[70delboy]

I had some very useful advice from Sleepy Dude...see link below

http://www.geekstogo...some-pdf-files/

I have run OTL and the log is attached.
Please help

delboy

Attached Files

•  OTL.Txt   53.83KB   160 downloads

[Advertisements]

Hello 70delboy and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system so please download 32bit version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Step 2

Please don't forget to include these items in your reply:

• FRST log

It would be helpful if you could post each log in separate post using "Add Reply" button

[maliprog]

Hello 70delboy and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Step 1

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system so please download 32bit version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Step 2

Please don't forget to include these items in your reply:

• FRST log

It would be helpful if you could post each log in separate post using "Add Reply" button

[70delboy]

Hi thanks for you help
Here is FRST.log scan and the addition.txt is in the next reply


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-09-2013
Ran by Del (administrator) on DEL-PC on 19-09-2013 15:41:07
Running from C:\Users\Del\Desktop
Microsoft Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Plc) C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
(Sophos Plc) C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
(Anvisoft) C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Intuit) c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Plc) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sophos Plc) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Anvisoft) C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
(BrowserSafeguard) C:\Program Files\Browsersafeguard\BrowserSafeguard.exe
(DigitalAlbum Inc) C:\Program Files\CamToPrint\PassportPhoto\CamToPrintTray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [149280 2009-12-21] (Sun Microsystems, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\almon.exe [439536 2010-09-21] (Sophos Plc)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-01-12] (Apple Inc.)
HKLM\...\Run: [Anvi Smart Defender] - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe [1229104 2012-08-23] (Anvisoft)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [BrowserSafeguard] - C:\Program Files\Browsersafeguard\Browsersafeguard.exe [563200 2013-09-04] (BrowserSafeguard)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
MountPoints2: {b1bfd1a0-db9d-11de-8512-806e6f6e6963} - E:\SmartAccess\bcont.exe
HKU\Yvonne\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Startup: C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Passport Photo.lnk
ShortcutTarget: Passport Photo.lnk -> C:\Program Files\CamToPrint\PassportPhoto\CamToPrintTray.exe (DigitalAlbum Inc)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49180;https=127.0.0.1:49180;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-se...913_m1&tsp=5009
SearchScopes: HKLM - {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...731329631082750
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-se...913_m1&tsp=5009
SearchScopes: HKCU - {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...731329631082750
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
BHO: Protect My Choices (Beta) - {3DFCDCA1-AEAC-4302-A690-BFB683568BAA} - C:\Program Files\DigitalAdvertisingAlliance\Protect My Choices\pmc.dll (Digital Advertising Alliance)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No File
Toolbar: HKCU - No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} https://internetbank...frontdoorFD.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 02 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 03 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 04 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 05 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 06 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 07 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 08 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 27 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

========================== Services (Whitelisted) =================

R2 asdsrv; C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [686896 2012-08-23] (Anvisoft)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [163056 2010-10-08] (Sophos Plc)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [97520 2010-06-04] (Sophos Plc)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [232472 2012-04-11] (Sophos Plc)
R2 Sophos Client Firewall; C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe [32496 2010-04-27] (Sophos Plc)
R2 Sophos Client Firewall Manager; C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe [128240 2010-04-27] (Sophos Plc)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [1543704 2012-02-21] (Sophos Plc)

==================== Drivers (Whitelisted) ====================

R1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [16208 2012-08-20] (Anvisoft)
R2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [22864 2012-08-20] (Anvisoft)
R2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [14160 2012-08-20] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 FreshIO; C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2012-05-19] (microOLAP Technologies LTD)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2012-05-19] (microOLAP Technologies LTD)
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [21520 2012-06-30] (Trusteer Ltd.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [122360 2010-10-08] (Sophos Plc)
R1 scfdriver; C:\Windows\system32\Drivers\scfdriver.sys [86520 2010-03-31] (Sophos Plc)
R1 scflwf; C:\Windows\System32\DRIVERS\scflwf.sys [40440 2010-03-31] (Sophos Plc)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-07-28] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-28] (Silicon Laboratories)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2009-02-09] (Sophos Plc)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-19 15:40 - 2013-09-19 15:40 - 00000000 ____D C:\FRST
2013-09-19 15:39 - 2013-09-19 15:39 - 01083535 _____ (Farbar) C:\Users\Del\Desktop\FRST.exe
2013-09-18 19:44 - 2013-09-18 19:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-18 19:44 - 2013-09-18 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-18 19:33 - 2013-09-18 19:33 - 00001991 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-18 19:33 - 2013-09-18 19:33 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-18 19:32 - 2013-09-18 19:32 - 52677528 _____ (Adobe Systems Incorporated) C:\Users\Del\Desktop\AdbeRdr1011_en_US.exe
2013-09-18 16:41 - 2013-09-18 16:41 - 00256733 _____ C:\Users\Del\Desktop\CatchOutput.txt
2013-09-18 16:15 - 2013-09-18 16:15 - 00000000 _____ C:\Users\Del\Desktop\VEW.txt.txt
2013-09-18 15:58 - 2013-09-18 15:58 - 00005559 _____ C:\Users\Del\Desktop\FSS.txt
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\SpeedAnalysis3
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\Mozilla
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\File Scout
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\7go
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-09-18 15:43 - 2013-09-18 15:43 - 00000000 ____D C:\Program Files\Browsersafeguard
2013-09-18 15:42 - 2013-09-18 15:42 - 00000072 _____ C:\Windows\wininit.ini
2013-09-18 15:42 - 2013-09-18 15:42 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-18 15:41 - 2013-09-18 15:41 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-18 15:41 - 2013-09-18 15:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-18 15:27 - 2013-09-18 15:27 - 00061440 _____ ( ) C:\Users\Del\Desktop\VEW.exe
2013-09-17 20:13 - 2013-09-17 20:13 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-17 20:13 - 2013-09-17 20:13 - 00000000 ____D C:\Program Files\CCleaner
2013-09-17 20:09 - 2013-09-17 20:09 - 00000166 _____ C:\Users\Del\Desktop\RegistryFix.reg
2013-09-17 17:14 - 2013-09-17 17:14 - 00000168 _____ C:\Users\Del\Documents\RegistryFix.reg
2013-09-17 15:56 - 2013-09-17 15:56 - 00013164 _____ C:\Users\Yvonne\Desktop\please help me - letter to MP.eml
2013-09-14 13:53 - 2013-09-14 13:53 - 00000000 ____D C:\Users\Yvonne\AppData\Local\Sophos
2013-09-03 11:24 - 2013-09-03 11:24 - 00000169 _____ C:\Users\Yvonne\Documents\bens list.txt

==================== One Month Modified Files and Folders =======

2013-09-19 15:40 - 2013-09-19 15:40 - 00000000 ____D C:\FRST
2013-09-19 15:39 - 2013-09-19 15:39 - 01083535 _____ (Farbar) C:\Users\Del\Desktop\FRST.exe
2013-09-19 15:37 - 2009-07-14 05:34 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-19 15:37 - 2009-07-14 05:34 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-19 15:33 - 2009-11-27 22:44 - 01481531 _____ C:\Windows\WindowsUpdate.log
2013-09-19 15:32 - 2011-06-20 19:29 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-19 15:32 - 2011-06-20 19:29 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-19 12:38 - 2009-11-27 15:20 - 00000490 _____ C:\Windows\ODBC.INI
2013-09-19 12:38 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-19 12:37 - 2009-07-14 05:39 - 00255939 _____ C:\Windows\setupact.log
2013-09-18 19:44 - 2013-09-18 19:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-18 19:44 - 2013-09-18 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-18 19:44 - 2009-12-02 12:42 - 00000000 ____D C:\Users\Del\AppData\Local\Adobe
2013-09-18 19:33 - 2013-09-18 19:33 - 00001991 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-18 19:33 - 2013-09-18 19:33 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-18 19:33 - 2011-02-23 11:16 - 00000000 ____D C:\Program Files\Adobe
2013-09-18 19:33 - 2009-12-02 12:43 - 00000000 ____D C:\ProgramData\Adobe
2013-09-18 19:32 - 2013-09-18 19:32 - 52677528 _____ (Adobe Systems Incorporated) C:\Users\Del\Desktop\AdbeRdr1011_en_US.exe
2013-09-18 19:17 - 2010-01-20 10:37 - 00102682 _____ C:\Windows\PFRO.log
2013-09-18 16:41 - 2013-09-18 16:41 - 00256733 _____ C:\Users\Del\Desktop\CatchOutput.txt
2013-09-18 16:15 - 2013-09-18 16:15 - 00000000 _____ C:\Users\Del\Desktop\VEW.txt.txt
2013-09-18 15:58 - 2013-09-18 15:58 - 00005559 _____ C:\Users\Del\Desktop\FSS.txt
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\SpeedAnalysis3
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\Mozilla
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\File Scout
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\7go
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-09-18 15:43 - 2013-09-18 15:43 - 00000000 ____D C:\Program Files\Browsersafeguard
2013-09-18 15:42 - 2013-09-18 15:42 - 00000072 _____ C:\Windows\wininit.ini
2013-09-18 15:42 - 2013-09-18 15:42 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-18 15:41 - 2013-09-18 15:41 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-18 15:41 - 2013-09-18 15:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-18 15:28 - 2009-11-27 14:56 - 00000000 ____D C:\Users\Del\AppData\Local\VirtualStore
2013-09-18 15:27 - 2013-09-18 15:27 - 00061440 _____ ( ) C:\Users\Del\Desktop\VEW.exe
2013-09-17 20:13 - 2013-09-17 20:13 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-17 20:13 - 2013-09-17 20:13 - 00000000 ____D C:\Program Files\CCleaner
2013-09-17 20:09 - 2013-09-17 20:09 - 00000166 _____ C:\Users\Del\Desktop\RegistryFix.reg
2013-09-17 17:14 - 2013-09-17 17:14 - 00000168 _____ C:\Users\Del\Documents\RegistryFix.reg
2013-09-17 15:56 - 2013-09-17 15:56 - 00013164 _____ C:\Users\Yvonne\Desktop\please help me - letter to MP.eml
2013-09-15 11:40 - 2013-07-16 13:30 - 00000000 ____D C:\Windows\system32\MRT
2013-09-14 14:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\Msdtc
2013-09-14 14:28 - 2011-10-17 19:20 - 00000971 _____ C:\Users\Yvonnewinxp\Desktop\SpeedFan.lnk
2013-09-14 14:28 - 2011-10-17 19:20 - 00000971 _____ C:\Users\Yvonne\Desktop\SpeedFan.lnk
2013-09-14 14:28 - 2011-10-17 19:20 - 00000971 _____ C:\Users\delwinxp\Desktop\SpeedFan.lnk
2013-09-14 14:28 - 2011-10-17 19:20 - 00000971 _____ C:\Users\Del\Desktop\SpeedFan.lnk
2013-09-14 14:28 - 2011-10-17 19:20 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-09-14 14:28 - 2011-10-17 19:20 - 00000000 ____D C:\Program Files\SpeedFan
2013-09-14 13:53 - 2013-09-14 13:53 - 00000000 ____D C:\Users\Yvonne\AppData\Local\Sophos
2013-09-13 19:18 - 2009-11-27 14:56 - 00000000 ____D C:\Users\Del
2013-09-13 19:16 - 2012-05-03 19:48 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-09-13 19:16 - 2012-05-03 19:48 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-09-13 19:16 - 2012-05-03 19:48 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-09-13 19:16 - 2011-02-15 17:50 - 00000000 ____D C:\ProgramData\Sophos Web Intelligence
2013-09-13 19:16 - 2010-08-15 20:02 - 00000000 ____D C:\Program Files\RC Plane Master
2013-09-13 19:16 - 2009-12-08 21:32 - 00000000 ____D C:\Users\Yvonnewinxp
2013-09-13 19:16 - 2009-12-08 21:31 - 00000000 ___RD C:\Users\delwinxp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-13 19:16 - 2009-12-08 21:31 - 00000000 ___RD C:\Users\delwinxp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-13 19:16 - 2009-12-08 21:31 - 00000000 ____D C:\Users\delwinxp
2013-09-13 19:16 - 2009-12-02 11:04 - 00000000 ____D C:\Windows\system32\Macromed
2013-09-13 19:16 - 2009-11-30 15:01 - 00000000 ____D C:\Users\Yvonne
2013-09-13 19:16 - 2008-04-29 20:44 - 00000000 ____D C:\Users\delwinxp\Documents\My Albums
2013-09-13 19:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-09-13 19:11 - 2011-06-20 19:29 - 00000000 ____D C:\Program Files\Google
2013-09-03 11:24 - 2013-09-03 11:24 - 00000169 _____ C:\Users\Yvonne\Documents\bens list.txt
2013-09-01 16:57 - 2009-12-01 22:05 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$9c0c89676f848c827691b37f700443a0

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$9c0c89676f848c827691b37f700443a0

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2568410734-3031030142-1223416489-1001\$9c0c89676f848c827691b37f700443a0

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$9c0c89676f848c827691b37f700443a0

Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.pad


Some content of TEMP:
====================
C:\Users\Del\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Del\AppData\Local\Temp\uninst1.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-09-14 13:53

==================== End Of Log ============================

[70delboy]

Here is addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-09-2013
Ran by Del at 2013-09-19 15:42:21
Running from C:\Users\Del\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe AIR (Version: 3.5.0.1060)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.174)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Anvi Smart Defender 1.6 (Version: 1.6)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
BrowserSafeguard
Canon Inkjet Printer Driver Add-On Module
CCleaner (Version: 4.05)
Digital Advertising Alliance Protect My Choices (Beta) (Version: 1.2.0.0)
Epson Copy Utility 3.5 (Version: 3.5.0.0)
EPSON TWAIN 5 (Version: 5.71.0000)
FreshDiagnose
Google Earth Plug-in (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.21.153)
Hawke BRC 1.0.9
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Java™ 6 Update 17 (Version: 6.0.170)
Junk Mail filter update (Version: 14.0.8089.726)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
MotoCalc 8.07
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
P&O Cruises Live Ship Tracker (Version: 1.3.15)
PassportPhoto (Version: 6.2.0.0)
PMB (Version: 5.8.02.10270)
QuickBooks (Version: 20.0.4017.807)
QuickBooks Simple Start 2010 Free Edition (Version: 20.0.4017.807)
QuickTime (Version: 7.71.80.42)
RC Plane Master
Remote Keyboard Lite (Version: 1.2.0.09270)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (Version: 6.1.00)
Sophos Anti-Virus (Version: 9.5.7)
Sophos AutoUpdate (Version: 2.5.13)
Sophos Client Firewall (Version: 2.5.0)
SpeedFan (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Family Safety (Version: 14.0.8093.805)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)

==================== Restore Points =========================

14-03-2013 13:58:46 Windows Update
18-03-2013 14:29:25 Windows Update
25-03-2013 17:03:13 Windows Update
02-04-2013 17:06:43 Windows Update
05-04-2013 17:56:20 Windows Update
07-04-2013 18:21:19 Installed Digital Advertising Alliance Protect My Choices (Beta)
10-04-2013 10:06:08 Windows Update
16-04-2013 17:37:34 Windows Update
18-04-2013 18:57:27 Windows Modules Installer
19-04-2013 17:41:25 Windows Update
25-04-2013 18:13:41 Windows Update
30-04-2013 16:30:19 Windows Update
09-05-2013 10:50:22 Windows Update
14-05-2013 17:32:47 Windows Update
06-06-2013 17:44:12 Windows Update
23-06-2013 08:21:11 Windows Update
11-07-2013 07:57:18 Windows Update
16-07-2013 12:30:20 Windows Update
16-07-2013 19:21:44 Removed Adobe Reader XI.
17-07-2013 17:40:42 Restore Operation
30-07-2013 09:41:16 Windows Update
16-08-2013 21:14:48 Windows Update
12-09-2013 10:31:34 Removed Adobe Reader XI.
12-09-2013 10:33:43 Removed Japanese Fonts Support For Adobe Reader 9.
13-09-2013 17:16:21 Windows Update
13-09-2013 18:07:42 Restore Operation
15-09-2013 10:38:21 Windows Update
18-09-2013 16:13:40 Removed Adobe Reader XI.
18-09-2013 18:33:09 Installed Adobe Reader X (10.1.0).

