled:PFLATCP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\instsrv.exe" = C:\WINDOWS\instsrv.exe:*:Enabled:eTrust Antivirus Remote Installation Program
"C:\Program Files\CA\eTrustITM\InoRpc.exe" = C:\Program Files\CA\eTrustITM\InoRpc.exe:*:Enabled:eTrust ITM - RPC Service -- (CA)
"C:\Program Files\CA\eTrustITM\Realmon.exe" = C:\Program Files\CA\eTrustITM\Realmon.exe:*:Enabled:eTrust ITM - Realtime monitor -- (CA)
"C:\Program Files\CA\eTrustITM\Shellscn.exe" = C:\Program Files\CA\eTrustITM\Shellscn.exe:*:Enabled:eTrust ITM - Shell Scanner -- (CA)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{190C07EA-B7C4-4A05-9E82-D12030C8FBA1}_is1" = Network Agent 0.2
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBCC20F-C994-43BB-BE02-FDB926660C80}" = Local Print Agent
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{847501DF-07C0-4691-B04A-893929F108AE}" = CA iTechnology iGateway
"{85F88F9C-6EB2-426B-88AB-28DA4A3526B9}" = CA eTrustITM Agent
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CutePDF Writer Installation" = CutePDF Writer 2.8
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GoToAssist Express Customer" = GoToAssist Customer 1.6.0.461
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PROSet" = Intel® Network Connections Drivers
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2013 12:10:53 PM | Computer Name = FVDT181 | Source = Folder Redirection | ID = 101
Description = Failed to perform redirection of folder My Documents. The new directories
for the redirected folder could not be created. The folder is configured to be redirected
to <H:\My Documents>, the final expanded path was <H:\My Documents>. The following
error occurred: %%3

Error - 6/20/2013 12:10:53 PM | Computer Name = FVDT181 | Source = Userenv | ID = 1085
Description = The Group Policy client-side extension Folder Redirection failed to
execute. Please look for any errors reported earlier by that extension.

Error - 6/20/2013 12:30:25 PM | Computer Name = FVDT181 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/20/2013 12:30:26 PM | Computer Name = FVDT181 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/20/2013 12:32:35 PM | Computer Name = FVDT181 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/20/2013 12:32:36 PM | Computer Name = FVDT181 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/20/2013 12:37:27 PM | Computer Name = FVDT181 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/20/2013 12:37:29 PM | Computer Name = FVDT181 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/20/2013 1:18:55 PM | Computer Name = FVDT181 | Source = eTrust ITM | ID = 14
Description = [time 6/20/2013 1:13:27 PM: ID 14: machine fvdt181.FellowshipVillage.local:
response 6/20/2013 1:18:55 PM] The Win32/Alureon.IbcdbRD was detected in C:\DOCUMENTS
AND SETTINGS\PM...\CONHOST.EXE. Machine: FVDT181, User: FVDT181\Administrator.
Status: File was cured; system cure performed.

Error - 6/20/2013 1:46:55 PM | Computer Name = FVDT181 | Source = eTrust ITM | ID = 14
Description = [time 6/20/2013 1:41:14 PM: ID 14: machine fvdt181.FellowshipVillage.local:
response 6/20/2013 1:46:55 PM] The Win32/Alureon.IbcdbRD was detected in C:\SYSTEM
VOLUME INFORMATIO...\A0025111.EXE. Machine: FVDT181, User: FVDT181\Administrator.
Status: File was cured; system cure performed.

[ Application Events ]
Error - 6/20/2013 12:10:53 PM | Computer Name = FVDT181 | Source = Folder Redirection | ID = 101
Description = Failed to perform redirection of folder My Documents. The new directories
for the redirected folder could not be created. The folder is configured to be redirected
to <H:\My Documents>, the final expanded path was <H:\My Documents>. The following
error occurred: %%3

Error - 6/20/2013 12:10:53 PM | Computer Name = FVDT181 | Source = Userenv | ID = 1085
Description = The Group Policy client-side extension Folder Redirection failed to
execute. Please look for any errors reported earlier by that extension.

Error - 6/20/2013 12:30:25 PM | Computer Name = FVDT181 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/20/2013 12:30:26 PM | Computer Name = FVDT181 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/20/2013 12:32:35 PM | Computer Name = FVDT181 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/20/2013 12:32:36 PM | Computer Name = FVDT181 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/20/2013 12:37:27 PM | Computer Name = FVDT181 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/20/2013 12:37:29 PM | Computer Name = FVDT181 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/20/2013 1:18:55 PM | Computer Name = FVDT181 | Source = eTrust ITM | ID = 14
Description = [time 6/20/2013 1:13:27 PM: ID 14: machine fvdt181.FellowshipVillage.local:
response 6/20/2013 1:18:55 PM] The Win32/Alureon.IbcdbRD was detected in C:\DOCUMENTS
AND SETTINGS\PM...\CONHOST.EXE. Machine: FVDT181, User: FVDT181\Administrator.
Status: File was cured; system cure performed.

Error - 6/20/2013 1:46:55 PM | Computer Name = FVDT181 | Source = eTrust ITM | ID = 14
Description = [time 6/20/2013 1:41:14 PM: ID 14: machine fvdt181.FellowshipVillage.local:
response 6/20/2013 1:46:55 PM] The Win32/Alureon.IbcdbRD was detected in C:\SYSTEM
VOLUME INFORMATIO...\A0025111.EXE. Machine: FVDT181, User: FVDT181\Administrator.
Status: File was cured; system cure performed.

[ OSession Events ]
Error - 1/15/2013 1:31:59 PM | Computer Name = FVDT181 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1465
seconds with 1260 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/20/2013 12:37:27 PM | Computer Name = FVDT181 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain FV due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 6/20/2013 12:38:57 PM | Computer Name = FVDT181 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 6/20/2013 12:39:02 PM | Computer Name = FVDT181 | Source = Service Control Manager | ID = 7000
Description = The Security Center Update - 2370236077 service failed to start due
to the following error: %%2

Error - 6/20/2013 12:39:02 PM | Computer Name = FVDT181 | Source = Service Control Manager | ID = 7000
Description = The Security Center Update - 3530754759 service failed to start due
to the following error: %%2

Error - 6/20/2013 12:43:10 PM | Computer Name = FVDT181 | Source = Service Control Manager | ID = 7000
Description = The Security Center Update - 2370236077 service failed to start due
to the following error: %%2

Error - 6/20/2013 12:43:10 PM | Computer Name = FVDT181 | Source = Service Control Manager | ID = 7000
Description = The Security Center Update - 3530754759 service failed to start due
to the following error: %%2

Error - 6/20/2013 12:43:10 PM | Computer Name = FVDT181 | Source = Service Control Manager | ID = 7022
Description = The Local Print Agent service hung on starting.

Error - 6/20/2013 4:35:07 PM | Computer Name = FVDT181 | Source = Service Control Manager | ID = 7000
Description = The Security Center Update - 2370236077 service failed to start due
to the following error: %%2

Error - 6/20/2013 4:35:07 PM | Computer Name = FVDT181 | Source = Service Control Manager | ID = 7000
Description = The Security Center Update - 3530754759 service failed to start due
to the following error: %%2

Error - 6/20/2013 4:35:30 PM | Computer Name = FVDT181 | Source = Service Control Manager | ID = 7022
Description = The Local Print Agent service hung on starting.


< End of report >
  • 0

Advertisements


#2
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

  • You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
  • Please make sure to carefully read any instruction that I give you and in perform them in the order they are posted. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean.
  • Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
  • Please reply within 3 days. Topics with no reply in 4 days are closed!

I will be submitting a fix to my instructors and will post back to you as soon as possible. :)

Jasmyne
  • 0

#3
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
Thanks Jasmyne I look forward to hearing back from you.
  • 0

#4
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Let's see if we can get rid of these bad guys for you. :) There is a sign of aswMBR in the log, have you by chance run it?

Step 1 - Run TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Put a checkmark beside loaded modules.

    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Posted Image

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Step 2 - OTL Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything inside the code box, right click and click Copy.

:Commands
[createrestorepoint]

:OTL
PRC - [2013/06/04 14:17:33 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\pmurphy\Application Data\Microsoft\WIN2AC.exe
MOD - [2013/06/04 14:17:33 | 000,130,048 | ---- | M] () -- C:\Documents and Settings\pmurphy\Application Data\Microsoft\WIN2AC.exe
O4 - HKLM..\Run: [2991324506] "C:\Documents and Settings\pmurphy\Application Data\Datuunti\exmywi.exe" File not found
O4 - HKLM..\Run: [FVLogonAgent] C:\Program Files\Fellowship Village Network Agent\agent.exe ()
O4 - HKLM..\Run: [TimeServer] C:\Documents and Settings\pmurphy\Application Data\Microsoft\WIN2AC.exe ()
O15 - HKLM\..Trusted Domains: fellowshipvillage.local ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: fellowshipvillage.local ([jenga] http in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FellowshipVillage.local
[2013/06/19 13:23:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe
[2013/06/20 16:00:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 77774949.job
[2013/06/20 16:00:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 3530754759.job
[2013/06/20 16:00:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 3360000272.job
[2013/06/20 16:00:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 313416954.job
[2013/06/20 16:00:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 2370236077.job
[2013/06/20 16:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 841015428.job
[2013/06/20 16:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\Security Center Update - 296954445.job
[2013/06/20 12:12:23 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\4eot7.pad
[2013/06/19 13:23:42 | 000,003,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\4eot7.js

:Files
C:\Documents and Settings\pmurphy\Application Data\Microsoft\WIN2AC.exe



:Commands
[EMPTYTEMP]

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again:
  • Please check the box next to Scan All Users
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • When the scan completes, post the log it produces in your next reply.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. TDSSKiller Log
2. OTL Fix
3. New OTL Scan
  • 0

#5
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
I can give you the one log but when I ran OTL it froze the computer for over 5 hours and nothing was happening. I had to restart the computer by doing a cold boot and just shutting it down. I can see it taking an hour or even two but at 5 something must have been wrong.
Here is the other log.

10:10:49.0569 3416 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:10:51.0075 3416 ============================================================
10:10:51.0075 3416 Current date / time: 2013/06/21 10:10:51.0075
10:10:51.0075 3416 SystemInfo:
10:10:51.0075 3416
10:10:51.0075 3416 OS Version: 5.1.2600 ServicePack: 3.0
10:10:51.0075 3416 Product type: Workstation
10:10:51.0075 3416 ComputerName: FVDT181
10:10:51.0075 3416 UserName: Administrator
10:10:51.0075 3416 Windows directory: C:\WINDOWS
10:10:51.0075 3416 System windows directory: C:\WINDOWS
10:10:51.0075 3416 Processor architecture: Intel x86
10:10:51.0075 3416 Number of processors: 4
10:10:51.0075 3416 Page size: 0x1000
10:10:51.0075 3416 Boot type: Normal boot
10:10:51.0075 3416 ============================================================
10:10:53.0408 3416 BG loaded
10:10:55.0297 3416 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:10:55.0327 3416 Drive \Device\Harddisk1\DR2 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:10:55.0327 3416 ============================================================
10:10:55.0327 3416 \Device\Harddisk0\DR0:
10:10:55.0578 3416 MBR partitions:
10:10:55.0578 3416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
10:10:55.0578 3416 \Device\Harddisk1\DR2:
10:10:55.0578 3416 MBR partitions:
10:10:55.0578 3416 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEE8BC1
10:10:55.0578 3416 ============================================================
10:10:58.0915 3416 C: <-> \Device\Harddisk0\DR0\Partition1
10:10:58.0974 3416 ============================================================
10:10:58.0974 3416 Initialize success
10:10:58.0974 3416 ============================================================
10:12:33.0003 2448 ============================================================
10:12:33.0003 2448 Scan started
10:12:33.0003 2448 Mode: Manual; SigCheck; TDLFS;
10:12:33.0003 2448 ============================================================
10:12:33.0062 2448 ================ Scan system memory ========================
10:12:33.0062 2448 System memory - ok
10:12:33.0062 2448 ================ Scan services =============================
10:12:33.0106 2448 Abiosdsk - ok
10:12:33.0106 2448 abp480n5 - ok
10:12:33.0151 2448 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:12:33.0608 2448 ACPI - ok
10:12:33.0623 2448 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:12:33.0697 2448 ACPIEC - ok
10:12:33.0756 2448 [ F19C98AD81D2C0E1BBFD8153D2C80EE8 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:12:33.0771 2448 AdobeFlashPlayerUpdateSvc - ok
10:12:33.0771 2448 adpu160m - ok
10:12:33.0815 2448 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:12:33.0874 2448 aec - ok
10:12:33.0904 2448 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:12:33.0918 2448 AFD - ok
10:12:33.0918 2448 Aha154x - ok
10:12:33.0918 2448 aic78u2 - ok
10:12:33.0918 2448 aic78xx - ok
10:12:33.0963 2448 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:12:34.0007 2448 Alerter - ok
10:12:34.0022 2448 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:12:34.0051 2448 ALG - ok
10:12:34.0051 2448 AliIde - ok
10:12:34.0051 2448 amsint - ok
10:12:34.0066 2448 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:12:34.0110 2448 AppMgmt - ok
10:12:34.0110 2448 asc - ok
10:12:34.0110 2448 asc3350p - ok
10:12:34.0110 2448 asc3550 - ok
10:12:34.0332 2448 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:12:34.0346 2448 aspnet_state - ok
10:12:34.0361 2448 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:12:34.0406 2448 AsyncMac - ok
10:12:34.0435 2448 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:12:34.0465 2448 atapi - ok
10:12:34.0465 2448 Atdisk - ok
10:12:34.0479 2448 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:12:34.0524 2448 Atmarpc - ok
10:12:34.0553 2448 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:12:34.0583 2448 AudioSrv - ok
10:12:34.0627 2448 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:12:34.0657 2448 audstub - ok
10:12:34.0701 2448 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:12:34.0730 2448 Beep - ok
10:12:34.0775 2448 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
10:12:34.0834 2448 BITS - ok
10:12:34.0878 2448 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
10:12:34.0893 2448 Browser - ok
10:12:34.0907 2448 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:12:34.0981 2448 cbidf2k - ok
10:12:34.0981 2448 cd20xrnt - ok
10:12:34.0981 2448 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:12:35.0026 2448 Cdaudio - ok
10:12:35.0055 2448 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:12:35.0099 2448 Cdfs - ok
10:12:35.0114 2448 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:12:35.0158 2448 Cdrom - ok
10:12:35.0158 2448 Changer - ok
10:12:35.0173 2448 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:12:35.0232 2448 CiSvc - ok
10:12:35.0232 2448 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:12:35.0277 2448 ClipSrv - ok
10:12:35.0321 2448 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:12:35.0336 2448 clr_optimization_v2.0.50727_32 - ok
10:12:35.0336 2448 CmdIde - ok
10:12:35.0336 2448 COMSysApp - ok
10:12:35.0336 2448 Cpqarray - ok
10:12:35.0350 2448 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:12:35.0395 2448 CryptSvc - ok
10:12:35.0395 2448 dac2w2k - ok
10:12:35.0395 2448 dac960nt - ok
10:12:35.0439 2448 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:12:35.0454 2448 DcomLaunch - ok
10:12:35.0454 2448 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:12:35.0498 2448 Dhcp - ok
10:12:35.0513 2448 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:12:35.0557 2448 Disk - ok
10:12:35.0557 2448 dmadmin - ok
10:12:35.0572 2448 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:12:35.0631 2448 dmboot - ok
10:12:35.0660 2448 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:12:35.0705 2448 dmio - ok
10:12:35.0705 2448 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:12:35.0749 2448 dmload - ok
10:12:35.0764 2448 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:12:35.0808 2448 dmserver - ok
10:12:35.0823 2448 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:12:35.0852 2448 DMusic - ok
10:12:35.0897 2448 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:12:35.0911 2448 Dnscache - ok
10:12:35.0926 2448 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:12:35.0970 2448 Dot3svc - ok
10:12:35.0970 2448 dpti2o - ok
10:12:36.0000 2448 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:12:36.0044 2448 drmkaud - ok
10:12:36.0074 2448 [ 10262DC0B7740D396B8198FD60E493C0 ] e1cexpress C:\WINDOWS\system32\DRIVERS\e1c5132.sys
10:12:36.0458 2448 e1cexpress - ok
10:12:36.0502 2448 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:12:36.0531 2448 EapHost - ok
10:12:36.0546 2448 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:12:36.0591 2448 ERSvc - ok
10:12:36.0635 2448 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:12:36.0650 2448 Eventlog - ok
10:12:36.0650 2448 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
10:12:36.0664 2448 EventSystem - ok
10:12:36.0709 2448 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:12:36.0738 2448 Fastfat - ok
10:12:36.0782 2448 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:12:36.0827 2448 FastUserSwitchingCompatibility - ok
10:12:36.0842 2448 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:12:36.0886 2448 Fdc - ok
10:12:36.0886 2448 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:12:36.0930 2448 Fips - ok
10:12:36.0930 2448 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:12:36.0974 2448 Flpydisk - ok
10:12:37.0004 2448 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:12:37.0048 2448 FltMgr - ok
10:12:37.0107 2448 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:12:37.0107 2448 FontCache3.0.0.0 - ok
10:12:37.0107 2448 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:12:37.0152 2448 Fs_Rec - ok
10:12:37.0152 2448 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:12:37.0196 2448 Ftdisk - ok
10:12:37.0299 2448 [ 6235DD072CAF90F1D81AC5D09C9ECE51 ] GoToAssist Remote Support Customer C:\Program Files\Citrix\GoToAssist Remote Support Customer\461\g2ax_service.exe
10:12:37.0314 2448 GoToAssist Remote Support Customer - ok
10:12:37.0329 2448 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:12:37.0373 2448 Gpc - ok
10:12:37.0417 2448 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:12:37.0462 2448 HDAudBus - ok
10:12:37.0550 2448 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:12:37.0609 2448 helpsvc - ok
10:12:37.0624 2448 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:12:37.0668 2448 HidServ - ok
10:12:37.0698 2448 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:12:37.0742 2448 hidusb - ok
10:12:37.0772 2448 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:12:37.0801 2448 hkmsvc - ok
10:12:37.0816 2448 hpn - ok
10:12:37.0845 2448 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:12:37.0860 2448 HTTP - ok
10:12:37.0875 2448 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:12:37.0919 2448 HTTPFilter - ok
10:12:37.0919 2448 i2omgmt - ok
10:12:37.0919 2448 i2omp - ok
10:12:37.0978 2448 [ 60395C8292B74F07F82A97D473E69A4E ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:12:38.0082 2448 ialm - ok
10:12:38.0155 2448 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:12:38.0185 2448 idsvc - ok
10:12:38.0244 2448 [ 404544C1B48AAC95A839F5D48CF82BA6 ] iGateway C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
10:12:38.0259 2448 iGateway ( UnsignedFile.Multi.Generic ) - warning
10:12:38.0259 2448 iGateway - detected UnsignedFile.Multi.Generic (1)
10:12:38.0288 2448 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:12:38.0333 2448 Imapi - ok
10:12:38.0362 2448 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:12:38.0406 2448 ImapiService - ok
10:12:38.0406 2448 ini910u - ok
10:12:38.0466 2448 [ 4F7D1520BBE672FD9364A9F6F1DEF47C ] InoRPC C:\Program Files\CA\eTrustITM\InoRpc.exe
10:12:38.0480 2448 InoRPC ( UnsignedFile.Multi.Generic ) - warning
10:12:38.0480 2448 InoRPC - detected UnsignedFile.Multi.Generic (1)
10:12:38.0480 2448 [ A08267418C7FD4CC79CBE392373209DB ] InoRT C:\Program Files\CA\eTrustITM\InoRT.exe
10:12:38.0495 2448 InoRT ( UnsignedFile.Multi.Generic ) - warning
10:12:38.0495 2448 InoRT - detected UnsignedFile.Multi.Generic (1)
10:12:38.0510 2448 [ 289D11B07C61F1E8F65312081B26AC6B ] InoTask C:\Program Files\CA\eTrustITM\InoTask.exe
10:12:38.0525 2448 InoTask - ok
10:12:38.0584 2448 [ 4EB3CD8CD2210807ADA276542EB99B06 ] INO_FLPY C:\WINDOWS\system32\Drivers\ino_flpy.sys
10:12:38.0584 2448 INO_FLPY - ok
10:12:38.0613 2448 [ EBFB9E788557ADED04AEF87247AE56DD ] INO_FLTR C:\WINDOWS\system32\Drivers\ino_fltr.sys
10:12:38.0628 2448 INO_FLTR - ok
10:12:38.0731 2448 [ 1E3ED5FE809825903267058B97D07E4A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtDHDAud.sys
10:12:38.0820 2448 IntcAzAudAddService - ok
10:12:38.0879 2448 [ F4804891676F2EFAA81CBF5F2393AD2A ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
10:12:38.0908 2448 IntcDAud - ok
10:12:38.0908 2448 IntelIde - ok
10:12:38.0938 2448 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:12:38.0982 2448 intelppm - ok
10:12:39.0012 2448 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:12:39.0056 2448 Ip6Fw - ok
10:12:39.0100 2448 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:12:39.0145 2448 IpFilterDriver - ok
10:12:39.0159 2448 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:12:39.0204 2448 IpInIp - ok
10:12:39.0218 2448 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:12:39.0263 2448 IpNat - ok
10:12:39.0278 2448 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:12:39.0322 2448 IPSec - ok
10:12:39.0337 2448 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:12:39.0366 2448 IRENUM - ok
10:12:39.0396 2448 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:12:39.0455 2448 isapnp - ok
10:12:39.0528 2448 [ B81E9DE3F8B1D95F961660B4E548D081 ] ITMRTSVC C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
10:12:39.0528 2448 ITMRTSVC - ok
10:12:39.0676 2448 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:12:39.0691 2448 JavaQuickStarterService - ok
10:12:39.0691 2448 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:12:39.0735 2448 Kbdclass - ok
10:12:39.0750 2448 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:12:39.0794 2448 kbdhid - ok
10:12:39.0809 2448 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:12:39.0853 2448 kmixer - ok
10:12:39.0883 2448 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:12:39.0942 2448 KSecDD - ok
10:12:39.0986 2448 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
10:12:40.0030 2448 LanmanServer - ok
10:12:40.0060 2448 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:12:40.0075 2448 lanmanworkstation - ok
10:12:40.0075 2448 lbrtfdc - ok
10:12:40.0104 2448 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:12:40.0149 2448 LmHosts - ok
10:12:40.0208 2448 [ 32F9802DF4143991649BDCD8548BA3DC ] Local Print Agent C:\Program Files\Local Print Agent\Local Print Agent.exe
10:12:40.0208 2448 Local Print Agent ( UnsignedFile.Multi.Generic ) - warning
10:12:40.0208 2448 Local Print Agent - detected UnsignedFile.Multi.Generic (1)
10:12:40.0237 2448 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
10:12:40.0252 2448 MBAMProtector - ok
10:12:40.0311 2448 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:12:40.0311 2448 MBAMScheduler - ok
10:12:40.0326 2448 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:12:40.0340 2448 MBAMService - ok
10:12:40.0370 2448 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:12:40.0414 2448 Messenger - ok
10:12:40.0577 2448 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:12:40.0591 2448 Microsoft Office Groove Audit Service - ok
10:12:40.0621 2448 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:12:40.0665 2448 mnmdd - ok
10:12:40.0695 2448 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:12:40.0739 2448 mnmsrvc - ok
10:12:40.0754 2448 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:12:40.0798 2448 Modem - ok
10:12:40.0813 2448 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:12:40.0857 2448 Mouclass - ok
10:12:40.0857 2448 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:12:40.0902 2448 mouhid - ok
10:12:40.0931 2448 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:12:40.0975 2448 MountMgr - ok
10:12:40.0990 2448 mraid35x - ok
10:12:41.0005 2448 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:12:41.0034 2448 MRxDAV - ok
10:12:41.0064 2448 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:12:41.0093 2448 MRxSmb - ok
10:12:41.0123 2448 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:12:41.0167 2448 MSDTC - ok
10:12:41.0167 2448 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:12:41.0197 2448 Msfs - ok
10:12:41.0212 2448 MSIServer - ok
10:12:41.0226 2448 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:12:41.0271 2448 MSKSSRV - ok
10:12:41.0271 2448 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:12:41.0315 2448 MSPCLOCK - ok
10:12:41.0315 2448 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:12:41.0374 2448 MSPQM - ok
10:12:41.0403 2448 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:12:41.0448 2448 mssmbios - ok
10:12:41.0492 2448 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:12:41.0522 2448 Mup - ok
10:12:41.0536 2448 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:12:41.0581 2448 napagent - ok
10:12:41.0610 2448 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:12:41.0654 2448 NDIS - ok
10:12:41.0654 2448 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:12:41.0669 2448 NdisTapi - ok
10:12:41.0714 2448 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:12:41.0758 2448 Ndisuio - ok
10:12:41.0758 2448 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:12:41.0802 2448 NdisWan - ok
10:12:41.0817 2448 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:12:41.0846 2448 NDProxy - ok
10:12:41.0846 2448 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:12:41.0891 2448 NetBIOS - ok
10:12:41.0905 2448 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:12:41.0950 2448 NetBT - ok
10:12:41.0964 2448 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:12:42.0009 2448 NetDDE - ok
10:12:42.0009 2448 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:12:42.0053 2448 NetDDEdsdm - ok
10:12:42.0068 2448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:12:42.0112 2448 Netlogon - ok
10:12:42.0112 2448 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:12:42.0156 2448 Netman - ok
10:12:42.0186 2448 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:12:42.0201 2448 NetTcpPortSharing - ok
10:12:42.0215 2448 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
10:12:42.0230 2448 Nla - ok
10:12:42.0245 2448 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:12:42.0289 2448 Npfs - ok
10:12:42.0319 2448 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:12:42.0363 2448 Ntfs - ok
10:12:42.0378 2448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:12:42.0422 2448 NtLmSsp - ok
10:12:42.0437 2448 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:12:42.0481 2448 NtmsSvc - ok
10:12:42.0496 2448 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:12:42.0555 2448 Null - ok
10:12:42.0570 2448 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:12:42.0614 2448 NwlnkFlt - ok
10:12:42.0629 2448 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:12:42.0673 2448 NwlnkFwd - ok
10:12:42.0762 2448 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:12:42.0776 2448 odserv - ok
10:12:42.0806 2448 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:12:42.0806 2448 ose - ok
10:12:42.0821 2448 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:12:42.0865 2448 Parport - ok
10:12:42.0880 2448 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:12:42.0924 2448 PartMgr - ok
10:12:42.0954 2448 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:12:43.0013 2448 ParVdm - ok
10:12:43.0013 2448 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:12:43.0057 2448 PCI - ok
10:12:43.0057 2448 PCIDump - ok
10:12:43.0057 2448 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:12:43.0101 2448 PCIIde - ok
10:12:43.0131 2448 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:12:43.0175 2448 Pcmcia - ok
10:12:43.0175 2448 PDCOMP - ok
10:12:43.0175 2448 PDFRAME - ok
10:12:43.0175 2448 PDRELI - ok
10:12:43.0175 2448 PDRFRAME - ok
10:12:43.0190 2448 perc2 - ok
10:12:43.0190 2448 perc2hib - ok
10:12:43.0205 2448 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:12:43.0205 2448 PlugPlay - ok
10:12:43.0219 2448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:12:43.0249 2448 PolicyAgent - ok
10:12:43.0264 2448 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:12:43.0293 2448 PptpMiniport - ok
10:12:43.0308 2448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:12:43.0338 2448 ProtectedStorage - ok
10:12:43.0338 2448 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:12:43.0382 2448 PSched - ok
10:12:43.0382 2448 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:12:43.0411 2448 Ptilink - ok
10:12:43.0426 2448 ql1080 - ok
10:12:43.0426 2448 Ql10wnt - ok
10:12:43.0426 2448 ql12160 - ok
10:12:43.0426 2448 ql1240 - ok
10:12:43.0426 2448 ql1280 - ok
10:12:43.0426 2448 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:12:43.0470 2448 RasAcd - ok
10:12:43.0485 2448 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:12:43.0529 2448 RasAuto - ok
10:12:43.0529 2448 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:12:43.0559 2448 Rasl2tp - ok
10:12:43.0588 2448 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:12:43.0633 2448 RasMan - ok
10:12:43.0633 2448 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:12:43.0677 2448 RasPppoe - ok
10:12:43.0692 2448 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:12:43.0751 2448 Raspti - ok
10:12:43.0766 2448 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:12:43.0810 2448 Rdbss - ok
10:12:43.0810 2448 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:12:43.0854 2448 RDPCDD - ok
10:12:43.0869 2448 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:12:43.0913 2448 rdpdr - ok
10:12:43.0943 2448 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:12:43.0958 2448 RDPWD - ok
10:12:43.0972 2448 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:12:44.0017 2448 RDSessMgr - ok
10:12:44.0031 2448 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:12:44.0076 2448 redbook - ok
10:12:44.0105 2448 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:12:44.0149 2448 RemoteAccess - ok
10:12:44.0179 2448 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:12:44.0209 2448 RemoteRegistry - ok
10:12:44.0238 2448 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
10:12:44.0282 2448 RpcLocator - ok
10:12:44.0327 2448 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:12:44.0327 2448 RpcSs - ok
10:12:44.0356 2448 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:12:44.0400 2448 RSVP - ok
10:12:44.0415 2448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:12:44.0445 2448 SamSs - ok
10:12:44.0474 2448 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:12:44.0519 2448 SCardSvr - ok
10:12:44.0548 2448 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:12:44.0592 2448 Schedule - ok
10:12:44.0607 2448 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:12:44.0637 2448 Secdrv - ok
10:12:44.0666 2448 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:12:44.0696 2448 seclogon - ok
10:12:44.0711 2448 Security Center Update - 2370236077 - ok
10:12:44.0711 2448 Security Center Update - 3530754759 - ok
10:12:44.0725 2448 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:12:44.0770 2448 SENS - ok
10:12:44.0770 2448 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:12:44.0814 2448 serenum - ok
10:12:44.0814 2448 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:12:44.0858 2448 Serial - ok
10:12:44.0873 2448 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:12:44.0902 2448 Sfloppy - ok
10:12:44.0917 2448 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:12:44.0961 2448 SharedAccess - ok
10:12:44.0991 2448 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:12:44.0991 2448 ShellHWDetection - ok
10:12:44.0991 2448 Simbad - ok
10:12:44.0991 2448 Sparrow - ok
10:12:45.0021 2448 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:12:45.0065 2448 splitter - ok
10:12:45.0094 2448 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:12:45.0109 2448 Spooler - ok
10:12:45.0153 2448 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:12:45.0183 2448 sr - ok
10:12:45.0183 2448 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
10:12:45.0212 2448 srservice - ok
10:12:45.0257 2448 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:12:45.0272 2448 Srv - ok
10:12:45.0316 2448 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:12:45.0331 2448 SSDPSRV - ok
10:12:45.0360 2448 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:12:45.0390 2448 stisvc - ok
10:12:45.0434 2448 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:12:45.0478 2448 swenum - ok
10:12:45.0493 2448 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:12:45.0523 2448 swmidi - ok
10:12:45.0523 2448 SwPrv - ok
10:12:45.0523 2448 symc810 - ok
10:12:45.0523 2448 symc8xx - ok
10:12:45.0523 2448 sym_hi - ok
10:12:45.0523 2448 sym_u3 - ok
10:12:45.0537 2448 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:12:45.0582 2448 sysaudio - ok
10:12:45.0611 2448 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:12:45.0655 2448 SysmonLog - ok
10:12:45.0655 2448 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:12:45.0700 2448 TapiSrv - ok
10:12:45.0744 2448 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:12:45.0759 2448 Tcpip - ok
10:12:45.0773 2448 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:12:45.0818 2448 TDPIPE - ok
10:12:45.0847 2448 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:12:45.0877 2448 TDTCP - ok
10:12:45.0892 2448 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:12:45.0936 2448 TermDD - ok
10:12:45.0936 2448 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:12:45.0995 2448 TermService - ok
10:12:45.0995 2448 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:12:45.0995 2448 Themes - ok
10:12:46.0024 2448 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:12:46.0039 2448 TlntSvr - ok
10:12:46.0054 2448 TosIde - ok
10:12:46.0069 2448 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:12:46.0098 2448 TrkWks - ok
10:12:46.0113 2448 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:12:46.0143 2448 Udfs - ok
10:12:46.0157 2448 ultra - ok
10:12:46.0157 2448 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:12:46.0202 2448 Update - ok
10:12:46.0216 2448 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:12:46.0246 2448 upnphost - ok
10:12:46.0246 2448 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:12:46.0290 2448 UPS - ok
10:12:46.0290 2448 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:12:46.0335 2448 usbccgp - ok
10:12:46.0364 2448 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:12:46.0408 2448 usbehci - ok
10:12:46.0408 2448 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:12:46.0453 2448 usbhub - ok
10:12:46.0482 2448 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:12:46.0541 2448 usbscan - ok
10:12:46.0571 2448 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:12:46.0615 2448 USBSTOR - ok
10:12:46.0615 2448 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:12:46.0659 2448 VgaSave - ok
10:12:46.0659 2448 ViaIde - ok
10:12:46.0704 2448 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:12:46.0748 2448 VolSnap - ok
10:12:46.0777 2448 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:12:46.0807 2448 VSS - ok
10:12:46.0822 2448 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:12:46.0866 2448 W32Time - ok
10:12:46.0866 2448 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:12:46.0910 2448 Wanarp - ok
10:12:46.0910 2448 WDICA - ok
10:12:46.0925 2448 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:12:46.0955 2448 wdmaud - ok
10:12:46.0969 2448 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:12:47.0014 2448 WebClient - ok
10:12:47.0073 2448 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:12:47.0117 2448 winmgmt - ok
10:12:47.0147 2448 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:12:47.0176 2448 WmdmPmSN - ok
10:12:47.0206 2448 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:12:47.0220 2448 Wmi - ok
10:12:47.0235 2448 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:12:47.0279 2448 WmiApSrv - ok
10:12:47.0309 2448 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:12:47.0353 2448 wscsvc - ok
10:12:47.0383 2448 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:12:47.0427 2448 wuauserv - ok
10:12:47.0442 2448 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:12:47.0486 2448 WZCSVC - ok
10:12:47.0501 2448 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:12:47.0545 2448 xmlprov - ok
10:12:47.0545 2448 ================ Scan global ===============================
10:12:47.0575 2448 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:12:47.0604 2448 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:12:47.0619 2448 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:12:47.0619 2448 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:12:47.0619 2448 [Global] - ok
10:12:47.0619 2448 ================ Scan MBR ==================================
10:12:47.0648 2448 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:12:48.0269 2448 \Device\Harddisk0\DR0 - ok
10:12:48.0269 2448 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR2
10:12:51.0443 2448 \Device\Harddisk1\DR2 - ok
10:12:51.0443 2448 ================ Scan VBR ==================================
10:12:51.0443 2448 [ BB192F00062277248E83642682BC26EF ] \Device\Harddisk0\DR0\Partition1
10:12:51.0443 2448 \Device\Harddisk0\DR0\Partition1 - ok
10:12:51.0443 2448 [ E1E715CBE27599617C93F0333AE030AE ] \Device\Harddisk1\DR2\Partition1
10:12:51.0443 2448 \Device\Harddisk1\DR2\Partition1 - ok
10:12:51.0443 2448 ================ Scan active images ========================
10:12:51.0443 2448 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
10:12:51.0443 2448 C:\WINDOWS\system32\drivers\videoprt.sys - ok
10:12:51.0443 2448 [ 60395C8292B74F07F82A97D473E69A4E ] C:\WINDOWS\system32\drivers\igxpmp32.sys
10:12:51.0443 2448 C:\WINDOWS\system32\drivers\igxpmp32.sys - ok
10:12:51.0457 2448 [ 10262DC0B7740D396B8198FD60E493C0 ] C:\WINDOWS\system32\drivers\e1c5132.sys
10:12:51.0457 2448 C:\WINDOWS\system32\drivers\e1c5132.sys - ok
10:12:51.0457 2448 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
10:12:51.0457 2448 C:\WINDOWS\system32\drivers\usbport.sys - ok
10:12:51.0457 2448 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
10:12:51.0457 2448 C:\WINDOWS\system32\drivers\usbehci.sys - ok
10:12:51.0457 2448 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
10:12:51.0457 2448 C:\WINDOWS\system32\drivers\audstub.sys - ok
10:12:51.0457 2448 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
10:12:51.0457 2448 C:\WINDOWS\system32\drivers\cdrom.sys - ok
10:12:51.0457 2448 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
10:12:51.0457 2448 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
10:12:51.0457 2448 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
10:12:51.0457 2448 C:\WINDOWS\system32\drivers\imapi.sys - ok
10:12:51.0457 2448 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
10:12:51.0457 2448 C:\WINDOWS\system32\drivers\intelppm.sys - ok
10:12:51.0457 2448 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
10:12:51.0457 2448 C:\WINDOWS\system32\drivers\ks.sys - ok
10:12:51.0457 2448 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
10:12:51.0457 2448 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
10:12:51.0457 2448 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
10:12:51.0457 2448 C:\WINDOWS\system32\drivers\redbook.sys - ok
10:12:51.0472 2448 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
10:12:51.0472 2448 C:\WINDOWS\system32\drivers\serenum.sys - ok
10:12:51.0472 2448 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
10:12:51.0472 2448 C:\WINDOWS\system32\drivers\serial.sys - ok
10:12:51.0472 2448 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
10:12:51.0472 2448 C:\WINDOWS\system32\drivers\msgpc.sys - ok
10:12:51.0472 2448 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
10:12:51.0472 2448 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
10:12:51.0472 2448 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
10:12:51.0472 2448 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
10:12:51.0472 2448 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
10:12:51.0472 2448 C:\WINDOWS\system32\drivers\psched.sys - ok
10:12:51.0472 2448 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
10:12:51.0472 2448 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
10:12:51.0472 2448 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
10:12:51.0472 2448 C:\WINDOWS\system32\drivers\raspptp.sys - ok
10:12:51.0472 2448 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
10:12:51.0472 2448 C:\WINDOWS\system32\drivers\tdi.sys - ok
10:12:51.0472 2448 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
10:12:51.0472 2448 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
10:12:51.0472 2448 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
10:12:51.0472 2448 C:\WINDOWS\system32\drivers\mouclass.sys - ok
10:12:51.0487 2448 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
10:12:51.0487 2448 C:\WINDOWS\system32\drivers\ptilink.sys - ok
10:12:51.0487 2448 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
10:12:51.0487 2448 C:\WINDOWS\system32\drivers\raspti.sys - ok
10:12:51.0487 2448 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
10:12:51.0487 2448 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
10:12:51.0487 2448 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
10:12:51.0487 2448 C:\WINDOWS\system32\drivers\swenum.sys - ok
10:12:51.0487 2448 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
10:12:51.0487 2448 C:\WINDOWS\system32\drivers\termdd.sys - ok
10:12:51.0487 2448 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
10:12:51.0487 2448 C:\WINDOWS\system32\drivers\update.sys - ok
10:12:51.0487 2448 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
10:12:51.0487 2448 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
10:12:51.0487 2448 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
10:12:51.0487 2448 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
10:12:51.0487 2448 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
10:12:51.0487 2448 C:\WINDOWS\system32\drivers\usbd.sys - ok
10:12:51.0487 2448 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
10:12:51.0487 2448 C:\WINDOWS\system32\drivers\usbhub.sys - ok
10:12:51.0487 2448 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
10:12:51.0487 2448 C:\WINDOWS\system32\drivers\drmk.sys - ok
10:12:51.0487 2448 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
10:12:51.0487 2448 C:\WINDOWS\system32\drivers\portcls.sys - ok
10:12:51.0502 2448 [ 1E3ED5FE809825903267058B97D07E4A ] C:\WINDOWS\system32\drivers\RtDHDAud.sys
10:12:51.0502 2448 C:\WINDOWS\system32\drivers\RtDHDAud.sys - ok
10:12:51.0502 2448 [ F4804891676F2EFAA81CBF5F2393AD2A ] C:\WINDOWS\system32\drivers\IntcDAud.sys
10:12:51.0502 2448 C:\WINDOWS\system32\drivers\IntcDAud.sys - ok
10:12:51.0502 2448 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
10:12:51.0502 2448 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
10:12:51.0502 2448 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
10:12:51.0502 2448 C:\WINDOWS\system32\drivers\fdc.sys - ok
10:12:51.0502 2448 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
10:12:51.0502 2448 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
10:12:51.0502 2448 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
10:12:51.0502 2448 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
10:12:51.0502 2448 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
10:12:51.0502 2448 C:\WINDOWS\system32\drivers\beep.sys - ok
10:12:51.0502 2448 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
10:12:51.0502 2448 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
10:12:51.0502 2448 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
10:12:51.0502 2448 C:\WINDOWS\system32\drivers\hidparse.sys - ok
10:12:51.0502 2448 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
10:12:51.0502 2448 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
10:12:51.0502 2448 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
10:12:51.0502 2448 C:\WINDOWS\system32\drivers\null.sys - ok
10:12:51.0517 2448 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
10:12:51.0517 2448 C:\WINDOWS\system32\drivers\ipsec.sys - ok
10:12:51.0517 2448 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
10:12:51.0517 2448 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
10:12:51.0517 2448 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
10:12:51.0517 2448 C:\WINDOWS\system32\drivers\msfs.sys - ok
10:12:51.0517 2448 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
10:12:51.0517 2448 C:\WINDOWS\system32\drivers\npfs.sys - ok
10:12:51.0517 2448 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
10:12:51.0517 2448 C:\WINDOWS\system32\drivers\rasacd.sys - ok
10:12:51.0517 2448 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
10:12:51.0517 2448 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
10:12:51.0517 2448 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
10:12:51.0517 2448 C:\WINDOWS\system32\drivers\vga.sys - ok
10:12:51.0517 2448 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
10:12:51.0517 2448 C:\WINDOWS\system32\drivers\tcpip.sys - ok
10:12:51.0517 2448 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
10:12:51.0517 2448 C:\WINDOWS\system32\drivers\afd.sys - ok
10:12:51.0517 2448 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
10:12:51.0517 2448 C:\WINDOWS\system32\drivers\ipnat.sys - ok
10:12:51.0517 2448 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
10:12:51.0517 2448 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
10:12:51.0517 2448 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
10:12:51.0517 2448 C:\WINDOWS\system32\drivers\netbios.sys - ok
10:12:51.0531 2448 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
10:12:51.0531 2448 C:\WINDOWS\system32\drivers\netbt.sys - ok
10:12:51.0531 2448 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
10:12:51.0531 2448 C:\WINDOWS\system32\drivers\rdbss.sys - ok
10:12:51.0531 2448 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
10:12:51.0531 2448 C:\WINDOWS\system32\drivers\fips.sys - ok
10:12:51.0531 2448 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
10:12:51.0531 2448 C:\WINDOWS\system32\drivers\wanarp.sys - ok
10:12:51.0531 2448 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
10:12:51.0531 2448 C:\WINDOWS\system32\smss.exe - ok
10:12:51.0531 2448 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
10:12:51.0531 2448 C:\WINDOWS\system32\ntdll.dll - ok
10:12:51.0531 2448 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
10:12:51.0531 2448 C:\WINDOWS\system32\autochk.exe - ok
10:12:51.0531 2448 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
10:12:51.0531 2448 C:\WINDOWS\system32\sfcfiles.dll - ok
10:12:51.0531 2448 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
10:12:51.0531 2448 C:\WINDOWS\system32\drivers\cdfs.sys - ok
10:12:51.0531 2448 [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\USBSTOR.SYS
10:12:51.0531 2448 C:\WINDOWS\system32\drivers\USBSTOR.SYS - ok
10:12:51.0531 2448 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
10:12:51.0531 2448 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
10:12:51.0546 2448 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
10:12:51.0546 2448 C:\WINDOWS\system32\drivers\hidclass.sys - ok
10:12:51.0546 2448 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
10:12:51.0546 2448 C:\WINDOWS\system32\drivers\hidusb.sys - ok
10:12:51.0546 2448 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
10:12:51.0546 2448 C:\WINDOWS\system32\drivers\mouhid.sys - ok
10:12:51.0546 2448 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
10:12:51.0546 2448 C:\WINDOWS\system32\drivers\wmilib.sys - ok
10:12:51.0546 2448 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
10:12:51.0546 2448 C:\WINDOWS\system32\drivers\atapi.sys - ok
10:12:51.0546 2448 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
10:12:51.0546 2448 C:\WINDOWS\system32\drivers\dxapi.sys - ok
10:12:51.0546 2448 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
10:12:51.0546 2448 C:\WINDOWS\system32\watchdog.sys - ok
10:12:51.0546 2448 [ FC8A1F72A8097910A11D5184BC3F887B ] C:\WINDOWS\system32\win32k.sys
10:12:51.0546 2448 C:\WINDOWS\system32\win32k.sys - ok
10:12:51.0546 2448 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:12:51.0546 2448 C:\WINDOWS\system32\basesrv.dll - ok
10:12:51.0546 2448 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
10:12:51.0546 2448 C:\WINDOWS\system32\csrsrv.dll - ok
10:12:51.0546 2448 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
10:12:51.0546 2448 C:\WINDOWS\system32\csrss.exe - ok
10:12:51.0561 2448 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:12:51.0561 2448 C:\WINDOWS\system32\winsrv.dll - ok
10:12:51.0561 2448 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
10:12:51.0561 2448 C:\WINDOWS\system32\gdi32.dll - ok
10:12:51.0561 2448 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
10:12:51.0561 2448 C:\WINDOWS\system32\kernel32.dll - ok
10:12:51.0561 2448 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
10:12:51.0561 2448 C:\WINDOWS\system32\user32.dll - ok
10:12:51.0561 2448 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
10:12:51.0561 2448 C:\WINDOWS\system32\drivers\dxg.sys - ok
10:12:51.0561 2448 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
10:12:51.0561 2448 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
10:12:51.0561 2448 [ 6DB0BF4DAAA4E868B59F7F7995D7A560 ] C:\WINDOWS\system32\igxprd32.dll
10:12:51.0561 2448 C:\WINDOWS\system32\igxprd32.dll - ok
10:12:51.0561 2448 [ 6D900FCAB400B046C9FBA36DE661F3A6 ] C:\WINDOWS\system32\igxpgd32.dll
10:12:51.0561 2448 C:\WINDOWS\system32\igxpgd32.dll - ok
10:12:51.0561 2448 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
10:12:51.0561 2448 C:\WINDOWS\system32\vga.dll - ok
10:12:51.0561 2448 [ 3B8B43CCCDA9DF5AAB7A67B882238AF4 ] C:\WINDOWS\system32\igxpdv32.dll
10:12:51.0561 2448 C:\WINDOWS\system32\igxpdv32.dll - ok
10:12:51.0561 2448 [ 7D44E84E46EC9D5FD0E6D1D9C05FE9E7 ] C:\WINDOWS\system32\igxpdx32.dll
10:12:51.0561 2448 C:\WINDOWS\system32\igxpdx32.dll - ok
10:12:51.0561 2448 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
10:12:51.0561 2448 C:\WINDOWS\system32\winlogon.exe - ok
10:12:51.0576 2448 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
10:12:51.0576 2448 C:\WINDOWS\system32\advapi32.dll - ok
10:12:51.0576 2448 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
10:12:51.0576 2448 C:\WINDOWS\system32\rpcrt4.dll - ok
10:12:51.0576 2448 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
10:12:51.0576 2448 C:\WINDOWS\system32\authz.dll - ok
10:12:51.0576 2448 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
10:12:51.0576 2448 C:\WINDOWS\system32\msvcrt.dll - ok
10:12:51.0576 2448 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
10:12:51.0576 2448 C:\WINDOWS\system32\secur32.dll - ok
10:12:51.0576 2448 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
10:12:51.0576 2448 C:\WINDOWS\system32\crypt32.dll - ok
10:12:51.0576 2448 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
10:12:51.0576 2448 C:\WINDOWS\system32\msasn1.dll - ok
10:12:51.0576 2448 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
10:12:51.0576 2448 C:\WINDOWS\system32\nddeapi.dll - ok
10:12:51.0576 2448 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
10:12:51.0576 2448 C:\WINDOWS\system32\profmap.dll - ok
10:12:51.0576 2448 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
10:12:51.0576 2448 C:\WINDOWS\system32\netapi32.dll - ok
10:12:51.0576 2448 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
10:12:51.0576 2448 C:\WINDOWS\system32\userenv.dll - ok
10:12:51.0590 2448 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
10:12:51.0590 2448 C:\WINDOWS\system32\psapi.dll - ok
10:12:51.0590 2448 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
10:12:51.0590 2448 C:\WINDOWS\system32\regapi.dll - ok
10:12:51.0590 2448 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
10:12:51.0590 2448 C:\WINDOWS\system32\setupapi.dll - ok
10:12:51.0590 2448 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
10:12:51.0590 2448 C:\WINDOWS\system32\version.dll - ok
10:12:51.0590 2448 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
10:12:51.0590 2448 C:\WINDOWS\system32\imagehlp.dll - ok
10:12:51.0590 2448 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
10:12:51.0590 2448 C:\WINDOWS\system32\winsta.dll - ok
10:12:51.0590 2448 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
10:12:51.0590 2448 C:\WINDOWS\system32\wintrust.dll - ok
10:12:51.0590 2448 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
10:12:51.0590 2448 C:\WINDOWS\system32\imm32.dll - ok
10:12:51.0590 2448 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
10:12:51.0590 2448 C:\WINDOWS\system32\kbdus.dll - ok
10:12:51.0590 2448 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
10:12:51.0590 2448 C:\WINDOWS\system32\ws2help.dll - ok
10:12:51.0590 2448 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
10:12:51.0590 2448 C:\WINDOWS\system32\ws2_32.dll - ok
10:12:51.0590 2448 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
10:12:51.0590 2448 C:\WINDOWS\system32\msgina.dll - ok
10:12:51.0605 2448 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
10:12:51.0605 2448 C:\WINDOWS\system32\comctl32.dll - ok
10:12:51.0605 2448 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