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0E4F60C4-62AC-4EBB-85E6-A42CA12CECDC} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2009-07-14] (Microsoft Corporation)
Task: {1DEE7A2D-14AB-483E-8573-E994C98CE789} - System32\Tasks\User_Feed_Synchronization-{B7F26938-5A95-454B-B747-75DDE8133F90} => C:\Windows\system32\msfeedssync.exe [2013-03-02] (Microsoft Corporation)
Task: {39B6B75E-FDEB-4574-B7A1-9976992D8837} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2009-07-14] (Microsoft Corporation)
Task: {4220E91D-159A-40F3-BF52-F11C873327DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-20] (Google Inc.)
Task: {5BF5D143-01D0-43FC-8FB7-AF3ED2AB92C0} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] ()
Task: {82BFB69E-C8A5-447D-9645-1B156681B4A2} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {A919F893-4B86-4251-8158-370AFBF29525} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-20] (Google Inc.)
Task: {BE6D3012-5038-4758-B7A4-0422DF6DEC31} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files\Browsersafeguard\uninstall.browsersafeguard.exe [2013-09-18] ()
Task: {FBE2BA1B-8D87-47DC-9C89-73F36FC0D02D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-02-15 17:50 - 2013-05-07 13:07 - 00236272 _____ (Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll
2012-11-12 12:44 - 2012-11-12 12:44 - 00206912 _____ (Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll
2012-08-23 11:42 - 2012-08-23 11:42 - 00229168 _____ (Anvisoft) C:\Program Files\Anvisoft\Anvi Smart Defender\ContextMenu_x86.dll
2011-02-15 17:50 - 2010-10-08 16:15 - 00042736 _____ (Sophos Plc) C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll
2009-09-23 18:48 - 2009-09-23 18:48 - 00275968 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2010-06-04 12:23 - 2010-06-04 12:23 - 00018672 _____ (Sophos Plc) C:\Program Files\Sophos\AutoUpdate\en\ALMonres.dll
2010-06-04 12:23 - 2010-06-04 12:23 - 00107760 _____ (Sophos Plc) C:\Program Files\Sophos\AutoUpdate\config.dll
2010-07-23 19:31 - 2010-07-23 19:31 - 00368880 _____ (Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\DesktopMessaging.dll
2010-06-04 12:23 - 2010-06-04 12:23 - 01226992 _____ (Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\SavNeutralRes.dll
2010-06-04 12:23 - 2010-06-04 12:23 - 00164592 _____ (Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\SavResEng.dll
2010-04-27 22:31 - 2010-04-27 22:31 - 00181488 _____ (Sophos Plc) C:\Program Files\Sophos\Sophos Client Firewall\FirewallNAIPlugin.dll
2010-04-27 22:31 - 2010-04-27 22:31 - 00019696 _____ (Sophos Plc) C:\Program Files\Sophos\Sophos Client Firewall\SCFRes_SCFTray_en.dll
2010-04-27 22:31 - 2010-04-27 22:31 - 00259312 _____ (Sophos Plc) C:\Program Files\Common Files\Sophos\Sophos Client Firewall\ScfRes.dll
2010-04-27 22:31 - 2010-04-27 22:31 - 00185584 _____ (Sophos Plc) C:\Program Files\Sophos\Sophos Client Firewall\SystemProxies.dll
2010-04-27 22:31 - 2010-04-27 22:31 - 00910576 _____ (Sophos Plc) C:\Program Files\Common Files\Sophos\Sophos Client Firewall\scfcfg.dll
2010-04-27 22:31 - 2010-04-27 22:31 - 00054512 _____ (Sophos Plc) C:\Program Files\Common Files\Sophos\Sophos Client Firewall\ScfRes_ScfCfg_en.dll
2012-08-23 11:42 - 2012-08-23 11:42 - 00784688 _____ () C:\Program Files\Anvisoft\Anvi Smart Defender\sqlite3.dll
2008-01-06 14:08 - 2008-01-06 14:08 - 00016384 _____ (NOCOMPANY) C:\Program Files\CamToPrint\PassportPhoto\Cryptographer.dll
2012-11-12 12:44 - 2012-11-12 12:44 - 00462912 _____ (Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter_0001.dll
2013-01-15 15:30 - 2013-01-15 15:30 - 00328072 _____ (Digital Advertising Alliance) C:\Program Files\DigitalAdvertisingAlliance\Protect My Choices\pmc.dll
2013-09-18 19:44 - 2013-09-18 19:44 - 16244616 ____R (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\Flash32_11_8_800_174.ocx
2013-09-18 19:44 - 2013-09-18 19:44 - 00479112 _____ (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\Users\Yvonne\Desktop\please help me - letter to MP.eml:OECustomProperty
AlternateDataStreams: C:\Users\Yvonne\Desktop\specs.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Yvonne\Desktop\specs.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Yvonne\Documents\del and me 2010.eml:OECustomProperty

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2013 07:57:06 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 8.0.7600.17267 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: efc

Start Time: 01ceb4a0ac844e10

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/18/2013 07:34:13 PM) (Source: MsiInstaller) (User: Del-PC)
Description: Product: Adobe Reader X (10.1.1) -- Error 1406.Could not write value Adobe ARM to key \SOFTWARE\Microsoft\Windows\CurrentVersion\Run. System error . Verify that you have sufficient access to that key, or contact your support personnel.

Error: (09/18/2013 04:58:07 PM) (Source: MsiInstaller) (User: Del-PC)
Description: Product: Adobe Reader XI -- Error 1311.Source file not found(cabinet): C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\Data1.cab. Verify that the file exists and that you can access it.

Error: (09/18/2013 11:14:04 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{0F0720C1-AEF6-4FF9-9153-6F7F56B36E79}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}Explorer

Error: (09/14/2013 05:38:45 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{32AF0788-5137-4C10-AFED-E678D3F3AE1B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}Explorer

Error: (09/14/2013 11:25:41 AM) (Source: Sophos Anti-Virus) (User: )
Description: Exception caught in CInfrastructureModule::PreMessageLoop.

Error: (09/14/2013 11:25:41 AM) (Source: Sophos Anti-Virus) (User: )
Description: Error when calling BeginProcessing on ComponentManager.

Error: (09/14/2013 11:25:41 AM) (Source: Sophos Anti-Virus) (User: )
Description: E_FAILURE.
CManager::BeginProcessing in the ComponentManager component encountered a catastrophic error that it could not recover from.

Error: (09/14/2013 11:19:27 AM) (Source: Sophos Anti-Virus) (User: )
Description: Exception caught in CInfrastructureModule::PreMessageLoop.

Error: (09/14/2013 11:19:27 AM) (Source: Sophos Anti-Virus) (User: )
Description: Error when calling BeginProcessing on ComponentManager.


System errors:
=============
Error: (09/19/2013 03:32:33 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/19/2013 03:32:33 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/19/2013 00:38:34 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/19/2013 00:38:34 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (09/19/2013 00:38:23 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/19/2013 00:38:21 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (09/19/2013 00:38:21 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (09/19/2013 00:38:20 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (09/19/2013 09:43:17 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (09/19/2013 09:43:14 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (09/18/2013 07:57:06 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE8.0.7600.17267efc01ceb4a0ac844e100C:\Program Files\Internet Explorer\IEXPLORE.EXE

Error: (09/18/2013 07:34:13 PM) (Source: MsiInstaller)(User: Del-PC)
Description: Product: Adobe Reader X (10.1.1) -- Error 1406.Could not write value Adobe ARM to key \SOFTWARE\Microsoft\Windows\CurrentVersion\Run. System error . Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/18/2013 04:58:07 PM) (Source: MsiInstaller)(User: Del-PC)
Description: Product: Adobe Reader XI -- Error 1311.Source file not found(cabinet): C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AB0000000001}\Data1.cab. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/18/2013 11:14:04 AM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{0F0720C1-AEF6-4FF9-9153-6F7F56B36E79}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}Explorer

Error: (09/14/2013 05:38:45 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{32AF0788-5137-4C10-AFED-E678D3F3AE1B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}Explorer

Error: (09/14/2013 11:25:41 AM) (Source: Sophos Anti-Virus)(User: )
Description: CInfrastructureModule::PreMessageLoop

Error: (09/14/2013 11:25:41 AM) (Source: Sophos Anti-Virus)(User: )
Description: ComponentManager

Error: (09/14/2013 11:25:41 AM) (Source: Sophos Anti-Virus)(User: )
Description: CManager::BeginProcessing

Error: (09/14/2013 11:19:27 AM) (Source: Sophos Anti-Virus)(User: )
Description: CInfrastructureModule::PreMessageLoop

Error: (09/14/2013 11:19:27 AM) (Source: Sophos Anti-Virus)(User: )
Description: ComponentManager


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 3061.18 MB
Available physical RAM: 2087.98 MB
Total Pagefile: 6120.63 MB
Available Pagefile: 4929.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.06 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.03 GB) (Free:124.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A0000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[maliprog]

Hi 70delboy,

Step 1

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

C:\$Recycle.Bin\S-1-5-18\$9c0c89676f848c827691b37f700443a0
C:\$Recycle.Bin\S-1-5-18\$9c0c89676f848c827691b37f700443a0
C:\$Recycle.Bin\S-1-5-21-2568410734-3031030142-1223416489-1001\$9c0c89676f848c827691b37f700443a0
C:\$Recycle.Bin\S-1-5-18\$9c0c89676f848c827691b37f700443a0
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\Del\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Del\AppData\Local\Temp\uninst1.exe
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Windows\Program Files\Microsoft Security Client

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2

Please run FRST tool again and click Scan button as you did first time. Post new log here for me.

Step 3

Please don't forget to include these items in your reply:

• FRST fix log
• new FRST scan log

It would be helpful if you could post each log in separate post using "Add Reply" button

[70delboy]

Hi... couple of points.
What do I do with the file I copied to Notepad, I assume you want me to save to Desktop as Fixlist.txt? What do I do with it then?

Sorry if I am being a bit thick but better safe than sorry!

delboy

[maliprog]

That is right. Save it on desktop as fixlist.txt (must be in the same folder where FRST.exe is) and then run FRST.exe. After you click Fix button he will read that file by it self.

[70delboy]

HI here are the results

FRSTfix log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-09-2013
Ran by Del at 2013-09-20 13:49:34 Run:1
Running from C:\Users\Del\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\$Recycle.Bin\S-1-5-18\$9c0c89676f848c827691b37f700443a0
C:\$Recycle.Bin\S-1-5-18\$9c0c89676f848c827691b37f700443a0
C:\$Recycle.Bin\S-1-5-21-2568410734-3031030142-1223416489-1001\$9c0c89676f848c827691b37f700443a0
C:\$Recycle.Bin\S-1-5-18\$9c0c89676f848c827691b37f700443a0
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\Del\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Del\AppData\Local\Temp\uninst1.exe
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Windows\Program Files\Microsoft Security Client

*****************

C:\$Recycle.Bin\S-1-5-18\$9c0c89676f848c827691b37f700443a0 => Moved successfully.
"C:\$Recycle.Bin\S-1-5-18\$9c0c89676f848c827691b37f700443a0" => File/Directory not found.
C:\$Recycle.Bin\S-1-5-21-2568410734-3031030142-1223416489-1001\$9c0c89676f848c827691b37f700443a0 => Moved successfully.
"C:\$Recycle.Bin\S-1-5-18\$9c0c89676f848c827691b37f700443a0" => File/Directory not found.
C:\ProgramData\dsgsdgdsgdsgw.pad => Moved successfully.
C:\Users\Del\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Del\AppData\Local\Temp\uninst1.exe => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Windows\Program Files\Microsoft Security Client" => Not Found

==== End of Fixlog ====

[70delboy]

here is the FRSTscanlog

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-09-2013
Ran by Del (administrator) on DEL-PC on 20-09-2013 13:51:05
Running from C:\Users\Del\Desktop
Microsoft Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Plc) C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
(Sophos Plc) C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sophos Plc) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Anvisoft) C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
(BrowserSafeguard) C:\Program Files\Browsersafeguard\BrowserSafeguard.exe
(Anvisoft) C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(DigitalAlbum Inc) C:\Program Files\CamToPrint\PassportPhoto\CamToPrintTray.exe
(Intuit) c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Plc) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Plc) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [149280 2009-12-21] (Sun Microsystems, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files\Sophos\AutoUpdate\almon.exe [439536 2010-09-21] (Sophos Plc)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-01-12] (Apple Inc.)
HKLM\...\Run: [Anvi Smart Defender] - C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe [1229104 2012-08-23] (Anvisoft)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [BrowserSafeguard] - C:\Program Files\Browsersafeguard\Browsersafeguard.exe [563200 2013-09-04] (BrowserSafeguard)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
MountPoints2: {b1bfd1a0-db9d-11de-8512-806e6f6e6963} - E:\SmartAccess\bcont.exe
HKU\Yvonne\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Startup: C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Passport Photo.lnk
ShortcutTarget: Passport Photo.lnk -> C:\Program Files\CamToPrint\PassportPhoto\CamToPrintTray.exe (DigitalAlbum Inc)

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49168;https=127.0.0.1:49168;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-se...913_m1&tsp=5009
SearchScopes: HKLM - {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...731329631082750
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-se...913_m1&tsp=5009
SearchScopes: HKCU - {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...731329631082750
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
BHO: Protect My Choices (Beta) - {3DFCDCA1-AEAC-4302-A690-BFB683568BAA} - C:\Program Files\DigitalAdvertisingAlliance\Protect My Choices\pmc.dll (Digital Advertising Alliance)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No File
Toolbar: HKCU - No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} https://internetbank...frontdoorFD.cab
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 02 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 03 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 04 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 05 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 06 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 07 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 08 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Winsock: Catalog9 27 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [42736] (Sophos Plc)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

========================== Services (Whitelisted) =================

R2 asdsrv; C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [686896 2012-08-23] (Anvisoft)
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [163056 2010-10-08] (Sophos Plc)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [97520 2010-06-04] (Sophos Plc)
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [232472 2012-04-11] (Sophos Plc)
R2 Sophos Client Firewall; C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe [32496 2010-04-27] (Sophos Plc)
R2 Sophos Client Firewall Manager; C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe [128240 2010-04-27] (Sophos Plc)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [1543704 2012-02-21] (Sophos Plc)