10:12:51.0605 2448 C:\WINDOWS\system32\comdlg32.dll - ok
10:12:51.0605 2448 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
10:12:51.0605 2448 C:\WINDOWS\system32\odbc32.dll - ok
10:12:51.0605 2448 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
10:12:51.0605 2448 C:\WINDOWS\system32\shell32.dll - ok
10:12:51.0605 2448 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
10:12:51.0605 2448 C:\WINDOWS\system32\shlwapi.dll - ok
10:12:51.0605 2448 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
10:12:51.0605 2448 C:\WINDOWS\system32\sxs.dll - ok
10:12:51.0605 2448 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
10:12:51.0605 2448 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
10:12:51.0605 2448 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
10:12:51.0605 2448 C:\WINDOWS\system32\odbcint.dll - ok
10:12:51.0605 2448 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
10:12:51.0605 2448 C:\WINDOWS\system32\sfc.dll - ok
10:12:51.0605 2448 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
10:12:51.0605 2448 C:\WINDOWS\system32\sfc_os.dll - ok
10:12:51.0605 2448 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
10:12:51.0605 2448 C:\WINDOWS\system32\shsvcs.dll - ok
10:12:51.0620 2448 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
10:12:51.0620 2448 C:\WINDOWS\system32\ole32.dll - ok
10:12:51.0620 2448 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
10:12:51.0620 2448 C:\WINDOWS\system32\apphelp.dll - ok
10:12:51.0620 2448 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:12:51.0620 2448 C:\WINDOWS\system32\services.exe - ok
10:12:51.0620 2448 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
10:12:51.0620 2448 C:\WINDOWS\system32\lsasrv.dll - ok
10:12:51.0620 2448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
10:12:51.0620 2448 C:\WINDOWS\system32\lsass.exe - ok
10:12:51.0620 2448 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
10:12:51.0620 2448 C:\WINDOWS\system32\ncobjapi.dll - ok
10:12:51.0620 2448 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
10:12:51.0620 2448 C:\WINDOWS\system32\msvcp60.dll - ok
10:12:51.0620 2448 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
10:12:51.0620 2448 C:\WINDOWS\system32\scesrv.dll - ok
10:12:51.0620 2448 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
10:12:51.0620 2448 C:\WINDOWS\system32\mpr.dll - ok
10:12:51.0620 2448 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\AcAdProc.dll
10:12:51.0620 2448 C:\WINDOWS\AppPatch\AcAdProc.dll - ok
10:12:51.0620 2448 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
10:12:51.0620 2448 C:\WINDOWS\system32\dnsapi.dll - ok
10:12:51.0620 2448 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
10:12:51.0620 2448 C:\WINDOWS\system32\ntdsapi.dll - ok
10:12:51.0635 2448 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
10:12:51.0635 2448 C:\WINDOWS\system32\shimeng.dll - ok
10:12:51.0635 2448 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
10:12:51.0635 2448 C:\WINDOWS\system32\umpnpmgr.dll - ok
10:12:51.0635 2448 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
10:12:51.0635 2448 C:\WINDOWS\system32\wldap32.dll - ok
10:12:51.0635 2448 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
10:12:51.0635 2448 C:\WINDOWS\system32\samlib.dll - ok
10:12:51.0635 2448 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
10:12:51.0635 2448 C:\WINDOWS\system32\samsrv.dll - ok
10:12:51.0635 2448 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\AcGenral.dll
10:12:51.0635 2448 C:\WINDOWS\AppPatch\AcGenral.dll - ok
10:12:51.0635 2448 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
10:12:51.0635 2448 C:\WINDOWS\system32\cryptdll.dll - ok
10:12:51.0635 2448 [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
10:12:51.0635 2448 C:\WINDOWS\system32\oleaut32.dll - ok
10:12:51.0635 2448 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
10:12:51.0635 2448 C:\WINDOWS\system32\winmm.dll - ok
10:12:51.0635 2448 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
10:12:51.0635 2448 C:\WINDOWS\system32\msacm32.dll - ok
10:12:51.0635 2448 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
10:12:51.0635 2448 C:\WINDOWS\system32\uxtheme.dll - ok
10:12:51.0649 2448 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
10:12:51.0649 2448 C:\WINDOWS\system32\msapsspc.dll - ok
10:12:51.0649 2448 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
10:12:51.0649 2448 C:\WINDOWS\system32\msvcrt40.dll - ok
10:12:51.0649 2448 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
10:12:51.0649 2448 C:\WINDOWS\system32\schannel.dll - ok
10:12:51.0649 2448 [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
10:12:51.0649 2448 C:\WINDOWS\system32\atmfd.dll - ok
10:12:51.0649 2448 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
10:12:51.0649 2448 C:\WINDOWS\system32\digest.dll - ok
10:12:51.0649 2448 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
10:12:51.0649 2448 C:\WINDOWS\system32\kerberos.dll - ok
10:12:51.0649 2448 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\MSCTFIME.IME
10:12:51.0649 2448 C:\WINDOWS\system32\MSCTFIME.IME - ok
10:12:51.0649 2448 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
10:12:51.0649 2448 C:\WINDOWS\system32\msnsspc.dll - ok
10:12:51.0649 2448 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
10:12:51.0649 2448 C:\WINDOWS\system32\msprivs.dll - ok
10:12:51.0649 2448 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
10:12:51.0649 2448 C:\WINDOWS\system32\msv1_0.dll - ok
10:12:51.0649 2448 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
10:12:51.0649 2448 C:\WINDOWS\system32\iphlpapi.dll - ok
10:12:51.0649 2448 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
10:12:51.0649 2448 C:\WINDOWS\system32\netlogon.dll - ok
10:12:51.0664 2448 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
10:12:51.0664 2448 C:\WINDOWS\system32\rsaenh.dll - ok
10:12:51.0664 2448 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
10:12:51.0664 2448 C:\WINDOWS\system32\w32time.dll - ok
10:12:51.0664 2448 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
10:12:51.0664 2448 C:\WINDOWS\system32\wdigest.dll - ok
10:12:51.0664 2448 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
10:12:51.0664 2448 C:\WINDOWS\system32\winscard.dll - ok
10:12:51.0664 2448 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
10:12:51.0664 2448 C:\WINDOWS\system32\wtsapi32.dll - ok
10:12:51.0664 2448 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
10:12:51.0664 2448 C:\WINDOWS\system32\scecli.dll - ok
10:12:51.0664 2448 [ EBFB9E788557ADED04AEF87247AE56DD ] C:\WINDOWS\system32\drivers\ino_fltr.sys
10:12:51.0664 2448 C:\WINDOWS\system32\drivers\ino_fltr.sys - ok
10:12:51.0664 2448 [ 4470E3C1E0C3378E4CAB137893C12C3A ] C:\WINDOWS\system32\drivers\mbam.sys
10:12:51.0664 2448 C:\WINDOWS\system32\drivers\mbam.sys - ok
10:12:51.0664 2448 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
10:12:51.0664 2448 C:\WINDOWS\system32\svchost.exe - ok
10:12:51.0664 2448 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
10:12:51.0664 2448 C:\WINDOWS\system32\ntmarta.dll - ok
10:12:51.0664 2448 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
10:12:51.0664 2448 C:\WINDOWS\system32\rpcss.dll - ok
10:12:51.0664 2448 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
10:12:51.0664 2448 C:\WINDOWS\system32\xpsp2res.dll - ok
10:12:51.0679 2448 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
10:12:51.0679 2448 C:\WINDOWS\system32\eventlog.dll - ok
10:12:51.0679 2448 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
10:12:51.0679 2448 C:\WINDOWS\system32\mswsock.dll - ok
10:12:51.0679 2448 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
10:12:51.0679 2448 C:\WINDOWS\system32\hnetcfg.dll - ok
10:12:51.0679 2448 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
10:12:51.0679 2448 C:\WINDOWS\system32\rasadhlp.dll - ok
10:12:51.0679 2448 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
10:12:51.0679 2448 C:\WINDOWS\system32\winrnr.dll - ok
10:12:51.0679 2448 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
10:12:51.0679 2448 C:\WINDOWS\system32\wshtcpip.dll - ok
10:12:51.0679 2448 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
10:12:51.0679 2448 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
10:12:51.0679 2448 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
10:12:51.0679 2448 C:\WINDOWS\system32\dhcpcsvc.dll - ok
10:12:51.0679 2448 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
10:12:51.0679 2448 C:\WINDOWS\system32\dnsrslvr.dll - ok
10:12:51.0679 2448 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
10:12:51.0679 2448 C:\WINDOWS\system32\lmhsvc.dll - ok
10:12:51.0679 2448 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
10:12:51.0679 2448 C:\WINDOWS\system32\wzcsvc.dll - ok
10:12:51.0694 2448 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
10:12:51.0694 2448 C:\WINDOWS\system32\eapolqec.dll - ok
10:12:51.0694 2448 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
10:12:51.0694 2448 C:\WINDOWS\system32\rtutils.dll - ok
10:12:51.0694 2448 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
10:12:51.0694 2448 C:\WINDOWS\system32\wmi.dll - ok
10:12:51.0694 2448 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
10:12:51.0694 2448 C:\WINDOWS\system32\atl.dll - ok
10:12:51.0694 2448 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
10:12:51.0694 2448 C:\WINDOWS\system32\dot3api.dll - ok
10:12:51.0694 2448 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
10:12:51.0694 2448 C:\WINDOWS\system32\esent.dll - ok
10:12:51.0694 2448 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
10:12:51.0694 2448 C:\WINDOWS\system32\qutil.dll - ok
10:12:51.0694 2448 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
10:12:51.0694 2448 C:\WINDOWS\system32\clbcatq.dll - ok
10:12:51.0694 2448 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
10:12:51.0694 2448 C:\WINDOWS\system32\comres.dll - ok
10:12:51.0694 2448 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
10:12:51.0694 2448 C:\WINDOWS\system32\cryptui.dll - ok
10:12:51.0694 2448 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
10:12:51.0694 2448 C:\WINDOWS\system32\cscdll.dll - ok
10:12:51.0694 2448 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
10:12:51.0694 2448 C:\WINDOWS\system32\dimsntfy.dll - ok
10:12:51.0708 2448 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
10:12:51.0708 2448 C:\WINDOWS\system32\rastls.dll - ok
10:12:51.0708 2448 [ B746202EC3FCCD3D90164986675991DE ] C:\Program Files\Citrix\GoToAssist Remote Support Customer\461\g2ax_winlogon.dll
10:12:51.0708 2448 C:\Program Files\Citrix\GoToAssist Remote Support Customer\461\g2ax_winlogon.dll - ok
10:12:51.0708 2448 [ CE5BA470204A3176E60721C4B63B8DF3 ] C:\WINDOWS\system32\wininet.dll
10:12:51.0708 2448 C:\WINDOWS\system32\wininet.dll - ok
10:12:51.0708 2448 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
10:12:51.0708 2448 C:\WINDOWS\system32\normaliz.dll - ok
10:12:51.0708 2448 [ F2ED64D23C94ACF512A81142F3431F4C ] C:\WINDOWS\system32\urlmon.dll
10:12:51.0708 2448 C:\WINDOWS\system32\urlmon.dll - ok
10:12:51.0708 2448 [ 4B260853E692D11BA7A8D9B3B8807BB3 ] C:\Program Files\Citrix\GoToAssist Remote Support Customer\461\g2ax_processfactory.exe
10:12:51.0708 2448 C:\Program Files\Citrix\GoToAssist Remote Support Customer\461\g2ax_processfactory.exe - ok
10:12:51.0708 2448 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
10:12:51.0708 2448 C:\WINDOWS\system32\wlnotify.dll - ok
10:12:51.0708 2448 [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
10:12:51.0708 2448 C:\WINDOWS\system32\WgaLogon.dll - ok
10:12:51.0708 2448 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
10:12:51.0708 2448 C:\WINDOWS\system32\winspool.drv - ok
10:12:51.0708 2448 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
10:12:51.0708 2448 C:\WINDOWS\system32\msxml3.dll - ok
10:12:51.0708 2448 [ F81E2C10BD6C4BE3B9A242018CEF7A98 ] C:\WINDOWS\system32\iertutil.dll
10:12:51.0708 2448 C:\WINDOWS\system32\iertutil.dll - ok
10:12:51.0723 2448 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
10:12:51.0723 2448 C:\WINDOWS\system32\mprapi.dll - ok
10:12:51.0723 2448 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
10:12:51.0723 2448 C:\WINDOWS\system32\activeds.dll - ok
10:12:51.0723 2448 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
10:12:51.0723 2448 C:\WINDOWS\system32\adsldpc.dll - ok
10:12:51.0723 2448 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
10:12:51.0723 2448 C:\WINDOWS\system32\rasapi32.dll - ok
10:12:51.0723 2448 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
10:12:51.0723 2448 C:\WINDOWS\system32\rasman.dll - ok
10:12:51.0723 2448 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
10:12:51.0723 2448 C:\WINDOWS\system32\tapi32.dll - ok
10:12:51.0723 2448 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
10:12:51.0723 2448 C:\WINDOWS\system32\riched20.dll - ok
10:12:51.0723 2448 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
10:12:51.0723 2448 C:\WINDOWS\system32\raschap.dll - ok
10:12:51.0723 2448 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
10:12:51.0723 2448 C:\WINDOWS\system32\schedsvc.dll - ok
10:12:51.0723 2448 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
10:12:51.0723 2448 C:\WINDOWS\system32\msidle.dll - ok
10:12:51.0723 2448 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
10:12:51.0723 2448 C:\WINDOWS\system32\spoolsv.exe - ok
10:12:51.0723 2448 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
10:12:51.0723 2448 C:\WINDOWS\system32\audiosrv.dll - ok
10:12:51.0738 2448 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
10:12:51.0738 2448 C:\WINDOWS\system32\wkssvc.dll - ok
10:12:51.0738 2448 [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\system32\drivers\fastfat.sys
10:12:51.0738 2448 C:\WINDOWS\system32\drivers\fastfat.sys - ok
10:12:51.0738 2448 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
10:12:51.0738 2448 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
10:12:51.0738 2448 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
10:12:51.0738 2448 C:\WINDOWS\system32\webclnt.dll - ok
10:12:51.0738 2448 [ 404544C1B48AAC95A839F5D48CF82BA6 ] C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
10:12:51.0738 2448 C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe - ok
10:12:51.0738 2448 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
10:12:51.0738 2448 C:\WINDOWS\system32\drivers\parport.sys - ok
10:12:51.0738 2448 [ D2965195C04ACE9BE6E124DD58A6E482 ] C:\Program Files\CA\SharedComponents\iTechnology\libetpki2.dll
10:12:51.0738 2448 C:\Program Files\CA\SharedComponents\iTechnology\libetpki2.dll - ok
10:12:51.0738 2448 [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
10:12:51.0738 2448 C:\WINDOWS\system32\qmgr.dll - ok
10:12:51.0738 2448 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
10:12:51.0738 2448 C:\WINDOWS\system32\wsock32.dll - ok
10:12:51.0738 2448 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
10:12:51.0738 2448 C:\WINDOWS\system32\shfolder.dll - ok
10:12:51.0738 2448 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\CA\SharedComponents\iTechnology\msvcr71.dll
10:12:51.0738 2448 C:\Program Files\CA\SharedComponents\iTechnology\msvcr71.dll - ok
10:12:51.0753 2448 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
10:12:51.0753 2448 C:\WINDOWS\system32\winhttp.dll - ok
10:12:51.0753 2448 [ C13FA85C2948F4BAFBE848AD2962030C ] C:\Program Files\CA\SharedComponents\iTechnology\ipthread.dll
10:12:51.0753 2448 C:\Program Files\CA\SharedComponents\iTechnology\ipthread.dll - ok
10:12:51.0753 2448 [ F5849C46BD1746AF997124A1AF76F8B1 ] C:\Program Files\CA\SharedComponents\iTechnology\libetpki2_thread.dll
10:12:51.0753 2448 C:\Program Files\CA\SharedComponents\iTechnology\libetpki2_thread.dll - ok
10:12:51.0753 2448 [ 9972A6ED4F2388DBFA8E0A96F6F3FDF1 ] C:\Program Files\CA\SharedComponents\iTechnology\msvcr70.dll
10:12:51.0753 2448 C:\Program Files\CA\SharedComponents\iTechnology\msvcr70.dll - ok
10:12:51.0753 2448 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
10:12:51.0753 2448 C:\WINDOWS\system32\certcli.dll - ok
10:12:51.0753 2448 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
10:12:51.0753 2448 C:\WINDOWS\system32\cryptsvc.dll - ok
10:12:51.0753 2448 [ ECB358CCEECD18EE398CEE9562D4F21A ] C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_crypto.dll
10:12:51.0753 2448 C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_crypto.dll - ok
10:12:51.0753 2448 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
10:12:51.0753 2448 C:\WINDOWS\system32\dmserver.dll - ok
10:12:51.0753 2448 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
10:12:51.0753 2448 C:\WINDOWS\system32\ersvc.dll - ok
10:12:51.0753 2448 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
10:12:51.0753 2448 C:\WINDOWS\system32\es.dll - ok
10:12:51.0753 2448 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
10:12:51.0753 2448 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
10:12:51.0768 2448 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
10:12:51.0768 2448 C:\WINDOWS\system32\hid.dll - ok
10:12:51.0768 2448 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
10:12:51.0768 2448 C:\WINDOWS\system32\hidserv.dll - ok
10:12:51.0768 2448 [ 977DC4359C532BDE1391FBBC05C3DDF6 ] C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_ssl.dll
10:12:51.0768 2448 C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_ssl.dll - ok
10:12:51.0768 2448 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
10:12:51.0768 2448 C:\WINDOWS\system32\netman.dll - ok
10:12:51.0768 2448 [ 4F7D1520BBE672FD9364A9F6F1DEF47C ] C:\Program Files\CA\eTrustITM\InoRPC.exe
10:12:51.0768 2448 C:\Program Files\CA\eTrustITM\InoRPC.exe - ok
10:12:51.0768 2448 [ 48AA212B28E24E11F1E8C9EDB9E66D6C ] C:\Program Files\CA\eTrustITM\poldecod.dll
10:12:51.0768 2448 C:\Program Files\CA\eTrustITM\poldecod.dll - ok
10:12:51.0768 2448 [ 95AC512898A8E9F0E76740EB259E4C31 ] C:\Program Files\Java\jre7\bin\client\jvm.dll
10:12:51.0768 2448 C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
10:12:51.0768 2448 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
10:12:51.0768 2448 C:\WINDOWS\system32\netshell.dll - ok
10:12:51.0768 2448 [ 6A8814117D430577DE6D2257CEFA36C9 ] C:\Program Files\CA\eTrustITM\InoOEM.dll
10:12:51.0768 2448 C:\Program Files\CA\eTrustITM\InoOEM.dll - ok
10:12:51.0768 2448 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\system32\msvcr71.dll
10:12:51.0768 2448 C:\WINDOWS\system32\msvcr71.dll - ok
10:12:51.0768 2448 [ 850C6F5177815888A4E7D0BDDCBDA8F1 ] C:\Program Files\CA\eTrustITM\eTrstSig.dll
10:12:51.0768 2448 C:\Program Files\CA\eTrustITM\eTrstSig.dll - ok
10:12:51.0768 2448 [ E7329195B00E992005949D8C9524D1CA ] C:\Program Files\CA\eTrustITM\InConfig.dll
10:12:51.0768 2448 C:\Program Files\CA\eTrustITM\InConfig.dll - ok
10:12:51.0782 2448 [ 0317085CA73553193E971902F828885E ] C:\Program Files\CA\eTrustITM\Inocore.dll
10:12:51.0782 2448 C:\Program Files\CA\eTrustITM\Inocore.dll - ok
10:12:51.0782 2448 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\WINDOWS\system32\msvcp71.dll
10:12:51.0782 2448 C:\WINDOWS\system32\msvcp71.dll - ok
10:12:51.0782 2448 [ AD7641EAF609DAE2BAC586B32EA2EAA3 ] C:\Program Files\CA\eTrustITM\AvOEM.dll
10:12:51.0782 2448 C:\Program Files\CA\eTrustITM\AvOEM.dll - ok
10:12:51.0782 2448 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
10:12:51.0782 2448 C:\WINDOWS\system32\credui.dll - ok
10:12:51.0782 2448 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
10:12:51.0782 2448 C:\WINDOWS\system32\dot3dlg.dll - ok
10:12:51.0782 2448 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
10:12:51.0782 2448 C:\WINDOWS\system32\onex.dll - ok
10:12:51.0782 2448 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
10:12:51.0782 2448 C:\WINDOWS\system32\eappcfg.dll - ok
10:12:51.0782 2448 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
10:12:51.0782 2448 C:\WINDOWS\system32\eappprxy.dll - ok
10:12:51.0782 2448 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
10:12:51.0782 2448 C:\WINDOWS\system32\wzcsapi.dll - ok
10:12:51.0782 2448 [ 1FEB2901A056A3531B2BEF7BF8DA7CCC ] C:\Program Files\CA\eTrustITM\PpOEM.dll
10:12:51.0782 2448 C:\Program Files\CA\eTrustITM\PpOEM.dll - ok
10:12:51.0782 2448 [ 669D2EB8C1BC4D5A36CAFCE1574FC130 ] C:\Program Files\CA\eTrustITM\ComOEM.dll
10:12:51.0782 2448 C:\Program Files\CA\eTrustITM\ComOEM.dll - ok
10:12:51.0797 2448 [ 02466C11C8C8251C8A67C349B0F70F23 ] C:\Program Files\CA\SharedComponents\iTechnology\iControl.dll
10:12:51.0797 2448 C:\Program Files\CA\SharedComponents\iTechnology\iControl.dll - ok
10:12:51.0797 2448 [ D8E7BA981FE50D1738A4A5A214B9B69D ] C:\Program Files\CA\eTrustITM\InocDB.dll
10:12:51.0797 2448 C:\Program Files\CA\eTrustITM\InocDB.dll - ok
10:12:51.0797 2448 [ 1A713B2C70ABC3E7EB3DD19A2D55C77D ] C:\Program Files\CA\eTrustITM\ScanLog.dll
10:12:51.0797 2448 C:\Program Files\CA\eTrustITM\ScanLog.dll - ok
10:12:51.0797 2448 [ 87AA22A9F05E0461A5F6DF50A993EE67 ] C:\Program Files\CA\SharedComponents\iTechnology\zlib.dll
10:12:51.0797 2448 C:\Program Files\CA\SharedComponents\iTechnology\zlib.dll - ok
10:12:51.0797 2448 [ 52DA84A08E304F9E6BC74D049BDCDCCD ] C:\Program Files\CA\SharedComponents\iTechnology\xerces-c_2_6.dll
10:12:51.0797 2448 C:\Program Files\CA\SharedComponents\iTechnology\xerces-c_2_6.dll - ok
10:12:51.0797 2448 [ A08267418C7FD4CC79CBE392373209DB ] C:\Program Files\CA\eTrustITM\InoRT.exe
10:12:51.0797 2448 C:\Program Files\CA\eTrustITM\InoRT.exe - ok
10:12:51.0797 2448 [ AE5485D9141892BB20EF4FC16557D91D ] C:\Program Files\CA\eTrustITM\wBkRsrc.dll
10:12:51.0797 2448 C:\Program Files\CA\eTrustITM\wBkRsrc.dll - ok
10:12:51.0797 2448 [ B4C01C7A1ECF776D5F44EACDF8548FEE ] C:\Program Files\CA\eTrustITM\Avdcod.dll
10:12:51.0797 2448 C:\Program Files\CA\eTrustITM\Avdcod.dll - ok
10:12:51.0797 2448 [ 8059F5364B488E208F89B5E2F5361421 ] C:\Program Files\CA\eTrustITM\eTSigAV.dll
10:12:51.0797 2448 C:\Program Files\CA\eTrustITM\eTSigAV.dll - ok
10:12:51.0797 2448 [ D8B72E08AC488130B99EF16C013A3B0B ] C:\Program Files\CA\eTrustITM\eTSigPP.dll
10:12:51.0797 2448 C:\Program Files\CA\eTrustITM\eTSigPP.dll - ok
10:12:51.0797 2448 [ 19B06BD158AE84142EDA92521EA645F4 ] C:\Program Files\CA\eTrustITM\InoAlert.dll
10:12:51.0797 2448 C:\Program Files\CA\eTrustITM\InoAlert.dll - ok
10:12:51.0797 2448 [ 289D11B07C61F1E8F65312081B26AC6B ] C:\Program Files\CA\eTrustITM\InoTask.exe
10:12:51.0797 2448 C:\Program Files\CA\eTrustITM\InoTask.exe - ok
10:12:51.0812 2448 [ 4FE459E191B6F9A02E3AC98092CE5C00 ] C:\Program Files\CA\eTrustITM\mandcod.dll
10:12:51.0812 2448 C:\Program Files\CA\eTrustITM\mandcod.dll - ok
10:12:51.0812 2448 [ 54E967C5F146C1F3687B2B6D97EB9C87 ] C:\Program Files\CA\SharedComponents\iTechnology\libcurl_7_12_3.dll
10:12:51.0812 2448 C:\Program Files\CA\SharedComponents\iTechnology\libcurl_7_12_3.dll - ok
10:12:51.0812 2448 [ CAC359E55A85E33275217543C7E5ADAB ] C:\Program Files\CA\SharedComponents\iTechnology\libeay32.dll
10:12:51.0812 2448 C:\Program Files\CA\SharedComponents\iTechnology\libeay32.dll - ok
10:12:51.0812 2448 [ 42F768D1B6EFFB442B04EA2D0F408EFE ] C:\Program Files\CA\SharedComponents\ScanEngine\InoScan.dll
10:12:51.0812 2448 C:\Program Files\CA\SharedComponents\ScanEngine\InoScan.dll - ok
10:12:51.0812 2448 [ 0EB6FA7136A996237C205959B795CE2A ] C:\Program Files\CA\SharedComponents\ScanEngine\ScanRes.dll
10:12:51.0812 2448 C:\Program Files\CA\SharedComponents\ScanEngine\ScanRes.dll - ok
10:12:51.0812 2448 [ 842638DCEAF1F836D8F7771625631F5D ] C:\Program Files\CA\eTrustITM\InDrvCfg.dll
10:12:51.0812 2448 C:\Program Files\CA\eTrustITM\InDrvCfg.dll - ok
10:12:51.0812 2448 [ 0522C2C49DC9642DE0EFCD31E1CDBFD3 ] C:\Program Files\CA\eTrustITM\RPCMtAPI.dll
10:12:51.0812 2448 C:\Program Files\CA\eTrustITM\RPCMtAPI.dll - ok
10:12:51.0812 2448 [ CAFB5F6DE30E6098CCFF88D9636C844E ] C:\Program Files\CA\SharedComponents\CAUpdate\AVUConfig.dll
10:12:51.0812 2448 C:\Program Files\CA\SharedComponents\CAUpdate\AVUConfig.dll - ok
10:12:51.0812 2448 [ 232389261671CFAF544ABF8BD6C99F0D ] C:\Program Files\CA\SharedComponents\ScanEngine\Arclib.dll
10:12:51.0812 2448 C:\Program Files\CA\SharedComponents\ScanEngine\Arclib.dll - ok
10:12:51.0812 2448 [ EAE3E82DCA433DF73BD62152866CF388 ] C:\Program Files\CA\eTrustITM\secAPI.dll
10:12:51.0812 2448 C:\Program Files\CA\eTrustITM\secAPI.dll - ok
10:12:51.0812 2448 [ 32F7A5E466ECCABE743A0A0088B186E1 ] C:\Program Files\CA\SharedComponents\ScanEngine\VetE.dll
10:12:51.0812 2448 C:\Program Files\CA\SharedComponents\ScanEngine\VetE.dll - ok
10:12:51.0827 2448 [ 3E83CC38838034C7C8D9316A6518891B ] C:\Program Files\CA\SharedComponents\CAUpdate\CAUConfig.dll
10:12:51.0827 2448 C:\Program Files\CA\SharedComponents\CAUpdate\CAUConfig.dll - ok
10:12:51.0827 2448 [ FE5594C02D681D145BB99E430C2ED415 ] C:\Program Files\CA\SharedComponents\iTechnology\ssleay32.dll
10:12:51.0827 2448 C:\Program Files\CA\SharedComponents\iTechnology\ssleay32.dll - ok
10:12:51.0827 2448 [ D04F7AACA2319A3BCDB2C5D5DD6F6026 ] C:\Program Files\CA\SharedComponents\iTechnology\msvcp70.dll
10:12:51.0827 2448 C:\Program Files\CA\SharedComponents\iTechnology\msvcp70.dll - ok
10:12:51.0827 2448 [ 7493B6497547AE5FE12495B3287C3E07 ] C:\Program Files\CA\SharedComponents\iTechnology\pcre.dll
10:12:51.0827 2448 C:\Program Files\CA\SharedComponents\iTechnology\pcre.dll - ok
10:12:51.0827 2448 [ 6C24EDAF41FA04028594408DBAF068E1 ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
10:12:51.0827 2448 C:\Program Files\CA\SharedComponents\PPRealtime\bin\CAServer.dll - ok
10:12:51.0827 2448 [ B81E9DE3F8B1D95F961660B4E548D081 ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
10:12:51.0827 2448 C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe - ok
10:12:51.0827 2448 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\msvcp71.dll
10:12:51.0827 2448 C:\Program Files\CA\SharedComponents\PPRealtime\bin\msvcp71.dll - ok
10:12:51.0827 2448 [ 4316C7D78FEC5B66A805C8ABD6AF4697 ] C:\Program Files\CA\SharedComponents\ThirdParty\xerces-c_2_6_vc71.dll
10:12:51.0827 2448 C:\Program Files\CA\SharedComponents\ThirdParty\xerces-c_2_6_vc71.dll - ok
10:12:51.0827 2448 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
10:12:51.0827 2448 C:\WINDOWS\system32\security.dll - ok
10:12:51.0827 2448 [ F454EBAD0D42D880C19C6F93E8798598 ] C:\Program Files\CA\SharedComponents\iTechnology\Spin.dll
10:12:51.0827 2448 C:\Program Files\CA\SharedComponents\iTechnology\Spin.dll - ok
10:12:51.0827 2448 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\msvcr71.dll
10:12:51.0827 2448 C:\Program Files\CA\SharedComponents\PPRealtime\bin\msvcr71.dll - ok
10:12:51.0827 2448 [ 92B91C7806684E1D9B265F3C88AD20F4 ] C:\Program Files\CA\SharedComponents\ThirdParty\xsec_1_1_0_vc71.dll
10:12:51.0827 2448 C:\Program Files\CA\SharedComponents\ThirdParty\xsec_1_1_0_vc71.dll - ok
10:12:51.0841 2448 [ F0388C0FA759C9B7B836B1CAB093655F ] C:\Program Files\CA\SharedComponents\iTechnology\baseSpindle.dll
10:12:51.0841 2448 C:\Program Files\CA\SharedComponents\iTechnology\baseSpindle.dll - ok
10:12:51.0841 2448 [ 80F08F50D248EEEEB9256F6522891D40 ] C:\Program Files\Java\jre7\bin\jqs.exe
10:12:51.0841 2448 C:\Program Files\Java\jre7\bin\jqs.exe - ok
10:12:51.0841 2448 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
10:12:51.0841 2448 C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
10:12:51.0841 2448 [ 78F8D7949F1EFF88BA65F8EC29176AB0 ] C:\Program Files\CA\SharedComponents\CAUpdate\CAUMessage.dll
10:12:51.0841 2448 C:\Program Files\CA\SharedComponents\CAUpdate\CAUMessage.dll - ok
10:12:51.0841 2448 [ 1B9111217B6983CCF056463C64EF47C1 ] C:\Program Files\CA\SharedComponents\ScanEngine\MsgQueue.dll
10:12:51.0841 2448 C:\Program Files\CA\SharedComponents\ScanEngine\MsgQueue.dll - ok
10:12:51.0841 2448 [ 4A79D2CBE414D14E3030251B85D9E1BA ] C:\Program Files\CA\eTrustITM\eppdcod.dll
10:12:51.0841 2448 C:\Program Files\CA\eTrustITM\eppdcod.dll - ok
10:12:51.0841 2448 [ A7088E1608E53DBDDA0698411BB0BB24 ] C:\Program Files\CA\eTrustITM\epprc.dll
10:12:51.0841 2448 C:\Program Files\CA\eTrustITM\epprc.dll - ok
10:12:51.0841 2448 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
10:12:51.0841 2448 C:\WINDOWS\system32\pdh.dll - ok
10:12:51.0841 2448 [ 557F1964C26556F05CBA9029A2BE9FD0 ] C:\Program Files\CA\SharedComponents\iTechnology\ITMClient.dll
10:12:51.0841 2448 C:\Program Files\CA\SharedComponents\iTechnology\ITMClient.dll - ok
10:12:51.0841 2448 [ 683682D4A7CF11C7A268B6BA85794D20 ] C:\Program Files\CA\eTrustITM\InocAdn.dll
10:12:51.0841 2448 C:\Program Files\CA\eTrustITM\InocAdn.dll - ok
10:12:51.0841 2448 [ E30C4F071F037D409537731566DB8BB3 ] C:\Program Files\CA\eTrustITM\secAddIn.dll
10:12:51.0841 2448 C:\Program Files\CA\eTrustITM\secAddIn.dll - ok
10:12:51.0856 2448 [ F99DC4C5EE7B2C2E7B5EE21DB60FAFA1 ] C:\Program Files\CA\SharedComponents\SubscriptionLicense\licenseUtils.dll
10:12:51.0856 2448 C:\Program Files\CA\SharedComponents\SubscriptionLicense\licenseUtils.dll - ok
10:12:51.0856 2448 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
10:12:51.0856 2448 C:\WINDOWS\system32\odbcbcp.dll - ok
10:12:51.0856 2448 [ 32F9802DF4143991649BDCD8548BA3DC ] C:\Program Files\Local Print Agent\Local Print Agent.exe
10:12:51.0856 2448 C:\Program Files\Local Print Agent\Local Print Agent.exe - ok
10:12:51.0856 2448 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
10:12:51.0856 2448 C:\WINDOWS\system32\srvsvc.dll - ok
10:12:51.0856 2448 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
10:12:51.0856 2448 C:\WINDOWS\system32\mscoree.dll - ok
10:12:51.0856 2448 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
10:12:51.0856 2448 C:\WINDOWS\system32\netmsg.dll - ok
10:12:51.0856 2448 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
10:12:51.0856 2448 C:\WINDOWS\system32\perfdisk.dll - ok
10:12:51.0856 2448 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
10:12:51.0856 2448 C:\WINDOWS\system32\perfos.dll - ok
10:12:51.0856 2448 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
10:12:51.0856 2448 C:\WINDOWS\system32\drivers\srv.sys - ok
10:12:51.0856 2448 [ FB53A700132D9A97D1E10E9F80BD6174 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10:12:51.0856 2448 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
10:12:51.0856 2448 [ C14FE4600EA83BBB53DEA670586C3C07 ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTAPI.dll
10:12:51.0856 2448 C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTAPI.dll - ok
10:12:51.0856 2448 [ 44F35D70423A8E83A7481F6FBC83F73D ] C:\Program Files\CA\eTrustITM\polAdn.dll
10:12:51.0856 2448 C:\Program Files\CA\eTrustITM\polAdn.dll - ok
10:12:51.0871 2448 [ CF15AEC3C92D230AAE0C679B8FEE4A41 ] C:\Program Files\CA\eTrustITM\RPCMtAdn.dll
10:12:51.0871 2448 C:\Program Files\CA\eTrustITM\RPCMtAdn.dll - ok
10:12:51.0871 2448 [ 4316C7D78FEC5B66A805C8ABD6AF4697 ] C:\Program Files\CA\SharedComponents\iTechnology\xerces-c_2_6_vc71.dll
10:12:51.0871 2448 C:\Program Files\CA\SharedComponents\iTechnology\xerces-c_2_6_vc71.dll - ok
10:12:51.0871 2448 [ C27E770204A8B7D92EA69A0179FE42E4 ] C:\Program Files\CA\SharedComponents\ScanEngine\ppctl.dll
10:12:51.0871 2448 C:\Program Files\CA\SharedComponents\ScanEngine\ppctl.dll - ok
10:12:51.0871 2448 [ DBB864184B0DACB6A3BE3BB849640836 ] C:\Program Files\CA\eTrustITM\nameAPIX.dll
10:12:51.0871 2448 C:\Program Files\CA\eTrustITM\nameAPIX.dll - ok
10:12:51.0871 2448 [ 86B35A24432A8A30EB769D2DFFE5DC72 ] C:\Program Files\CA\eTrustITM\manecod.dll
10:12:51.0871 2448 C:\Program Files\CA\eTrustITM\manecod.dll - ok
10:12:51.0871 2448 [ CADD01BF37AFA6BD3AF4852CAA038C23 ] C:\Program Files\CA\eTrustITM\polencod.dll
10:12:51.0871 2448 C:\Program Files\CA\eTrustITM\polencod.dll - ok
10:12:51.0871 2448 [ B8B9D26952B13A80F173DF1456868E7D ] C:\Program Files\CA\eTrustITM\eppecod.dll
10:12:51.0871 2448 C:\Program Files\CA\eTrustITM\eppecod.dll - ok
10:12:51.0871 2448 [ 2409BC8C41B64F89C9E489232F75D4B5 ] C:\Program Files\CA\eTrustITM\mailecod.dll
10:12:51.0871 2448 C:\Program Files\CA\eTrustITM\mailecod.dll - ok
10:12:51.0871 2448 [ 1C4D0F52B4238B9388F2A28DD0903588 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
10:12:51.0871 2448 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll - ok
10:12:51.0871 2448 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\CA\SharedComponents\iTechnology\msvcp71.dll
10:12:51.0871 2448 C:\Program Files\CA\SharedComponents\iTechnology\msvcp71.dll - ok
10:12:51.0871 2448 [ 09523AFBC5937D7CC786FC9C74D2D516 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
10:12:51.0871 2448 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll - ok
10:12:51.0886 2448 [ 3E6657495EC5661C705F0749EE12A7D6 ] C:\Program Files\CA\eTrustITM\ITMsdk.dll
10:12:51.0886 2448 C:\Program Files\CA\eTrustITM\ITMsdk.dll - ok
10:12:51.0886 2448 [ 92B91C7806684E1D9B265F3C88AD20F4 ] C:\Program Files\CA\SharedComponents\iTechnology\xsec_1_1_0_vc71.dll
10:12:51.0886 2448 C:\Program Files\CA\SharedComponents\iTechnology\xsec_1_1_0_vc71.dll - ok
10:12:51.0886 2448 [ 4B3685AA700084E4ED6635FC1EFD9CC2 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
10:12:51.0886 2448 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll - ok
10:12:51.0886 2448 [ C1649188479440AA5834EDA555445CDC ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
10:12:51.0886 2448 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll - ok
10:12:51.0886 2448 [ 723528449ED0D1B0AD98AF3EDF23101D ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10:12:51.0886 2448 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
10:12:51.0886 2448 [ C92AFC7B1DEADEE419DC44E4081AAF0A ] C:\Program Files\CA\eTrustITM\InoWMI.dll
10:12:51.0886 2448 C:\Program Files\CA\eTrustITM\InoWMI.dll - ok
10:12:51.0886 2448 [ 3BDC875DF2B82BEFEF0D9F4A35370537 ] C:\Program Files\Local Print Agent\PrintFleet.Common.dll
10:12:51.0886 2448 C:\Program Files\Local Print Agent\PrintFleet.Common.dll - ok
10:12:51.0886 2448 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
10:12:51.0886 2448 C:\WINDOWS\system32\msi.dll - ok
10:12:51.0886 2448 [ E34BABA9FA867FDA5F05ACF29753FF25 ] C:\Program Files\CA\eTrustITM\OemComNA.dll
10:12:51.0886 2448 C:\Program Files\CA\eTrustITM\OemComNA.dll - ok
10:12:51.0886 2448 [ AA224F2BE32EA556282E24824771EB04 ] C:\Program Files\Local Print Agent\Nlog.dll
10:12:51.0886 2448 C:\Program Files\Local Print Agent\Nlog.dll - ok
10:12:51.0886 2448 [ 249885BC976CE436AF0EAE90FC728336 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll
10:12:51.0886 2448 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll - ok
10:12:51.0900 2448 [ 13BE601DD9AF4B726C8EF1DC337271CC ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
10:12:51.0900 2448 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll - ok
10:12:51.0900 2448 [ CC7563FEB4FD29E0C1A61841BEA64D5F ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll
10:12:51.0900 2448 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll - ok
10:12:51.0900 2448 [ C3FED6BBC024AAFFE6969FD4EE9F5941 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
10:12:51.0900 2448 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll - ok
10:12:51.0900 2448 [ 7A7831A07950CD7E8AC82AFA7E44A816 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
10:12:51.0900 2448 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll - ok
10:12:51.0900 2448 [ 9774C61DC40B728960AD4849BCAA009A ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll
10:12:51.0900 2448 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll - ok
10:12:51.0900 2448 [ 70B034685916298B6394B5DA4FD8B630 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8a0eba3c8f881dd718ab4d1bb5118f15\System.Web.Services.ni.dll
10:12:51.0900 2448 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8a0eba3c8f881dd718ab4d1bb5118f15\System.Web.Services.ni.dll - ok
10:12:51.0900 2448 [ 50AF3E1B3A0744F7750B9BCD3C80AA52 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll
10:12:51.0900 2448 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll - ok
10:12:51.0900 2448 [ 16F96C1496CBD0965285AB19A9271D02 ] C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
10:12:51.0900 2448 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - ok
10:12:51.0900 2448 [ 4EA92135C436D18975C2EBEC242B71DA ] C:\WINDOWS\system32\icmp.dll
10:12:51.0900 2448 C:\WINDOWS\system32\icmp.dll - ok
10:12:51.0900 2448 [ B9653D05DEDB4C4BAA707C819922D291 ] C:\Program Files\CA\eTrustITM\Ppcl.exe
10:12:51.0900 2448 C:\Program Files\CA\eTrustITM\Ppcl.exe - ok
10:12:51.0900 2448 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
10:12:51.0900 2448 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
10:12:51.0900 2448 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
10:12:51.0900 2448 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
10:12:51.0915 2448 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\WINDOWS\system32\mfc71.dll
10:12:51.0915 2448 C:\WINDOWS\system32\mfc71.dll - ok
10:12:51.0915 2448 [ 860FAD57B4668A9F5F350A9D5444AE89 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
10:12:51.0915 2448 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - ok
10:12:51.0915 2448 [ 65085456FD9A74D7F1A999520C299ECB ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:12:51.0915 2448 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
10:12:51.0915 2448 [ EF39CCCC9AD927A25334AE0B41A8A343 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
10:12:51.0915 2448 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok
10:12:51.0915 2448 [ 9275F02BEA644F43A459E316A932658F ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
10:12:51.0915 2448 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok
10:12:51.0915 2448 [ 4E98097C6DAF780D145FB702C6EA625F ] C:\WINDOWS\system32\ieframe.dll
10:12:51.0915 2448 C:\WINDOWS\system32\ieframe.dll - ok
10:12:51.0915 2448 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:12:51.0915 2448 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok
10:12:51.0915 2448 [ 80D8679BF84A9383BFF33E07D5D9FC35 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
10:12:51.0915 2448 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok
10:12:51.0915 2448 [ 30DB64D316F502558DB2380F7343C9FD ] C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
10:12:51.0915 2448 C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - ok
10:12:51.0915 2448 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
10:12:51.0915 2448 C:\WINDOWS\system32\ipsecsvc.dll - ok
10:12:51.0915 2448 [ 986B1FF5814366D71E0AC5755C88F2D3 ] C:\WINDOWS\system32\msgsvc.dll
10:12:51.0915 2448 C:\WINDOWS\system32\msgsvc.dll - ok
10:12:51.0915 2448 [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
10:12:51.0915 2448 C:\WINDOWS\system32\regsvc.dll - ok
10:12:51.0930 2448 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
10:12:51.0930 2448 C:\WINDOWS\system32\seclogon.dll - ok
10:12:51.0930 2448 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
10:12:51.0930 2448 C:\WINDOWS\system32\oakley.dll - ok
10:12:51.0930 2448 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
10:12:51.0930 2448 C:\WINDOWS\system32\wiaservc.dll - ok
10:12:51.0930 2448 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
10:12:51.0930 2448 C:\WINDOWS\system32\sens.dll - ok
10:12:51.0930 2448 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
10:12:51.0930 2448 C:\WINDOWS\system32\srsvc.dll - ok
10:12:51.0930 2448 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
10:12:51.0930 2448 C:\WINDOWS\system32\winipsec.dll - ok
10:12:51.0930 2448 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
10:12:51.0930 2448 C:\WINDOWS\system32\powrprof.dll - ok
10:12:51.0930 2448 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
10:12:51.0930 2448 C:\WINDOWS\system32\cfgmgr32.dll - ok
10:12:51.0930 2448 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
10:12:51.0930 2448 C:\WINDOWS\system32\mscms.dll - ok
10:12:51.0930 2448 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
10:12:51.0930 2448 C:\WINDOWS\system32\pstorsvc.dll - ok
10:12:51.0930 2448 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
10:12:51.0930 2448 C:\WINDOWS\system32\trkwks.dll - ok
10:12:51.0945 2448 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
10:12:51.0945 2448 C:\WINDOWS\system32\psbase.dll - ok
10:12:51.0945 2448 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
10:12:51.0945 2448 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
10:12:51.0945 2448 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
10:12:51.0945 2448 C:\WINDOWS\system32\dssenh.dll - ok
10:12:51.0945 2448 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
10:12:51.0945 2448 C:\WINDOWS\system32\vssapi.dll - ok
10:12:51.0945 2448 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
10:12:51.0945 2448 C:\WINDOWS\system32\actxprxy.dll - ok
10:12:51.0945 2448 [ 207204AF80505AF51271FE164B56F662 ] C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
10:12:51.0945 2448 C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll - ok
10:12:51.0945 2448 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
10:12:51.0945 2448 C:\WINDOWS\system32\wuauserv.dll - ok
10:12:51.0945 2448 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
10:12:51.0945 2448 C:\WINDOWS\system32\wuaueng.dll - ok
10:12:51.0945 2448 [ 30EFEBDC960A482E3E188B9960B286E2 ] C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
10:12:51.0945 2448 C:\Program Files\Microsoft Office\Office12\GrooveNew.dll - ok
10:12:51.0945 2448 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
10:12:51.0945 2448 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll - ok
10:12:51.0945 2448 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
10:12:51.0945 2448 C:\WINDOWS\system32\cabinet.dll - ok
10:12:51.0959 2448 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
10:12:51.0959 2448 C:\WINDOWS\system32\mspatcha.dll - ok
10:12:51.0959 2448 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
10:12:51.0959 2448 C:\WINDOWS\system32\browser.dll - ok
10:12:51.0959 2448 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
10:12:51.0959 2448 C:\WINDOWS\system32\msimg32.dll - ok
10:12:51.0959 2448 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
10:12:51.0959 2448 C:\WINDOWS\system32\ipnathlp.dll - ok
10:12:51.0959 2448 [ 6309955F8A1BDD10A8467C50ED3F023E ] C:\WINDOWS\system32\netsh.exe
10:12:51.0959 2448 C:\WINDOWS\system32\netsh.exe - ok
10:12:51.0959 2448 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
10:12:51.0959 2448 C:\WINDOWS\system32\wscsvc.dll - ok
10:12:51.0959 2448 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
10:12:51.0959 2448 C:\WINDOWS\system32\comsvcs.dll - ok
10:12:51.0959 2448 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
10:12:51.0959 2448 C:\WINDOWS\system32\colbact.dll - ok
10:12:51.0959 2448 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
10:12:51.0959 2448 C:\WINDOWS\system32\clusapi.dll - ok
10:12:51.0959 2448 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
10:12:51.0959 2448 C:\WINDOWS\system32\mtxclu.dll - ok
10:12:51.0959 2448 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
10:12:51.0959 2448 C:\WINDOWS\system32\resutils.dll - ok
10:12:51.0959 2448 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
10:12:51.0959 2448 C:\WINDOWS\system32\wups.dll - ok
10:12:51.0974 2448 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
10:12:51.0974 2448 C:\WINDOWS\system32\wups2.dll - ok
10:12:51.0974 2448 [ 2B8B64AA14F817BDF3E3204FB041A61D ] C:\WINDOWS\system32\mtxoci.dll
10:12:51.0974 2448 C:\WINDOWS\system32\mtxoci.dll - ok
10:12:51.0974 2448 [ 2FFA0986648BA99F743300AEC911BFB3 ] C:\WINDOWS\system32\ipv6mon.dll
10:12:51.0974 2448 C:\WINDOWS\system32\ipv6mon.dll - ok
10:12:51.0974 2448 [ CA113D47F1B23A137B9A34845D0596A9 ] C:\WINDOWS\system32\ipmontr.dll
10:12:51.0974 2448 C:\WINDOWS\system32\ipmontr.dll - ok
10:12:51.0974 2448 [ DB0851DF38A3E82C9B84EB7360D6E817 ] C:\WINDOWS\system32\ifmon.dll
10:12:51.0974 2448 C:\WINDOWS\system32\ifmon.dll - ok
10:12:51.0974 2448 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
10:12:51.0974 2448 C:\WINDOWS\system32\netcfgx.dll - ok
10:12:51.0974 2448 [ 814E3D64311AC9C9541F4144AD014DDF ] C:\WINDOWS\system32\ippromon.dll
10:12:51.0974 2448 C:\WINDOWS\system32\ippromon.dll - ok
10:12:51.0974 2448 [ A704B3608EBF79E190E62549E0A2CCDE ] C:\WINDOWS\system32\rasmontr.dll
10:12:51.0974 2448 C:\WINDOWS\system32\rasmontr.dll - ok
10:12:51.0974 2448 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
10:12:51.0974 2448 C:\WINDOWS\system32\wuauclt.exe - ok
10:12:51.0974 2448 [ B6CD64BA2D3B0349F72F3914E13E6F02 ] C:\WINDOWS\system32\ipxmontr.dll
10:12:51.0974 2448 C:\WINDOWS\system32\ipxmontr.dll - ok
10:12:51.0974 2448 [ 00180C1ECC0E32EDF46D3D6D05ECEF23 ] C:\WINDOWS\system32\ipxpromn.dll
10:12:51.0974 2448 C:\WINDOWS\system32\ipxpromn.dll - ok
10:12:51.0989 2448 [ 2B90B311B85B7AD7CBC1DF8640CDAE26 ] C:\WINDOWS\system32\dgnet.dll
10:12:51.0989 2448 C:\WINDOWS\system32\dgnet.dll - ok
10:12:51.0989 2448 [ 17F37365AF926F20346301BA781EF3E5 ] C:\WINDOWS\system32\fwcfg.dll
10:12:51.0989 2448 C:\WINDOWS\system32\fwcfg.dll - ok
10:12:51.0989 2448 [ CB0B260E371968CB253252E81ADC051E ] C:\WINDOWS\system32\hnetmon.dll
10:12:51.0989 2448 C:\WINDOWS\system32\hnetmon.dll - ok
10:12:51.0989 2448 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
10:12:51.0989 2448 C:\WINDOWS\system32\wbem\framedyn.dll - ok
10:12:51.0989 2448 [ 5099188F965E8C3DA76281E9CBCB0E7F ] C:\WINDOWS\system32\napmontr.dll
10:12:51.0989 2448 C:\WINDOWS\system32\napmontr.dll - ok
10:12:51.0989 2448 [ E85FD6ABA80BD637AA2AA9D93308D355 ] C:\WINDOWS\system32\dot3cfg.dll
10:12:51.0989 2448 C:\WINDOWS\system32\dot3cfg.dll - ok
10:12:51.0989 2448 [ FB8E05CEDB3EF65C80FEBD2698C80998 ] C:\WINDOWS\system32\qagent.dll
10:12:51.0989 2448 C:\WINDOWS\system32\qagent.dll - ok
10:12:51.0989 2448 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
10:12:51.0989 2448 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
10:12:51.0989 2448 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
10:12:51.0989 2448 C:\WINDOWS\system32\wbem\esscli.dll - ok
10:12:51.0989 2448 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
10:12:51.0989 2448 C:\WINDOWS\system32\wbem\fastprox.dll - ok
10:12:51.0989 2448 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
10:12:51.0989 2448 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
10:12:51.0989 2448 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
10:12:51.0989 2448 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
10:12:52.0004 2448 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
10:12:52.0004 2448 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
10:12:52.0004 2448 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
10:12:52.0004 2448 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
10:12:52.0004 2448 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
10:12:52.0004 2448 C:\WINDOWS\system32\wbem\wbemess.dll - ok
10:12:52.0004 2448 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
10:12:52.0004 2448 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
10:12:52.0004 2448 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
10:12:52.0004 2448 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
10:12:52.0004 2448 [ 467CFC0FE895D9FD08B27188CDE02063 ] C:\Program Files\Java\jre7\bin\awt.dll
10:12:52.0004 2448 C:\Program Files\Java\jre7\bin\awt.dll - ok
10:12:52.0004 2448 [ 87E6543D1CB0D386AC7AC287828E5B07 ] C:\Program Files\Java\jre7\bin\dcpr.dll
10:12:52.0004 2448 C:\Program Files\Java\jre7\bin\dcpr.dll - ok
10:12:52.0004 2448 [ 21F53789F627FF735F54E17BDA1DFD81 ] C:\Program Files\Java\jre7\bin\deploy.dll
10:12:52.0004 2448 C:\Program Files\Java\jre7\bin\deploy.dll - ok
10:12:52.0004 2448 [ 28661294ADE35EF4170615FD43A8A406 ] C:\Program Files\Java\jre7\bin\fontmanager.dll
10:12:52.0004 2448 C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
10:12:52.0004 2448 [ 1E15EAF07C548430B88620AAFD75EB6A ] C:\Program Files\Java\jre7\bin\java.dll
10:12:52.0004 2448 C:\Program Files\Java\jre7\bin\java.dll - ok
10:12:52.0004 2448 [ A8F3C0659931724881347F586730827C ] C:\Program Files\Java\jre7\bin\javaw.exe
10:12:52.0004 2448 C:\Program Files\Java\jre7\bin\javaw.exe - ok
10:12:52.0018 2448 [ 567E9566ABB3590D5AABA395E76CE6BD ] C:\Program Files\Java\jre7\bin\jp2native.dll
10:12:52.0018 2448 C:\Program Files\Java\jre7\bin\jp2native.dll - ok
10:12:52.0018 2448 [ 0A93AD186EDBAFA06F60712C16063AC6 ] C:\Program Files\Java\jre7\bin\jpeg.dll
10:12:52.0018 2448 C:\Program Files\Java\jre7\bin\jpeg.dll - ok
10:12:52.0018 2448 [ CFFAD68E72DD41D207CBD0A77956989E ] C:\Program Files\Java\jre7\bin\net.dll
10:12:52.0018 2448 C:\Program Files\Java\jre7\bin\net.dll - ok
10:12:52.0018 2448 [ 96257A7FB009579DE9DC3A58D626BB47 ] C:\Program Files\Java\jre7\bin\nio.dll
10:12:52.0018 2448 C:\Program Files\Java\jre7\bin\nio.dll - ok
10:12:52.0018 2448 [ F613C1A517B04533C6DA1813200E2A95 ] C:\Program Files\Java\jre7\bin\verify.dll
10:12:52.0018 2448 C:\Program Files\Java\jre7\bin\verify.dll - ok
10:12:52.0018 2448 [ CFDBFCD763E3612E41E198D6AA3CB09A ] C:\Program Files\Java\jre7\bin\zip.dll
10:12:52.0018 2448 C:\Program Files\Java\jre7\bin\zip.dll - ok
10:12:52.0018 2448 [ 3A7C34AD5DCF3040435FAD363AD1BCD1 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
10:12:52.0018 2448 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll - ok
10:12:52.0018 2448 [ 35A936C7C029A5B705D3FFD40518D660 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10:12:52.0018 2448 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok
10:12:52.0018 2448 [ BB95BDA1331715E1D5EEF765B1CB9E3F ] C:\Program Files\Local Print Agent\PrintFleet.DCA.ScanEngine.Local.dll
10:12:52.0018 2448 C:\Program Files\Local Print Agent\PrintFleet.DCA.ScanEngine.Local.dll - ok
10:12:52.0018 2448 [ 219AF0F9A54EBEEB3E7E20025D801034 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10:12:52.0018 2448 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
10:12:52.0018 2448 [ 51301ACC5E5FDA65CFA1968395E5D951 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
10:12:52.0018 2448 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe - ok
10:12:52.0018 2448 [ 98B17BDA1D0BEA2FC8313DB218C0139F ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
10:12:52.0018 2448 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll - ok
10:12:52.0033 2448 [ 30B5A2254561E21CCC7BA21F80165D0B ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
10:12:52.0033 2448 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll - ok
10:12:52.0033 2448 [ 44DE39CB56D1919346C09C92A4B57C69 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
10:12:52.0033 2448 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll - ok
10:12:52.0033 2448 [ 88E05F3B2031980A48D458EB78C67659 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
10:12:52.0033 2448 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe - ok
10:12:52.0033 2448 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
10:12:52.0033 2448 C:\WINDOWS\system32\alg.exe - ok
10:12:52.0033 2448 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
10:12:52.0033 2448 C:\WINDOWS\system32\userinit.exe - ok
10:12:52.0033 2448 [ 1CAD39337202BA05BA929A44CA585A6A ] C:\WINDOWS\system32\pautoenr.dll
10:12:52.0033 2448 C:\WINDOWS\system32\pautoenr.dll - ok
10:12:52.0033 2448 [ FB6EE278BC2046E0952F320AC62D3E07 ] C:\WINDOWS\system32\dskquota.dll
10:12:52.0033 2448 C:\WINDOWS\system32\dskquota.dll - ok
10:12:52.0033 2448 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
10:12:52.0033 2448 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
10:12:52.0033 2448 [ D158EB41FCE6D6D2E7C05231B554A67C ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
10:12:52.0033 2448 C:\Program Files\CA\SharedComponents\PPRealtime\bin\CAHook.dll - ok
10:12:52.0033 2448 [ 3FD329F1B77B79F94F406F03551A6110 ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC_NT.dll
10:12:52.0033 2448 C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC_NT.dll - ok
10:12:52.0033 2448 [ 4999B7FA83E1496B076B7F5EE2C55F22 ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
10:12:52.0033 2448 C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll - ok
10:12:52.0048 2448 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
10:12:52.0048 2448 C:\WINDOWS\system32\cscui.dll - ok
10:12:52.0048 2448 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
10:12:52.0048 2448 C:\WINDOWS\system32\wdmaud.drv - ok
10:12:52.0048 2448 [ 2BC7128348265CABA9BBC058729A8B7B ] C:\WINDOWS\system32\dpcdll.dll
10:12:52.0048 2448 C:\WINDOWS\system32\dpcdll.dll - ok
10:12:52.0048 2448 [ D1D5DAB39DCB4BE0359943738D87409B ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
10:12:52.0048 2448 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok
10:12:52.0048 2448 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
10:12:52.0048 2448 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
10:12:52.0048 2448 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
10:12:52.0048 2448 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
10:12:52.0048 2448 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
10:12:52.0048 2448 C:\WINDOWS\system32\drivers\splitter.sys - ok
10:12:52.0048 2448 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
10:12:52.0048 2448 C:\WINDOWS\system32\drivers\aec.sys - ok
10:12:52.0048 2448 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
10:12:52.0048 2448 C:\WINDOWS\system32\drivers\swmidi.sys - ok
10:12:52.0048 2448 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\DMusic.sys
10:12:52.0048 2448 C:\WINDOWS\system32\drivers\DMusic.sys - ok
10:12:52.0048 2448 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
10:12:52.0048 2448 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
10:12:52.0063 2448 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
10:12:52.0063 2448 C:\WINDOWS\system32\drivers\kmixer.sys - ok
10:12:52.0063 2448 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
10:12:52.0063 2448 C:\WINDOWS\system32\msacm32.drv - ok
10:12:52.0063 2448 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
10:12:52.0063 2448 C:\WINDOWS\system32\midimap.dll - ok
10:12:52.0063 2448 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
10:12:52.0063 2448 C:\WINDOWS\explorer.exe - ok
10:12:52.0063 2448 [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
10:12:52.0063 2448 C:\WINDOWS\system32\WgaTray.exe - ok
10:12:52.0063 2448 [ 260AF897A982A69FB557C146757519F1 ] C:\WINDOWS\system32\browseui.dll
10:12:52.0063 2448 C:\WINDOWS\system32\browseui.dll - ok
10:12:52.0063 2448 [ A80388F8BE1FE15E86747CB35D55BE5C ] C:\WINDOWS\system32\shdocvw.dll
10:12:52.0063 2448 C:\WINDOWS\system32\shdocvw.dll - ok
10:12:52.0063 2448 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
10:12:52.0063 2448 C:\WINDOWS\system32\cryptnet.dll - ok
10:12:52.0063 2448 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
10:12:52.0063 2448 C:\WINDOWS\system32\sensapi.dll - ok
10:12:52.0063 2448 [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll
10:12:52.0063 2448 C:\WINDOWS\system32\LegitCheckControl.dll - ok
10:12:52.0063 2448 [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
10:12:52.0063 2448 C:\WINDOWS\system32\licwmi.dll - ok
10:12:52.0063 2448 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
10:12:52.0063 2448 C:\WINDOWS\system32\desk.cpl - ok
10:12:52.0078 2448 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
10:12:52.0078 2448 C:\WINDOWS\system32\themeui.dll - ok
10:12:52.0078 2448 [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
10:12:52.0078 2448 C:\WINDOWS\system32\licdll.dll - ok
10:12:52.0078 2448 [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll
10:12:52.0078 2448 C:\WINDOWS\system32\msxml6.dll - ok
10:12:52.0078 2448 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
10:12:52.0078 2448 C:\WINDOWS\system32\termsrv.dll - ok
10:12:52.0078 2448 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
10:12:52.0078 2448 C:\WINDOWS\system32\icaapi.dll - ok
10:12:52.0078 2448 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
10:12:52.0078 2448 C:\WINDOWS\system32\mstlsapi.dll - ok
10:12:52.0078 2448 [ D8C2B95BC2353E1F18850D6B8F5DBA13 ] C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
10:12:52.0078 2448 C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll - ok
10:12:52.0078 2448 [ C7C84DF7233F4834CD190F3DCCAF50CA ] C:\WINDOWS\system32\rdpwsx.dll
10:12:52.0078 2448 C:\WINDOWS\system32\rdpwsx.dll - ok
10:12:52.0078 2448 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
10:12:52.0078 2448 C:\WINDOWS\system32\cmd.exe - ok
10:12:52.0078 2448 [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20FB75BF-090D-4958-B740-AA4F72B2F0AB.exe
10:12:52.0078 2448 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20FB75BF-090D-4958-B740-AA4F72B2F0AB.exe - ok
10:12:52.0078 2448 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\MSCTF.dll
10:12:52.0078 2448 C:\WINDOWS\system32\MSCTF.dll - ok
10:12:52.0092 2448 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
10:12:52.0092 2448 C:\WINDOWS\system32\msutb.dll - ok
10:12:52.0092 2448 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
10:12:52.0092 2448 C:\WINDOWS\system32\mlang.dll - ok
10:12:52.0092 2448 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
10:12:52.0092 2448 C:\WINDOWS\system32\verclsid.exe - ok
10:12:52.0092 2448 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
10:12:52.0092 2448 C:\WINDOWS\system32\upnp.dll - ok
10:12:52.0092 2448 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
10:12:52.0092 2448 C:\WINDOWS\system32\ssdpapi.dll - ok
10:12:52.0092 2448 [ D583DB5C95BACF1277C1C6C970FCD2B0 ] C:\WINDOWS\RTDCPL.EXE
10:12:52.0092 2448 C:\WINDOWS\RTDCPL.EXE - ok
10:12:52.0092 2448 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
10:12:52.0092 2448 C:\WINDOWS\system32\drivers\http.sys - ok
10:12:52.0092 2448 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
10:12:52.0092 2448 C:\WINDOWS\system32\spoolss.dll - ok
10:12:52.0092 2448 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\55555099.sys
10:12:52.0092 2448 C:\WINDOWS\system32\drivers\55555099.sys - ok
10:12:52.0092 2448 [ C56B6D0402371CF3700EB322EF3AAF61 ] C:\WINDOWS\system32\drivers\tdtcp.sys
10:12:52.0092 2448 C:\WINDOWS\system32\drivers\tdtcp.sys - ok
10:12:52.0092 2448 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
10:12:52.0092 2448 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
10:12:52.0092 2448 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] C:\WINDOWS\system32\drivers\rdpwd.sys
10:12:52.0092 2448 C:\WINDOWS\system32\drivers\rdpwd.sys - ok
10:12:52.0107 2448 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
10:12:52.0107 2448 C:\WINDOWS\system32\localspl.dll - ok
10:12:52.0107 2448 [ 157966147D09AE32DB4FE442BB68DDD1 ] C:\WINDOWS\system32\igfxtray.exe
10:12:52.0107 2448 C:\WINDOWS\system32\igfxtray.exe - ok
10:12:52.0107 2448 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
10:12:52.0107 2448 C:\WINDOWS\system32\oledlg.dll - ok
10:12:52.0107 2448 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
10:12:52.0107 2448 C:\WINDOWS\system32\webcheck.dll - ok
10:12:52.0107 2448 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
10:12:52.0107 2448 C:\WINDOWS\system32\cnbjmon.dll - ok
10:12:52.0107 2448 [ B2CBF0DB77A66A122779342DC67FB7AB ] C:\WINDOWS\system32\cpwmon2k.dll
10:12:52.0107 2448 C:\WINDOWS\system32\cpwmon2k.dll - ok
10:12:52.0107 2448 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
10:12:52.0107 2448 C:\WINDOWS\system32\stobject.dll - ok
10:12:52.0107 2448 [ 6FC6651C0756B6F3F8147ED15D05CFAF ] C:\WINDOWS\system32\hccutils.dll
10:12:52.0107 2448 C:\WINDOWS\system32\hccutils.dll - ok
10:12:52.0107 2448 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
10:12:52.0107 2448 C:\WINDOWS\system32\pjlmon.dll - ok
10:12:52.0107 2448 [ 6689EE426FDB3C368DB7D0EC08C95B20 ] C:\WINDOWS\system32\hkcmd.exe
10:12:52.0107 2448 C:\WINDOWS\system32\hkcmd.exe - ok
10:12:52.0107 2448 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
10:12:52.0107 2448 C:\WINDOWS\system32\batmeter.dll - ok
10:12:52.0122 2448 [ C52CE534397E1D3A442FB4C88A3CBE42 ] C:\WINDOWS\system32\msonpmon.dll
10:12:52.0122 2448 C:\WINDOWS\system32\msonpmon.dll - ok
10:12:52.0122 2448 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
10:12:52.0122 2448 C:\WINDOWS\system32\tcpmon.dll - ok
10:12:52.0122 2448 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
10:12:52.0122 2448 C:\WINDOWS\system32\usbmon.dll - ok
10:12:52.0122 2448 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
10:12:52.0122 2448 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
10:12:52.0122 2448 [ 2315BA5625BF51E89BC1DBD2BD2134DE ] C:\WINDOWS\system32\igfxpers.exe
10:12:52.0122 2448 C:\WINDOWS\system32\igfxpers.exe - ok
10:12:52.0122 2448 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
10:12:52.0122 2448 C:\WINDOWS\system32\ssdpsrv.dll - ok
10:12:52.0122 2448 [ F348280907B38FDBDB3CEF55D456E149 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
10:12:52.0122 2448 C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll - ok
10:12:52.0122 2448 [ 6BC2CF147FFC14939B489941FDC557CE ] C:\WINDOWS\system32\igfxsrvc.exe
10:12:52.0122 2448 C:\WINDOWS\system32\igfxsrvc.exe - ok
10:12:52.0122 2448 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
10:12:52.0122 2448 C:\WINDOWS\system32\win32spl.dll - ok
10:12:52.0122 2448 [ 0E34B7BB1FCF22BCC1E394D16F9E992B ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
10:12:52.0122 2448 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe - ok
10:12:52.0122 2448 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
10:12:52.0122 2448 C:\WINDOWS\system32\netrap.dll - ok
10:12:52.0122 2448 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
10:12:52.0122 2448 C:\WINDOWS\system32\imapi.exe - ok
10:12:52.0137 2448 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
10:12:52.0137 2448 C:\WINDOWS\system32\inetpp.dll - ok
10:12:52.0137 2448 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
10:12:52.0137 2448 C:\WINDOWS\system32\rasdlg.dll - ok
10:12:52.0137 2448 [ 48BE298F7FD1BEF4D8FBACB04D8D95C4 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
10:12:52.0137 2448 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
10:12:52.0137 2448 [ 85B0A1370FA6F3A295F55707996ABBBF ] C:\Program Files\Fellowship Village Network Agent\agent.exe
10:12:52.0137 2448 C:\Program Files\Fellowship Village Network Agent\agent.exe - ok
10:12:52.0137 2448 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
10:12:52.0137 2448 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
10:12:52.0137 2448 [ 81ADBC4E31A721AEF23251A952049BA2 ] C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
10:12:52.0137 2448 C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
10:12:52.0137 2448 [ 92745DD481CC112E5F6BAE6DC4E9B84E ] C:\Program Files\CA\eTrustITM\Realmon.exe
10:12:52.0137 2448 C:\Program Files\CA\eTrustITM\Realmon.exe - ok
10:12:52.0137 2448 [ F1DAC7969C1337AF790BD1D981AA780C ] C:\WINDOWS\system32\qmgrprxy.dll
10:12:52.0137 2448 C:\WINDOWS\system32\qmgrprxy.dll - ok
10:12:52.0137 2448 [ 0D7BB08275138BFAACD520E2B87E444C ] C:\WINDOWS\system32\igfxsrvc.dll
10:12:52.0137 2448 C:\WINDOWS\system32\igfxsrvc.dll - ok
10:12:52.0137 2448 [ 2C061B2F2E7055AD217D61CD4F75A9C4 ] C:\WINDOWS\system32\igfxdev.dll
10:12:52.0137 2448 C:\WINDOWS\system32\igfxdev.dll - ok
10:12:52.0137 2448 [ 578C8CF9E238DF7FE6C98D57B9857B7E ] C:\Documents and Settings\pmurphy\Application Data\Microsoft\WIN2AC.exe
10:12:52.0137 2448 C:\Documents and Settings\pmurphy\Application Data\Microsoft\WIN2AC.exe - ok
10:12:52.0137 2448 [ 50E2F0321A9527D7E3202ACA6D075DDD ] C:\WINDOWS\system32\igfxrenu.lrc
10:12:52.0137 2448 C:\WINDOWS\system32\igfxrenu.lrc - ok
10:12:52.0151 2448 [ B4674A972716BEF3359C8DD1D37428B3 ] C:\WINDOWS\system32\igfxress.dll
10:12:52.0151 2448 C:\WINDOWS\system32\igfxress.dll - ok
10:12:52.0151 2448 [ 871F979D70414C900B35E56222932DAF ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
10:12:52.0151 2448 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll - ok
10:12:52.0151 2448 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
10:12:52.0151 2448 C:\WINDOWS\system32\ctfmon.exe - ok
10:12:52.0151 2448 [ 4D03CA609E68F4C90CF66515218017F8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
10:12:52.0151 2448 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll - ok
10:12:52.0151 2448 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\SPTIP.dll
10:12:52.0151 2448 C:\WINDOWS\ime\SPTIP.dll - ok
10:12:52.0151 2448 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
10:12:52.0151 2448 C:\WINDOWS\system32\oleacc.dll - ok
10:12:52.0151 2448 [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
10:12:52.0151 2448 C:\WINDOWS\system32\dciman32.dll - ok
10:12:52.0151 2448 [ B0C4776341ABBC6BF2F1A95987E5DEDA ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll
10:12:52.0151 2448 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll - ok
10:12:52.0151 2448 [ F054572A92573CA32D5F3AA8C15D2BAC ] C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
10:12:52.0151 2448 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - ok
10:12:52.0151 2448 [ 148530A0833E54D071DA732D20AE5B27 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll
10:12:52.0151 2448 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll - ok
10:12:52.0151 2448 [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll
10:12:52.0151 2448 C:\WINDOWS\system32\msisip.dll - ok
10:12:52.0166 2448 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
10:12:52.0166 2448 C:\WINDOWS\system32\wbem\ncprov.dll - ok
10:12:52.0166 2448 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
10:12:52.0166 2448 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
10:12:52.0166 2448 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
10:12:52.0166 2448 C:\WINDOWS\system32\drprov.dll - ok
10:12:52.0166 2448 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
10:12:52.0166 2448 C:\WINDOWS\system32\ntlanman.dll - ok
10:12:52.0166 2448 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
10:12:52.0166 2448 C:\WINDOWS\system32\netui0.dll - ok
10:12:52.0166 2448 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
10:12:52.0166 2448 C:\WINDOWS\system32\netui1.dll - ok
10:12:52.0166 2448 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
10:12:52.0166 2448 C:\WINDOWS\system32\davclnt.dll - ok
10:12:52.0166 2448 ============================================================
10:12:52.0166 2448 Scan finished
10:12:52.0166 2448 ============================================================
10:12:52.0269 2440 Detected object count: 4
10:12:52.0269 2440 Actual detected object count: 4
10:13:31.0925 2440 iGateway ( UnsignedFile.Multi.Generic ) - skipped by user
10:13:31.0925 2440 iGateway ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:13:31.0925 2440 InoRPC ( UnsignedFile.Multi.Generic ) - skipped by user
10:13:31.0925 2440 InoRPC ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:13:31.0939 2440 InoRT ( UnsignedFile.Multi.Generic ) - skipped by user
10:13:31.0939 2440 InoRT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:13:31.0939 2440 Local Print Agent ( UnsignedFile.Multi.Generic ) - skipped by user
10:13:31.0939 2440 Local Print Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:14:38.0420 2628 ============================================================
10:14:38.0420 2628 Scan started
10:14:38.0420 2628 Mode: Manual; SigCheck; TDLFS;
10:14:38.0420 2628 ============================================================
10:14:38.0479 2628 ================ Scan system memory ========================
10:14:38.0479 2628 System memory - ok
10:14:38.0479 2628 ================ Scan services =============================
10:14:38.0508 2628 Abiosdsk - ok
10:14:38.0508 2628 abp480n5 - ok
10:14:38.0553 2628 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:14:38.0686 2628 ACPI - ok
10:14:38.0715 2628 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:14:38.0745 2628 ACPIEC - ok
10:14:38.0804 2628 [ F19C98AD81D2C0E1BBFD8153D2C80EE8 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:14:38.0818 2628 AdobeFlashPlayerUpdateSvc - ok
10:14:38.0818 2628 adpu160m - ok
10:14:38.0848 2628 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:14:38.0892 2628 aec - ok
10:14:38.0922 2628 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:14:38.0922 2628 AFD - ok
10:14:38.0922 2628 Aha154x - ok
10:14:38.0936 2628 aic78u2 - ok
10:14:38.0936 2628 aic78xx - ok
10:14:38.0981 2628 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:14:39.0025 2628 Alerter - ok
10:14:39.0040 2628 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:14:39.0055 2628 ALG - ok
10:14:39.0055 2628 AliIde - ok
10:14:39.0055 2628 amsint - ok
10:14:39.0069 2628 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:14:39.0084 2628 AppMgmt - ok
10:14:39.0084 2628 asc - ok
10:14:39.0084 2628 asc3350p - ok
10:14:39.0084 2628 asc3550 - ok
10:14:39.0158 2628 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:14:39.0173 2628 aspnet_state - ok
10:14:39.0187 2628 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:14:39.0217 2628 AsyncMac - ok
10:14:39.0232 2628 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:14:39.0276 2628 atapi - ok
10:14:39.0276 2628 Atdisk - ok
10:14:39.0291 2628 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:14:39.0335 2628 Atmarpc - ok
10:14:39.0365 2628 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:14:39.0409 2628 AudioSrv - ok
10:14:39.0438 2628 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:14:39.0483 2628 audstub - ok
10:14:39.0527 2628 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:14:39.0557 2628 Beep - ok
10:14:39.0601 2628 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
10:14:39.0645 2628 BITS - ok
10:14:39.0675 2628 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
10:14:39.0675 2628 Browser - ok
10:14:39.0704 2628 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:14:39.0734 2628 cbidf2k - ok
10:14:39.0734 2628 cd20xrnt - ok
10:14:39.0734 2628 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:14:39.0778 2628 Cdaudio - ok
10:14:39.0793 2628 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:14:39.0837 2628 Cdfs - ok
10:14:39.0867 2628 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:14:39.0911 2628 Cdrom - ok
10:14:39.0911 2628 Changer - ok
10:14:39.0926 2628 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:14:39.0955 2628 CiSvc - ok
10:14:39.0970 2628 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:14:39.0999 2628 ClipSrv - ok
10:14:40.0029 2628 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:14:40.0044 2628 clr_optimization_v2.0.50727_32 - ok
10:14:40.0044 2628 CmdIde - ok
10:14:40.0044 2628 COMSysApp - ok
10:14:40.0044 2628 Cpqarray - ok
10:14:40.0059 2628 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:14:40.0088 2628 CryptSvc - ok
10:14:40.0088 2628 dac2w2k - ok
10:14:40.0088 2628 dac960nt - ok
10:14:40.0132 2628 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:14:40.0147 2628 DcomLaunch - ok
10:14:40.0147 2628 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:14:40.0191 2628 Dhcp - ok
10:14:40.0206 2628 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:14:40.0250 2628 Disk - ok
10:14:40.0250 2628 dmadmin - ok
10:14:40.0295 2628 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:14:40.0354 2628 dmboot - ok
10:14:40.0354 2628 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:14:40.0383 2628 dmio - ok
10:14:40.0413 2628 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:14:40.0442 2628 dmload - ok
10:14:40.0457 2628 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:14:40.0501 2628 dmserver - ok
10:14:40.0516 2628 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:14:40.0560 2628 DMusic - ok
10:14:40.0590 2628 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:14:40.0590 2628 Dnscache - ok
10:14:40.0605 2628 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:14:40.0649 2628 Dot3svc - ok
10:14:40.0649 2628 dpti2o - ok
10:14:40.0664 2628 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:14:40.0708 2628 drmkaud - ok
10:14:40.0738 2628 [ 10262DC0B7740D396B8198FD60E493C0 ] e1cexpress C:\WINDOWS\system32\DRIVERS\e1c5132.sys
10:14:40.0738 2628 e1cexpress - ok
10:14:40.0752 2628 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:14:40.0797 2628 EapHost - ok
10:14:40.0811 2628 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:14:40.0841 2628 ERSvc - ok
10:14:40.0885 2628 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:14:40.0885 2628 Eventlog - ok
10:14:40.0930 2628 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
10:14:40.0930 2628 EventSystem - ok
10:14:40.0974 2628 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:14:41.0003 2628 Fastfat - ok
10:14:41.0018 2628 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:14:41.0048 2628 FastUserSwitchingCompatibility - ok
10:14:41.0048 2628 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:14:41.0077 2628 Fdc - ok
10:14:41.0092 2628 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:14:41.0122 2628 Fips - ok
10:14:41.0136 2628 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:14:41.0166 2628 Flpydisk - ok
10:14:41.0195 2628 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:14:41.0240 2628 FltMgr - ok
10:14:41.0299 2628 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:14:41.0299 2628 FontCache3.0.0.0 - ok
10:14:41.0299 2628 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:14:41.0358 2628 Fs_Rec - ok
10:14:41.0358 2628 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:14:41.0387 2628 Ftdisk - ok
10:14:41.0491 2628 [ 6235DD072CAF90F1D81AC5D09C9ECE51 ] GoToAssist Remote Support Customer C:\Program Files\Citrix\GoToAssist Remote Support Customer\461\g2ax_service.exe
10:14:41.0505 2628 GoToAssist Remote Support Customer - ok
10:14:41.0520 2628 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:14:41.0564 2628 Gpc - ok
10:14:41.0609 2628 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:14:41.0638 2628 HDAudBus - ok
10:14:41.0683 2628 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:14:41.0712 2628 helpsvc - ok
10:14:41.0742 2628 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:14:41.0786 2628 HidServ - ok
10:14:41.0815 2628 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:14:41.0860 2628 hidusb - ok
10:14:41.0874 2628 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:14:41.0934 2628 hkmsvc - ok
10:14:41.0934 2628 hpn - ok
10:14:41.0963 2628 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:14:41.0978 2628 HTTP - ok
10:14:41.0993 2628 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:14:42.0037 2628 HTTPFilter - ok
10:14:42.0037 2628 i2omgmt - ok
10:14:42.0037 2628 i2omp - ok
10:14:42.0081 2628 [ 60395C8292B74F07F82A97D473E69A4E ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:14:42.0170 2628 ialm - ok
10:14:42.0244 2628 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:14:42.0258 2628 idsvc - ok
10:14:42.0347 2628 [ 404544C1B48AAC95A839F5D48CF82BA6 ] iGateway C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
10:14:42.0347 2628 iGateway ( UnsignedFile.Multi.Generic ) - warning
10:14:42.0347 2628 iGateway - detected UnsignedFile.Multi.Generic (1)
10:14:42.0347 2628 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:14:42.0391 2628 Imapi - ok
10:14:42.0421 2628 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:14:42.0465 2628 ImapiService - ok
10:14:42.0465 2628 ini910u - ok
10:14:42.0524 2628 [ 4F7D1520BBE672FD9364A9F6F1DEF47C ] InoRPC C:\Program Files\CA\eTrustITM\InoRpc.exe
10:14:42.0539 2628 InoRPC ( UnsignedFile.Multi.Generic ) - warning
10:14:42.0539 2628 InoRPC - detected UnsignedFile.Multi.Generic (1)
10:14:42.0539 2628 [ A08267418C7FD4CC79CBE392373209DB ] InoRT C:\Program Files\CA\eTrustITM\InoRT.exe
10:14:42.0554 2628 InoRT ( UnsignedFile.Multi.Generic ) - warning
10:14:42.0554 2628 InoRT - detected UnsignedFile.Multi.Generic (1)
10:14:42.0583 2628 [ 289D11B07C61F1E8F65312081B26AC6B ] InoTask C:\Program Files\CA\eTrustITM\InoTask.exe
10:14:42.0598 2628 InoTask - ok
10:14:42.0627 2628 [ 4EB3CD8CD2210807ADA276542EB99B06 ] INO_FLPY C:\WINDOWS\system32\Drivers\ino_flpy.sys
10:14:42.0642 2628 INO_FLPY - ok
10:14:42.0642 2628 [ EBFB9E788557ADED04AEF87247AE56DD ] INO_FLTR C:\WINDOWS\system32\Drivers\ino_fltr.sys
10:14:42.0642 2628 INO_FLTR - ok
10:14:42.0745 2628 [ 1E3ED5FE809825903267058B97D07E4A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtDHDAud.sys
10:14:42.0834 2628 IntcAzAudAddService - ok
10:14:42.0908 2628 [ F4804891676F2EFAA81CBF5F2393AD2A ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
10:14:42.0923 2628 IntcDAud - ok
10:14:42.0923 2628 IntelIde - ok
10:14:42.0952 2628 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:14:42.0996 2628 intelppm - ok
10:14:43.0011 2628 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:14:43.0041 2628 Ip6Fw - ok
10:14:43.0085 2628 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:14:43.0129 2628 IpFilterDriver - ok
10:14:43.0144 2628 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:14:43.0174 2628 IpInIp - ok
10:14:43.0203 2628 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:14:43.0233 2628 IpNat - ok
10:14:43.0247 2628 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:14:43.0277 2628 IPSec - ok
10:14:43.0307 2628 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:14:43.0321 2628 IRENUM - ok
10:14:43.0351 2628 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:14:43.0380 2628 isapnp - ok
10:14:43.0454 2628 [ B81E9DE3F8B1D95F961660B4E548D081 ] ITMRTSVC C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
10:14:43.0454 2628 ITMRTSVC - ok
10:14:43.0498 2628 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:14:43.0498 2628 JavaQuickStarterService - ok
10:14:43.0528 2628 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:14:43.0572 2628 Kbdclass - ok
10:14:43.0587 2628 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:14:43.0617 2628 kbdhid - ok
10:14:43.0631 2628 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:14:43.0661 2628 kmixer - ok
10:14:43.0690 2628 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:14:43.0705 2628 KSecDD - ok
10:14:43.0749 2628 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
10:14:43.0749 2628 LanmanServer - ok
10:14:43.0779 2628 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:14:43.0794 2628 lanmanworkstation - ok
10:14:43.0794 2628 lbrtfdc - ok
10:14:43.0823 2628 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:14:43.0853 2628 LmHosts - ok
10:14:43.0927 2628 [ 32F9802DF4143991649BDCD8548BA3DC ] Local Print Agent C:\Program Files\Local Print Agent\Local Print Agent.exe
10:14:43.0927 2628 Local Print Agent ( UnsignedFile.Multi.Generic ) - warning
10:14:43.0927 2628 Local Print Agent - detected UnsignedFile.Multi.Generic (1)
10:14:43.0956 2628 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
10:14:43.0956 2628 MBAMProtector - ok
10:14:44.0000 2628 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:14:44.0000 2628 MBAMScheduler - ok
10:14:44.0015 2628 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:14:44.0030 2628 MBAMService - ok
10:14:44.0059 2628 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:14:44.0089 2628 Messenger - ok
10:14:44.0163 2628 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:14:44.0163 2628 Microsoft Office Groove Audit Service - ok
10:14:44.0192 2628 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:14:44.0237 2628 mnmdd - ok
10:14:44.0266 2628 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:14:44.0296 2628 mnmsrvc - ok
10:14:44.0310 2628 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:14:44.0355 2628 Modem - ok
10:14:44.0355 2628 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:14:44.0399 2628 Mouclass - ok
10:14:44.0399 2628 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:14:44.0443 2628 mouhid - ok
10:14:44.0473 2628 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:14:44.0517 2628 MountMgr - ok
10:14:44.0517 2628 mraid35x - ok
10:14:44.0517 2628 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:14:44.0547 2628 MRxDAV - ok
10:14:44.0576 2628 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:14:44.0591 2628 MRxSmb - ok
10:14:44.0591 2628 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:14:44.0620 2628 MSDTC - ok
10:14:44.0635 2628 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:14:44.0665 2628 Msfs - ok
10:14:44.0665 2628 MSIServer - ok
10:14:44.0694 2628 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:14:44.0739 2628 MSKSSRV - ok
10:14:44.0739 2628 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:14:44.0768 2628 MSPCLOCK - ok
10:14:44.0783 2628 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:14:44.0812 2628 MSPQM - ok
10:14:44.0842 2628 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:14:44.0886 2628 mssmbios - ok
10:14:44.0901 2628 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:14:44.0901 2628 Mup - ok
10:14:44.0931 2628 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:14:44.0960 2628 napagent - ok
10:14:44.0990 2628 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:14:45.0019 2628 NDIS - ok
10:14:45.0019 2628 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:14:45.0034 2628 NdisTapi - ok
10:14:45.0063 2628 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:14:45.0093 2628 Ndisuio - ok
10:14:45.0093 2628 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:14:45.0137 2628 NdisWan - ok
10:14:45.0152 2628 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:14:45.0167 2628 NDProxy - ok
10:14:45.0181 2628 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:14:45.0226 2628 NetBIOS - ok
10:14:45.0241 2628 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:14:45.0285 2628 NetBT - ok
10:14:45.0300 2628 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:14:45.0359 2628 NetDDE - ok
10:14:45.0359 2628 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:14:45.0388 2628 NetDDEdsdm - ok
10:14:45.0403 2628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:14:45.0432 2628 Netlogon - ok
10:14:45.0447 2628 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:14:45.0477 2628 Netman - ok
10:14:45.0506 2628 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:14:45.0521 2628 NetTcpPortSharing - ok
10:14:45.0536 2628 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
10:14:45.0536 2628 Nla - ok
10:14:45.0551 2628 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:14:45.0580 2628 Npfs - ok
10:14:45.0610 2628 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:14:45.0654 2628 Ntfs - ok
10:14:45.0669 2628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:14:45.0698 2628 NtLmSsp - ok
10:14:45.0728 2628 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:14:45.0757 2628 NtmsSvc - ok
10:14:45.0772 2628 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:14:45.0816 2628 Null - ok
10:14:45.0846 2628 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:14:45.0875 2628 NwlnkFlt - ok
10:14:45.0890 2628 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:14:45.0934 2628 NwlnkFwd - ok
10:14:46.0008 2628 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:14:46.0023 2628 odserv - ok
10:14:46.0053 2628 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:14:46.0053 2628 ose - ok
10:14:46.0067 2628 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:14:46.0112 2628 Parport - ok
10:14:46.0156 2628 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:14:46.0185 2628 PartMgr - ok
10:14:46.0200 2628 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:14:46.0244 2628 ParVdm - ok
10:14:46.0259 2628 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:14:46.0304 2628 PCI - ok
10:14:46.0304 2628 PCIDump - ok
10:14:46.0318 2628 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:14:46.0348 2628 PCIIde - ok
10:14:46.0377 2628 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:14:46.0407 2628 Pcmcia - ok
10:14:46.0407 2628 PDCOMP - ok
10:14:46.0422 2628 PDFRAME - ok
10:14:46.0422 2628 PDRELI - ok
10:14:46.0422 2628 PDRFRAME - ok
10:14:46.0422 2628 perc2 - ok
10:14:46.0422 2628 perc2hib - ok
10:14:46.0436 2628 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:14:46.0451 2628 PlugPlay - ok
10:14:46.0451 2628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:14:46.0481 2628 PolicyAgent - ok
10:14:46.0495 2628 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:14:46.0525 2628 PptpMiniport - ok
10:14:46.0540 2628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:14:46.0569 2628 ProtectedStorage - ok
10:14:46.0569 2628 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:14:46.0599 2628 PSched - ok
10:14:46.0599 2628 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:14:46.0643 2628 Ptilink - ok
10:14:46.0643 2628 ql1080 - ok
10:14:46.0643 2628 Ql10wnt - ok
10:14:46.0643 2628 ql12160 - ok
10:14:46.0643 2628 ql1240 - ok
10:14:46.0643 2628 ql1280 - ok
10:14:46.0658 2628 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:14:46.0702 2628 RasAcd - ok
10:14:46.0732 2628 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:14:46.0761 2628 RasAuto - ok
10:14:46.0761 2628 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:14:46.0791 2628 Rasl2tp - ok
10:14:46.0820 2628 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:14:46.0850 2628 RasMan - ok
10:14:46.0850 2628 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:14:46.0894 2628 RasPppoe - ok
10:14:46.0894 2628 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:14:46.0924 2628 Raspti - ok
10:14:46.0938 2628 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:14:46.0968 2628 Rdbss - ok
10:14:46.0968 2628 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:14:47.0012 2628 RDPCDD - ok
10:14:47.0027 2628 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:14:47.0071 2628 rdpdr - ok
10:14:47.0101 2628 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:14:47.0101 2628 RDPWD - ok
10:14:47.0116 2628 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:14:47.0160 2628 RDSessMgr - ok
10:14:47.0175 2628 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:14:47.0204 2628 redbook - ok
10:14:47.0234 2628 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:14:47.0293 2628 RemoteAccess - ok
10:14:47.0293 2628 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:14:47.0337 2628 RemoteRegistry - ok
10:14:47.0367 2628 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
10:14:47.0396 2628 RpcLocator - ok
10:14:47.0411 2628 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:14:47.0426 2628 RpcSs - ok
10:14:47.0455 2628 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:14:47.0485 2628 RSVP - ok
10:14:47.0514 2628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:14:47.0544 2628 SamSs - ok
10:14:47.0573 2628 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:14:47.0617 2628 SCardSvr - ok
10:14:47.0647 2628 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:14:47.0677 2628 Schedule - ok
10:14:47.0706 2628 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:14:47.0721 2628 Secdrv - ok
10:14:47.0750 2628 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:14:47.0780 2628 seclogon - ok
10:14:47.0780 2628 Security Center Update - 2370236077 - ok
10:14:47.0780 2628 Security Center Update - 3530754759 - ok
10:14:47.0795 2628 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:14:47.0824 2628 SENS - ok
10:14:47.0839 2628 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:14:47.0868 2628 serenum - ok
10:14:47.0868 2628 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:14:47.0913 2628 Serial - ok
10:14:47.0928 2628 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:14:47.0957 2628 Sfloppy - ok
10:14:47.0972 2628 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:14:48.0016 2628 SharedAccess - ok
10:14:48.0046 2628 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:14:48.0046 2628 ShellHWDetection - ok
10:14:48.0046 2628 Simbad - ok
10:14:48.0046 2628 Sparrow - ok
10:14:48.0075 2628 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:14:48.0119 2628 splitter - ok
10:14:48.0149 2628 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:14:48.0149 2628 Spooler - ok
10:14:48.0193 2628 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:14:48.0208 2628 sr - ok
10:14:48.0223 2628 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
10:14:48.0238 2628 srservice - ok
10:14:48.0282 2628 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:14:48.0297 2628 Srv - ok
10:14:48.0326 2628 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:14:48.0341 2628 SSDPSRV - ok
10:14:48.0385 2628 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:14:48.0429 2628 stisvc - ok