==================== Drivers (Whitelisted) ====================

R1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [16208 2012-08-20] (Anvisoft)
R2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [22864 2012-08-20] (Anvisoft)
R2 asdws; C:\Windows\system32\DRIVERS\asdws.sys [14160 2012-08-20] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 FreshIO; C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [38976 2012-05-19] (microOLAP Technologies LTD)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [53312 2012-05-19] (microOLAP Technologies LTD)
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [21520 2012-06-30] (Trusteer Ltd.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [122360 2010-10-08] (Sophos Plc)
R1 scfdriver; C:\Windows\system32\Drivers\scfdriver.sys [86520 2010-03-31] (Sophos Plc)
R1 scflwf; C:\Windows\System32\DRIVERS\scflwf.sys [40440 2010-03-31] (Sophos Plc)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2010-07-28] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [58112 2010-07-28] (Silicon Laboratories)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2009-02-09] (Sophos Plc)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-19 15:42 - 2013-09-19 15:42 - 00020753 _____ C:\Users\Del\Desktop\FRST1.txt
2013-09-19 15:42 - 2013-09-19 15:42 - 00018009 _____ C:\Users\Del\Desktop\Addition.txt
2013-09-19 15:40 - 2013-09-19 15:40 - 00000000 ____D C:\FRST
2013-09-19 15:39 - 2013-09-19 15:39 - 01083535 _____ (Farbar) C:\Users\Del\Desktop\FRST.exe
2013-09-18 19:44 - 2013-09-18 19:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-18 19:44 - 2013-09-18 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-18 19:33 - 2013-09-18 19:33 - 00001991 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-18 19:33 - 2013-09-18 19:33 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-18 19:32 - 2013-09-18 19:32 - 52677528 _____ (Adobe Systems Incorporated) C:\Users\Del\Desktop\AdbeRdr1011_en_US.exe
2013-09-18 16:41 - 2013-09-18 16:41 - 00256733 _____ C:\Users\Del\Desktop\CatchOutput.txt
2013-09-18 16:15 - 2013-09-18 16:15 - 00000000 _____ C:\Users\Del\Desktop\VEW.txt.txt
2013-09-18 15:58 - 2013-09-18 15:58 - 00005559 _____ C:\Users\Del\Desktop\FSS.txt
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\SpeedAnalysis3
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\Mozilla
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\File Scout
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\7go
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-09-18 15:43 - 2013-09-19 15:43 - 00000000 ____D C:\Program Files\Browsersafeguard
2013-09-18 15:42 - 2013-09-18 15:42 - 00000072 _____ C:\Windows\wininit.ini
2013-09-18 15:42 - 2013-09-18 15:42 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-18 15:41 - 2013-09-18 15:41 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-18 15:41 - 2013-09-18 15:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-18 15:27 - 2013-09-18 15:27 - 00061440 _____ ( ) C:\Users\Del\Desktop\VEW.exe
2013-09-17 20:13 - 2013-09-17 20:13 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-17 20:13 - 2013-09-17 20:13 - 00000000 ____D C:\Program Files\CCleaner
2013-09-17 20:09 - 2013-09-17 20:09 - 00000166 _____ C:\Users\Del\Desktop\RegistryFix.reg
2013-09-17 17:14 - 2013-09-17 17:14 - 00000168 _____ C:\Users\Del\Documents\RegistryFix.reg
2013-09-17 15:56 - 2013-09-17 15:56 - 00013164 _____ C:\Users\Yvonne\Desktop\please help me - letter to MP.eml
2013-09-14 13:53 - 2013-09-14 13:53 - 00000000 ____D C:\Users\Yvonne\AppData\Local\Sophos
2013-09-03 11:24 - 2013-09-03 11:24 - 00000169 _____ C:\Users\Yvonne\Documents\bens list.txt

==================== One Month Modified Files and Folders =======

2013-09-20 13:47 - 2011-06-20 19:29 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-20 11:07 - 2009-07-14 05:34 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-20 11:07 - 2009-07-14 05:34 - 00014608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-20 11:04 - 2009-11-27 22:44 - 01495010 _____ C:\Windows\WindowsUpdate.log
2013-09-20 11:00 - 2011-06-20 19:29 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-20 10:59 - 2009-11-27 15:20 - 00000490 _____ C:\Windows\ODBC.INI
2013-09-20 10:59 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-20 10:59 - 2009-07-14 05:39 - 00255995 _____ C:\Windows\setupact.log
2013-09-19 15:43 - 2013-09-18 15:43 - 00000000 ____D C:\Program Files\Browsersafeguard
2013-09-19 15:42 - 2013-09-19 15:42 - 00020753 _____ C:\Users\Del\Desktop\FRST1.txt
2013-09-19 15:42 - 2013-09-19 15:42 - 00018009 _____ C:\Users\Del\Desktop\Addition.txt
2013-09-19 15:40 - 2013-09-19 15:40 - 00000000 ____D C:\FRST
2013-09-19 15:39 - 2013-09-19 15:39 - 01083535 _____ (Farbar) C:\Users\Del\Desktop\FRST.exe
2013-09-18 19:44 - 2013-09-18 19:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-18 19:44 - 2013-09-18 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-18 19:44 - 2009-12-02 12:42 - 00000000 ____D C:\Users\Del\AppData\Local\Adobe
2013-09-18 19:33 - 2013-09-18 19:33 - 00001991 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-18 19:33 - 2013-09-18 19:33 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-09-18 19:33 - 2011-02-23 11:16 - 00000000 ____D C:\Program Files\Adobe
2013-09-18 19:33 - 2009-12-02 12:43 - 00000000 ____D C:\ProgramData\Adobe
2013-09-18 19:32 - 2013-09-18 19:32 - 52677528 _____ (Adobe Systems Incorporated) C:\Users\Del\Desktop\AdbeRdr1011_en_US.exe
2013-09-18 19:17 - 2010-01-20 10:37 - 00102682 _____ C:\Windows\PFRO.log
2013-09-18 16:41 - 2013-09-18 16:41 - 00256733 _____ C:\Users\Del\Desktop\CatchOutput.txt
2013-09-18 16:15 - 2013-09-18 16:15 - 00000000 _____ C:\Users\Del\Desktop\VEW.txt.txt
2013-09-18 15:58 - 2013-09-18 15:58 - 00005559 _____ C:\Users\Del\Desktop\FSS.txt
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\SpeedAnalysis3
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\Mozilla
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\File Scout
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\Users\Del\AppData\Roaming\7go
2013-09-18 15:47 - 2013-09-18 15:47 - 00000000 ____D C:\ProgramData\IBUpdaterService
2013-09-18 15:42 - 2013-09-18 15:42 - 00000072 _____ C:\Windows\wininit.ini
2013-09-18 15:42 - 2013-09-18 15:42 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-18 15:41 - 2013-09-18 15:41 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-18 15:41 - 2013-09-18 15:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-18 15:28 - 2009-11-27 14:56 - 00000000 ____D C:\Users\Del\AppData\Local\VirtualStore
2013-09-18 15:27 - 2013-09-18 15:27 - 00061440 _____ ( ) C:\Users\Del\Desktop\VEW.exe
2013-09-17 20:13 - 2013-09-17 20:13 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-17 20:13 - 2013-09-17 20:13 - 00000000 ____D C:\Program Files\CCleaner
2013-09-17 20:09 - 2013-09-17 20:09 - 00000166 _____ C:\Users\Del\Desktop\RegistryFix.reg
2013-09-17 17:14 - 2013-09-17 17:14 - 00000168 _____ C:\Users\Del\Documents\RegistryFix.reg
2013-09-17 15:56 - 2013-09-17 15:56 - 00013164 _____ C:\Users\Yvonne\Desktop\please help me - letter to MP.eml
2013-09-15 11:40 - 2013-07-16 13:30 - 00000000 ____D C:\Windows\system32\MRT
2013-09-14 14:37 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\Msdtc
2013-09-14 14:28 - 2011-10-17 19:20 - 00000971 _____ C:\Users\Yvonnewinxp\Desktop\SpeedFan.lnk
2013-09-14 14:28 - 2011-10-17 19:20 - 00000971 _____ C:\Users\Yvonne\Desktop\SpeedFan.lnk
2013-09-14 14:28 - 2011-10-17 19:20 - 00000971 _____ C:\Users\delwinxp\Desktop\SpeedFan.lnk
2013-09-14 14:28 - 2011-10-17 19:20 - 00000971 _____ C:\Users\Del\Desktop\SpeedFan.lnk
2013-09-14 14:28 - 2011-10-17 19:20 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-09-14 14:28 - 2011-10-17 19:20 - 00000000 ____D C:\Program Files\SpeedFan
2013-09-14 13:53 - 2013-09-14 13:53 - 00000000 ____D C:\Users\Yvonne\AppData\Local\Sophos
2013-09-13 19:18 - 2009-11-27 14:56 - 00000000 ____D C:\Users\Del
2013-09-13 19:16 - 2012-05-03 19:48 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-09-13 19:16 - 2012-05-03 19:48 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-09-13 19:16 - 2012-05-03 19:48 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-09-13 19:16 - 2011-02-15 17:50 - 00000000 ____D C:\ProgramData\Sophos Web Intelligence
2013-09-13 19:16 - 2010-08-15 20:02 - 00000000 ____D C:\Program Files\RC Plane Master
2013-09-13 19:16 - 2009-12-08 21:32 - 00000000 ____D C:\Users\Yvonnewinxp
2013-09-13 19:16 - 2009-12-08 21:31 - 00000000 ___RD C:\Users\delwinxp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-09-13 19:16 - 2009-12-08 21:31 - 00000000 ___RD C:\Users\delwinxp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-09-13 19:16 - 2009-12-08 21:31 - 00000000 ____D C:\Users\delwinxp
2013-09-13 19:16 - 2009-12-02 11:04 - 00000000 ____D C:\Windows\system32\Macromed
2013-09-13 19:16 - 2009-11-30 15:01 - 00000000 ____D C:\Users\Yvonne
2013-09-13 19:16 - 2008-04-29 20:44 - 00000000 ____D C:\Users\delwinxp\Documents\My Albums
2013-09-13 19:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-09-13 19:11 - 2011-06-20 19:29 - 00000000 ____D C:\Program Files\Google
2013-09-03 11:24 - 2013-09-03 11:24 - 00000169 _____ C:\Users\Yvonne\Documents\bens list.txt
2013-09-01 16:57 - 2009-12-01 22:05 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-14 13:53

==================== End Of Log ============================

[maliprog]

Hi 70delboy,

OK. Last FRST log looks much better.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
• Check the boxes beside:
  
  
  • Loaded modules
    
    
• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Make sure to check:
  
  
  • Services and drivers
  • Boot sectors
  • Loaded modules
  • Verify Driver Digital Signature
  • Detect TDLFS file system
    
    
• then click OK.
• Click the Start Scan button to start the scan.
• If a suspicious object is detected, the default action will be Skip
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected for malicious objects
  
  
• Click Continue then Reboot now to finish the cleaning process.
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\\ folder) in the form of \"TDSSKiller.[Version]_[Date]_[Time]_log.txt\". Please copy and paste its contents on your next reply.

Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Please don't forget to include these items in your reply:

• TDSSKiller log
• Malwarebytes log

It would be helpful if you could post each log in separate post using "Add Reply" button

[70delboy]

Hi there
Thanks for your continued advice. I have run the two diagnostic programs and the logs are shown below. First TDSSKiller

18:28:23.0237 2656 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:28:25.0249 2656 ============================================================
18:28:25.0249 2656 Current date / time: 2013/09/22 18:28:25.0249
18:28:25.0249 2656 SystemInfo:
18:28:25.0249 2656
18:28:25.0249 2656 OS Version: 6.1.7600 ServicePack: 0.0
18:28:25.0249 2656 Product type: Workstation
18:28:25.0249 2656 ComputerName: DEL-PC
18:28:25.0249 2656 UserName: Del
18:28:25.0249 2656 Windows directory: C:\Windows
18:28:25.0249 2656 System windows directory: C:\Windows
18:28:25.0249 2656 Processor architecture: Intel x86
18:28:25.0249 2656 Number of processors: 2
18:28:25.0249 2656 Page size: 0x1000
18:28:25.0249 2656 Boot type: Normal boot
18:28:25.0249 2656 ============================================================
18:28:36.0495 2656 BG loaded
18:28:37.0977 2656 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:28:38.0024 2656 ============================================================
18:28:38.0024 2656 \Device\Harddisk0\DR0:
18:28:38.0055 2656 MBR partitions:
18:28:38.0055 2656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
18:28:38.0055 2656 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x2360E800
18:28:38.0055 2656 ============================================================
18:28:38.0211 2656 C: <-> \Device\Harddisk0\DR0\Partition2
18:28:38.0273 2656 D: <-> \Device\Harddisk0\DR0\Partition1
18:28:38.0273 2656 ============================================================
18:28:38.0273 2656 Initialize success
18:28:38.0273 2656 ============================================================
18:32:31.0057 3900 ============================================================
18:32:31.0057 3900 Scan started
18:32:31.0057 3900 Mode: Manual; SigCheck; TDLFS;
18:32:31.0057 3900 ============================================================
18:32:32.0258 3900 ================ Scan system memory ========================
18:32:32.0258 3900 System memory - ok
18:32:32.0258 3900 ================ Scan services =============================
18:32:32.0430 3900 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
18:32:32.0648 3900 1394ohci - ok
18:32:32.0695 3900 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
18:32:32.0726 3900 ACPI - ok
18:32:32.0742 3900 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
18:32:32.0851 3900 AcpiPmi - ok
18:32:32.0991 3900 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:32:33.0038 3900 AdobeARMservice - ok
18:32:33.0085 3900 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:32:33.0132 3900 adp94xx - ok
18:32:33.0163 3900 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:32:33.0210 3900 adpahci - ok
18:32:33.0225 3900 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:32:33.0272 3900 adpu320 - ok
18:32:33.0319 3900 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:32:33.0350 3900 AeLookupSvc - ok
18:32:33.0428 3900 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
18:32:33.0537 3900 AFD - ok
18:32:33.0553 3900 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
18:32:33.0600 3900 agp440 - ok
18:32:33.0646 3900 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:32:33.0693 3900 aic78xx - ok
18:32:33.0724 3900 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:32:33.0834 3900 ALG - ok
18:32:33.0865 3900 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
18:32:33.0912 3900 aliide - ok
18:32:33.0912 3900 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
18:32:33.0958 3900 amdagp - ok
18:32:33.0974 3900 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
18:32:34.0005 3900 amdide - ok
18:32:34.0036 3900 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:32:34.0114 3900 AmdK8 - ok
18:32:34.0114 3900 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:32:34.0192 3900 AmdPPM - ok
18:32:34.0224 3900 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:32:34.0255 3900 amdsata - ok
18:32:34.0286 3900 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:32:34.0317 3900 amdsbs - ok
18:32:34.0333 3900 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:32:34.0364 3900 amdxata - ok
18:32:34.0411 3900 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
18:32:34.0536 3900 AppID - ok
18:32:34.0551 3900 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:32:34.0692 3900 AppIDSvc - ok
18:32:34.0738 3900 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
18:32:34.0801 3900 Appinfo - ok
18:32:34.0832 3900 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:32:34.0879 3900 arc - ok
18:32:34.0894 3900 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:32:34.0926 3900 arcsas - ok
18:32:34.0988 3900 [ 16CDE6977CC88433BF3767C4D42B22D3 ] asdrm C:\Windows\system32\DRIVERS\asdrm.sys
18:32:50.0073 3900 asdrm - ok
18:32:50.0104 3900 [ 3E62E3122E534254DD314FA8A7B6BF48 ] asdrs C:\Windows\system32\DRIVERS\asdrs.sys
18:32:50.0136 3900 asdrs - ok
18:32:50.0182 3900 [ 3F9CA1ACFCB7CFF153B4B3DDB7E29373 ] asdsrv C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
18:32:50.0214 3900 asdsrv - ok
18:32:50.0260 3900 [ 9AFCF85708576F3EF6FB868B6C604C01 ] asdws C:\Windows\system32\DRIVERS\asdws.sys
18:32:50.0292 3900 asdws - ok
18:32:50.0416 3900 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:32:50.0541 3900 aspnet_state - ok
18:32:50.0588 3900 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:32:50.0713 3900 AsyncMac - ok
18:32:50.0728 3900 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
18:32:50.0760 3900 atapi - ok
18:32:50.0822 3900 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:32:50.0900 3900 AudioEndpointBuilder - ok
18:32:50.0931 3900 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:32:50.0962 3900 Audiosrv - ok
18:32:51.0009 3900 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:32:51.0118 3900 AxInstSV - ok
18:32:51.0165 3900 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:32:51.0306 3900 b06bdrv - ok
18:32:51.0337 3900 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:32:51.0462 3900 b57nd60x - ok
18:32:51.0508 3900 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:32:51.0602 3900 BDESVC - ok
18:32:51.0633 3900 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:32:51.0696 3900 Beep - ok
18:32:51.0742 3900 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
18:32:51.0852 3900 BITS - ok
18:32:51.0883 3900 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:32:51.0930 3900 blbdrive - ok
18:32:51.0961 3900 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:32:52.0039 3900 bowser - ok
18:32:52.0054 3900 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:32:52.0117 3900 BrFiltLo - ok
18:32:52.0117 3900 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:32:52.0179 3900 BrFiltUp - ok
18:32:52.0210 3900 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
18:32:52.0288 3900 Browser - ok
18:32:52.0304 3900 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:32:52.0444 3900 Brserid - ok
18:32:52.0460 3900 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:32:52.0538 3900 BrSerWdm - ok
18:32:52.0554 3900 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:32:52.0600 3900 BrUsbMdm - ok
18:32:52.0600 3900 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:32:52.0647 3900 BrUsbSer - ok
18:32:52.0663 3900 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:32:52.0694 3900 BTHMODEM - ok
18:32:52.0741 3900 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:32:52.0803 3900 bthserv - ok
18:32:52.0834 3900 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:32:52.0897 3900 cdfs - ok
18:32:52.0944 3900 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:32:52.0990 3900 cdrom - ok
18:32:53.0006 3900 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
18:32:53.0053 3900 CertPropSvc - ok
18:32:53.0068 3900 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:32:53.0100 3900 circlass - ok
18:32:53.0131 3900 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:32:53.0162 3900 CLFS - ok
18:32:53.0240 3900 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:32:53.0380 3900 clr_optimization_v2.0.50727_32 - ok
18:32:53.0443 3900 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:32:53.0630 3900 clr_optimization_v4.0.30319_32 - ok
18:32:53.0646 3900 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:32:53.0708 3900 CmBatt - ok
18:32:53.0724 3900 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
18:32:53.0770 3900 cmdide - ok
18:32:53.0817 3900 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
18:32:53.0895 3900 CNG - ok
18:32:53.0911 3900 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:32:53.0958 3900 Compbatt - ok
18:32:54.0004 3900 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:32:54.0067 3900 CompositeBus - ok
18:32:54.0082 3900 COMSysApp - ok
18:32:54.0098 3900 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:32:54.0129 3900 crcdisk - ok
18:32:54.0160 3900 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:32:54.0238 3900 CryptSvc - ok
18:32:54.0285 3900 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
18:32:54.0363 3900 DcomLaunch - ok
18:32:54.0394 3900 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:32:54.0472 3900 defragsvc - ok
18:32:54.0504 3900 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:32:54.0582 3900 DfsC - ok
18:32:54.0644 3900 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:32:54.0769 3900 Dhcp - ok
18:32:54.0800 3900 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:32:54.0862 3900 discache - ok
18:32:54.0909 3900 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:32:54.0972 3900 Disk - ok
18:32:55.0050 3900 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:32:55.0096 3900 Dnscache - ok
18:32:55.0143 3900 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
18:32:55.0252 3900 dot3svc - ok
18:32:55.0362 3900 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
18:32:55.0408 3900 DPS - ok
18:32:55.0486 3900 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:32:55.0533 3900 drmkaud - ok
18:32:55.0596 3900 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:32:55.0658 3900 DXGKrnl - ok
18:32:55.0689 3900 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:32:55.0752 3900 EapHost - ok
18:32:55.0908 3900 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:32:56.0079 3900 ebdrv - ok
18:32:56.0142 3900 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
18:32:56.0235 3900 EFS - ok
18:32:56.0298 3900 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:32:56.0656 3900 ehRecvr - ok
18:32:56.0688 3900 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:32:56.0828 3900 ehSched - ok
18:32:56.0953 3900 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:32:57.0015 3900 elxstor - ok
18:32:57.0031 3900 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
18:32:57.0093 3900 ErrDev - ok
18:32:57.0171 3900 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:32:57.0234 3900 EventSystem - ok
18:32:57.0280 3900 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:32:57.0405 3900 exfat - ok
18:32:57.0452 3900 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:32:57.0483 3900 fastfat - ok
18:32:57.0561 3900 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
18:32:57.0702 3900 Fax - ok
18:32:57.0733 3900 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:32:57.0826 3900 fdc - ok
18:32:57.0858 3900 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:32:57.0936 3900 fdPHost - ok
18:32:57.0951 3900 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:32:58.0014 3900 FDResPub - ok
18:32:58.0029 3900 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:32:58.0107 3900 FileInfo - ok
18:32:58.0123 3900 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:32:58.0185 3900 Filetrace - ok
18:32:58.0201 3900 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:32:58.0279 3900 flpydisk - ok
18:32:58.0357 3900 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:32:58.0419 3900 FltMgr - ok
18:32:58.0606 3900 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
18:32:58.0716 3900 FontCache - ok
18:32:58.0903 3900 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:32:59.0074 3900 FontCache3.0.0.0 - ok
18:32:59.0355 3900 [ CAAC750E6D27866C28494E0DE9FA802A ] FreshIO C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
18:32:59.0449 3900 FreshIO ( UnsignedFile.Multi.Generic ) - warning
18:32:59.0449 3900 FreshIO - detected UnsignedFile.Multi.Generic (1)
18:32:59.0464 3900 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:32:59.0511 3900 FsDepends - ok
18:32:59.0620 3900 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:32:59.0698 3900 fssfltr - ok
18:32:59.0839 3900 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
18:32:59.0932 3900 fsssvc - ok
18:33:02.0538 3900 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:33:03.0146 3900 Fs_Rec - ok
18:33:03.0286 3900 [ 4732E596BB1C50D9F9188C5074EE7782 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:33:03.0349 3900 fvevol - ok
18:33:03.0427 3900 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:33:03.0474 3900 gagp30kx - ok
18:33:03.0552 3900 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
18:33:03.0614 3900 giveio ( UnsignedFile.Multi.Generic ) - warning
18:33:03.0614 3900 giveio - detected UnsignedFile.Multi.Generic (1)
18:33:03.0661 3900 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
18:33:03.0723 3900 gpsvc - ok
18:33:03.0801 3900 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:33:03.0864 3900 gupdate - ok
18:33:03.0879 3900 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:33:03.0910 3900 gupdatem - ok
18:33:03.0942 3900 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:33:04.0035 3900 hcw85cir - ok
18:33:04.0066 3900 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:33:04.0129 3900 HdAudAddService - ok
18:33:04.0176 3900 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:33:04.0238 3900 HDAudBus - ok
18:33:04.0238 3900 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:33:04.0285 3900 HidBatt - ok
18:33:04.0300 3900 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:33:04.0347 3900 HidBth - ok
18:33:04.0378 3900 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:33:04.0441 3900 HidIr - ok
18:33:04.0456 3900 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:33:04.0503 3900 hidserv - ok
18:33:04.0534 3900 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:33:04.0597 3900 HidUsb - ok
18:33:04.0628 3900 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:33:04.0690 3900 hkmsvc - ok
18:33:04.0722 3900 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:33:04.0831 3900 HomeGroupListener - ok
18:33:04.0862 3900 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:33:04.0909 3900 HomeGroupProvider - ok
18:33:04.0956 3900 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
18:33:05.0002 3900 HpSAMD - ok
18:33:05.0034 3900 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:33:05.0096 3900 HTTP - ok
18:33:05.0127 3900 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:33:05.0158 3900 hwpolicy - ok
18:33:05.0205 3900 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:33:05.0283 3900 i8042prt - ok
18:33:05.0346 3900 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:33:05.0439 3900 iaStorV - ok
18:33:05.0517 3900 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:33:05.0736 3900 idsvc - ok
18:33:05.0876 3900 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:33:05.0985 3900 igfx - ok
18:33:06.0032 3900 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:33:06.0063 3900 iirsp - ok
18:33:06.0110 3900 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
18:33:06.0282 3900 IKEEXT - ok
18:33:06.0297 3900 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
18:33:06.0344 3900 intelide - ok
18:33:06.0391 3900 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:33:06.0469 3900 intelppm - ok