10:14:48.0444 2628 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:14:48.0489 2628 swenum - ok
10:14:48.0489 2628 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:14:48.0533 2628 swmidi - ok
10:14:48.0533 2628 SwPrv - ok
10:14:48.0533 2628 symc810 - ok
10:14:48.0533 2628 symc8xx - ok
10:14:48.0533 2628 sym_hi - ok
10:14:48.0533 2628 sym_u3 - ok
10:14:48.0548 2628 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:14:48.0577 2628 sysaudio - ok
10:14:48.0592 2628 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:14:48.0621 2628 SysmonLog - ok
10:14:48.0651 2628 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:14:48.0680 2628 TapiSrv - ok
10:14:48.0710 2628 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:14:48.0725 2628 Tcpip - ok
10:14:48.0754 2628 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:14:48.0784 2628 TDPIPE - ok
10:14:48.0813 2628 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:14:48.0843 2628 TDTCP - ok
10:14:48.0858 2628 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:14:48.0887 2628 TermDD - ok
10:14:48.0902 2628 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:14:48.0931 2628 TermService - ok
10:14:48.0946 2628 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:14:48.0946 2628 Themes - ok
10:14:48.0976 2628 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:14:48.0991 2628 TlntSvr - ok
10:14:48.0991 2628 TosIde - ok
10:14:49.0020 2628 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:14:49.0050 2628 TrkWks - ok
10:14:49.0079 2628 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:14:49.0138 2628 Udfs - ok
10:14:49.0138 2628 ultra - ok
10:14:49.0168 2628 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:14:49.0212 2628 Update - ok
10:14:49.0227 2628 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:14:49.0271 2628 upnphost - ok
10:14:49.0271 2628 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:14:49.0301 2628 UPS - ok
10:14:49.0301 2628 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:14:49.0345 2628 usbccgp - ok
10:14:49.0374 2628 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:14:49.0404 2628 usbehci - ok
10:14:49.0419 2628 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:14:49.0448 2628 usbhub - ok
10:14:49.0478 2628 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:14:49.0507 2628 usbscan - ok
10:14:49.0537 2628 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:14:49.0566 2628 USBSTOR - ok
10:14:49.0566 2628 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:14:49.0611 2628 VgaSave - ok
10:14:49.0611 2628 ViaIde - ok
10:14:49.0640 2628 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:14:49.0670 2628 VolSnap - ok
10:14:49.0699 2628 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:14:49.0714 2628 VSS - ok
10:14:49.0743 2628 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:14:49.0773 2628 W32Time - ok
10:14:49.0773 2628 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:14:49.0802 2628 Wanarp - ok
10:14:49.0817 2628 WDICA - ok
10:14:49.0817 2628 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:14:49.0862 2628 wdmaud - ok
10:14:49.0862 2628 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:14:49.0906 2628 WebClient - ok
10:14:49.0980 2628 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:14:50.0009 2628 winmgmt - ok
10:14:50.0039 2628 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:14:50.0068 2628 WmdmPmSN - ok
10:14:50.0098 2628 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:14:50.0113 2628 Wmi - ok
10:14:50.0127 2628 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:14:50.0172 2628 WmiApSrv - ok
10:14:50.0201 2628 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:14:50.0245 2628 wscsvc - ok
10:14:50.0275 2628 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:14:50.0304 2628 wuauserv - ok
10:14:50.0349 2628 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:14:50.0378 2628 WZCSVC - ok
10:14:50.0408 2628 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:14:50.0437 2628 xmlprov - ok
10:14:50.0452 2628 ================ Scan global ===============================
10:14:50.0482 2628 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:14:50.0496 2628 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:14:50.0511 2628 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:14:50.0511 2628 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:14:50.0511 2628 [Global] - ok
10:14:50.0511 2628 ================ Scan MBR ==================================
10:14:50.0541 2628 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:14:51.0161 2628 \Device\Harddisk0\DR0 - ok
10:14:51.0176 2628 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR2
10:14:54.0660 2628 \Device\Harddisk1\DR2 - ok
10:14:54.0660 2628 ================ Scan VBR ==================================
10:14:54.0660 2628 [ BB192F00062277248E83642682BC26EF ] \Device\Harddisk0\DR0\Partition1
10:14:54.0660 2628 \Device\Harddisk0\DR0\Partition1 - ok
10:14:54.0660 2628 [ E1E715CBE27599617C93F0333AE030AE ] \Device\Harddisk1\DR2\Partition1
10:14:54.0660 2628 \Device\Harddisk1\DR2\Partition1 - ok
10:14:54.0660 2628 ================ Scan active images ========================
10:14:54.0660 2628 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
10:14:54.0660 2628 C:\WINDOWS\system32\drivers\videoprt.sys - ok
10:14:54.0660 2628 [ 60395C8292B74F07F82A97D473E69A4E ] C:\WINDOWS\system32\drivers\igxpmp32.sys
10:14:54.0660 2628 C:\WINDOWS\system32\drivers\igxpmp32.sys - ok
10:14:54.0674 2628 [ 10262DC0B7740D396B8198FD60E493C0 ] C:\WINDOWS\system32\drivers\e1c5132.sys
10:14:54.0674 2628 C:\WINDOWS\system32\drivers\e1c5132.sys - ok
10:14:54.0674 2628 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
10:14:54.0674 2628 C:\WINDOWS\system32\drivers\usbport.sys - ok
10:14:54.0674 2628 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
10:14:54.0674 2628 C:\WINDOWS\system32\drivers\usbehci.sys - ok
10:14:54.0674 2628 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
10:14:54.0674 2628 C:\WINDOWS\system32\drivers\audstub.sys - ok
10:14:54.0674 2628 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
10:14:54.0674 2628 C:\WINDOWS\system32\drivers\cdrom.sys - ok
10:14:54.0674 2628 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
10:14:54.0674 2628 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
10:14:54.0674 2628 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
10:14:54.0674 2628 C:\WINDOWS\system32\drivers\imapi.sys - ok
10:14:54.0674 2628 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
10:14:54.0674 2628 C:\WINDOWS\system32\drivers\intelppm.sys - ok
10:14:54.0674 2628 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
10:14:54.0674 2628 C:\WINDOWS\system32\drivers\ks.sys - ok
10:14:54.0674 2628 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
10:14:54.0674 2628 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
10:14:54.0674 2628 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
10:14:54.0674 2628 C:\WINDOWS\system32\drivers\redbook.sys - ok
10:14:54.0689 2628 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
10:14:54.0689 2628 C:\WINDOWS\system32\drivers\serenum.sys - ok
10:14:54.0689 2628 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
10:14:54.0689 2628 C:\WINDOWS\system32\drivers\serial.sys - ok
10:14:54.0689 2628 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
10:14:54.0689 2628 C:\WINDOWS\system32\drivers\msgpc.sys - ok
10:14:54.0689 2628 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
10:14:54.0689 2628 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
10:14:54.0689 2628 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
10:14:54.0689 2628 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
10:14:54.0689 2628 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
10:14:54.0689 2628 C:\WINDOWS\system32\drivers\psched.sys - ok
10:14:54.0689 2628 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
10:14:54.0689 2628 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
10:14:54.0689 2628 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
10:14:54.0689 2628 C:\WINDOWS\system32\drivers\raspptp.sys - ok
10:14:54.0689 2628 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
10:14:54.0689 2628 C:\WINDOWS\system32\drivers\tdi.sys - ok
10:14:54.0689 2628 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
10:14:54.0689 2628 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
10:14:54.0689 2628 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
10:14:54.0689 2628 C:\WINDOWS\system32\drivers\mouclass.sys - ok
10:14:54.0689 2628 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
10:14:54.0689 2628 C:\WINDOWS\system32\drivers\ptilink.sys - ok
10:14:54.0704 2628 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
10:14:54.0704 2628 C:\WINDOWS\system32\drivers\raspti.sys - ok
10:14:54.0704 2628 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
10:14:54.0704 2628 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
10:14:54.0704 2628 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
10:14:54.0704 2628 C:\WINDOWS\system32\drivers\swenum.sys - ok
10:14:54.0704 2628 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
10:14:54.0704 2628 C:\WINDOWS\system32\drivers\termdd.sys - ok
10:14:54.0704 2628 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
10:14:54.0704 2628 C:\WINDOWS\system32\drivers\update.sys - ok
10:14:54.0704 2628 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
10:14:54.0704 2628 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
10:14:54.0704 2628 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
10:14:54.0704 2628 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
10:14:54.0704 2628 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
10:14:54.0704 2628 C:\WINDOWS\system32\drivers\usbd.sys - ok
10:14:54.0704 2628 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
10:14:54.0704 2628 C:\WINDOWS\system32\drivers\usbhub.sys - ok
10:14:54.0704 2628 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
10:14:54.0704 2628 C:\WINDOWS\system32\drivers\drmk.sys - ok
10:14:54.0704 2628 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
10:14:54.0704 2628 C:\WINDOWS\system32\drivers\portcls.sys - ok
10:14:54.0719 2628 [ 1E3ED5FE809825903267058B97D07E4A ] C:\WINDOWS\system32\drivers\RtDHDAud.sys
10:14:54.0719 2628 C:\WINDOWS\system32\drivers\RtDHDAud.sys - ok
10:14:54.0719 2628 [ F4804891676F2EFAA81CBF5F2393AD2A ] C:\WINDOWS\system32\drivers\IntcDAud.sys
10:14:54.0719 2628 C:\WINDOWS\system32\drivers\IntcDAud.sys - ok
10:14:54.0719 2628 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
10:14:54.0719 2628 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
10:14:54.0719 2628 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
10:14:54.0719 2628 C:\WINDOWS\system32\drivers\fdc.sys - ok
10:14:54.0719 2628 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
10:14:54.0719 2628 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
10:14:54.0719 2628 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
10:14:54.0719 2628 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
10:14:54.0719 2628 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
10:14:54.0719 2628 C:\WINDOWS\system32\drivers\beep.sys - ok
10:14:54.0719 2628 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
10:14:54.0719 2628 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
10:14:54.0719 2628 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
10:14:54.0719 2628 C:\WINDOWS\system32\drivers\hidparse.sys - ok
10:14:54.0719 2628 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
10:14:54.0719 2628 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
10:14:54.0734 2628 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
10:14:54.0734 2628 C:\WINDOWS\system32\drivers\null.sys - ok
10:14:54.0734 2628 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
10:14:54.0734 2628 C:\WINDOWS\system32\drivers\ipsec.sys - ok
10:14:54.0734 2628 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
10:14:54.0734 2628 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
10:14:54.0734 2628 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
10:14:54.0734 2628 C:\WINDOWS\system32\drivers\msfs.sys - ok
10:14:54.0734 2628 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
10:14:54.0734 2628 C:\WINDOWS\system32\drivers\npfs.sys - ok
10:14:54.0734 2628 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
10:14:54.0734 2628 C:\WINDOWS\system32\drivers\rasacd.sys - ok
10:14:54.0734 2628 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
10:14:54.0734 2628 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
10:14:54.0734 2628 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
10:14:54.0734 2628 C:\WINDOWS\system32\drivers\vga.sys - ok
10:14:54.0734 2628 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
10:14:54.0734 2628 C:\WINDOWS\system32\drivers\tcpip.sys - ok
10:14:54.0734 2628 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
10:14:54.0734 2628 C:\WINDOWS\system32\drivers\afd.sys - ok
10:14:54.0734 2628 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
10:14:54.0734 2628 C:\WINDOWS\system32\drivers\ipnat.sys - ok
10:14:54.0734 2628 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
10:14:54.0734 2628 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
10:14:54.0748 2628 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
10:14:54.0748 2628 C:\WINDOWS\system32\drivers\netbios.sys - ok
10:14:54.0748 2628 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
10:14:54.0748 2628 C:\WINDOWS\system32\drivers\netbt.sys - ok
10:14:54.0748 2628 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
10:14:54.0748 2628 C:\WINDOWS\system32\drivers\rdbss.sys - ok
10:14:54.0748 2628 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
10:14:54.0748 2628 C:\WINDOWS\system32\drivers\fips.sys - ok
10:14:54.0748 2628 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
10:14:54.0748 2628 C:\WINDOWS\system32\drivers\wanarp.sys - ok
10:14:54.0748 2628 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
10:14:54.0748 2628 C:\WINDOWS\system32\smss.exe - ok
10:14:54.0748 2628 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
10:14:54.0748 2628 C:\WINDOWS\system32\ntdll.dll - ok
10:14:54.0748 2628 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
10:14:54.0748 2628 C:\WINDOWS\system32\autochk.exe - ok
10:14:54.0748 2628 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
10:14:54.0748 2628 C:\WINDOWS\system32\sfcfiles.dll - ok
10:14:54.0748 2628 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
10:14:54.0748 2628 C:\WINDOWS\system32\drivers\cdfs.sys - ok
10:14:54.0748 2628 [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\USBSTOR.SYS
10:14:54.0748 2628 C:\WINDOWS\system32\drivers\USBSTOR.SYS - ok
10:14:54.0763 2628 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
10:14:54.0763 2628 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
10:14:54.0763 2628 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
10:14:54.0763 2628 C:\WINDOWS\system32\drivers\hidclass.sys - ok
10:14:54.0763 2628 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
10:14:54.0763 2628 C:\WINDOWS\system32\drivers\hidusb.sys - ok
10:14:54.0763 2628 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
10:14:54.0763 2628 C:\WINDOWS\system32\drivers\mouhid.sys - ok
10:14:54.0763 2628 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
10:14:54.0763 2628 C:\WINDOWS\system32\drivers\wmilib.sys - ok
10:14:54.0763 2628 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
10:14:54.0763 2628 C:\WINDOWS\system32\drivers\atapi.sys - ok
10:14:54.0763 2628 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
10:14:54.0763 2628 C:\WINDOWS\system32\drivers\dxapi.sys - ok
10:14:54.0763 2628 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
10:14:54.0763 2628 C:\WINDOWS\system32\watchdog.sys - ok
10:14:54.0763 2628 [ FC8A1F72A8097910A11D5184BC3F887B ] C:\WINDOWS\system32\win32k.sys
10:14:54.0763 2628 C:\WINDOWS\system32\win32k.sys - ok
10:14:54.0763 2628 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:14:54.0763 2628 C:\WINDOWS\system32\basesrv.dll - ok
10:14:54.0763 2628 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
10:14:54.0763 2628 C:\WINDOWS\system32\csrsrv.dll - ok
10:14:54.0763 2628 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
10:14:54.0763 2628 C:\WINDOWS\system32\csrss.exe - ok
10:14:54.0778 2628 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:14:54.0778 2628 C:\WINDOWS\system32\winsrv.dll - ok
10:14:54.0778 2628 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
10:14:54.0778 2628 C:\WINDOWS\system32\gdi32.dll - ok
10:14:54.0778 2628 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
10:14:54.0778 2628 C:\WINDOWS\system32\kernel32.dll - ok
10:14:54.0778 2628 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
10:14:54.0778 2628 C:\WINDOWS\system32\user32.dll - ok
10:14:54.0778 2628 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
10:14:54.0778 2628 C:\WINDOWS\system32\drivers\dxg.sys - ok
10:14:54.0778 2628 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
10:14:54.0778 2628 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
10:14:54.0778 2628 [ 6DB0BF4DAAA4E868B59F7F7995D7A560 ] C:\WINDOWS\system32\igxprd32.dll
10:14:54.0778 2628 C:\WINDOWS\system32\igxprd32.dll - ok
10:14:54.0778 2628 [ 6D900FCAB400B046C9FBA36DE661F3A6 ] C:\WINDOWS\system32\igxpgd32.dll
10:14:54.0778 2628 C:\WINDOWS\system32\igxpgd32.dll - ok
10:14:54.0778 2628 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
10:14:54.0778 2628 C:\WINDOWS\system32\vga.dll - ok
10:14:54.0778 2628 [ 3B8B43CCCDA9DF5AAB7A67B882238AF4 ] C:\WINDOWS\system32\igxpdv32.dll
10:14:54.0778 2628 C:\WINDOWS\system32\igxpdv32.dll - ok
10:14:54.0778 2628 [ 7D44E84E46EC9D5FD0E6D1D9C05FE9E7 ] C:\WINDOWS\system32\igxpdx32.dll
10:14:54.0778 2628 C:\WINDOWS\system32\igxpdx32.dll - ok
10:14:54.0793 2628 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
10:14:54.0793 2628 C:\WINDOWS\system32\winlogon.exe - ok
10:14:54.0793 2628 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
10:14:54.0793 2628 C:\WINDOWS\system32\advapi32.dll - ok
10:14:54.0793 2628 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
10:14:54.0793 2628 C:\WINDOWS\system32\rpcrt4.dll - ok
10:14:54.0793 2628 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
10:14:54.0793 2628 C:\WINDOWS\system32\authz.dll - ok
10:14:54.0793 2628 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
10:14:54.0793 2628 C:\WINDOWS\system32\msvcrt.dll - ok
10:14:54.0793 2628 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
10:14:54.0793 2628 C:\WINDOWS\system32\secur32.dll - ok
10:14:54.0793 2628 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
10:14:54.0793 2628 C:\WINDOWS\system32\crypt32.dll - ok
10:14:54.0793 2628 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
10:14:54.0793 2628 C:\WINDOWS\system32\msasn1.dll - ok
10:14:54.0793 2628 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
10:14:54.0793 2628 C:\WINDOWS\system32\nddeapi.dll - ok
10:14:54.0793 2628 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
10:14:54.0793 2628 C:\WINDOWS\system32\profmap.dll - ok
10:14:54.0793 2628 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
10:14:54.0793 2628 C:\WINDOWS\system32\netapi32.dll - ok
10:14:54.0807 2628 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
10:14:54.0807 2628 C:\WINDOWS\system32\userenv.dll - ok
10:14:54.0807 2628 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
10:14:54.0807 2628 C:\WINDOWS\system32\psapi.dll - ok
10:14:54.0807 2628 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
10:14:54.0807 2628 C:\WINDOWS\system32\regapi.dll - ok
10:14:54.0807 2628 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
10:14:54.0807 2628 C:\WINDOWS\system32\setupapi.dll - ok
10:14:54.0807 2628 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
10:14:54.0807 2628 C:\WINDOWS\system32\version.dll - ok
10:14:54.0807 2628 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
10:14:54.0807 2628 C:\WINDOWS\system32\imagehlp.dll - ok
10:14:54.0807 2628 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
10:14:54.0807 2628 C:\WINDOWS\system32\winsta.dll - ok
10:14:54.0807 2628 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
10:14:54.0807 2628 C:\WINDOWS\system32\wintrust.dll - ok
10:14:54.0807 2628 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
10:14:54.0807 2628 C:\WINDOWS\system32\imm32.dll - ok
10:14:54.0807 2628 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
10:14:54.0807 2628 C:\WINDOWS\system32\kbdus.dll - ok
10:14:54.0807 2628 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
10:14:54.0807 2628 C:\WINDOWS\system32\ws2help.dll - ok
10:14:54.0807 2628 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
10:14:54.0807 2628 C:\WINDOWS\system32\ws2_32.dll - ok
10:14:54.0822 2628 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
10:14:54.0822 2628 C:\WINDOWS\system32\msgina.dll - ok
10:14:54.0822 2628 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
10:14:54.0822 2628 C:\WINDOWS\system32\comctl32.dll - ok
10:14:54.0822 2628 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
10:14:54.0822 2628 C:\WINDOWS\system32\comdlg32.dll - ok
10:14:54.0822 2628 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
10:14:54.0822 2628 C:\WINDOWS\system32\odbc32.dll - ok
10:14:54.0822 2628 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
10:14:54.0822 2628 C:\WINDOWS\system32\shell32.dll - ok
10:14:54.0822 2628 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
10:14:54.0822 2628 C:\WINDOWS\system32\shlwapi.dll - ok
10:14:54.0822 2628 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
10:14:54.0822 2628 C:\WINDOWS\system32\sxs.dll - ok
10:14:54.0822 2628 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
10:14:54.0822 2628 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
10:14:54.0822 2628 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
10:14:54.0822 2628 C:\WINDOWS\system32\odbcint.dll - ok
10:14:54.0822 2628 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
10:14:54.0822 2628 C:\WINDOWS\system32\sfc.dll - ok
10:14:54.0822 2628 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
10:14:54.0822 2628 C:\WINDOWS\system32\sfc_os.dll - ok
10:14:54.0837 2628 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
10:14:54.0837 2628 C:\WINDOWS\system32\shsvcs.dll - ok
10:14:54.0837 2628 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
10:14:54.0837 2628 C:\WINDOWS\system32\ole32.dll - ok
10:14:54.0837 2628 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
10:14:54.0837 2628 C:\WINDOWS\system32\apphelp.dll - ok
10:14:54.0837 2628 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:14:54.0837 2628 C:\WINDOWS\system32\services.exe - ok
10:14:54.0837 2628 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
10:14:54.0837 2628 C:\WINDOWS\system32\lsasrv.dll - ok
10:14:54.0837 2628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
10:14:54.0837 2628 C:\WINDOWS\system32\lsass.exe - ok
10:14:54.0837 2628 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
10:14:54.0837 2628 C:\WINDOWS\system32\ncobjapi.dll - ok
10:14:54.0837 2628 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
10:14:54.0837 2628 C:\WINDOWS\system32\msvcp60.dll - ok
10:14:54.0837 2628 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
10:14:54.0837 2628 C:\WINDOWS\system32\scesrv.dll - ok
10:14:54.0837 2628 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
10:14:54.0837 2628 C:\WINDOWS\system32\mpr.dll - ok
10:14:54.0837 2628 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\AcAdProc.dll
10:14:54.0837 2628 C:\WINDOWS\AppPatch\AcAdProc.dll - ok
10:14:54.0837 2628 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
10:14:54.0837 2628 C:\WINDOWS\system32\dnsapi.dll - ok
10:14:54.0852 2628 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
10:14:54.0852 2628 C:\WINDOWS\system32\ntdsapi.dll - ok
10:14:54.0852 2628 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
10:14:54.0852 2628 C:\WINDOWS\system32\shimeng.dll - ok
10:14:54.0852 2628 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
10:14:54.0852 2628 C:\WINDOWS\system32\umpnpmgr.dll - ok
10:14:54.0852 2628 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
10:14:54.0852 2628 C:\WINDOWS\system32\wldap32.dll - ok
10:14:54.0852 2628 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
10:14:54.0852 2628 C:\WINDOWS\system32\samlib.dll - ok
10:14:54.0852 2628 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
10:14:54.0852 2628 C:\WINDOWS\system32\samsrv.dll - ok
10:14:54.0852 2628 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\AcGenral.dll
10:14:54.0852 2628 C:\WINDOWS\AppPatch\AcGenral.dll - ok
10:14:54.0852 2628 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
10:14:54.0852 2628 C:\WINDOWS\system32\cryptdll.dll - ok
10:14:54.0852 2628 [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
10:14:54.0852 2628 C:\WINDOWS\system32\oleaut32.dll - ok
10:14:54.0852 2628 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
10:14:54.0852 2628 C:\WINDOWS\system32\winmm.dll - ok
10:14:54.0852 2628 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
10:14:54.0852 2628 C:\WINDOWS\system32\msacm32.dll - ok
10:14:54.0866 2628 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
10:14:54.0866 2628 C:\WINDOWS\system32\uxtheme.dll - ok
10:14:54.0866 2628 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
10:14:54.0866 2628 C:\WINDOWS\system32\msapsspc.dll - ok
10:14:54.0866 2628 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
10:14:54.0866 2628 C:\WINDOWS\system32\msvcrt40.dll - ok
10:14:54.0866 2628 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
10:14:54.0866 2628 C:\WINDOWS\system32\schannel.dll - ok
10:14:54.0866 2628 [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
10:14:54.0866 2628 C:\WINDOWS\system32\atmfd.dll - ok
10:14:54.0866 2628 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
10:14:54.0866 2628 C:\WINDOWS\system32\digest.dll - ok
10:14:54.0866 2628 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
10:14:54.0866 2628 C:\WINDOWS\system32\kerberos.dll - ok
10:14:54.0866 2628 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\MSCTFIME.IME
10:14:54.0866 2628 C:\WINDOWS\system32\MSCTFIME.IME - ok
10:14:54.0866 2628 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
10:14:54.0866 2628 C:\WINDOWS\system32\msnsspc.dll - ok
10:14:54.0866 2628 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
10:14:54.0866 2628 C:\WINDOWS\system32\msprivs.dll - ok
10:14:54.0866 2628 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
10:14:54.0866 2628 C:\WINDOWS\system32\msv1_0.dll - ok
10:14:54.0881 2628 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
10:14:54.0881 2628 C:\WINDOWS\system32\iphlpapi.dll - ok
10:14:54.0881 2628 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
10:14:54.0881 2628 C:\WINDOWS\system32\netlogon.dll - ok
10:14:54.0881 2628 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
10:14:54.0881 2628 C:\WINDOWS\system32\rsaenh.dll - ok
10:14:54.0881 2628 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
10:14:54.0881 2628 C:\WINDOWS\system32\w32time.dll - ok
10:14:54.0881 2628 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
10:14:54.0881 2628 C:\WINDOWS\system32\wdigest.dll - ok
10:14:54.0881 2628 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
10:14:54.0881 2628 C:\WINDOWS\system32\winscard.dll - ok
10:14:54.0881 2628 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
10:14:54.0881 2628 C:\WINDOWS\system32\wtsapi32.dll - ok
10:14:54.0881 2628 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
10:14:54.0881 2628 C:\WINDOWS\system32\scecli.dll - ok
10:14:54.0881 2628 [ EBFB9E788557ADED04AEF87247AE56DD ] C:\WINDOWS\system32\drivers\ino_fltr.sys
10:14:54.0881 2628 C:\WINDOWS\system32\drivers\ino_fltr.sys - ok
10:14:54.0881 2628 [ 4470E3C1E0C3378E4CAB137893C12C3A ] C:\WINDOWS\system32\drivers\mbam.sys
10:14:54.0881 2628 C:\WINDOWS\system32\drivers\mbam.sys - ok
10:14:54.0881 2628 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
10:14:54.0881 2628 C:\WINDOWS\system32\svchost.exe - ok
10:14:54.0896 2628 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
10:14:54.0896 2628 C:\WINDOWS\system32\ntmarta.dll - ok
10:14:54.0896 2628 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
10:14:54.0896 2628 C:\WINDOWS\system32\rpcss.dll - ok
10:14:54.0896 2628 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
10:14:54.0896 2628 C:\WINDOWS\system32\xpsp2res.dll - ok
10:14:54.0896 2628 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
10:14:54.0896 2628 C:\WINDOWS\system32\eventlog.dll - ok
10:14:54.0896 2628 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
10:14:54.0896 2628 C:\WINDOWS\system32\mswsock.dll - ok
10:14:54.0896 2628 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
10:14:54.0896 2628 C:\WINDOWS\system32\hnetcfg.dll - ok
10:14:54.0896 2628 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
10:14:54.0896 2628 C:\WINDOWS\system32\rasadhlp.dll - ok
10:14:54.0896 2628 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
10:14:54.0896 2628 C:\WINDOWS\system32\winrnr.dll - ok
10:14:54.0896 2628 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
10:14:54.0896 2628 C:\WINDOWS\system32\wshtcpip.dll - ok
10:14:54.0896 2628 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
10:14:54.0896 2628 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
10:14:54.0896 2628 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
10:14:54.0896 2628 C:\WINDOWS\system32\dhcpcsvc.dll - ok
10:14:54.0911 2628 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
10:14:54.0911 2628 C:\WINDOWS\system32\dnsrslvr.dll - ok
10:14:54.0911 2628 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
10:14:54.0911 2628 C:\WINDOWS\system32\lmhsvc.dll - ok
10:14:54.0911 2628 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
10:14:54.0911 2628 C:\WINDOWS\system32\wzcsvc.dll - ok
10:14:54.0911 2628 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
10:14:54.0911 2628 C:\WINDOWS\system32\eapolqec.dll - ok
10:14:54.0911 2628 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
10:14:54.0911 2628 C:\WINDOWS\system32\rtutils.dll - ok
10:14:54.0911 2628 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
10:14:54.0911 2628 C:\WINDOWS\system32\wmi.dll - ok
10:14:54.0911 2628 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
10:14:54.0911 2628 C:\WINDOWS\system32\atl.dll - ok
10:14:54.0911 2628 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
10:14:54.0911 2628 C:\WINDOWS\system32\dot3api.dll - ok
10:14:54.0911 2628 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
10:14:54.0911 2628 C:\WINDOWS\system32\esent.dll - ok
10:14:54.0911 2628 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
10:14:54.0911 2628 C:\WINDOWS\system32\qutil.dll - ok
10:14:54.0911 2628 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
10:14:54.0911 2628 C:\WINDOWS\system32\clbcatq.dll - ok
10:14:54.0911 2628 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
10:14:54.0911 2628 C:\WINDOWS\system32\comres.dll - ok
10:14:54.0925 2628 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
10:14:54.0925 2628 C:\WINDOWS\system32\cryptui.dll - ok
10:14:54.0925 2628 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
10:14:54.0925 2628 C:\WINDOWS\system32\cscdll.dll - ok
10:14:54.0925 2628 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
10:14:54.0925 2628 C:\WINDOWS\system32\dimsntfy.dll - ok
10:14:54.0925 2628 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
10:14:54.0925 2628 C:\WINDOWS\system32\rastls.dll - ok
10:14:54.0925 2628 [ B746202EC3FCCD3D90164986675991DE ] C:\Program Files\Citrix\GoToAssist Remote Support Customer\461\g2ax_winlogon.dll
10:14:54.0925 2628 C:\Program Files\Citrix\GoToAssist Remote Support Customer\461\g2ax_winlogon.dll - ok
10:14:54.0925 2628 [ CE5BA470204A3176E60721C4B63B8DF3 ] C:\WINDOWS\system32\wininet.dll
10:14:54.0925 2628 C:\WINDOWS\system32\wininet.dll - ok
10:14:54.0925 2628 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
10:14:54.0925 2628 C:\WINDOWS\system32\normaliz.dll - ok
10:14:54.0925 2628 [ F2ED64D23C94ACF512A81142F3431F4C ] C:\WINDOWS\system32\urlmon.dll
10:14:54.0925 2628 C:\WINDOWS\system32\urlmon.dll - ok
10:14:54.0925 2628 [ 4B260853E692D11BA7A8D9B3B8807BB3 ] C:\Program Files\Citrix\GoToAssist Remote Support Customer\461\g2ax_processfactory.exe
10:14:54.0925 2628 C:\Program Files\Citrix\GoToAssist Remote Support Customer\461\g2ax_processfactory.exe - ok
10:14:54.0925 2628 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
10:14:54.0925 2628 C:\WINDOWS\system32\wlnotify.dll - ok
10:14:54.0925 2628 [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
10:14:54.0925 2628 C:\WINDOWS\system32\WgaLogon.dll - ok
10:14:54.0940 2628 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
10:14:54.0940 2628 C:\WINDOWS\system32\winspool.drv - ok
10:14:54.0940 2628 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
10:14:54.0940 2628 C:\WINDOWS\system32\msxml3.dll - ok
10:14:54.0940 2628 [ F81E2C10BD6C4BE3B9A242018CEF7A98 ] C:\WINDOWS\system32\iertutil.dll
10:14:54.0940 2628 C:\WINDOWS\system32\iertutil.dll - ok
10:14:54.0940 2628 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
10:14:54.0940 2628 C:\WINDOWS\system32\mprapi.dll - ok
10:14:54.0940 2628 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
10:14:54.0940 2628 C:\WINDOWS\system32\activeds.dll - ok
10:14:54.0940 2628 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
10:14:54.0940 2628 C:\WINDOWS\system32\adsldpc.dll - ok
10:14:54.0940 2628 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
10:14:54.0940 2628 C:\WINDOWS\system32\rasapi32.dll - ok
10:14:54.0940 2628 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
10:14:54.0940 2628 C:\WINDOWS\system32\rasman.dll - ok
10:14:54.0940 2628 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
10:14:54.0940 2628 C:\WINDOWS\system32\tapi32.dll - ok
10:14:54.0940 2628 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
10:14:54.0940 2628 C:\WINDOWS\system32\riched20.dll - ok
10:14:54.0940 2628 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
10:14:54.0940 2628 C:\WINDOWS\system32\raschap.dll - ok
10:14:54.0955 2628 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
10:14:54.0955 2628 C:\WINDOWS\system32\schedsvc.dll - ok
10:14:54.0955 2628 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
10:14:54.0955 2628 C:\WINDOWS\system32\msidle.dll - ok
10:14:54.0955 2628 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
10:14:54.0955 2628 C:\WINDOWS\system32\spoolsv.exe - ok
10:14:54.0955 2628 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
10:14:54.0955 2628 C:\WINDOWS\system32\audiosrv.dll - ok
10:14:54.0955 2628 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
10:14:54.0955 2628 C:\WINDOWS\system32\wkssvc.dll - ok
10:14:54.0955 2628 [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\system32\drivers\fastfat.sys
10:14:54.0955 2628 C:\WINDOWS\system32\drivers\fastfat.sys - ok
10:14:54.0955 2628 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
10:14:54.0955 2628 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
10:14:54.0955 2628 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
10:14:54.0955 2628 C:\WINDOWS\system32\webclnt.dll - ok
10:14:54.0955 2628 [ 404544C1B48AAC95A839F5D48CF82BA6 ] C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
10:14:54.0955 2628 C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe - ok
10:14:54.0955 2628 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
10:14:54.0955 2628 C:\WINDOWS\system32\drivers\parport.sys - ok
10:14:54.0955 2628 [ D2965195C04ACE9BE6E124DD58A6E482 ] C:\Program Files\CA\SharedComponents\iTechnology\libetpki2.dll
10:14:54.0955 2628 C:\Program Files\CA\SharedComponents\iTechnology\libetpki2.dll - ok
10:14:54.0970 2628 [ 574738F61FCA2935F5265DC4E5691314 ] C:\WINDOWS\system32\qmgr.dll
10:14:54.0970 2628 C:\WINDOWS\system32\qmgr.dll - ok
10:14:54.0970 2628 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
10:14:54.0970 2628 C:\WINDOWS\system32\wsock32.dll - ok
10:14:54.0970 2628 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
10:14:54.0970 2628 C:\WINDOWS\system32\shfolder.dll - ok
10:14:54.0970 2628 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\CA\SharedComponents\iTechnology\msvcr71.dll
10:14:54.0970 2628 C:\Program Files\CA\SharedComponents\iTechnology\msvcr71.dll - ok
10:14:54.0970 2628 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
10:14:54.0970 2628 C:\WINDOWS\system32\winhttp.dll - ok
10:14:54.0970 2628 [ C13FA85C2948F4BAFBE848AD2962030C ] C:\Program Files\CA\SharedComponents\iTechnology\ipthread.dll
10:14:54.0970 2628 C:\Program Files\CA\SharedComponents\iTechnology\ipthread.dll - ok
10:14:54.0970 2628 [ F5849C46BD1746AF997124A1AF76F8B1 ] C:\Program Files\CA\SharedComponents\iTechnology\libetpki2_thread.dll
10:14:54.0970 2628 C:\Program Files\CA\SharedComponents\iTechnology\libetpki2_thread.dll - ok
10:14:54.0970 2628 [ 9972A6ED4F2388DBFA8E0A96F6F3FDF1 ] C:\Program Files\CA\SharedComponents\iTechnology\msvcr70.dll
10:14:54.0970 2628 C:\Program Files\CA\SharedComponents\iTechnology\msvcr70.dll - ok
10:14:54.0970 2628 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
10:14:54.0970 2628 C:\WINDOWS\system32\certcli.dll - ok
10:14:54.0970 2628 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
10:14:54.0970 2628 C:\WINDOWS\system32\cryptsvc.dll - ok
10:14:54.0970 2628 [ ECB358CCEECD18EE398CEE9562D4F21A ] C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_crypto.dll
10:14:54.0970 2628 C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_crypto.dll - ok
10:14:54.0970 2628 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
10:14:54.0970 2628 C:\WINDOWS\system32\dmserver.dll - ok
10:14:54.0985 2628 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
10:14:54.0985 2628 C:\WINDOWS\system32\ersvc.dll - ok
10:14:54.0985 2628 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
10:14:54.0985 2628 C:\WINDOWS\system32\es.dll - ok
10:14:54.0985 2628 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
10:14:54.0985 2628 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
10:14:54.0985 2628 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
10:14:54.0985 2628 C:\WINDOWS\system32\hid.dll - ok
10:14:54.0985 2628 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
10:14:54.0985 2628 C:\WINDOWS\system32\hidserv.dll - ok
10:14:54.0985 2628 [ 977DC4359C532BDE1391FBBC05C3DDF6 ] C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_ssl.dll
10:14:54.0985 2628 C:\Program Files\CA\SharedComponents\iTechnology\libetpki_openssl_ssl.dll - ok
10:14:54.0985 2628 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
10:14:54.0985 2628 C:\WINDOWS\system32\netman.dll - ok
10:14:54.0985 2628 [ 4F7D1520BBE672FD9364A9F6F1DEF47C ] C:\Program Files\CA\eTrustITM\InoRPC.exe
10:14:54.0985 2628 C:\Program Files\CA\eTrustITM\InoRPC.exe - ok
10:14:54.0985 2628 [ 48AA212B28E24E11F1E8C9EDB9E66D6C ] C:\Program Files\CA\eTrustITM\poldecod.dll
10:14:54.0985 2628 C:\Program Files\CA\eTrustITM\poldecod.dll - ok
10:14:54.0985 2628 [ 95AC512898A8E9F0E76740EB259E4C31 ] C:\Program Files\Java\jre7\bin\client\jvm.dll
10:14:54.0985 2628 C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
10:14:54.0985 2628 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
10:14:54.0985 2628 C:\WINDOWS\system32\netshell.dll - ok
10:14:54.0999 2628 [ 6A8814117D430577DE6D2257CEFA36C9 ] C:\Program Files\CA\eTrustITM\InoOEM.dll
10:14:54.0999 2628 C:\Program Files\CA\eTrustITM\InoOEM.dll - ok
10:14:54.0999 2628 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\system32\msvcr71.dll
10:14:54.0999 2628 C:\WINDOWS\system32\msvcr71.dll - ok
10:14:54.0999 2628 [ 850C6F5177815888A4E7D0BDDCBDA8F1 ] C:\Program Files\CA\eTrustITM\eTrstSig.dll
10:14:54.0999 2628 C:\Program Files\CA\eTrustITM\eTrstSig.dll - ok
10:14:54.0999 2628 [ E7329195B00E992005949D8C9524D1CA ] C:\Program Files\CA\eTrustITM\InConfig.dll
10:14:54.0999 2628 C:\Program Files\CA\eTrustITM\InConfig.dll - ok
10:14:54.0999 2628 [ 0317085CA73553193E971902F828885E ] C:\Program Files\CA\eTrustITM\Inocore.dll
10:14:54.0999 2628 C:\Program Files\CA\eTrustITM\Inocore.dll - ok
10:14:54.0999 2628 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\WINDOWS\system32\msvcp71.dll
10:14:54.0999 2628 C:\WINDOWS\system32\msvcp71.dll - ok
10:14:54.0999 2628 [ AD7641EAF609DAE2BAC586B32EA2EAA3 ] C:\Program Files\CA\eTrustITM\AvOEM.dll
10:14:54.0999 2628 C:\Program Files\CA\eTrustITM\AvOEM.dll - ok
10:14:54.0999 2628 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
10:14:54.0999 2628 C:\WINDOWS\system32\credui.dll - ok
10:14:54.0999 2628 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
10:14:54.0999 2628 C:\WINDOWS\system32\dot3dlg.dll - ok
10:14:54.0999 2628 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
10:14:54.0999 2628 C:\WINDOWS\system32\onex.dll - ok
10:14:54.0999 2628 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
10:14:54.0999 2628 C:\WINDOWS\system32\eappcfg.dll - ok
10:14:54.0999 2628 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
10:14:54.0999 2628 C:\WINDOWS\system32\eappprxy.dll - ok
10:14:55.0014 2628 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
10:14:55.0014 2628 C:\WINDOWS\system32\wzcsapi.dll - ok
10:14:55.0014 2628 [ 1FEB2901A056A3531B2BEF7BF8DA7CCC ] C:\Program Files\CA\eTrustITM\PpOEM.dll
10:14:55.0014 2628 C:\Program Files\CA\eTrustITM\PpOEM.dll - ok
10:14:55.0014 2628 [ 669D2EB8C1BC4D5A36CAFCE1574FC130 ] C:\Program Files\CA\eTrustITM\ComOEM.dll
10:14:55.0014 2628 C:\Program Files\CA\eTrustITM\ComOEM.dll - ok
10:14:55.0014 2628 [ 02466C11C8C8251C8A67C349B0F70F23 ] C:\Program Files\CA\SharedComponents\iTechnology\iControl.dll
10:14:55.0014 2628 C:\Program Files\CA\SharedComponents\iTechnology\iControl.dll - ok
10:14:55.0014 2628 [ D8E7BA981FE50D1738A4A5A214B9B69D ] C:\Program Files\CA\eTrustITM\InocDB.dll
10:14:55.0014 2628 C:\Program Files\CA\eTrustITM\InocDB.dll - ok
10:14:55.0014 2628 [ 1A713B2C70ABC3E7EB3DD19A2D55C77D ] C:\Program Files\CA\eTrustITM\ScanLog.dll
10:14:55.0014 2628 C:\Program Files\CA\eTrustITM\ScanLog.dll - ok
10:14:55.0014 2628 [ 87AA22A9F05E0461A5F6DF50A993EE67 ] C:\Program Files\CA\SharedComponents\iTechnology\zlib.dll
10:14:55.0014 2628 C:\Program Files\CA\SharedComponents\iTechnology\zlib.dll - ok
10:14:55.0014 2628 [ 52DA84A08E304F9E6BC74D049BDCDCCD ] C:\Program Files\CA\SharedComponents\iTechnology\xerces-c_2_6.dll
10:14:55.0014 2628 C:\Program Files\CA\SharedComponents\iTechnology\xerces-c_2_6.dll - ok
10:14:55.0014 2628 [ A08267418C7FD4CC79CBE392373209DB ] C:\Program Files\CA\eTrustITM\InoRT.exe
10:14:55.0014 2628 C:\Program Files\CA\eTrustITM\InoRT.exe - ok
10:14:55.0014 2628 [ AE5485D9141892BB20EF4FC16557D91D ] C:\Program Files\CA\eTrustITM\wBkRsrc.dll
10:14:55.0014 2628 C:\Program Files\CA\eTrustITM\wBkRsrc.dll - ok
10:14:55.0014 2628 [ B4C01C7A1ECF776D5F44EACDF8548FEE ] C:\Program Files\CA\eTrustITM\Avdcod.dll
10:14:55.0014 2628 C:\Program Files\CA\eTrustITM\Avdcod.dll - ok
10:14:55.0029 2628 [ 8059F5364B488E208F89B5E2F5361421 ] C:\Program Files\CA\eTrustITM\eTSigAV.dll
10:14:55.0029 2628 C:\Program Files\CA\eTrustITM\eTSigAV.dll - ok
10:14:55.0029 2628 [ D8B72E08AC488130B99EF16C013A3B0B ] C:\Program Files\CA\eTrustITM\eTSigPP.dll
10:14:55.0029 2628 C:\Program Files\CA\eTrustITM\eTSigPP.dll - ok
10:14:55.0029 2628 [ 19B06BD158AE84142EDA92521EA645F4 ] C:\Program Files\CA\eTrustITM\InoAlert.dll
10:14:55.0029 2628 C:\Program Files\CA\eTrustITM\InoAlert.dll - ok
10:14:55.0029 2628 [ 289D11B07C61F1E8F65312081B26AC6B ] C:\Program Files\CA\eTrustITM\InoTask.exe
10:14:55.0029 2628 C:\Program Files\CA\eTrustITM\InoTask.exe - ok
10:14:55.0029 2628 [ 4FE459E191B6F9A02E3AC98092CE5C00 ] C:\Program Files\CA\eTrustITM\mandcod.dll
10:14:55.0029 2628 C:\Program Files\CA\eTrustITM\mandcod.dll - ok
10:14:55.0029 2628 [ 54E967C5F146C1F3687B2B6D97EB9C87 ] C:\Program Files\CA\SharedComponents\iTechnology\libcurl_7_12_3.dll
10:14:55.0029 2628 C:\Program Files\CA\SharedComponents\iTechnology\libcurl_7_12_3.dll - ok
10:14:55.0029 2628 [ CAC359E55A85E33275217543C7E5ADAB ] C:\Program Files\CA\SharedComponents\iTechnology\libeay32.dll
10:14:55.0029 2628 C:\Program Files\CA\SharedComponents\iTechnology\libeay32.dll - ok