18:33:06.0484 3900 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:33:06.0547 3900 IPBusEnum - ok
18:33:06.0578 3900 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:33:06.0656 3900 IpFilterDriver - ok
18:33:06.0656 3900 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:33:06.0703 3900 IPMIDRV - ok
18:33:06.0703 3900 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:33:06.0750 3900 IPNAT - ok
18:33:06.0781 3900 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:33:06.0843 3900 IRENUM - ok
18:33:06.0859 3900 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
18:33:06.0937 3900 isapnp - ok
18:33:06.0968 3900 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:33:07.0046 3900 iScsiPrt - ok
18:33:07.0093 3900 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:33:07.0124 3900 kbdclass - ok
18:33:07.0140 3900 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:33:07.0186 3900 kbdhid - ok
18:33:07.0218 3900 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
18:33:07.0233 3900 KeyIso - ok
18:33:07.0280 3900 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:33:07.0311 3900 KSecDD - ok
18:33:07.0327 3900 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:33:07.0358 3900 KSecPkg - ok
18:33:07.0405 3900 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:33:07.0498 3900 KtmRm - ok
18:33:07.0545 3900 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
18:33:07.0592 3900 LanmanServer - ok
18:33:07.0623 3900 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:33:07.0670 3900 LanmanWorkstation - ok
18:33:07.0717 3900 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:33:07.0795 3900 lltdio - ok
18:33:07.0826 3900 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:33:07.0920 3900 lltdsvc - ok
18:33:07.0935 3900 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:33:08.0013 3900 lmhosts - ok
18:33:08.0044 3900 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:33:08.0091 3900 LSI_FC - ok
18:33:08.0138 3900 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:33:08.0216 3900 LSI_SAS - ok
18:33:08.0216 3900 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:33:08.0263 3900 LSI_SAS2 - ok
18:33:08.0278 3900 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:33:08.0341 3900 LSI_SCSI - ok
18:33:08.0372 3900 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:33:08.0419 3900 luafv - ok
18:33:08.0450 3900 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:33:08.0512 3900 Mcx2Svc - ok
18:33:08.0544 3900 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:33:08.0575 3900 megasas - ok
18:33:08.0590 3900 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:33:08.0653 3900 MegaSR - ok
18:33:08.0684 3900 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:33:08.0746 3900 MMCSS - ok
18:33:08.0762 3900 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:33:08.0840 3900 Modem - ok
18:33:08.0902 3900 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:33:08.0965 3900 monitor - ok
18:33:09.0012 3900 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:33:09.0043 3900 mouclass - ok
18:33:09.0090 3900 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:33:09.0168 3900 mouhid - ok
18:33:09.0199 3900 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:33:09.0261 3900 mountmgr - ok
18:33:09.0277 3900 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
18:33:09.0324 3900 mpio - ok
18:33:09.0339 3900 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:33:09.0417 3900 mpsdrv - ok
18:33:09.0433 3900 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:33:09.0480 3900 MRxDAV - ok
18:33:09.0495 3900 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:33:09.0558 3900 mrxsmb - ok
18:33:09.0589 3900 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:33:09.0667 3900 mrxsmb10 - ok
18:33:09.0698 3900 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:33:09.0729 3900 mrxsmb20 - ok
18:33:09.0745 3900 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
18:33:09.0792 3900 msahci - ok
18:33:09.0807 3900 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
18:33:09.0838 3900 msdsm - ok
18:33:09.0870 3900 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:33:09.0948 3900 MSDTC - ok
18:33:09.0994 3900 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:33:10.0041 3900 Msfs - ok
18:33:10.0057 3900 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:33:10.0104 3900 mshidkmdf - ok
18:33:10.0119 3900 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
18:33:10.0150 3900 msisadrv - ok
18:33:10.0197 3900 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:33:10.0291 3900 MSiSCSI - ok
18:33:10.0291 3900 msiserver - ok
18:33:10.0322 3900 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:33:10.0400 3900 MSKSSRV - ok
18:33:10.0431 3900 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:33:10.0509 3900 MSPCLOCK - ok
18:33:10.0525 3900 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:33:10.0587 3900 MSPQM - ok
18:33:10.0603 3900 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:33:10.0650 3900 MsRPC - ok
18:33:10.0665 3900 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:33:10.0696 3900 mssmbios - ok
18:33:10.0712 3900 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:33:10.0759 3900 MSTEE - ok
18:33:10.0774 3900 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:33:10.0821 3900 MTConfig - ok
18:33:10.0852 3900 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:33:10.0884 3900 Mup - ok
18:33:10.0930 3900 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
18:33:11.0040 3900 napagent - ok
18:33:11.0086 3900 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:33:11.0164 3900 NativeWifiP - ok
18:33:11.0227 3900 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:33:11.0305 3900 NDIS - ok
18:33:11.0352 3900 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:33:11.0414 3900 NdisCap - ok
18:33:11.0461 3900 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:33:11.0492 3900 NdisTapi - ok
18:33:11.0523 3900 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:33:11.0570 3900 Ndisuio - ok
18:33:11.0601 3900 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:33:11.0664 3900 NdisWan - ok
18:33:11.0710 3900 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:33:11.0742 3900 NDProxy - ok
18:33:11.0788 3900 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:33:11.0851 3900 NetBIOS - ok
18:33:11.0898 3900 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:33:11.0960 3900 NetBT - ok
18:33:11.0991 3900 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
18:33:12.0022 3900 Netlogon - ok
18:33:12.0069 3900 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:33:12.0116 3900 Netman - ok
18:33:12.0178 3900 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:33:12.0475 3900 NetMsmqActivator - ok
18:33:12.0475 3900 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:33:12.0600 3900 NetPipeActivator - ok
18:33:12.0615 3900 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:33:12.0678 3900 netprofm - ok
18:33:12.0693 3900 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:33:12.0818 3900 NetTcpActivator - ok
18:33:12.0818 3900 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:33:12.0943 3900 NetTcpPortSharing - ok
18:33:12.0974 3900 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:33:13.0021 3900 nfrd960 - ok
18:33:13.0036 3900 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
18:33:13.0083 3900 NlaSvc - ok
18:33:13.0114 3900 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:33:13.0192 3900 Npfs - ok
18:33:13.0239 3900 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:33:13.0286 3900 nsi - ok
18:33:13.0286 3900 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:33:13.0364 3900 nsiproxy - ok
18:33:13.0411 3900 [ A8F59428E9F361C7AC42A94AC1560BC9 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:33:13.0520 3900 Ntfs - ok
18:33:13.0536 3900 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:33:13.0598 3900 Null - ok
18:33:13.0645 3900 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:33:13.0676 3900 nvraid - ok
18:33:13.0707 3900 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:33:13.0785 3900 nvstor - ok
18:33:13.0801 3900 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
18:33:13.0832 3900 nv_agp - ok
18:33:13.0848 3900 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:33:13.0941 3900 ohci1394 - ok
18:33:13.0988 3900 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:33:14.0097 3900 p2pimsvc - ok
18:33:14.0128 3900 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:33:14.0191 3900 p2psvc - ok
18:33:14.0238 3900 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:33:14.0284 3900 Parport - ok
18:33:14.0331 3900 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:33:14.0362 3900 partmgr - ok
18:33:14.0378 3900 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:33:14.0425 3900 Parvdm - ok
18:33:14.0456 3900 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:33:14.0487 3900 PcaSvc - ok
18:33:14.0503 3900 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
18:33:14.0550 3900 pci - ok
18:33:14.0550 3900 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:33:14.0596 3900 pciide - ok
18:33:14.0628 3900 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:33:14.0674 3900 pcmcia - ok
18:33:14.0690 3900 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:33:14.0721 3900 pcw - ok
18:33:14.0752 3900 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:33:14.0815 3900 PEAUTH - ok
18:33:14.0862 3900 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
18:33:14.0971 3900 pla - ok
18:33:15.0018 3900 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:33:15.0142 3900 PlugPlay - ok
18:33:15.0236 3900 [ AE6C778717DE2F6B0C0B5335036D3363 ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
18:33:15.0314 3900 PMBDeviceInfoProvider - ok
18:33:15.0330 3900 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:33:15.0376 3900 PNRPAutoReg - ok
18:33:15.0408 3900 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:33:15.0439 3900 PNRPsvc - ok
18:33:15.0470 3900 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:33:15.0860 3900 PolicyAgent - ok
18:33:15.0891 3900 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
18:33:16.0422 3900 Power - ok
18:33:16.0468 3900 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:33:16.0531 3900 PptpMiniport - ok
18:33:16.0562 3900 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:33:16.0609 3900 Processor - ok
18:33:16.0671 3900 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
18:33:16.0765 3900 ProfSvc - ok
18:33:16.0796 3900 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:33:16.0812 3900 ProtectedStorage - ok
18:33:16.0858 3900 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:33:16.0905 3900 Psched - ok
18:33:16.0968 3900 [ C8EB36910D3BD582891977E80925E21E ] PSSDK42 C:\Windows\system32\Drivers\pssdk42.sys
18:33:17.0014 3900 PSSDK42 - ok
18:33:17.0061 3900 [ 0BEC7B42F4093400509821C63F13F1D5 ] PSSDKLBF C:\Windows\system32\Drivers\pssdklbf.sys
18:33:17.0124 3900 PSSDKLBF - ok
18:33:17.0217 3900 [ B1A7437A886CE87B31A12A154ED33833 ] QBCFMonitorService c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
18:33:17.0264 3900 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
18:33:17.0264 3900 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
18:33:17.0326 3900 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
18:33:17.0404 3900 QBFCService ( UnsignedFile.Multi.Generic ) - warning
18:33:17.0404 3900 QBFCService - detected UnsignedFile.Multi.Generic (1)
18:33:17.0451 3900 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:33:17.0545 3900 ql2300 - ok
18:33:17.0560 3900 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:33:17.0623 3900 ql40xx - ok
18:33:17.0654 3900 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:33:17.0732 3900 QWAVE - ok
18:33:17.0763 3900 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:33:17.0794 3900 QWAVEdrv - ok
18:33:17.0982 3900 [ 1F0381F7F4FF40E0DF12FD49D2D80FCD ] RapportIaso c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
18:33:18.0060 3900 RapportIaso - ok
18:33:18.0075 3900 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:33:18.0138 3900 RasAcd - ok
18:33:18.0184 3900 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:33:18.0231 3900 RasAgileVpn - ok
18:33:18.0247 3900 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:33:18.0294 3900 RasAuto - ok
18:33:18.0309 3900 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:33:18.0372 3900 Rasl2tp - ok
18:33:18.0403 3900 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
18:33:18.0465 3900 RasMan - ok
18:33:18.0496 3900 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:33:18.0559 3900 RasPppoe - ok
18:33:18.0606 3900 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:33:18.0668 3900 RasSstp - ok
18:33:18.0715 3900 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:33:18.0762 3900 rdbss - ok
18:33:18.0777 3900 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:33:18.0808 3900 rdpbus - ok
18:33:18.0824 3900 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:33:18.0886 3900 RDPCDD - ok
18:33:18.0902 3900 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:33:18.0980 3900 RDPENCDD - ok
18:33:19.0011 3900 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:33:19.0089 3900 RDPREFMP - ok
18:33:19.0120 3900 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:33:19.0214 3900 RDPWD - ok
18:33:19.0230 3900 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:33:19.0292 3900 rdyboost - ok
18:33:19.0323 3900 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:33:19.0401 3900 RemoteAccess - ok
18:33:19.0401 3900 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:33:19.0464 3900 RemoteRegistry - ok
18:33:19.0495 3900 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:33:19.0588 3900 RpcEptMapper - ok
18:33:19.0635 3900 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:33:19.0729 3900 RpcLocator - ok
18:33:19.0744 3900 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
18:33:19.0791 3900 RpcSs - ok
18:33:19.0807 3900 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:33:19.0869 3900 rspndr - ok
18:33:19.0900 3900 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
18:33:19.0947 3900 RTL8167 - ok
18:33:19.0963 3900 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
18:33:19.0978 3900 SamSs - ok
18:33:20.0072 3900 [ BD57B12FA4C21B1CE7DA3570410BF12D ] SAVAdminService C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
18:33:20.0119 3900 SAVAdminService - ok
18:33:20.0166 3900 [ AE668D3F43FC90BC17F62E08FF82A446 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
18:33:20.0197 3900 SAVOnAccess - ok
18:33:20.0244 3900 [ 836AEC603665F6DB83965EE57B3DCF57 ] SAVService C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
18:33:20.0275 3900 SAVService - ok
18:33:20.0322 3900 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
18:33:20.0353 3900 sbp2port - ok
18:33:20.0368 3900 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:33:20.0415 3900 SCardSvr - ok
18:33:20.0446 3900 [ FF0691EC4EB51844DCFA7707E56EC1AF ] scfdriver C:\Windows\system32\Drivers\scfdriver.sys
18:33:20.0899 3900 scfdriver - ok
18:33:20.0914 3900 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:33:20.0977 3900 scfilter - ok
18:33:21.0008 3900 [ 41AF1A67259AF0700D359319D59BDA00 ] scflwf C:\Windows\system32\DRIVERS\scflwf.sys
18:33:21.0039 3900 scflwf - ok
18:33:21.0086 3900 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
18:33:21.0180 3900 Schedule - ok
18:33:21.0211 3900 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:33:21.0242 3900 SCPolicySvc - ok
18:33:21.0273 3900 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:33:21.0382 3900 SDRSVC - ok
18:33:21.0429 3900 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:33:21.0492 3900 secdrv - ok
18:33:21.0492 3900 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:33:21.0554 3900 seclogon - ok
18:33:21.0601 3900 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:33:21.0648 3900 SENS - ok
18:33:21.0679 3900 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:33:21.0726 3900 SensrSvc - ok
18:33:21.0741 3900 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:33:21.0772 3900 Serenum - ok
18:33:21.0788 3900 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:33:21.0819 3900 Serial - ok
18:33:21.0835 3900 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:33:21.0882 3900 sermouse - ok
18:33:21.0897 3900 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
18:33:21.0944 3900 SessionEnv - ok
18:33:21.0991 3900 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:33:22.0038 3900 sffdisk - ok
18:33:22.0053 3900 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:33:22.0084 3900 sffp_mmc - ok
18:33:22.0116 3900 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:33:22.0178 3900 sffp_sd - ok
18:33:22.0178 3900 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:33:22.0225 3900 sfloppy - ok
18:33:22.0256 3900 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:33:22.0287 3900 ShellHWDetection - ok
18:33:22.0334 3900 [ 3EAD8E1668CE42A0AFE41D56E7157BCF ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys
18:33:22.0474 3900 silabenm - ok
18:33:22.0490 3900 [ 5EC84546635D8F6E306F9C80FE09433D ] silabser C:\Windows\system32\DRIVERS\silabser.sys
18:33:22.0568 3900 silabser - ok
18:33:22.0568 3900 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
18:33:22.0615 3900 sisagp - ok
18:33:22.0646 3900 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:33:22.0677 3900 SiSRaid2 - ok
18:33:22.0693 3900 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:33:22.0724 3900 SiSRaid4 - ok
18:33:22.0771 3900 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:33:22.0833 3900 Smb - ok
18:33:22.0880 3900 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:33:22.0942 3900 SNMPTRAP - ok
18:33:23.0036 3900 [ B5774835A13B5ED31378AABD07746262 ] Sophos AutoUpdate Service C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
18:33:23.0083 3900 Sophos AutoUpdate Service - ok
18:33:23.0161 3900 [ 76FC1A16C0A2EA7E8DDA595155CDDFD9 ] Sophos Client Firewall C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
18:33:23.0208 3900 Sophos Client Firewall - ok
18:33:23.0223 3900 [ AFFFB4F19EF1BFAAE31238B3C8E92252 ] Sophos Client Firewall Manager C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
18:33:23.0239 3900 Sophos Client Firewall Manager - ok
18:33:23.0286 3900 [ F2B7BD04146B3E6A895A1919E1F5DA89 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
18:33:23.0317 3900 SophosBootDriver - ok
18:33:23.0395 3900 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\Windows\system32\speedfan.sys
18:33:23.0457 3900 speedfan - ok
18:33:23.0473 3900 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:33:23.0504 3900 spldr - ok
18:33:23.0551 3900 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
18:33:23.0629 3900 Spooler - ok
18:33:23.0691 3900 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
18:33:23.0894 3900 sppsvc - ok
18:33:23.0925 3900 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:33:23.0972 3900 sppuinotify - ok
18:33:24.0003 3900 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:33:24.0034 3900 srv - ok
18:33:24.0050 3900 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:33:24.0081 3900 srv2 - ok
18:33:24.0128 3900 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:33:24.0159 3900 srvnet - ok
18:33:24.0206 3900 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:33:24.0253 3900 SSDPSRV - ok
18:33:24.0300 3900 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:33:24.0393 3900 SstpSvc - ok
18:33:24.0440 3900 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:33:24.0487 3900 stexstor - ok
18:33:24.0549 3900 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
18:33:24.0596 3900 StiSvc - ok
18:33:24.0627 3900 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:33:24.0674 3900 swenum - ok
18:33:24.0908 3900 [ AA5CA4A5F87C1576FF550A0372B3ED84 ] swi_service C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
18:33:25.0126 3900 swi_service - ok
18:33:25.0204 3900 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:33:25.0298 3900 swprv - ok
18:33:25.0345 3900 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
18:33:25.0407 3900 SysMain - ok
18:33:25.0438 3900 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:33:25.0501 3900 TabletInputService - ok
18:33:25.0516 3900 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
18:33:25.0563 3900 TapiSrv - ok
18:33:25.0579 3900 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:33:25.0626 3900 TBS - ok
18:33:25.0688 3900 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:33:25.0782 3900 Tcpip - ok
18:33:25.0828 3900 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:33:25.0891 3900 TCPIP6 - ok
18:33:25.0938 3900 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:33:26.0031 3900 tcpipreg - ok
18:33:26.0062 3900 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:33:26.0156 3900 TDPIPE - ok
18:33:26.0187 3900 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:33:26.0218 3900 TDTCP - ok
18:33:26.0265 3900 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:33:26.0312 3900 tdx - ok
18:33:26.0312 3900 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:33:26.0359 3900 TermDD - ok
18:33:26.0374 3900 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
18:33:26.0468 3900 TermService - ok
18:33:26.0499 3900 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:33:26.0562 3900 Themes - ok
18:33:26.0593 3900 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:33:26.0624 3900 THREADORDER - ok
18:33:26.0655 3900 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:33:26.0702 3900 TrkWks - ok
18:33:26.0764 3900 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:33:26.0858 3900 TrustedInstaller - ok
18:33:26.0889 3900 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:33:26.0952 3900 tssecsrv - ok
18:33:26.0983 3900 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:33:27.0030 3900 tunnel - ok
18:33:27.0045 3900 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:33:27.0076 3900 uagp35 - ok
18:33:27.0092 3900 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:33:27.0170 3900 udfs - ok
18:33:27.0201 3900 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:33:27.0279 3900 UI0Detect - ok
18:33:27.0310 3900 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
18:33:27.0357 3900 uliagpkx - ok
18:33:27.0357 3900 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:33:27.0420 3900 umbus - ok
18:33:27.0435 3900 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:33:27.0482 3900 UmPass - ok
18:33:27.0513 3900 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:33:27.0591 3900 upnphost - ok
18:33:27.0622 3900 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:33:27.0716 3900 usbccgp - ok
18:33:27.0732 3900 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
18:33:27.0778 3900 usbcir - ok
18:33:27.0810 3900 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:33:27.0872 3900 usbehci - ok
18:33:27.0919 3900 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:33:27.0950 3900 usbhub - ok
18:33:27.0981 3900 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:33:28.0075 3900 usbohci - ok
18:33:28.0106 3900 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:33:28.0168 3900 usbprint - ok
18:33:28.0215 3900 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:33:28.0278 3900 usbscan - ok
18:33:28.0324 3900 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:33:28.0434 3900 USBSTOR - ok
18:33:28.0543 3900 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:33:28.0636 3900 usbuhci - ok
18:33:28.0668 3900 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:33:28.0714 3900 UxSms - ok
18:33:28.0730 3900 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
18:33:28.0761 3900 VaultSvc - ok
18:33:28.0777 3900 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
18:33:28.0808 3900 vdrvroot - ok
18:33:28.0824 3900 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
18:33:28.0933 3900 vds - ok
18:33:28.0980 3900 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:33:29.0026 3900 vga - ok
18:33:29.0058 3900 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:33:29.0104 3900 VgaSave - ok
18:33:29.0120 3900 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
18:33:29.0151 3900 vhdmp - ok
18:33:29.0182 3900 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
18:33:29.0214 3900 viaagp - ok
18:33:29.0245 3900 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:33:29.0323 3900 ViaC7 - ok
18:33:29.0338 3900 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
18:33:29.0385 3900 viaide - ok
18:33:29.0416 3900 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
18:33:29.0448 3900 volmgr - ok
18:33:29.0463 3900 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:33:29.0510 3900 volmgrx - ok
18:33:29.0557 3900 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:33:29.0604 3900 volsnap - ok
18:33:29.0650 3900 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:33:29.0682 3900 vsmraid - ok
18:33:29.0713 3900 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
18:33:29.0806 3900 VSS - ok
18:33:29.0822 3900 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:33:29.0884 3900 vwifibus - ok
18:33:29.0916 3900 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:33:30.0009 3900 W32Time - ok
18:33:30.0040 3900 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:33:30.0072 3900 WacomPen - ok
18:33:30.0118 3900 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:33:30.0165 3900 WANARP - ok
18:33:30.0165 3900 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:33:30.0196 3900 Wanarpv6 - ok
18:33:30.0290 3900 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:33:30.0430 3900 WatAdminSvc - ok
18:33:30.0462 3900 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
18:33:30.0649 3900 wbengine - ok
18:33:30.0664 3900 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:33:30.0711 3900 WbioSrvc - ok
18:33:30.0742 3900 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:33:30.0867 3900 wcncsvc - ok
18:33:30.0867 3900 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:33:30.0945 3900 WcsPlugInService - ok
18:33:30.0961 3900 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:33:31.0008 3900 Wd - ok
18:33:31.0039 3900 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:33:31.0148 3900 Wdf01000 - ok
18:33:31.0164 3900 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:33:31.0195 3900 WdiServiceHost - ok
18:33:31.0195 3900 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:33:31.0226 3900 WdiSystemHost - ok
18:33:31.0257 3900 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
18:33:31.0335 3900 WebClient - ok
18:33:31.0351 3900 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:33:31.0398 3900 Wecsvc - ok
18:33:31.0413 3900 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:33:31.0491 3900 wercplsupport - ok
18:33:31.0522 3900 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:33:31.0585 3900 WerSvc - ok
18:33:31.0585 3900 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:33:31.0647 3900 WfpLwf - ok
18:33:31.0678 3900 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:33:31.0725 3900 WIMMount - ok
18:33:31.0725 3900 WinHttpAutoProxySvc - ok
18:33:31.0788 3900 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:33:31.0834 3900 Winmgmt - ok
18:33:31.0866 3900 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
18:33:31.0959 3900 WinRM - ok
18:33:32.0022 3900 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] winusb C:\Windows\system32\DRIVERS\WinUSB.SYS
18:33:32.0068 3900 winusb - ok
18:33:32.0084 3900 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:33:32.0162 3900 Wlansvc - ok
18:33:32.0178 3900 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:33:32.0224 3900 WmiAcpi - ok
18:33:32.0256 3900 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:33:32.0349 3900 wmiApSrv - ok
18:33:32.0443 3900 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:33:32.0552 3900 WMPNetworkSvc - ok
18:33:32.0568 3900 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:33:32.0614 3900 WPCSvc - ok
18:33:32.0630 3900 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:33:32.0646 3900 WPDBusEnum - ok
18:33:32.0692 3900 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:33:32.0755 3900 ws2ifsl - ok
18:33:32.0755 3900 WSearch - ok
18:33:32.0848 3900 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:33:32.0911 3900 wuauserv - ok
18:33:32.0942 3900 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:33:32.0989 3900 WudfPf - ok
18:33:33.0020 3900 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:33:33.0051 3900 WUDFRd - ok
18:33:33.0098 3900 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:33:33.0129 3900 wudfsvc - ok
18:33:33.0160 3900 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:33:33.0207 3900 WwanSvc - ok
18:33:33.0223 3900 ================ Scan global ===============================
18:33:33.0270 3900 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
18:33:33.0316 3900 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
18:33:33.0348 3900 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
18:33:33.0379 3900 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:33:33.0426 3900 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:33:33.0426 3900 [Global] - ok
18:33:33.0426 3900 ================ Scan MBR ==================================
18:33:33.0441 3900 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:33:33.0738 3900 \Device\Harddisk0\DR0 - ok
18:33:33.0738 3900 ================ Scan VBR ==================================
18:33:33.0769 3900 [ 2AD523612142AA5074ED2ED2DA9561CB ] \Device\Harddisk0\DR0\Partition1
18:33:33.0769 3900 \Device\Harddisk0\DR0\Partition1 - ok
18:33:33.0784 3900 [ FA0A3534239A4ECE8FB047FD1E69FD5C ] \Device\Harddisk0\DR0\Partition2
18:33:33.0784 3900 \Device\Harddisk0\DR0\Partition2 - ok
18:33:33.0784 3900 ================ Scan active images ========================
18:33:33.0784 3900 [ 338C86357871C167A96AB976519BF59E ] C:\Windows\System32\drivers\atapi.sys
18:33:33.0784 3900 C:\Windows\System32\drivers\atapi.sys - ok
18:33:33.0800 3900 [ B7EFEF22FF426EC4158A177CB3B558D3 ] C:\Windows\System32\drivers\crashdmp.sys
18:33:33.0800 3900 C:\Windows\System32\drivers\crashdmp.sys - ok
18:33:33.0800 3900 [ 5428227D4730EBDFC842E9FB593F8C8A ] C:\Windows\System32\drivers\Dumpata.sys
18:33:33.0800 3900 C:\Windows\System32\drivers\Dumpata.sys - ok
18:33:33.0816 3900 [ 62A63EF2F3053B461CB327E4D69AAA74 ] C:\Windows\System32\drivers\dumpfve.sys
18:33:33.0816 3900 C:\Windows\System32\drivers\dumpfve.sys - ok
18:33:33.0816 3900 [ 16CDE6977CC88433BF3767C4D42B22D3 ] C:\Windows\System32\drivers\asdrm.sys
18:33:33.0816 3900 C:\Windows\System32\drivers\asdrm.sys - ok
18:33:33.0816 3900 [ BA6E70AA0E6091BC39DE29477D866A77 ] C:\Windows\System32\drivers\cdrom.sys
18:33:33.0816 3900 C:\Windows\System32\drivers\cdrom.sys - ok
18:33:33.0831 3900 [ 505506526A9D467307B3C393DEDAF858 ] C:\Windows\System32\drivers\beep.sys
18:33:33.0831 3900 C:\Windows\System32\drivers\beep.sys - ok
18:33:33.0831 3900 [ F9756A98D69098DCA8945D62858A812C ] C:\Windows\System32\drivers\null.sys
18:33:33.0831 3900 C:\Windows\System32\drivers\null.sys - ok
18:33:33.0847 3900 [ 1E016846895B15A99F9A176A05029075 ] C:\Windows\System32\drivers\RDPCDD.sys
18:33:33.0847 3900 C:\Windows\System32\drivers\RDPCDD.sys - ok
18:33:33.0847 3900 [ 5A53CA1598DD4156D44196D200C94B8A ] C:\Windows\System32\drivers\RDPENCDD.sys
18:33:33.0847 3900 C:\Windows\System32\drivers\RDPENCDD.sys - ok
18:33:33.0847 3900 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] C:\Windows\System32\drivers\RDPREFMP.sys