10:14:55.0029 2628 [ 42F768D1B6EFFB442B04EA2D0F408EFE ] C:\Program Files\CA\SharedComponents\ScanEngine\InoScan.dll
10:14:55.0029 2628 C:\Program Files\CA\SharedComponents\ScanEngine\InoScan.dll - ok
10:14:55.0029 2628 [ 0EB6FA7136A996237C205959B795CE2A ] C:\Program Files\CA\SharedComponents\ScanEngine\ScanRes.dll
10:14:55.0029 2628 C:\Program Files\CA\SharedComponents\ScanEngine\ScanRes.dll - ok
10:14:55.0029 2628 [ 842638DCEAF1F836D8F7771625631F5D ] C:\Program Files\CA\eTrustITM\InDrvCfg.dll
10:14:55.0029 2628 C:\Program Files\CA\eTrustITM\InDrvCfg.dll - ok
10:14:55.0029 2628 [ 0522C2C49DC9642DE0EFCD31E1CDBFD3 ] C:\Program Files\CA\eTrustITM\RPCMtAPI.dll
10:14:55.0029 2628 C:\Program Files\CA\eTrustITM\RPCMtAPI.dll - ok
10:14:55.0044 2628 [ CAFB5F6DE30E6098CCFF88D9636C844E ] C:\Program Files\CA\SharedComponents\CAUpdate\AVUConfig.dll
10:14:55.0044 2628 C:\Program Files\CA\SharedComponents\CAUpdate\AVUConfig.dll - ok
10:14:55.0044 2628 [ 232389261671CFAF544ABF8BD6C99F0D ] C:\Program Files\CA\SharedComponents\ScanEngine\Arclib.dll
10:14:55.0044 2628 C:\Program Files\CA\SharedComponents\ScanEngine\Arclib.dll - ok
10:14:55.0044 2628 [ EAE3E82DCA433DF73BD62152866CF388 ] C:\Program Files\CA\eTrustITM\secAPI.dll
10:14:55.0044 2628 C:\Program Files\CA\eTrustITM\secAPI.dll - ok
10:14:55.0044 2628 [ 32F7A5E466ECCABE743A0A0088B186E1 ] C:\Program Files\CA\SharedComponents\ScanEngine\VetE.dll
10:14:55.0044 2628 C:\Program Files\CA\SharedComponents\ScanEngine\VetE.dll - ok
10:14:55.0044 2628 [ 3E83CC38838034C7C8D9316A6518891B ] C:\Program Files\CA\SharedComponents\CAUpdate\CAUConfig.dll
10:14:55.0044 2628 C:\Program Files\CA\SharedComponents\CAUpdate\CAUConfig.dll - ok
10:14:55.0044 2628 [ FE5594C02D681D145BB99E430C2ED415 ] C:\Program Files\CA\SharedComponents\iTechnology\ssleay32.dll
10:14:55.0044 2628 C:\Program Files\CA\SharedComponents\iTechnology\ssleay32.dll - ok
10:14:55.0044 2628 [ D04F7AACA2319A3BCDB2C5D5DD6F6026 ] C:\Program Files\CA\SharedComponents\iTechnology\msvcp70.dll
10:14:55.0044 2628 C:\Program Files\CA\SharedComponents\iTechnology\msvcp70.dll - ok
10:14:55.0044 2628 [ 7493B6497547AE5FE12495B3287C3E07 ] C:\Program Files\CA\SharedComponents\iTechnology\pcre.dll
10:14:55.0044 2628 C:\Program Files\CA\SharedComponents\iTechnology\pcre.dll - ok
10:14:55.0044 2628 [ 6C24EDAF41FA04028594408DBAF068E1 ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
10:14:55.0044 2628 C:\Program Files\CA\SharedComponents\PPRealtime\bin\CAServer.dll - ok
10:14:55.0044 2628 [ B81E9DE3F8B1D95F961660B4E548D081 ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
10:14:55.0044 2628 C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe - ok
10:14:55.0044 2628 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\msvcp71.dll
10:14:55.0044 2628 C:\Program Files\CA\SharedComponents\PPRealtime\bin\msvcp71.dll - ok
10:14:55.0044 2628 [ 4316C7D78FEC5B66A805C8ABD6AF4697 ] C:\Program Files\CA\SharedComponents\ThirdParty\xerces-c_2_6_vc71.dll
10:14:55.0044 2628 C:\Program Files\CA\SharedComponents\ThirdParty\xerces-c_2_6_vc71.dll - ok
10:14:55.0058 2628 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
10:14:55.0058 2628 C:\WINDOWS\system32\security.dll - ok
10:14:55.0058 2628 [ F454EBAD0D42D880C19C6F93E8798598 ] C:\Program Files\CA\SharedComponents\iTechnology\Spin.dll
10:14:55.0058 2628 C:\Program Files\CA\SharedComponents\iTechnology\Spin.dll - ok
10:14:55.0058 2628 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\msvcr71.dll
10:14:55.0058 2628 C:\Program Files\CA\SharedComponents\PPRealtime\bin\msvcr71.dll - ok
10:14:55.0058 2628 [ 92B91C7806684E1D9B265F3C88AD20F4 ] C:\Program Files\CA\SharedComponents\ThirdParty\xsec_1_1_0_vc71.dll
10:14:55.0058 2628 C:\Program Files\CA\SharedComponents\ThirdParty\xsec_1_1_0_vc71.dll - ok
10:14:55.0058 2628 [ F0388C0FA759C9B7B836B1CAB093655F ] C:\Program Files\CA\SharedComponents\iTechnology\baseSpindle.dll
10:14:55.0058 2628 C:\Program Files\CA\SharedComponents\iTechnology\baseSpindle.dll - ok
10:14:55.0058 2628 [ 80F08F50D248EEEEB9256F6522891D40 ] C:\Program Files\Java\jre7\bin\jqs.exe
10:14:55.0058 2628 C:\Program Files\Java\jre7\bin\jqs.exe - ok
10:14:55.0058 2628 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
10:14:55.0058 2628 C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
10:14:55.0058 2628 [ 78F8D7949F1EFF88BA65F8EC29176AB0 ] C:\Program Files\CA\SharedComponents\CAUpdate\CAUMessage.dll
10:14:55.0058 2628 C:\Program Files\CA\SharedComponents\CAUpdate\CAUMessage.dll - ok
10:14:55.0058 2628 [ 1B9111217B6983CCF056463C64EF47C1 ] C:\Program Files\CA\SharedComponents\ScanEngine\MsgQueue.dll
10:14:55.0058 2628 C:\Program Files\CA\SharedComponents\ScanEngine\MsgQueue.dll - ok
10:14:55.0058 2628 [ 4A79D2CBE414D14E3030251B85D9E1BA ] C:\Program Files\CA\eTrustITM\eppdcod.dll
10:14:55.0058 2628 C:\Program Files\CA\eTrustITM\eppdcod.dll - ok
10:14:55.0058 2628 [ A7088E1608E53DBDDA0698411BB0BB24 ] C:\Program Files\CA\eTrustITM\epprc.dll
10:14:55.0058 2628 C:\Program Files\CA\eTrustITM\epprc.dll - ok
10:14:55.0073 2628 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
10:14:55.0073 2628 C:\WINDOWS\system32\pdh.dll - ok
10:14:55.0073 2628 [ 557F1964C26556F05CBA9029A2BE9FD0 ] C:\Program Files\CA\SharedComponents\iTechnology\ITMClient.dll
10:14:55.0073 2628 C:\Program Files\CA\SharedComponents\iTechnology\ITMClient.dll - ok
10:14:55.0073 2628 [ 683682D4A7CF11C7A268B6BA85794D20 ] C:\Program Files\CA\eTrustITM\InocAdn.dll
10:14:55.0073 2628 C:\Program Files\CA\eTrustITM\InocAdn.dll - ok
10:14:55.0073 2628 [ E30C4F071F037D409537731566DB8BB3 ] C:\Program Files\CA\eTrustITM\secAddIn.dll
10:14:55.0073 2628 C:\Program Files\CA\eTrustITM\secAddIn.dll - ok
10:14:55.0073 2628 [ F99DC4C5EE7B2C2E7B5EE21DB60FAFA1 ] C:\Program Files\CA\SharedComponents\SubscriptionLicense\licenseUtils.dll
10:14:55.0073 2628 C:\Program Files\CA\SharedComponents\SubscriptionLicense\licenseUtils.dll - ok
10:14:55.0073 2628 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
10:14:55.0073 2628 C:\WINDOWS\system32\odbcbcp.dll - ok
10:14:55.0073 2628 [ 32F9802DF4143991649BDCD8548BA3DC ] C:\Program Files\Local Print Agent\Local Print Agent.exe
10:14:55.0073 2628 C:\Program Files\Local Print Agent\Local Print Agent.exe - ok
10:14:55.0073 2628 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
10:14:55.0073 2628 C:\WINDOWS\system32\srvsvc.dll - ok
10:14:55.0073 2628 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
10:14:55.0073 2628 C:\WINDOWS\system32\mscoree.dll - ok
10:14:55.0073 2628 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
10:14:55.0073 2628 C:\WINDOWS\system32\netmsg.dll - ok
10:14:55.0073 2628 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
10:14:55.0073 2628 C:\WINDOWS\system32\perfdisk.dll - ok
10:14:55.0088 2628 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
10:14:55.0088 2628 C:\WINDOWS\system32\perfos.dll - ok
10:14:55.0088 2628 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
10:14:55.0088 2628 C:\WINDOWS\system32\drivers\srv.sys - ok
10:14:55.0088 2628 [ FB53A700132D9A97D1E10E9F80BD6174 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
10:14:55.0088 2628 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
10:14:55.0088 2628 [ C14FE4600EA83BBB53DEA670586C3C07 ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTAPI.dll
10:14:55.0088 2628 C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTAPI.dll - ok
10:14:55.0088 2628 [ 44F35D70423A8E83A7481F6FBC83F73D ] C:\Program Files\CA\eTrustITM\polAdn.dll
10:14:55.0088 2628 C:\Program Files\CA\eTrustITM\polAdn.dll - ok
10:14:55.0088 2628 [ CF15AEC3C92D230AAE0C679B8FEE4A41 ] C:\Program Files\CA\eTrustITM\RPCMtAdn.dll
10:14:55.0088 2628 C:\Program Files\CA\eTrustITM\RPCMtAdn.dll - ok
10:14:55.0088 2628 [ 4316C7D78FEC5B66A805C8ABD6AF4697 ] C:\Program Files\CA\SharedComponents\iTechnology\xerces-c_2_6_vc71.dll
10:14:55.0088 2628 C:\Program Files\CA\SharedComponents\iTechnology\xerces-c_2_6_vc71.dll - ok
10:14:55.0088 2628 [ C27E770204A8B7D92EA69A0179FE42E4 ] C:\Program Files\CA\SharedComponents\ScanEngine\ppctl.dll
10:14:55.0088 2628 C:\Program Files\CA\SharedComponents\ScanEngine\ppctl.dll - ok
10:14:55.0088 2628 [ DBB864184B0DACB6A3BE3BB849640836 ] C:\Program Files\CA\eTrustITM\nameAPIX.dll
10:14:55.0088 2628 C:\Program Files\CA\eTrustITM\nameAPIX.dll - ok
10:14:55.0088 2628 [ 86B35A24432A8A30EB769D2DFFE5DC72 ] C:\Program Files\CA\eTrustITM\manecod.dll
10:14:55.0088 2628 C:\Program Files\CA\eTrustITM\manecod.dll - ok
10:14:55.0088 2628 [ CADD01BF37AFA6BD3AF4852CAA038C23 ] C:\Program Files\CA\eTrustITM\polencod.dll
10:14:55.0088 2628 C:\Program Files\CA\eTrustITM\polencod.dll - ok
10:14:55.0088 2628 [ B8B9D26952B13A80F173DF1456868E7D ] C:\Program Files\CA\eTrustITM\eppecod.dll
10:14:55.0088 2628 C:\Program Files\CA\eTrustITM\eppecod.dll - ok
10:14:55.0103 2628 [ 2409BC8C41B64F89C9E489232F75D4B5 ] C:\Program Files\CA\eTrustITM\mailecod.dll
10:14:55.0103 2628 C:\Program Files\CA\eTrustITM\mailecod.dll - ok
10:14:55.0103 2628 [ 1C4D0F52B4238B9388F2A28DD0903588 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
10:14:55.0103 2628 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll - ok
10:14:55.0103 2628 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\CA\SharedComponents\iTechnology\msvcp71.dll
10:14:55.0103 2628 C:\Program Files\CA\SharedComponents\iTechnology\msvcp71.dll - ok
10:14:55.0103 2628 [ 09523AFBC5937D7CC786FC9C74D2D516 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
10:14:55.0103 2628 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll - ok
10:14:55.0103 2628 [ 3E6657495EC5661C705F0749EE12A7D6 ] C:\Program Files\CA\eTrustITM\ITMsdk.dll
10:14:55.0103 2628 C:\Program Files\CA\eTrustITM\ITMsdk.dll - ok
10:14:55.0103 2628 [ 92B91C7806684E1D9B265F3C88AD20F4 ] C:\Program Files\CA\SharedComponents\iTechnology\xsec_1_1_0_vc71.dll
10:14:55.0103 2628 C:\Program Files\CA\SharedComponents\iTechnology\xsec_1_1_0_vc71.dll - ok
10:14:55.0103 2628 [ 4B3685AA700084E4ED6635FC1EFD9CC2 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
10:14:55.0103 2628 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll - ok
10:14:55.0103 2628 [ C1649188479440AA5834EDA555445CDC ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
10:14:55.0103 2628 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll - ok
10:14:55.0103 2628 [ 723528449ED0D1B0AD98AF3EDF23101D ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
10:14:55.0103 2628 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
10:14:55.0103 2628 [ C92AFC7B1DEADEE419DC44E4081AAF0A ] C:\Program Files\CA\eTrustITM\InoWMI.dll
10:14:55.0103 2628 C:\Program Files\CA\eTrustITM\InoWMI.dll - ok
10:14:55.0103 2628 [ 3BDC875DF2B82BEFEF0D9F4A35370537 ] C:\Program Files\Local Print Agent\PrintFleet.Common.dll
10:14:55.0103 2628 C:\Program Files\Local Print Agent\PrintFleet.Common.dll - ok
10:14:55.0117 2628 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
10:14:55.0117 2628 C:\WINDOWS\system32\msi.dll - ok
10:14:55.0117 2628 [ E34BABA9FA867FDA5F05ACF29753FF25 ] C:\Program Files\CA\eTrustITM\OemComNA.dll
10:14:55.0117 2628 C:\Program Files\CA\eTrustITM\OemComNA.dll - ok
10:14:55.0117 2628 [ AA224F2BE32EA556282E24824771EB04 ] C:\Program Files\Local Print Agent\Nlog.dll
10:14:55.0117 2628 C:\Program Files\Local Print Agent\Nlog.dll - ok
10:14:55.0117 2628 [ 249885BC976CE436AF0EAE90FC728336 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll
10:14:55.0117 2628 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll - ok
10:14:55.0117 2628 [ 13BE601DD9AF4B726C8EF1DC337271CC ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
10:14:55.0117 2628 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll - ok
10:14:55.0117 2628 [ CC7563FEB4FD29E0C1A61841BEA64D5F ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll
10:14:55.0117 2628 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll - ok
10:14:55.0117 2628 [ C3FED6BBC024AAFFE6969FD4EE9F5941 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
10:14:55.0117 2628 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll - ok
10:14:55.0117 2628 [ 7A7831A07950CD7E8AC82AFA7E44A816 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
10:14:55.0117 2628 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll - ok
10:14:55.0117 2628 [ 9774C61DC40B728960AD4849BCAA009A ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll
10:14:55.0117 2628 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll - ok
10:14:55.0117 2628 [ 70B034685916298B6394B5DA4FD8B630 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8a0eba3c8f881dd718ab4d1bb5118f15\System.Web.Services.ni.dll
10:14:55.0117 2628 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8a0eba3c8f881dd718ab4d1bb5118f15\System.Web.Services.ni.dll - ok
10:14:55.0117 2628 [ 50AF3E1B3A0744F7750B9BCD3C80AA52 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll
10:14:55.0117 2628 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll - ok
10:14:55.0132 2628 [ 16F96C1496CBD0965285AB19A9271D02 ] C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
10:14:55.0132 2628 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - ok
10:14:55.0132 2628 [ 4EA92135C436D18975C2EBEC242B71DA ] C:\WINDOWS\system32\icmp.dll
10:14:55.0132 2628 C:\WINDOWS\system32\icmp.dll - ok
10:14:55.0132 2628 [ B9653D05DEDB4C4BAA707C819922D291 ] C:\Program Files\CA\eTrustITM\Ppcl.exe
10:14:55.0132 2628 C:\Program Files\CA\eTrustITM\Ppcl.exe - ok
10:14:55.0132 2628 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
10:14:55.0132 2628 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
10:14:55.0132 2628 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
10:14:55.0132 2628 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
10:14:55.0132 2628 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\WINDOWS\system32\mfc71.dll
10:14:55.0132 2628 C:\WINDOWS\system32\mfc71.dll - ok
10:14:55.0132 2628 [ 860FAD57B4668A9F5F350A9D5444AE89 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
10:14:55.0132 2628 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - ok
10:14:55.0132 2628 [ 65085456FD9A74D7F1A999520C299ECB ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:14:55.0132 2628 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
10:14:55.0132 2628 [ EF39CCCC9AD927A25334AE0B41A8A343 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
10:14:55.0132 2628 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok
10:14:55.0132 2628 [ 9275F02BEA644F43A459E316A932658F ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
10:14:55.0132 2628 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok
10:14:55.0132 2628 [ 4E98097C6DAF780D145FB702C6EA625F ] C:\WINDOWS\system32\ieframe.dll
10:14:55.0132 2628 C:\WINDOWS\system32\ieframe.dll - ok
10:14:55.0147 2628 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:14:55.0147 2628 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok
10:14:55.0147 2628 [ 80D8679BF84A9383BFF33E07D5D9FC35 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
10:14:55.0147 2628 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok
10:14:55.0147 2628 [ 30DB64D316F502558DB2380F7343C9FD ] C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
10:14:55.0147 2628 C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - ok
10:14:55.0147 2628 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
10:14:55.0147 2628 C:\WINDOWS\system32\ipsecsvc.dll - ok
10:14:55.0147 2628 [ 986B1FF5814366D71E0AC5755C88F2D3 ] C:\WINDOWS\system32\msgsvc.dll
10:14:55.0147 2628 C:\WINDOWS\system32\msgsvc.dll - ok
10:14:55.0147 2628 [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
10:14:55.0147 2628 C:\WINDOWS\system32\regsvc.dll - ok
10:14:55.0147 2628 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
10:14:55.0147 2628 C:\WINDOWS\system32\seclogon.dll - ok
10:14:55.0147 2628 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
10:14:55.0147 2628 C:\WINDOWS\system32\oakley.dll - ok
10:14:55.0147 2628 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
10:14:55.0147 2628 C:\WINDOWS\system32\wiaservc.dll - ok
10:14:55.0147 2628 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
10:14:55.0147 2628 C:\WINDOWS\system32\sens.dll - ok
10:14:55.0147 2628 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
10:14:55.0147 2628 C:\WINDOWS\system32\srsvc.dll - ok
10:14:55.0147 2628 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
10:14:55.0147 2628 C:\WINDOWS\system32\winipsec.dll - ok
10:14:55.0162 2628 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
10:14:55.0162 2628 C:\WINDOWS\system32\powrprof.dll - ok
10:14:55.0162 2628 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
10:14:55.0162 2628 C:\WINDOWS\system32\cfgmgr32.dll - ok
10:14:55.0162 2628 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
10:14:55.0162 2628 C:\WINDOWS\system32\mscms.dll - ok
10:14:55.0162 2628 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
10:14:55.0162 2628 C:\WINDOWS\system32\pstorsvc.dll - ok
10:14:55.0162 2628 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
10:14:55.0162 2628 C:\WINDOWS\system32\trkwks.dll - ok
10:14:55.0162 2628 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
10:14:55.0162 2628 C:\WINDOWS\system32\psbase.dll - ok
10:14:55.0162 2628 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
10:14:55.0162 2628 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
10:14:55.0162 2628 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
10:14:55.0162 2628 C:\WINDOWS\system32\dssenh.dll - ok
10:14:55.0162 2628 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
10:14:55.0162 2628 C:\WINDOWS\system32\vssapi.dll - ok
10:14:55.0162 2628 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
10:14:55.0162 2628 C:\WINDOWS\system32\actxprxy.dll - ok
10:14:55.0162 2628 [ 207204AF80505AF51271FE164B56F662 ] C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
10:14:55.0162 2628 C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll - ok
10:14:55.0176 2628 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
10:14:55.0176 2628 C:\WINDOWS\system32\wuauserv.dll - ok
10:14:55.0176 2628 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
10:14:55.0176 2628 C:\WINDOWS\system32\wuaueng.dll - ok
10:14:55.0176 2628 [ 30EFEBDC960A482E3E188B9960B286E2 ] C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
10:14:55.0176 2628 C:\Program Files\Microsoft Office\Office12\GrooveNew.dll - ok
10:14:55.0176 2628 [ 3C7DEF3CBBCA6284867AA4621D5D8A54 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
10:14:55.0176 2628 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll - ok
10:14:55.0176 2628 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
10:14:55.0176 2628 C:\WINDOWS\system32\cabinet.dll - ok
10:14:55.0176 2628 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
10:14:55.0176 2628 C:\WINDOWS\system32\mspatcha.dll - ok
10:14:55.0176 2628 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
10:14:55.0176 2628 C:\WINDOWS\system32\browser.dll - ok
10:14:55.0176 2628 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
10:14:55.0176 2628 C:\WINDOWS\system32\msimg32.dll - ok
10:14:55.0176 2628 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
10:14:55.0176 2628 C:\WINDOWS\system32\ipnathlp.dll - ok
10:14:55.0176 2628 [ 6309955F8A1BDD10A8467C50ED3F023E ] C:\WINDOWS\system32\netsh.exe
10:14:55.0176 2628 C:\WINDOWS\system32\netsh.exe - ok
10:14:55.0176 2628 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
10:14:55.0176 2628 C:\WINDOWS\system32\wscsvc.dll - ok
10:14:55.0176 2628 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
10:14:55.0176 2628 C:\WINDOWS\system32\comsvcs.dll - ok
10:14:55.0191 2628 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
10:14:55.0191 2628 C:\WINDOWS\system32\colbact.dll - ok
10:14:55.0191 2628 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
10:14:55.0191 2628 C:\WINDOWS\system32\clusapi.dll - ok
10:14:55.0191 2628 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
10:14:55.0191 2628 C:\WINDOWS\system32\mtxclu.dll - ok
10:14:55.0191 2628 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
10:14:55.0191 2628 C:\WINDOWS\system32\resutils.dll - ok
10:14:55.0191 2628 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
10:14:55.0191 2628 C:\WINDOWS\system32\wups.dll - ok
10:14:55.0191 2628 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
10:14:55.0191 2628 C:\WINDOWS\system32\wups2.dll - ok
10:14:55.0191 2628 [ 2B8B64AA14F817BDF3E3204FB041A61D ] C:\WINDOWS\system32\mtxoci.dll
10:14:55.0191 2628 C:\WINDOWS\system32\mtxoci.dll - ok
10:14:55.0191 2628 [ 2FFA0986648BA99F743300AEC911BFB3 ] C:\WINDOWS\system32\ipv6mon.dll
10:14:55.0191 2628 C:\WINDOWS\system32\ipv6mon.dll - ok
10:14:55.0191 2628 [ CA113D47F1B23A137B9A34845D0596A9 ] C:\WINDOWS\system32\ipmontr.dll
10:14:55.0191 2628 C:\WINDOWS\system32\ipmontr.dll - ok
10:14:55.0191 2628 [ DB0851DF38A3E82C9B84EB7360D6E817 ] C:\WINDOWS\system32\ifmon.dll
10:14:55.0191 2628 C:\WINDOWS\system32\ifmon.dll - ok
10:14:55.0191 2628 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
10:14:55.0191 2628 C:\WINDOWS\system32\netcfgx.dll - ok
10:14:55.0191 2628 [ 814E3D64311AC9C9541F4144AD014DDF ] C:\WINDOWS\system32\ippromon.dll
10:14:55.0191 2628 C:\WINDOWS\system32\ippromon.dll - ok
10:14:55.0206 2628 [ A704B3608EBF79E190E62549E0A2CCDE ] C:\WINDOWS\system32\rasmontr.dll
10:14:55.0206 2628 C:\WINDOWS\system32\rasmontr.dll - ok
10:14:55.0206 2628 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
10:14:55.0206 2628 C:\WINDOWS\system32\wuauclt.exe - ok
10:14:55.0206 2628 [ B6CD64BA2D3B0349F72F3914E13E6F02 ] C:\WINDOWS\system32\ipxmontr.dll
10:14:55.0206 2628 C:\WINDOWS\system32\ipxmontr.dll - ok
10:14:55.0206 2628 [ 00180C1ECC0E32EDF46D3D6D05ECEF23 ] C:\WINDOWS\system32\ipxpromn.dll
10:14:55.0206 2628 C:\WINDOWS\system32\ipxpromn.dll - ok
10:14:55.0206 2628 [ 2B90B311B85B7AD7CBC1DF8640CDAE26 ] C:\WINDOWS\system32\dgnet.dll
10:14:55.0206 2628 C:\WINDOWS\system32\dgnet.dll - ok
10:14:55.0206 2628 [ 17F37365AF926F20346301BA781EF3E5 ] C:\WINDOWS\system32\fwcfg.dll
10:14:55.0206 2628 C:\WINDOWS\system32\fwcfg.dll - ok
10:14:55.0206 2628 [ CB0B260E371968CB253252E81ADC051E ] C:\WINDOWS\system32\hnetmon.dll
10:14:55.0206 2628 C:\WINDOWS\system32\hnetmon.dll - ok
10:14:55.0206 2628 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
10:14:55.0206 2628 C:\WINDOWS\system32\wbem\framedyn.dll - ok
10:14:55.0206 2628 [ 5099188F965E8C3DA76281E9CBCB0E7F ] C:\WINDOWS\system32\napmontr.dll
10:14:55.0206 2628 C:\WINDOWS\system32\napmontr.dll - ok
10:14:55.0206 2628 [ E85FD6ABA80BD637AA2AA9D93308D355 ] C:\WINDOWS\system32\dot3cfg.dll
10:14:55.0206 2628 C:\WINDOWS\system32\dot3cfg.dll - ok
10:14:55.0206 2628 [ FB8E05CEDB3EF65C80FEBD2698C80998 ] C:\WINDOWS\system32\qagent.dll
10:14:55.0206 2628 C:\WINDOWS\system32\qagent.dll - ok
10:14:55.0221 2628 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
10:14:55.0221 2628 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
10:14:55.0221 2628 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
10:14:55.0221 2628 C:\WINDOWS\system32\wbem\esscli.dll - ok
10:14:55.0221 2628 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
10:14:55.0221 2628 C:\WINDOWS\system32\wbem\fastprox.dll - ok
10:14:55.0221 2628 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
10:14:55.0221 2628 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
10:14:55.0221 2628 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
10:14:55.0221 2628 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
10:14:55.0221 2628 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
10:14:55.0221 2628 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
10:14:55.0221 2628 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
10:14:55.0221 2628 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
10:14:55.0221 2628 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
10:14:55.0221 2628 C:\WINDOWS\system32\wbem\wbemess.dll - ok
10:14:55.0221 2628 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
10:14:55.0221 2628 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
10:14:55.0221 2628 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
10:14:55.0221 2628 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
10:14:55.0221 2628 [ 467CFC0FE895D9FD08B27188CDE02063 ] C:\Program Files\Java\jre7\bin\awt.dll
10:14:55.0221 2628 C:\Program Files\Java\jre7\bin\awt.dll - ok
10:14:55.0221 2628 [ 87E6543D1CB0D386AC7AC287828E5B07 ] C:\Program Files\Java\jre7\bin\dcpr.dll
10:14:55.0221 2628 C:\Program Files\Java\jre7\bin\dcpr.dll - ok
10:14:55.0236 2628 [ 21F53789F627FF735F54E17BDA1DFD81 ] C:\Program Files\Java\jre7\bin\deploy.dll
10:14:55.0236 2628 C:\Program Files\Java\jre7\bin\deploy.dll - ok
10:14:55.0236 2628 [ 28661294ADE35EF4170615FD43A8A406 ] C:\Program Files\Java\jre7\bin\fontmanager.dll
10:14:55.0236 2628 C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
10:14:55.0236 2628 [ 1E15EAF07C548430B88620AAFD75EB6A ] C:\Program Files\Java\jre7\bin\java.dll
10:14:55.0236 2628 C:\Program Files\Java\jre7\bin\java.dll - ok
10:14:55.0236 2628 [ A8F3C0659931724881347F586730827C ] C:\Program Files\Java\jre7\bin\javaw.exe
10:14:55.0236 2628 C:\Program Files\Java\jre7\bin\javaw.exe - ok
10:14:55.0236 2628 [ 567E9566ABB3590D5AABA395E76CE6BD ] C:\Program Files\Java\jre7\bin\jp2native.dll
10:14:55.0236 2628 C:\Program Files\Java\jre7\bin\jp2native.dll - ok
10:14:55.0236 2628 [ 0A93AD186EDBAFA06F60712C16063AC6 ] C:\Program Files\Java\jre7\bin\jpeg.dll
10:14:55.0236 2628 C:\Program Files\Java\jre7\bin\jpeg.dll - ok
10:14:55.0236 2628 [ CFFAD68E72DD41D207CBD0A77956989E ] C:\Program Files\Java\jre7\bin\net.dll
10:14:55.0236 2628 C:\Program Files\Java\jre7\bin\net.dll - ok
10:14:55.0236 2628 [ 96257A7FB009579DE9DC3A58D626BB47 ] C:\Program Files\Java\jre7\bin\nio.dll
10:14:55.0236 2628 C:\Program Files\Java\jre7\bin\nio.dll - ok
10:14:55.0236 2628 [ F613C1A517B04533C6DA1813200E2A95 ] C:\Program Files\Java\jre7\bin\verify.dll
10:14:55.0236 2628 C:\Program Files\Java\jre7\bin\verify.dll - ok
10:14:55.0236 2628 [ CFDBFCD763E3612E41E198D6AA3CB09A ] C:\Program Files\Java\jre7\bin\zip.dll
10:14:55.0236 2628 C:\Program Files\Java\jre7\bin\zip.dll - ok
10:14:55.0236 2628 [ 3A7C34AD5DCF3040435FAD363AD1BCD1 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
10:14:55.0236 2628 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll - ok
10:14:55.0250 2628 [ 35A936C7C029A5B705D3FFD40518D660 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
10:14:55.0250 2628 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok
10:14:55.0250 2628 [ BB95BDA1331715E1D5EEF765B1CB9E3F ] C:\Program Files\Local Print Agent\PrintFleet.DCA.ScanEngine.Local.dll
10:14:55.0250 2628 C:\Program Files\Local Print Agent\PrintFleet.DCA.ScanEngine.Local.dll - ok
10:14:55.0250 2628 [ 219AF0F9A54EBEEB3E7E20025D801034 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
10:14:55.0250 2628 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
10:14:55.0250 2628 [ 51301ACC5E5FDA65CFA1968395E5D951 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
10:14:55.0250 2628 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe - ok
10:14:55.0250 2628 [ 98B17BDA1D0BEA2FC8313DB218C0139F ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
10:14:55.0250 2628 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cscomp.dll - ok
10:14:55.0250 2628 [ 30B5A2254561E21CCC7BA21F80165D0B ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll
10:14:55.0250 2628 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\alink.dll - ok
10:14:55.0250 2628 [ 44DE39CB56D1919346C09C92A4B57C69 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
10:14:55.0250 2628 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll - ok
10:14:55.0250 2628 [ 88E05F3B2031980A48D458EB78C67659 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
10:14:55.0250 2628 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cvtres.exe - ok
10:14:55.0250 2628 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
10:14:55.0250 2628 C:\WINDOWS\system32\alg.exe - ok
10:14:55.0250 2628 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
10:14:55.0250 2628 C:\WINDOWS\system32\userinit.exe - ok
10:14:55.0250 2628 [ 1CAD39337202BA05BA929A44CA585A6A ] C:\WINDOWS\system32\pautoenr.dll
10:14:55.0250 2628 C:\WINDOWS\system32\pautoenr.dll - ok
10:14:55.0265 2628 [ FB6EE278BC2046E0952F320AC62D3E07 ] C:\WINDOWS\system32\dskquota.dll
10:14:55.0265 2628 C:\WINDOWS\system32\dskquota.dll - ok
10:14:55.0265 2628 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
10:14:55.0265 2628 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
10:14:55.0265 2628 [ D158EB41FCE6D6D2E7C05231B554A67C ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
10:14:55.0265 2628 C:\Program Files\CA\SharedComponents\PPRealtime\bin\CAHook.dll - ok
10:14:55.0265 2628 [ 3FD329F1B77B79F94F406F03551A6110 ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC_NT.dll
10:14:55.0265 2628 C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC_NT.dll - ok
10:14:55.0265 2628 [ 4999B7FA83E1496B076B7F5EE2C55F22 ] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
10:14:55.0265 2628 C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll - ok
10:14:55.0265 2628 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
10:14:55.0265 2628 C:\WINDOWS\system32\cscui.dll - ok
10:14:55.0265 2628 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
10:14:55.0265 2628 C:\WINDOWS\system32\wdmaud.drv - ok
10:14:55.0265 2628 [ 2BC7128348265CABA9BBC058729A8B7B ] C:\WINDOWS\system32\dpcdll.dll
10:14:55.0265 2628 C:\WINDOWS\system32\dpcdll.dll - ok
10:14:55.0265 2628 [ D1D5DAB39DCB4BE0359943738D87409B ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
10:14:55.0265 2628 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok
10:14:55.0265 2628 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
10:14:55.0265 2628 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
10:14:55.0265 2628 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
10:14:55.0265 2628 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
10:14:55.0280 2628 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
10:14:55.0280 2628 C:\WINDOWS\system32\drivers\splitter.sys - ok
10:14:55.0280 2628 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
10:14:55.0280 2628 C:\WINDOWS\system32\drivers\aec.sys - ok
10:14:55.0280 2628 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
10:14:55.0280 2628 C:\WINDOWS\system32\drivers\swmidi.sys - ok
10:14:55.0280 2628 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\DMusic.sys
10:14:55.0280 2628 C:\WINDOWS\system32\drivers\DMusic.sys - ok
10:14:55.0280 2628 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
10:14:55.0280 2628 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
10:14:55.0280 2628 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
10:14:55.0280 2628 C:\WINDOWS\system32\drivers\kmixer.sys - ok
10:14:55.0280 2628 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
10:14:55.0280 2628 C:\WINDOWS\system32\msacm32.drv - ok
10:14:55.0280 2628 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
10:14:55.0280 2628 C:\WINDOWS\system32\midimap.dll - ok
10:14:55.0280 2628 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
10:14:55.0280 2628 C:\WINDOWS\explorer.exe - ok
10:14:55.0280 2628 [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
10:14:55.0280 2628 C:\WINDOWS\system32\WgaTray.exe - ok
10:14:55.0280 2628 [ 260AF897A982A69FB557C146757519F1 ] C:\WINDOWS\system32\browseui.dll
10:14:55.0280 2628 C:\WINDOWS\system32\browseui.dll - ok
10:14:55.0280 2628 [ A80388F8BE1FE15E86747CB35D55BE5C ] C:\WINDOWS\system32\shdocvw.dll
10:14:55.0280 2628 C:\WINDOWS\system32\shdocvw.dll - ok
10:14:55.0295 2628 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
10:14:55.0295 2628 C:\WINDOWS\system32\cryptnet.dll - ok
10:14:55.0295 2628 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
10:14:55.0295 2628 C:\WINDOWS\system32\sensapi.dll - ok
10:14:55.0295 2628 [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll
10:14:55.0295 2628 C:\WINDOWS\system32\LegitCheckControl.dll - ok
10:14:55.0295 2628 [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
10:14:55.0295 2628 C:\WINDOWS\system32\licwmi.dll - ok
10:14:55.0295 2628 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
10:14:55.0295 2628 C:\WINDOWS\system32\desk.cpl - ok
10:14:55.0295 2628 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
10:14:55.0295 2628 C:\WINDOWS\system32\themeui.dll - ok
10:14:55.0295 2628 [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
10:14:55.0295 2628 C:\WINDOWS\system32\licdll.dll - ok
10:14:55.0295 2628 [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll
10:14:55.0295 2628 C:\WINDOWS\system32\msxml6.dll - ok
10:14:55.0295 2628 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
10:14:55.0295 2628 C:\WINDOWS\system32\termsrv.dll - ok
10:14:55.0295 2628 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
10:14:55.0295 2628 C:\WINDOWS\system32\icaapi.dll - ok
10:14:55.0295 2628 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
10:14:55.0295 2628 C:\WINDOWS\system32\mstlsapi.dll - ok
10:14:55.0309 2628 [ D8C2B95BC2353E1F18850D6B8F5DBA13 ] C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
10:14:55.0309 2628 C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll - ok
10:14:55.0309 2628 [ C7C84DF7233F4834CD190F3DCCAF50CA ] C:\WINDOWS\system32\rdpwsx.dll
10:14:55.0309 2628 C:\WINDOWS\system32\rdpwsx.dll - ok
10:14:55.0309 2628 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
10:14:55.0309 2628 C:\WINDOWS\system32\cmd.exe - ok
10:14:55.0309 2628 [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20FB75BF-090D-4958-B740-AA4F72B2F0AB.exe
10:14:55.0309 2628 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\20FB75BF-090D-4958-B740-AA4F72B2F0AB.exe - ok
10:14:55.0309 2628 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\MSCTF.dll
10:14:55.0309 2628 C:\WINDOWS\system32\MSCTF.dll - ok
10:14:55.0309 2628 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
10:14:55.0309 2628 C:\WINDOWS\system32\msutb.dll - ok
10:14:55.0309 2628 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
10:14:55.0309 2628 C:\WINDOWS\system32\mlang.dll - ok
10:14:55.0309 2628 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
10:14:55.0309 2628 C:\WINDOWS\system32\verclsid.exe - ok
10:14:55.0309 2628 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
10:14:55.0309 2628 C:\WINDOWS\system32\upnp.dll - ok
10:14:55.0309 2628 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
10:14:55.0309 2628 C:\WINDOWS\system32\ssdpapi.dll - ok
10:14:55.0309 2628 [ D583DB5C95BACF1277C1C6C970FCD2B0 ] C:\WINDOWS\RTDCPL.EXE
10:14:55.0309 2628 C:\WINDOWS\RTDCPL.EXE - ok
10:14:55.0309 2628 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
10:14:55.0309 2628 C:\WINDOWS\system32\drivers\http.sys - ok
10:14:55.0324 2628 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
10:14:55.0324 2628 C:\WINDOWS\system32\spoolss.dll - ok
10:14:55.0324 2628 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\55555099.sys
10:14:55.0324 2628 C:\WINDOWS\system32\drivers\55555099.sys - ok
10:14:55.0324 2628 [ C56B6D0402371CF3700EB322EF3AAF61 ] C:\WINDOWS\system32\drivers\tdtcp.sys
10:14:55.0324 2628 C:\WINDOWS\system32\drivers\tdtcp.sys - ok
10:14:55.0324 2628 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
10:14:55.0324 2628 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
10:14:55.0324 2628 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] C:\WINDOWS\system32\drivers\rdpwd.sys
10:14:55.0324 2628 C:\WINDOWS\system32\drivers\rdpwd.sys - ok
10:14:55.0324 2628 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
10:14:55.0324 2628 C:\WINDOWS\system32\localspl.dll - ok
10:14:55.0324 2628 [ 157966147D09AE32DB4FE442BB68DDD1 ] C:\WINDOWS\system32\igfxtray.exe
10:14:55.0324 2628 C:\WINDOWS\system32\igfxtray.exe - ok
10:14:55.0324 2628 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
10:14:55.0324 2628 C:\WINDOWS\system32\oledlg.dll - ok
10:14:55.0324 2628 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
10:14:55.0324 2628 C:\WINDOWS\system32\webcheck.dll - ok
10:14:55.0324 2628 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
10:14:55.0324 2628 C:\WINDOWS\system32\cnbjmon.dll - ok
10:14:55.0324 2628 [ B2CBF0DB77A66A122779342DC67FB7AB ] C:\WINDOWS\system32\cpwmon2k.dll
10:14:55.0324 2628 C:\WINDOWS\system32\cpwmon2k.dll - ok
10:14:55.0339 2628 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
10:14:55.0339 2628 C:\WINDOWS\system32\stobject.dll - ok
10:14:55.0339 2628 [ 6FC6651C0756B6F3F8147ED15D05CFAF ] C:\WINDOWS\system32\hccutils.dll
10:14:55.0339 2628 C:\WINDOWS\system32\hccutils.dll - ok
10:14:55.0339 2628 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
10:14:55.0339 2628 C:\WINDOWS\system32\pjlmon.dll - ok
10:14:55.0339 2628 [ 6689EE426FDB3C368DB7D0EC08C95B20 ] C:\WINDOWS\system32\hkcmd.exe
10:14:55.0339 2628 C:\WINDOWS\system32\hkcmd.exe - ok
10:14:55.0339 2628 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
10:14:55.0339 2628 C:\WINDOWS\system32\batmeter.dll - ok
10:14:55.0339 2628 [ C52CE534397E1D3A442FB4C88A3CBE42 ] C:\WINDOWS\system32\msonpmon.dll
10:14:55.0339 2628 C:\WINDOWS\system32\msonpmon.dll - ok
10:14:55.0339 2628 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
10:14:55.0339 2628 C:\WINDOWS\system32\tcpmon.dll - ok
10:14:55.0339 2628 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
10:14:55.0339 2628 C:\WINDOWS\system32\usbmon.dll - ok
10:14:55.0339 2628 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
10:14:55.0339 2628 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
10:14:55.0339 2628 [ 2315BA5625BF51E89BC1DBD2BD2134DE ] C:\WINDOWS\system32\igfxpers.exe
10:14:55.0339 2628 C:\WINDOWS\system32\igfxpers.exe - ok
10:14:55.0339 2628 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
10:14:55.0339 2628 C:\WINDOWS\system32\ssdpsrv.dll - ok
10:14:55.0354 2628 [ F348280907B38FDBDB3CEF55D456E149 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
10:14:55.0354 2628 C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll - ok
10:14:55.0354 2628 [ 6BC2CF147FFC14939B489941FDC557CE ] C:\WINDOWS\system32\igfxsrvc.exe
10:14:55.0354 2628 C:\WINDOWS\system32\igfxsrvc.exe - ok
10:14:55.0354 2628 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
10:14:55.0354 2628 C:\WINDOWS\system32\win32spl.dll - ok
10:14:55.0354 2628 [ 0E34B7BB1FCF22BCC1E394D16F9E992B ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
10:14:55.0354 2628 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe - ok
10:14:55.0354 2628 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
10:14:55.0354 2628 C:\WINDOWS\system32\netrap.dll - ok
10:14:55.0354 2628 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
10:14:55.0354 2628 C:\WINDOWS\system32\imapi.exe - ok
10:14:55.0354 2628 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
10:14:55.0354 2628 C:\WINDOWS\system32\inetpp.dll - ok
10:14:55.0354 2628 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
10:14:55.0354 2628 C:\WINDOWS\system32\rasdlg.dll - ok
10:14:55.0354 2628 [ 48BE298F7FD1BEF4D8FBACB04D8D95C4 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
10:14:55.0354 2628 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
10:14:55.0354 2628 [ 85B0A1370FA6F3A295F55707996ABBBF ] C:\Program Files\Fellowship Village Network Agent\agent.exe
10:14:55.0354 2628 C:\Program Files\Fellowship Village Network Agent\agent.exe - ok
10:14:55.0354 2628 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
10:14:55.0354 2628 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
10:14:55.0368 2628 [ 81ADBC4E31A721AEF23251A952049BA2 ] C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
10:14:55.0368 2628 C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
10:14:55.0368 2628 [ 92745DD481CC112E5F6BAE6DC4E9B84E ] C:\Program Files\CA\eTrustITM\Realmon.exe
10:14:55.0368 2628 C:\Program Files\CA\eTrustITM\Realmon.exe - ok
10:14:55.0368 2628 [ F1DAC7969C1337AF790BD1D981AA780C ] C:\WINDOWS\system32\qmgrprxy.dll
10:14:55.0368 2628 C:\WINDOWS\system32\qmgrprxy.dll - ok
10:14:55.0368 2628 [ 0D7BB08275138BFAACD520E2B87E444C ] C:\WINDOWS\system32\igfxsrvc.dll
10:14:55.0368 2628 C:\WINDOWS\system32\igfxsrvc.dll - ok
10:14:55.0368 2628 [ 2C061B2F2E7055AD217D61CD4F75A9C4 ] C:\WINDOWS\system32\igfxdev.dll
10:14:55.0368 2628 C:\WINDOWS\system32\igfxdev.dll - ok
10:14:55.0368 2628 [ 578C8CF9E238DF7FE6C98D57B9857B7E ] C:\Documents and Settings\pmurphy\Application Data\Microsoft\WIN2AC.exe
10:14:55.0368 2628 C:\Documents and Settings\pmurphy\Application Data\Microsoft\WIN2AC.exe - ok
10:14:55.0368 2628 [ 50E2F0321A9527D7E3202ACA6D075DDD ] C:\WINDOWS\system32\igfxrenu.lrc
10:14:55.0368 2628 C:\WINDOWS\system32\igfxrenu.lrc - ok
10:14:55.0368 2628 [ B4674A972716BEF3359C8DD1D37428B3 ] C:\WINDOWS\system32\igfxress.dll
10:14:55.0368 2628 C:\WINDOWS\system32\igfxress.dll - ok
10:14:55.0368 2628 [ 871F979D70414C900B35E56222932DAF ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
10:14:55.0368 2628 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll - ok
10:14:55.0368 2628 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
10:14:55.0368 2628 C:\WINDOWS\system32\ctfmon.exe - ok
10:14:55.0368 2628 [ 4D03CA609E68F4C90CF66515218017F8 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
10:14:55.0368 2628 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll - ok
10:14:55.0383 2628 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\SPTIP.dll
10:14:55.0383 2628 C:\WINDOWS\ime\SPTIP.dll - ok
10:14:55.0383 2628 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
10:14:55.0383 2628 C:\WINDOWS\system32\oleacc.dll - ok
10:14:55.0383 2628 [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
10:14:55.0383 2628 C:\WINDOWS\system32\dciman32.dll - ok
10:14:55.0383 2628 [ B0C4776341ABBC6BF2F1A95987E5DEDA ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll
10:14:55.0383 2628 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll - ok
10:14:55.0383 2628 [ F054572A92573CA32D5F3AA8C15D2BAC ] C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
10:14:55.0383 2628 C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - ok
10:14:55.0383 2628 [ 148530A0833E54D071DA732D20AE5B27 ] C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll
10:14:55.0383 2628 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll - ok
10:14:55.0383 2628 [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll
10:14:55.0383 2628 C:\WINDOWS\system32\msisip.dll - ok
10:14:55.0383 2628 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
10:14:55.0383 2628 C:\WINDOWS\system32\wbem\ncprov.dll - ok
10:14:55.0383 2628 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
10:14:55.0383 2628 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
10:14:55.0383 2628 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
10:14:55.0383 2628 C:\WINDOWS\system32\drprov.dll - ok
10:14:55.0383 2628 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
10:14:55.0383 2628 C:\WINDOWS\system32\ntlanman.dll - ok
10:14:55.0398 2628 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
10:14:55.0398 2628 C:\WINDOWS\system32\netui0.dll - ok
10:14:55.0398 2628 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
10:14:55.0398 2628 C:\WINDOWS\system32\netui1.dll - ok
10:14:55.0398 2628 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
10:14:55.0398 2628 C:\WINDOWS\system32\davclnt.dll - ok
10:14:55.0398 2628 ============================================================
10:14:55.0398 2628 Scan finished
10:14:55.0398 2628 ============================================================
10:14:55.0398 2688 Detected object count: 4
10:14:55.0398 2688 Actual detected object count: 4
10:15:41.0375 2688 iGateway ( UnsignedFile.Multi.Generic ) - skipped by user
10:15:41.0375 2688 iGateway ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:15:41.0375 2688 InoRPC ( UnsignedFile.Multi.Generic ) - skipped by user
10:15:41.0375 2688 InoRPC ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:15:41.0375 2688 InoRT ( UnsignedFile.Multi.Generic ) - skipped by user
10:15:41.0375 2688 InoRT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:15:41.0375 2688 Local Print Agent ( UnsignedFile.Multi.Generic ) - skipped by user
10:15:41.0375 2688 Local Print Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:51.0307 3340 Deinitialize success
  • 0