18:33:33.0847 3900 C:\Windows\System32\drivers\RDPREFMP.sys - ok
18:33:33.0862 3900 [ AE668D3F43FC90BC17F62E08FF82A446 ] C:\Windows\System32\drivers\savonaccess.sys
18:33:33.0862 3900 C:\Windows\System32\drivers\savonaccess.sys - ok
18:33:33.0862 3900 [ 8E38096AD5C8570A6F1570A61E251561 ] C:\Windows\System32\drivers\vga.sys
18:33:33.0862 3900 C:\Windows\System32\drivers\vga.sys - ok
18:33:33.0862 3900 [ 15C126D1B55814B9E5CAB10A9C1F4C67 ] C:\Windows\System32\drivers\videoprt.sys
18:33:33.0862 3900 C:\Windows\System32\drivers\videoprt.sys - ok
18:33:33.0878 3900 [ CB45A417C8EF7BA6BAC67EDCDDED8700 ] C:\Windows\System32\drivers\watchdog.sys
18:33:33.0878 3900 C:\Windows\System32\drivers\watchdog.sys - ok
18:33:33.0878 3900 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] C:\Windows\System32\drivers\msfs.sys
18:33:33.0878 3900 C:\Windows\System32\drivers\msfs.sys - ok
18:33:33.0894 3900 [ 1DB262A9F8C087E8153D89BEF3D2235F ] C:\Windows\System32\drivers\npfs.sys
18:33:33.0894 3900 C:\Windows\System32\drivers\npfs.sys - ok
18:33:33.0894 3900 [ FF0691EC4EB51844DCFA7707E56EC1AF ] C:\Windows\System32\drivers\scfdriver.sys
18:33:33.0894 3900 C:\Windows\System32\drivers\scfdriver.sys - ok
18:33:33.0894 3900 [ 41AF1A67259AF0700D359319D59BDA00 ] C:\Windows\System32\drivers\scflwf.sys
18:33:33.0894 3900 C:\Windows\System32\drivers\scflwf.sys - ok
18:33:33.0909 3900 [ 52639C994FE3CD975BFE7428B939B320 ] C:\Windows\System32\drivers\tdi.sys
18:33:33.0909 3900 C:\Windows\System32\drivers\tdi.sys - ok
18:33:33.0909 3900 [ CB39E896A2A83702D1737BFD402B3542 ] C:\Windows\System32\drivers\tdx.sys
18:33:33.0909 3900 C:\Windows\System32\drivers\tdx.sys - ok
18:33:33.0909 3900 [ 0DB7A48388D54D154EBEC120461A0FCD ] C:\Windows\System32\drivers\afd.sys
18:33:33.0909 3900 C:\Windows\System32\drivers\afd.sys - ok
18:33:33.0925 3900 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] C:\Windows\System32\drivers\netbios.sys
18:33:33.0925 3900 C:\Windows\System32\drivers\netbios.sys - ok
18:33:33.0925 3900 [ DD52A733BF4CA5AF84562A5E2F963B91 ] C:\Windows\System32\drivers\netbt.sys
18:33:33.0925 3900 C:\Windows\System32\drivers\netbt.sys - ok
18:33:33.0925 3900 [ 6270CCAE2A86DE6D146529FE55B3246A ] C:\Windows\System32\drivers\pacer.sys
18:33:33.0925 3900 C:\Windows\System32\drivers\pacer.sys - ok
18:33:33.0940 3900 [ 8B9A943F3B53861F2BFAF6C186168F79 ] C:\Windows\System32\drivers\wfplwf.sys
18:33:33.0940 3900 C:\Windows\System32\drivers\wfplwf.sys - ok
18:33:33.0940 3900 [ 6DB3276587B853BF886B69528FDB048C ] C:\Windows\System32\drivers\ws2ifsl.sys
18:33:33.0940 3900 C:\Windows\System32\drivers\ws2ifsl.sys - ok
18:33:33.0940 3900 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] C:\Windows\System32\drivers\nsiproxy.sys
18:33:33.0940 3900 C:\Windows\System32\drivers\nsiproxy.sys - ok
18:33:33.0956 3900 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] C:\Windows\System32\drivers\rdbss.sys
18:33:33.0956 3900 C:\Windows\System32\drivers\rdbss.sys - ok
18:33:33.0956 3900 [ C36F41EE20E6999DBF4B0425963268A5 ] C:\Windows\System32\drivers\termdd.sys
18:33:33.0956 3900 C:\Windows\System32\drivers\termdd.sys - ok
18:33:33.0972 3900 [ 692A712062146E96D28BA0B7D75DE31B ] C:\Windows\System32\drivers\wanarp.sys
18:33:33.0972 3900 C:\Windows\System32\drivers\wanarp.sys - ok
18:33:33.0972 3900 [ 1A050B0274BFB3890703D490F330C0DA ] C:\Windows\System32\drivers\discache.sys
18:33:33.0972 3900 C:\Windows\System32\drivers\discache.sys - ok
18:33:33.0972 3900 [ FC6B9FF600CC585EA38B12589BD4E246 ] C:\Windows\System32\drivers\mssmbios.sys
18:33:33.0972 3900 C:\Windows\System32\drivers\mssmbios.sys - ok
18:33:33.0987 3900 [ 2287078ED48FCFC477B05B20CF38F36F ] C:\Windows\System32\drivers\blbdrive.sys
18:33:33.0987 3900 C:\Windows\System32\drivers\blbdrive.sys - ok
18:33:33.0987 3900 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] C:\Windows\System32\drivers\dfsc.sys
18:33:33.0987 3900 C:\Windows\System32\drivers\dfsc.sys - ok
18:33:33.0987 3900 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] C:\Windows\System32\drivers\intelppm.sys
18:33:33.0987 3900 C:\Windows\System32\drivers\intelppm.sys - ok
18:33:34.0003 3900 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] C:\Windows\System32\drivers\tunnel.sys
18:33:34.0003 3900 C:\Windows\System32\drivers\tunnel.sys - ok
18:33:34.0003 3900 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] C:\Windows\System32\drivers\igdkmd32.sys
18:33:34.0003 3900 C:\Windows\System32\drivers\igdkmd32.sys - ok
18:33:34.0018 3900 [ 1679A4669326CB1A67CC95658D273234 ] C:\Windows\System32\drivers\dxgkrnl.sys
18:33:34.0018 3900 C:\Windows\System32\drivers\dxgkrnl.sys - ok
18:33:34.0018 3900 [ CF519D46E5B8BDE8D7BA981BA9A174CD ] C:\Windows\System32\drivers\dxgmms1.sys
18:33:34.0018 3900 C:\Windows\System32\drivers\dxgmms1.sys - ok
18:33:34.0018 3900 [ E4C436D914768CE965D5E659BA7EEBD8 ] C:\Windows\System32\drivers\usbehci.sys
18:33:34.0018 3900 C:\Windows\System32\drivers\usbehci.sys - ok
18:33:34.0034 3900 [ 3D0074A19D16A9944BE32EE1FFBBB554 ] C:\Windows\System32\drivers\usbport.sys
18:33:34.0034 3900 C:\Windows\System32\drivers\usbport.sys - ok
18:33:34.0034 3900 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] C:\Windows\System32\drivers\usbuhci.sys
18:33:34.0034 3900 C:\Windows\System32\drivers\usbuhci.sys - ok
18:33:34.0034 3900 [ 57EC4AEF73660166074D8F7F31C0D4FD ] C:\Windows\System32\drivers\agilevpn.sys
18:33:34.0034 3900 C:\Windows\System32\drivers\agilevpn.sys - ok
18:33:34.0050 3900 [ F1724BA27E97D627F808FB0BA77A28A6 ] C:\Windows\System32\drivers\CompositeBus.sys
18:33:34.0050 3900 C:\Windows\System32\drivers\CompositeBus.sys - ok
18:33:34.0050 3900 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] C:\Windows\System32\drivers\hdaudbus.sys
18:33:34.0050 3900 C:\Windows\System32\drivers\hdaudbus.sys - ok
18:33:34.0050 3900 [ 7DFD48E24479B68B258D8770121155A0 ] C:\Windows\System32\drivers\Rt86win7.sys
18:33:34.0050 3900 C:\Windows\System32\drivers\Rt86win7.sys - ok
18:33:34.0065 3900 [ D9F91EAFEC2815365CBE6D167E4E332A ] C:\Windows\System32\drivers\rasl2tp.sys
18:33:34.0065 3900 C:\Windows\System32\drivers\rasl2tp.sys - ok
18:33:34.0065 3900 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] C:\Windows\System32\drivers\ndistapi.sys
18:33:34.0065 3900 C:\Windows\System32\drivers\ndistapi.sys - ok
18:33:34.0065 3900 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] C:\Windows\System32\drivers\ndiswan.sys
18:33:34.0065 3900 C:\Windows\System32\drivers\ndiswan.sys - ok
18:33:34.0081 3900 [ 0FE8B15916307A6AC12BFB6A63E45507 ] C:\Windows\System32\drivers\raspppoe.sys
18:33:34.0081 3900 C:\Windows\System32\drivers\raspppoe.sys - ok
18:33:34.0081 3900 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] C:\Windows\System32\drivers\raspptp.sys
18:33:34.0081 3900 C:\Windows\System32\drivers\raspptp.sys - ok
18:33:34.0096 3900 [ 44101F495A83EA6401D886E7FD70096B ] C:\Windows\System32\drivers\rassstp.sys
18:33:34.0096 3900 C:\Windows\System32\drivers\rassstp.sys - ok
18:33:34.0096 3900 [ ADEF52CA1AEAE82B50DF86B56413107E ] C:\Windows\System32\drivers\kbdclass.sys
18:33:34.0096 3900 C:\Windows\System32\drivers\kbdclass.sys - ok
18:33:34.0096 3900 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] C:\Windows\System32\drivers\mouclass.sys
18:33:34.0096 3900 C:\Windows\System32\drivers\mouclass.sys - ok
18:33:34.0112 3900 [ 9E79E2354301783D5E0D48411C2A7466 ] C:\Windows\System32\drivers\ks.sys
18:33:34.0112 3900 C:\Windows\System32\drivers\ks.sys - ok
18:33:34.0112 3900 [ E58C78A848ADD9610A4DB6D214AF5224 ] C:\Windows\System32\drivers\swenum.sys
18:33:34.0112 3900 C:\Windows\System32\drivers\swenum.sys - ok
18:33:34.0112 3900 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] C:\Windows\System32\drivers\umbus.sys
18:33:34.0112 3900 C:\Windows\System32\drivers\umbus.sys - ok
18:33:34.0128 3900 [ BDCD7156EC37448F08633FD899823620 ] C:\Windows\System32\drivers\usbhub.sys
18:33:34.0128 3900 C:\Windows\System32\drivers\usbhub.sys - ok
18:33:34.0128 3900 [ 2E92B666A7CC8AF174D4445BE8FDB0ED ] C:\Windows\System32\ntdll.dll
18:33:34.0128 3900 C:\Windows\System32\ntdll.dll - ok
18:33:34.0128 3900 [ B24BF638652522BB5E14AB7993FD4A5D ] C:\Windows\System32\smss.exe
18:33:34.0128 3900 C:\Windows\System32\smss.exe - ok
18:33:34.0143 3900 [ 41E4C8EBA464E7D6A5BA5E8827732AEB ] C:\Windows\System32\autochk.exe
18:33:34.0143 3900 C:\Windows\System32\autochk.exe - ok
18:33:34.0143 3900 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] C:\Windows\System32\drivers\ndproxy.sys
18:33:34.0143 3900 C:\Windows\System32\drivers\ndproxy.sys - ok
18:33:34.0159 3900 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\System32\msctf.dll
18:33:34.0159 3900 C:\Windows\System32\msctf.dll - ok
18:33:34.0159 3900 [ 27F9288AF019E6DACA281EDE51FF5928 ] C:\Windows\System32\drivers\drmk.sys
18:33:34.0159 3900 C:\Windows\System32\drivers\drmk.sys - ok
18:33:34.0159 3900 [ D72708C9F49500C13D7D067E169B7715 ] C:\Windows\System32\drivers\portcls.sys
18:33:34.0159 3900 C:\Windows\System32\drivers\portcls.sys - ok
18:33:34.0174 3900 [ 5DF8132ADF721329234403189FC94E16 ] C:\Windows\System32\imm32.dll
18:33:34.0174 3900 C:\Windows\System32\imm32.dll - ok
18:33:34.0174 3900 [ FF5688D309347F2720911D8796912834 ] C:\Windows\System32\clbcatq.dll
18:33:34.0174 3900 C:\Windows\System32\clbcatq.dll - ok
18:33:34.0174 3900 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] C:\Windows\System32\drivers\HdAudio.sys
18:33:34.0174 3900 C:\Windows\System32\drivers\HdAudio.sys - ok
18:33:34.0190 3900 [ 97CCB4D737B426B200E5EF90C877DF32 ] C:\Windows\System32\imagehlp.dll
18:33:34.0190 3900 C:\Windows\System32\imagehlp.dll - ok
18:33:34.0190 3900 [ 0C65FA8214D6F8378D1D3BA1CA46AF0A ] C:\Windows\System32\advapi32.dll
18:33:34.0190 3900 C:\Windows\System32\advapi32.dll - ok
18:33:34.0190 3900 [ BFA70A99AD1434263F2DFBBA103BDEF8 ] C:\Windows\System32\Wldap32.dll
18:33:34.0190 3900 C:\Windows\System32\Wldap32.dll - ok
18:33:34.0206 3900 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\System32\nsi.dll
18:33:34.0206 3900 C:\Windows\System32\nsi.dll - ok
18:33:34.0206 3900 [ 416D1DC8224A64B8C59DF79096EE6D1D ] C:\Windows\System32\rpcrt4.dll
18:33:34.0206 3900 C:\Windows\System32\rpcrt4.dll - ok
18:33:34.0206 3900 [ 2CBC35E872BA9B46474890135B56DD66 ] C:\Windows\System32\shell32.dll
18:33:34.0206 3900 C:\Windows\System32\shell32.dll - ok
18:33:34.0221 3900 [ C31AE588E403042632DC796CF09E30B0 ] C:\Windows\System32\drivers\usbccgp.sys
18:33:34.0221 3900 C:\Windows\System32\drivers\usbccgp.sys - ok
18:33:34.0221 3900 [ 675C1D745F68343F372897F761F999E3 ] C:\Windows\System32\drivers\usbd.sys
18:33:34.0221 3900 C:\Windows\System32\drivers\usbd.sys - ok
18:33:34.0221 3900 [ B682E1CC0FDC7AC04B71D1FA9A07EF21 ] C:\Windows\System32\drivers\hidclass.sys
18:33:34.0221 3900 C:\Windows\System32\drivers\hidclass.sys - ok
18:33:34.0237 3900 [ 6C26122F1931D4D7810240F32DDCE890 ] C:\Windows\System32\drivers\hidparse.sys
18:33:34.0237 3900 C:\Windows\System32\drivers\hidparse.sys - ok
18:33:34.0237 3900 [ 25072FB35AC90B25F9E4E3BACF774102 ] C:\Windows\System32\drivers\hidusb.sys
18:33:34.0237 3900 C:\Windows\System32\drivers\hidusb.sys - ok
18:33:34.0252 3900 [ 3D9F0EBF350EDCFD6498057301455964 ] C:\Windows\System32\drivers\kbdhid.sys
18:33:34.0252 3900 C:\Windows\System32\drivers\kbdhid.sys - ok
18:33:34.0252 3900 [ 1C4287739A93594E57E2A9E6A3ED7353 ] C:\Windows\System32\drivers\USBSTOR.SYS
18:33:34.0252 3900 C:\Windows\System32\drivers\USBSTOR.SYS - ok
18:33:34.0252 3900 [ 34B7E222E81FAFA885F0C5F2CFA56861 ] C:\Windows\System32\user32.dll
18:33:34.0252 3900 C:\Windows\System32\user32.dll - ok
18:33:34.0268 3900 [ 225F6F663B94ACAF4307055FBB42E55F ] C:\Windows\System32\gdi32.dll
18:33:34.0268 3900 C:\Windows\System32\gdi32.dll - ok
18:33:34.0268 3900 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\System32\sechost.dll
18:33:34.0268 3900 C:\Windows\System32\sechost.dll - ok
18:33:34.0268 3900 [ E2C2D8C982316C8ABF800C6CE3F28FAB ] C:\Windows\System32\ole32.dll
18:33:34.0268 3900 C:\Windows\System32\ole32.dll - ok
18:33:34.0284 3900 [ 41323AB614A2B66AD77B1121D24AC895 ] C:\Windows\System32\setupapi.dll
18:33:34.0284 3900 C:\Windows\System32\setupapi.dll - ok
18:33:34.0284 3900 [ 6A02CB2EDC24630845D11B507952141A ] C:\Windows\System32\wininet.dll
18:33:34.0284 3900 C:\Windows\System32\wininet.dll - ok
18:33:34.0284 3900 [ A223CF703E28CBD7E9E7982141FA403C ] C:\Windows\System32\comdlg32.dll
18:33:34.0284 3900 C:\Windows\System32\comdlg32.dll - ok
18:33:34.0299 3900 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\System32\psapi.dll
18:33:34.0299 3900 C:\Windows\System32\psapi.dll - ok
18:33:34.0299 3900 [ 61B689EF11BC48F230C69A4BC49C57DA ] C:\Windows\System32\iertutil.dll
18:33:34.0299 3900 C:\Windows\System32\iertutil.dll - ok
18:33:34.0299 3900 [ A2CB61B68566F6DB067607273119D27B ] C:\Windows\System32\kernel32.dll
18:33:34.0315 3900 C:\Windows\System32\kernel32.dll - ok
18:33:34.0315 3900 [ F037DB14CF6165C62F4A64D12A25B07C ] C:\Windows\System32\shlwapi.dll
18:33:34.0315 3900 C:\Windows\System32\shlwapi.dll - ok
18:33:34.0315 3900 [ 4B11E69A3AD8CA55193565F824FC3747 ] C:\Windows\System32\urlmon.dll
18:33:34.0315 3900 C:\Windows\System32\urlmon.dll - ok
18:33:34.0330 3900 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\System32\normaliz.dll
18:33:34.0330 3900 C:\Windows\System32\normaliz.dll - ok
18:33:34.0330 3900 [ 070C5B9D3006602A07757179D9B56F5D ] C:\Windows\System32\difxapi.dll
18:33:34.0330 3900 C:\Windows\System32\difxapi.dll - ok
18:33:34.0330 3900 [ 011B7A81E28C748D7631CF3D72323DD2 ] C:\Windows\System32\usp10.dll
18:33:34.0330 3900 C:\Windows\System32\usp10.dll - ok
18:33:34.0346 3900 [ 4F154D2C9C6DF951FD6E5AABBAE6B5EE ] C:\Windows\System32\lpk.dll
18:33:34.0346 3900 C:\Windows\System32\lpk.dll - ok
18:33:34.0346 3900 [ DAAE8A9B8C0ACC7F858454132553C30D ] C:\Windows\System32\ws2_32.dll
18:33:34.0346 3900 C:\Windows\System32\ws2_32.dll - ok
18:33:34.0346 3900 [ 705C210EFC5564BE49EB026BD7AFF27A ] C:\Windows\System32\oleaut32.dll
18:33:34.0346 3900 C:\Windows\System32\oleaut32.dll - ok
18:33:34.0362 3900 [ F8A61B2E713309B4616D107919BDAB6E ] C:\Windows\System32\msvcrt.dll
18:33:34.0362 3900 C:\Windows\System32\msvcrt.dll - ok
18:33:34.0362 3900 [ CC4ED8BEA78B0DCA6F217E014C3291A7 ] C:\Windows\System32\devobj.dll
18:33:34.0362 3900 C:\Windows\System32\devobj.dll - ok
18:33:34.0362 3900 [ 7DA089C75B1E92032D0CBE4ADE7C32BC ] C:\Windows\System32\crypt32.dll
18:33:34.0362 3900 C:\Windows\System32\crypt32.dll - ok
18:33:34.0377 3900 [ 15B94E4AC75C9295275BDC9A1D7054C3 ] C:\Windows\System32\cfgmgr32.dll
18:33:34.0377 3900 C:\Windows\System32\cfgmgr32.dll - ok
18:33:34.0377 3900 [ D3EAD1CF16BA729A7F7C9A5D94AA7C05 ] C:\Windows\System32\comctl32.dll
18:33:34.0377 3900 C:\Windows\System32\comctl32.dll - ok
18:33:34.0393 3900 [ 334A663962618F7A136FA1F80F773C5F ] C:\Windows\System32\wintrust.dll
18:33:34.0393 3900 C:\Windows\System32\wintrust.dll - ok
18:33:34.0393 3900 [ A28F0D880F3A9D3A25E0DB14EF197063 ] C:\Windows\System32\KernelBase.dll
18:33:34.0393 3900 C:\Windows\System32\KernelBase.dll - ok
18:33:34.0393 3900 [ 4C04900AA8C323F5D4C316A89E976849 ] C:\Windows\System32\msasn1.dll
18:33:34.0393 3900 C:\Windows\System32\msasn1.dll - ok
18:33:34.0408 3900 [ 5FCD3320AAE71506B43F9E12E4E72172 ] C:\Windows\System32\drivers\dxapi.sys
18:33:34.0408 3900 C:\Windows\System32\drivers\dxapi.sys - ok
18:33:34.0408 3900 [ 07D392455923063F463DB218AC5A2B0B ] C:\Windows\System32\win32k.sys
18:33:34.0408 3900 C:\Windows\System32\win32k.sys - ok
18:33:34.0408 3900 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] C:\Windows\System32\drivers\mouhid.sys
18:33:34.0408 3900 C:\Windows\System32\drivers\mouhid.sys - ok
18:33:34.0424 3900 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\System32\basesrv.dll
18:33:34.0424 3900 C:\Windows\System32\basesrv.dll - ok
18:33:34.0424 3900 [ 21FE04ADAF90BBEE67B5C32ACDB525E5 ] C:\Windows\System32\csrsrv.dll
18:33:34.0424 3900 C:\Windows\System32\csrsrv.dll - ok
18:33:34.0424 3900 [ 342271F6142E7C70805B8A81E1BA5F5C ] C:\Windows\System32\csrss.exe
18:33:34.0424 3900 C:\Windows\System32\csrss.exe - ok
18:33:34.0440 3900 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\System32\winsrv.dll
18:33:34.0440 3900 C:\Windows\System32\winsrv.dll - ok
18:33:34.0440 3900 [ 79D10964DE86B292320E9DFE02282A23 ] C:\Windows\System32\drivers\monitor.sys
18:33:34.0440 3900 C:\Windows\System32\drivers\monitor.sys - ok
18:33:34.0440 3900 [ 7C76B61A5E1EF5D1FA554CF134100F18 ] C:\Windows\System32\tsddd.dll
18:33:34.0440 3900 C:\Windows\System32\tsddd.dll - ok
18:33:34.0455 3900 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\System32\sxssrv.dll
18:33:34.0455 3900 C:\Windows\System32\sxssrv.dll - ok
18:33:34.0455 3900 [ D04FA5F4A105AB1838B8C52D883B02C0 ] C:\Windows\System32\cdd.dll
18:33:34.0455 3900 C:\Windows\System32\cdd.dll - ok
18:33:34.0471 3900 [ 37CDB7E72EB66BA85A87CBE37E7F03FD ] C:\Windows\System32\winlogon.exe
18:33:34.0471 3900 C:\Windows\System32\winlogon.exe - ok
18:33:34.0471 3900 [ AE5FF948400A51B040F999BF04290373 ] C:\Windows\System32\winsta.dll
18:33:34.0471 3900 C:\Windows\System32\winsta.dll - ok
18:33:34.0471 3900 [ 082EDD0311FBB12B8EA1F7A5DC8752D0 ] C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
18:33:34.0471 3900 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL - ok
18:33:34.0471 3900 [ ACCBA604D34842844133A731F8045B32 ] C:\Windows\System32\sxs.dll
18:33:34.0471 3900 C:\Windows\System32\sxs.dll - ok
18:33:34.0486 3900 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\System32\profapi.dll
18:33:34.0486 3900 C:\Windows\System32\profapi.dll - ok
18:33:34.0486 3900 [ 6C0BD9D59C7E97DEE2FB3407D17BF697 ] C:\Windows\System32\RpcRtRemote.dll
18:33:34.0486 3900 C:\Windows\System32\RpcRtRemote.dll - ok
18:33:34.0502 3900 [ AB0DDD50695906570E81F21D3481D4A9 ] C:\Windows\System32\KBDUK.DLL
18:33:34.0502 3900 C:\Windows\System32\KBDUK.DLL - ok
18:33:34.0502 3900 [ B5C5DCAD3899512020D135600129D665 ] C:\Windows\System32\wininit.exe
18:33:34.0502 3900 C:\Windows\System32\wininit.exe - ok
18:33:34.0502 3900 [ 633C2C060CF857099F6C4F8D75C952B1 ] C:\Windows\System32\WlS0WndH.dll
18:33:34.0502 3900 C:\Windows\System32\WlS0WndH.dll - ok
18:33:34.0518 3900 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\System32\cryptbase.dll
18:33:34.0518 3900 C:\Windows\System32\cryptbase.dll - ok
18:33:34.0518 3900 [ 03E4D9D04E2310B535A3476E97409EDD ] C:\Windows\System32\apphelp.dll
18:33:34.0518 3900 C:\Windows\System32\apphelp.dll - ok
18:33:34.0518 3900 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\System32\services.exe
18:33:34.0518 3900 C:\Windows\System32\services.exe - ok
18:33:34.0533 3900 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] C:\Windows\System32\lsass.exe
18:33:34.0533 3900 C:\Windows\System32\lsass.exe - ok
18:33:34.0533 3900 [ 398DC10274C0CB861338CFC56E727C9F ] C:\Windows\System32\lsm.exe
18:33:34.0533 3900 C:\Windows\System32\lsm.exe - ok
18:33:34.0533 3900 [ 361BF6F1988F4EFFDB9BF6747D530015 ] C:\Windows\System32\sspicli.dll
18:33:34.0533 3900 C:\Windows\System32\sspicli.dll - ok
18:33:34.0549 3900 [ 16A5A583BA6F4160EED2B630F0CFC122 ] C:\Windows\System32\sspisrv.dll
18:33:34.0549 3900 C:\Windows\System32\sspisrv.dll - ok
18:33:34.0549 3900 [ 00EAA109E049942BED01A65215EFE86F ] C:\Windows\System32\lsasrv.dll
18:33:34.0549 3900 C:\Windows\System32\lsasrv.dll - ok
18:33:34.0549 3900 [ 3369D021265E369D57317D61FA86DD79 ] C:\Windows\System32\scext.dll
18:33:34.0549 3900 C:\Windows\System32\scext.dll - ok
18:33:34.0564 3900 [ 4BEF53964DC519550EE030253FC1E25E ] C:\Windows\System32\samsrv.dll
18:33:34.0564 3900 C:\Windows\System32\samsrv.dll - ok
18:33:34.0564 3900 [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\System32\cryptdll.dll
18:33:34.0564 3900 C:\Windows\System32\cryptdll.dll - ok
18:33:34.0564 3900 [ B4C246937BDB3E50B24698EE811074BF ] C:\Windows\System32\secur32.dll
18:33:34.0564 3900 C:\Windows\System32\secur32.dll - ok
18:33:34.0580 3900 [ BA51FFE170C5B3AE8EC4F5BD2581A29E ] C:\Windows\System32\sysntfy.dll
18:33:34.0580 3900 C:\Windows\System32\sysntfy.dll - ok
18:33:34.0580 3900 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\System32\wevtapi.dll
18:33:34.0580 3900 C:\Windows\System32\wevtapi.dll - ok
18:33:34.0596 3900 [ 1C9CDBDF895A556E66AEBFD93A36B536 ] C:\Windows\System32\scesrv.dll
18:33:34.0596 3900 C:\Windows\System32\scesrv.dll - ok
18:33:34.0596 3900 [ 89D840773C9C4358A5031DCC860449EC ] C:\Windows\System32\srvcli.dll
18:33:34.0596 3900 C:\Windows\System32\srvcli.dll - ok
18:33:34.0596 3900 [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\System32\wmsgapi.dll
18:33:34.0596 3900 C:\Windows\System32\wmsgapi.dll - ok
18:33:34.0611 3900 [ 50BA656134F78AF64E4DD3C8B6FEFD7E ] C:\Windows\System32\cngaudit.dll
18:33:34.0611 3900 C:\Windows\System32\cngaudit.dll - ok
18:33:34.0611 3900 [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\System32\authz.dll
18:33:34.0611 3900 C:\Windows\System32\authz.dll - ok
18:33:34.0611 3900 [ 5BBF32865EB3D66988C6E06834EC2675 ] C:\Windows\System32\ncrypt.dll
18:33:34.0611 3900 C:\Windows\System32\ncrypt.dll - ok
18:33:34.0627 3900 [ FC7650224790CAE75A5E9231961FDEC5 ] C:\Windows\System32\bcrypt.dll
18:33:34.0627 3900 C:\Windows\System32\bcrypt.dll - ok
18:33:34.0627 3900 [ C90878913DF3DC504790282043DB5F4C ] C:\Windows\System32\msprivs.dll
18:33:34.0627 3900 C:\Windows\System32\msprivs.dll - ok
18:33:34.0627 3900 [ C1AE600C554A0EBC6CD211541FA6815F ] C:\Windows\System32\netjoin.dll
18:33:34.0627 3900 C:\Windows\System32\netjoin.dll - ok
18:33:34.0642 3900 [ 6DCFAEC6D1334AA6CDF8961DB4633CBF ] C:\Windows\System32\negoexts.dll
18:33:34.0642 3900 C:\Windows\System32\negoexts.dll - ok
18:33:34.0642 3900 [ 056B0E466AD1C99D9892F9C7DD4A8449 ] C:\Windows\System32\kerberos.dll
18:33:34.0642 3900 C:\Windows\System32\kerberos.dll - ok
18:33:34.0658 3900 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\System32\cryptsp.dll
18:33:34.0658 3900 C:\Windows\System32\cryptsp.dll - ok
18:33:34.0658 3900 [ 11A41F17527ED75D6B758FDD7F4FD00D ] C:\Windows\System32\mswsock.dll
18:33:34.0658 3900 C:\Windows\System32\mswsock.dll - ok
18:33:34.0658 3900 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\System32\wship6.dll
18:33:34.0658 3900 C:\Windows\System32\wship6.dll - ok
18:33:34.0674 3900 [ 90691014D96030B69D7B8D6A0967FC67 ] C:\Windows\System32\msv1_0.dll
18:33:34.0674 3900 C:\Windows\System32\msv1_0.dll - ok
18:33:34.0674 3900 [ EAA75D9000B71F10EEC04D2AE6C60E81 ] C:\Windows\System32\netlogon.dll
18:33:34.0674 3900 C:\Windows\System32\netlogon.dll - ok
18:33:34.0674 3900 [ 62390F4ACE9E2B63E3CA26B7F7497897 ] C:\Windows\System32\dnsapi.dll
18:33:34.0674 3900 C:\Windows\System32\dnsapi.dll - ok
18:33:34.0689 3900 [ D8ECA7A87AAA3AE308B5277411666622 ] C:\Windows\System32\logoncli.dll
18:33:34.0689 3900 C:\Windows\System32\logoncli.dll - ok
18:33:34.0689 3900 [ 76C48F0CD8A526858AB9A4886586942A ] C:\Windows\System32\schannel.dll
18:33:34.0689 3900 C:\Windows\System32\schannel.dll - ok
18:33:34.0689 3900 [ 0450CF487ECD8A67B56F59F9A96D024D ] C:\Windows\System32\wdigest.dll
18:33:34.0689 3900 C:\Windows\System32\wdigest.dll - ok
18:33:34.0705 3900 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\System32\rsaenh.dll
18:33:34.0705 3900 C:\Windows\System32\rsaenh.dll - ok
18:33:34.0705 3900 [ A739793F1A4F04B66E2444E90AE9E694 ] C:\Windows\System32\TSpkg.dll
18:33:34.0705 3900 C:\Windows\System32\TSpkg.dll - ok
18:33:34.0705 3900 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\System32\bcryptprimitives.dll
18:33:34.0705 3900 C:\Windows\System32\bcryptprimitives.dll - ok
18:33:34.0720 3900 [ 37CC990D4E2CDFAE12AC47F6B620FC13 ] C:\Windows\System32\pku2u.dll
18:33:34.0720 3900 C:\Windows\System32\pku2u.dll - ok
18:33:34.0720 3900 [ BF591B5C2CC38314518467E883AE37C5 ] C:\Windows\System32\credssp.dll
18:33:34.0720 3900 C:\Windows\System32\credssp.dll - ok
18:33:34.0736 3900 [ 91F434FF6606ED9BDC6A05D651B69553 ] C:\Windows\System32\efslsaext.dll
18:33:34.0736 3900 C:\Windows\System32\efslsaext.dll - ok
18:33:34.0736 3900 [ 7222995615BF93B628DCEA4BD6CCACF7 ] C:\Windows\System32\ubpm.dll
18:33:34.0736 3900 C:\Windows\System32\ubpm.dll - ok
18:33:34.0736 3900 [ 26073302DAEA83CC5B944C546D6B47D2 ] C:\Windows\System32\scecli.dll
18:33:34.0736 3900 C:\Windows\System32\scecli.dll - ok
18:33:34.0736 3900 [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\System32\svchost.exe
18:33:34.0736 3900 C:\Windows\System32\svchost.exe - ok
18:33:34.0752 3900 [ 71DEF5EC79774C798342D0EA16E41780 ] C:\Windows\System32\umpnpmgr.dll
18:33:34.0752 3900 C:\Windows\System32\umpnpmgr.dll - ok
18:33:34.0752 3900 [ FD07F21E0A19C27ED4E1EEC2B07452B3 ] C:\Windows\System32\devrtl.dll
18:33:34.0752 3900 C:\Windows\System32\devrtl.dll - ok
18:33:34.0752 3900 [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\System32\SPInf.dll
18:33:34.0752 3900 C:\Windows\System32\SPInf.dll - ok
18:33:34.0767 3900 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\System32\gpapi.dll
18:33:34.0767 3900 C:\Windows\System32\gpapi.dll - ok
18:33:34.0767 3900 [ 9C0DC1DAAD14D443DD5A0D1EE78D775E ] C:\Windows\System32\userenv.dll
18:33:34.0767 3900 C:\Windows\System32\userenv.dll - ok
18:33:34.0767 3900 [ DBFF83F709A91049621C1D35DD45C92C ] C:\Windows\System32\umpo.dll
18:33:34.0767 3900 C:\Windows\System32\umpo.dll - ok
18:33:34.0783 3900 [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\System32\pcwum.dll
18:33:34.0783 3900 C:\Windows\System32\pcwum.dll - ok
18:33:34.0783 3900 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\System32\powrprof.dll
18:33:34.0783 3900 C:\Windows\System32\powrprof.dll - ok
18:33:34.0798 3900 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] C:\Windows\System32\drivers\luafv.sys
18:33:34.0798 3900 C:\Windows\System32\drivers\luafv.sys - ok
18:33:34.0798 3900 [ B82CD39E336973359D7C9BF911E8E84F ] C:\Windows\System32\rpcss.dll
18:33:34.0798 3900 C:\Windows\System32\rpcss.dll - ok
18:33:34.0798 3900 [ 78D072F35BC45D9E4E1B61895C152234 ] C:\Windows\System32\RpcEpMap.dll
18:33:34.0798 3900 C:\Windows\System32\RpcEpMap.dll - ok
18:33:34.0814 3900 [ 779B451F21F1FF40246AF10449DC72EA ] C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll
18:33:34.0814 3900 C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll - ok
18:33:34.0814 3900 [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\System32\wshqos.dll
18:33:34.0814 3900 C:\Windows\System32\wshqos.dll - ok
18:33:34.0814 3900 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\System32\WSHTCPIP.DLL
18:33:34.0814 3900 C:\Windows\System32\WSHTCPIP.DLL - ok
18:33:34.0830 3900 [ 3F50200237961034FACE602373838980 ] C:\Windows\System32\FirewallAPI.dll
18:33:34.0830 3900 C:\Windows\System32\FirewallAPI.dll - ok
18:33:34.0830 3900 [ 1B97EBF7F60798814C4E5C8FDC79EAD2 ] C:\Windows\System32\LogonUI.exe
18:33:34.0830 3900 C:\Windows\System32\LogonUI.exe - ok
18:33:34.0830 3900 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\System32\version.dll
18:33:34.0830 3900 C:\Windows\System32\version.dll - ok
18:33:34.0845 3900 [ FABFC817547EABB19B74849CEF410622 ] C:\Windows\System32\authui.dll
18:33:34.0845 3900 C:\Windows\System32\authui.dll - ok
18:33:34.0845 3900 [ 2873DFE622F4A3929D93F7BC85ADE13E ] C:\Windows\System32\wevtsvc.dll
18:33:34.0845 3900 C:\Windows\System32\wevtsvc.dll - ok
18:33:34.0861 3900 [ E8132FB3BAC7C0CDBD581485B8BA947F ] C:\Windows\System32\cryptui.dll
18:33:34.0861 3900 C:\Windows\System32\cryptui.dll - ok
18:33:34.0861 3900 [ 510C873BFA135AA829F4180352772734 ] C:\Windows\System32\audiosrv.dll
18:33:34.0861 3900 C:\Windows\System32\audiosrv.dll - ok
18:33:34.0861 3900 [ 146B6F43A673379A3C670E86D89BE5EA ] C:\Windows\System32\mmcss.dll
18:33:34.0861 3900 C:\Windows\System32\mmcss.dll - ok
18:33:34.0876 3900 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\System32\avrt.dll
18:33:34.0876 3900 C:\Windows\System32\avrt.dll - ok
18:33:34.0876 3900 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\System32\netprofm.dll
18:33:34.0876 3900 C:\Windows\System32\netprofm.dll - ok
18:33:34.0876 3900 [ 8C680C0E6B3D6711B2B88AC82FE1804E ] C:\Windows\System32\MMDevAPI.dll
18:33:34.0876 3900 C:\Windows\System32\MMDevAPI.dll - ok
18:33:34.0892 3900 [ AC8C80DC4F1A6E60C9A762C1799F0B39 ] C:\Windows\System32\adtschema.dll
18:33:34.0892 3900 C:\Windows\System32\adtschema.dll - ok
18:33:34.0892 3900 [ 26EAEE08CAF82AA7F03C5020F51DA541 ] C:\Windows\System32\propsys.dll
18:33:34.0892 3900 C:\Windows\System32\propsys.dll - ok
18:33:34.0892 3900 [ 4B8DD8541C0E26602005DD0137333615 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
18:33:34.0892 3900 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll - ok
18:33:34.0908 3900 [ 8B0B4C5927A333A05513791758350DC4 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
18:33:34.0908 3900 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
18:33:34.0908 3900 [ D5CF1536137026ACDED95BF6CBF849F6 ] C:\Windows\System32\WUDFPlatform.dll
18:33:34.0908 3900 C:\Windows\System32\WUDFPlatform.dll - ok
18:33:34.0923 3900 [ 7520EC808E0C35E0EE6F841294316653 ] C:\Windows\System32\drivers\fltMgr.sys
18:33:34.0923 3900 C:\Windows\System32\drivers\fltMgr.sys - ok
18:33:34.0923 3900 [ B45DA4D9075AF4297DF675CCD11D4997 ] C:\Windows\System32\audiodg.exe
18:33:34.0923 3900 C:\Windows\System32\audiodg.exe - ok
18:33:34.0923 3900 [ D93A937A2A9D2CBC06B3A615A197011F ] C:\Windows\System32\PSHED.DLL
18:33:34.0923 3900 C:\Windows\System32\PSHED.DLL - ok
18:33:34.0939 3900 [ D6415224AD96840153E283A0268DE384 ] C:\Windows\System32\shacct.dll
18:33:34.0939 3900 C:\Windows\System32\shacct.dll - ok
18:33:34.0939 3900 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\System32\samlib.dll
18:33:34.0939 3900 C:\Windows\System32\samlib.dll - ok
18:33:34.0954 3900 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] C:\Windows\System32\gpsvc.dll
18:33:34.0954 3900 C:\Windows\System32\gpsvc.dll - ok
18:33:34.0954 3900 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\System32\ntmarta.dll
18:33:34.0954 3900 C:\Windows\System32\ntmarta.dll - ok
18:33:34.0954 3900 [ 63BFDF555DA2075A77D677829C3CCCD0 ] C:\Windows\System32\uxtheme.dll
18:33:34.0954 3900 C:\Windows\System32\uxtheme.dll - ok
18:33:34.0970 3900 [ 1F5497D7D3D79C7BF0AB0C8B4C5BFE6E ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
18:33:34.0970 3900 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
18:33:34.0970 3900 [ 045DB4EAB4FBD23210E85ECC3F464A2E ] C:\Windows\System32\nlaapi.dll
18:33:34.0970 3900 C:\Windows\System32\nlaapi.dll - ok
18:33:34.0970 3900 [ 0470997A5ADC2FCDDCB3461D92073FAA ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\GdiPlus.dll
18:33:34.0970 3900 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.17007_none_72f44f3186198a88\GdiPlus.dll - ok
18:33:34.0986 3900 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] C:\Windows\System32\profsvc.dll
18:33:34.0986 3900 C:\Windows\System32\profsvc.dll - ok
18:33:34.0986 3900 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\System32\atl.dll
18:33:34.0986 3900 C:\Windows\System32\atl.dll - ok
18:33:34.0986 3900 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] C:\Windows\System32\themeservice.dll
18:33:34.0986 3900 C:\Windows\System32\themeservice.dll - ok
18:33:35.0001 3900 [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\System32\dsrole.dll
18:33:35.0001 3900 C:\Windows\System32\dsrole.dll - ok
18:33:35.0001 3900 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\System32\slc.dll
18:33:35.0001 3900 C:\Windows\System32\slc.dll - ok
18:33:35.0001 3900 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\System32\es.dll
18:33:35.0001 3900 C:\Windows\System32\es.dll - ok
18:33:35.