#6
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Thank you for the TDSSKiller log. The OTL fix shouldn't have taken that long, so it's a good thing we have more tools in the toolbox :)

Download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!!
Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console
Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
  • If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0

#7
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
ComboFix 13-06-21.02 - Administrator 06/21/2013 16:00:25.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3493.2911 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\4eot7.pad
c:\documents and settings\All Users\Application Data\rundll32.exe
c:\documents and settings\LocalService\Local Settings\Application Data\16933a1a-d44c-45e3-a584-8ab332da6b38ad
c:\documents and settings\LocalService\Local Settings\Application Data\16933a1a-d44c-45e3-a584-8ab332da6b38ad\aadceaabdabad.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\16933a1a-d44c-45e3-a584-8ab332da6b38ad
c:\documents and settings\NetworkService\Local Settings\Application Data\16933a1a-d44c-45e3-a584-8ab332da6b38ad\aadceaabdabad.exe
c:\documents and settings\pmurphy\acrobat.exe
c:\documents and settings\pmurphy\csrss.exe
c:\documents and settings\pmurphy\icq.exe
c:\documents and settings\pmurphy\jucheck.exe
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2013-05-21 to 2013-06-21 )))))))))))))))))))))))))))))))
.
.
2013-06-21 14:22 . 2013-06-21 14:22 -------- d-----w- C:\_OTL
2013-06-20 16:39 . 2013-06-20 16:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-06-19 17:23 . 2013-06-19 17:23 3072 ----a-w- c:\documents and settings\All Users\Application Data\4eot7.js
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-07 22:30 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-05-03 01:30 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31 . 2008-04-14 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50 . 2013-01-29 14:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTDCPL.EXE" [2011-07-20 2697832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-27 143128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-27 181528]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-27 169752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"FVLogonAgent"="c:\program files\Fellowship Village Network Agent\agent.exe" [2009-11-19 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TimeServer"="c:\documents and settings\pmurphy\Application Data\Microsoft\WIN2AC.exe" [2013-06-04 130048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"UniGateway"="msiexec.exe" [2008-04-14 78848]
.
c:\documents and settings\mmcduffie\Start Menu\Programs\Startup\
regmonstd.lnk - c:\windows\system32\rundll32.exe c:\docume~1\ALLUSE~1\APPLIC~1\7toe4.dat,XFG00 [2008-4-14 33280]
.
c:\documents and settings\rectherapy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\rmcgovern\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\smilak\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\ahodzic\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\dduffy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\jallen\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\jfurman\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2012-10-25 15:54 610448 ----a-w- c:\program files\Citrix\GoToAssist Remote Support Customer\461\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2204\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2612\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2635\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2713\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2726\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2775\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2915\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2923\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2924\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-500\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ITMRTSVC"=2 (0x2)
"InoTask"=2 (0x2)
"InoRT"=2 (0x2)
"InoRPC"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R2 Local Print Agent;Local Print Agent;c:\program files\Local Print Agent\Local Print Agent.exe [7/27/2012 3:00 PM 73728]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/29/2013 10:38 AM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/29/2013 10:38 AM 701512]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [7/20/2012 9:38 AM 270080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/29/2013 10:38 AM 22856]
S2 Security Center Update - 2370236077;Security Center Update - 2370236077;"c:\windows\system32\winsec.exe" -service "c:\documents and settings\pmurphy\Application Data\Rupidu\cenariu.exe" --> c:\windows\system32\winsec.exe [?]
S2 Security Center Update - 3530754759;Security Center Update - 3530754759;"c:\windows\system32\winsec.exe" -service "c:\documents and settings\pmurphy\Application Data\Datuunti\exmywi.exe" --> c:\windows\system32\winsec.exe [?]
S3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files\Citrix\GoToAssist Remote Support Customer\461\g2ax_service.exe [10/25/2012 11:54 AM 610960]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - APPMGMT
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 17:25]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{54587493-6004-467E-932C-A9061B09C1D5}: NameServer = 192.168.1.5,192.168.1.12
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-07254531.sys
MSConfigStartUp-Realtime Monitor - c:\program files\CA\eTrustITM\realmon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-21 16:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,6f,04,2d,aa,7d,53,4a,ab,fb,f6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,6f,04,2d,aa,7d,53,4a,ab,fb,f6,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\program files\Citrix\GoToAssist Remote Support Customer\461\g2ax_winlogon.dll
.
Completion time: 2013-06-21 16:13:40
ComboFix-quarantined-files.txt 2013-06-21 20:13
.
Pre-Run: 226,759,913,472 bytes free
Post-Run: 227,364,487,168 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 42DFF3C9FED212DA91285493BD79F3F1
8F558EB6672622401DA993E1E865C861
  • 0

#8
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
That got rid of some of it, still some more to go. After this please let me know how the computer is doing. :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\All Users\Application Data\4eot7.js
c:\documents and settings\pmurphy\Application Data\Microsoft\WIN2AC.exe
c:\program files\Fellowship Village Network Agent\agent.exe
c:\documents and settings\mmcduffie\Start Menu\Programs\Startup\regmonstd.lnk
c:\windows\system32\winsec.exe

Folder::
c:\documents and settings\pmurphy\Application Data\Rupidu
c:\documents and settings\pmurphy\Application Data\Datuunti

MIA::
c:\windows\system32\drivers\i8042prt.sys

RegLock::
[HKEY_USERS\S-1-5-21-343818398-813497703-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,6f,04,2d,aa,7d,53,4a,ab,fb,f6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,6f,04,2d,aa,7d,53,4a,ab,fb,f6,\

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FVLogonAgent"=-
"TimeServer"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2204\Scripts\Logon\0\0]
"Script"=-
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2612\Scripts\Logon\0\0]
"Script"=-
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2635\Scripts\Logon\0\0]
"Script"=-
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2713\Scripts\Logon\0\0]
"Script"=-
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2726\Scripts\Logon\0\0]
"Script"=-
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2775\Scripts\Logon\0\0]
"Script"=-
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2915\Scripts\Logon\0\0]
"Script"=-
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2923\Scripts\Logon\0\0]
"Script"=-
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2924\Scripts\Logon\0\0]
"Script"=-
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-500\Scripts\Logon\0\0]
"Script"=-

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#9
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
ComboFix 13-06-21.02 - Administrator 06/24/2013 10:34:05.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3493.2870 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\documents and settings\All Users\Application Data\4eot7.js"
"c:\documents and settings\mmcduffie\Start Menu\Programs\Startup\regmonstd.lnk"
"c:\documents and settings\pmurphy\Application Data\Microsoft\WIN2AC.exe"
"c:\program files\Fellowship Village Network Agent\agent.exe"
"c:\windows\system32\winsec.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\4eot7.js
c:\documents and settings\mmcduffie\Start Menu\Programs\Startup\regmonstd.lnk
c:\documents and settings\pmurphy\Application Data\Datuunti
c:\documents and settings\pmurphy\Application Data\Microsoft\WIN2AC.exe
c:\program files\Fellowship Village Network Agent\agent.exe
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2013-05-24 to 2013-06-24 )))))))))))))))))))))))))))))))
.
.
2013-06-21 19:17 . 2013-06-21 19:17 -------- d-----w- c:\windows\system32\Debug
2013-06-21 14:22 . 2013-06-21 14:22 -------- d-----w- C:\_OTL
2013-06-20 16:39 . 2013-06-20 16:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-07 22:30 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-05-03 01:30 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31 . 2008-04-14 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50 . 2013-01-29 14:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTDCPL.EXE" [2011-07-20 2697832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-27 143128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-27 181528]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-27 169752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"UniGateway"="msiexec.exe" [2008-04-14 78848]
.
c:\documents and settings\rectherapy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\rmcgovern\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\smilak\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\ahodzic\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\dduffy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\jallen\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\jfurman\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2012-10-25 15:54 610448 ----a-w- c:\program files\Citrix\GoToAssist Remote Support Customer\461\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2204\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2612\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2635\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2713\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2726\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2775\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2915\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2923\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2924\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-500\Scripts\Logon\0\0]
"Script"=itportallink.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ITMRTSVC"=2 (0x2)
"InoTask"=2 (0x2)
"InoRT"=2 (0x2)
"InoRPC"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R2 Local Print Agent;Local Print Agent;c:\program files\Local Print Agent\Local Print Agent.exe [7/27/2012 3:00 PM 73728]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/29/2013 10:38 AM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/29/2013 10:38 AM 701512]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [7/20/2012 9:38 AM 270080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/29/2013 10:38 AM 22856]
S2 Security Center Update - 2370236077;Security Center Update - 2370236077;"c:\windows\system32\winsec.exe" -service "c:\documents and settings\pmurphy\Application Data\Rupidu\cenariu.exe" --> c:\windows\system32\winsec.exe [?]
S2 Security Center Update - 3530754759;Security Center Update - 3530754759;"c:\windows\system32\winsec.exe" -service "c:\documents and settings\pmurphy\Application Data\Datuunti\exmywi.exe" --> c:\windows\system32\winsec.exe [?]
S3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files\Citrix\GoToAssist Remote Support Customer\461\g2ax_service.exe [10/25/2012 11:54 AM 610960]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - APPMGMT
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 17:25]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{54587493-6004-467E-932C-A9061B09C1D5}: NameServer = 192.168.1.5,192.168.1.12
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-24 10:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
c:\combofix\Catchme.tmp [3648] 0x8846E020
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\program files\Citrix\GoToAssist Remote Support Customer\461\g2ax_winlogon.dll
.
Completion time: 2013-06-24 10:37:36
ComboFix-quarantined-files.txt 2013-06-24 14:37
ComboFix2.txt 2013-06-21 20:13
.
Pre-Run: 227,386,580,992 bytes free
Post-Run: 227,374,317,568 bytes free
.
- - End Of File - - F00D91ED2D4CCD39A721B13E83B55D4D
8F558EB6672622401DA993E1E865C861
  • 0

#10
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
I have one more ComboScript Fix for you. After please let me know how your computer is doing. :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
Security Center Update - 2370236077
Security Center Update - 3530754759

Folder::
c:\documents and settings\pmurphy\Application Data\Rupidu
c:\documents and settings\pmurphy\Application Data\Datuunti

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2204\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2612\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2635\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2713\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2726\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2775\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2915\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2923\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2924\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-500\Scripts\Logon\0\0]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

Advertisements


#11
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
I tried to run that script with Combofix and it just hung there for 13 hours. I finally just shut off the computer.
Any other suggestions?
  • 0

#12
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Let's try a slightly modified version of this again. If it hangs up again, let me know and we have other options for killing these bad guys. :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
Security Center Update - 2370236077
Security Center Update - 3530754759

Folder::
c:\documents and settings\pmurphy\Application Data\Rupidu
c:\documents and settings\pmurphy\Application Data\Datuunti

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2204\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2612\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2635\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2713\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2726\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2775\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2915\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2923\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-2924\Scripts\Logon\0\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2489516933-1991803624-1052600877-500\Scripts\Logon\0\0]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#13
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
You have been so helpfull through all of this. I can't thank you enough. Computer seems to be acting a lot better.
Do we have more steps? Here is the log file.

ComboFix 13-06-21.02 - Administrator 06/25/2013 14:21:59.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3493.2771 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SECURITY_CENTER_UPDATE_-_2370236077
-------\Legacy_SECURITY_CENTER_UPDATE_-_3530754759
-------\Service_Security Center Update - 2370236077
-------\Service_Security Center Update - 3530754759
.
.
((((((((((((((((((((((((( Files Created from 2013-05-25 to 2013-06-25 )))))))))))))))))))))))))))))))
.
.
2013-06-21 19:17 . 2013-06-21 19:17 -------- d-----w- c:\windows\system32\Debug
2013-06-21 14:22 . 2013-06-21 14:22 -------- d-----w- C:\_OTL
2013-06-20 16:39 . 2013-06-20 16:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-07 22:30 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-05-03 01:30 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31 . 2008-04-14 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50 . 2013-01-29 14:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTDCPL.EXE" [2011-07-20 2697832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-27 143128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-27 181528]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-27 169752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\rectherapy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\rmcgovern\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\smilak\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\ahodzic\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\dduffy\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\jallen\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\jfurman\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2012-10-25 15:54 610448 ----a-w- c:\program files\Citrix\GoToAssist Remote Support Customer\461\g2ax_winlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ITMRTSVC"=2 (0x2)
"InoTask"=2 (0x2)
"InoRT"=2 (0x2)
"InoRPC"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R2 Local Print Agent;Local Print Agent;c:\program files\Local Print Agent\Local Print Agent.exe [7/27/2012 3:00 PM 73728]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [1/29/2013 10:38 AM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/29/2013 10:38 AM 701512]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [7/20/2012 9:38 AM 270080]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/29/2013 10:38 AM 22856]
S3 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files\Citrix\GoToAssist Remote Support Customer\461\g2ax_service.exe [10/25/2012 11:54 AM 610960]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 17:25]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{54587493-6004-467E-932C-A9061B09C1D5}: NameServer = 192.168.1.5,192.168.1.12
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-25 14:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\program files\Citrix\GoToAssist Remote Support Customer\461\g2ax_winlogon.dll
.
- - - - - - - > 'explorer.exe'(1664)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\RTDCPL.EXE
.
**************************************************************************
.
Completion time: 2013-06-25 14:35:19 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-25 18:35
ComboFix2.txt 2013-06-24 14:37
ComboFix3.txt 2013-06-21 20:13
.
Pre-Run: 227,521,470,464 bytes free
Post-Run: 227,438,501,888 bytes free
.
- - End Of File - - F13BF2421E20C67E765DD4EB37DE2AC3
8F558EB6672622401DA993E1E865C861
  • 0

#14
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

You have been so helpfull through all of this. I can't thank you enough. Computer seems to be acting a lot better.
Do we have more steps? Here is the log file.


You're welcome! :) Thank you for the log, it appears to have worked this time. We will still have few more steps after this, I will post them after I have approval.
  • 0

#15
mewsick75

mewsick75

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 258 posts
Great! Thank You!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP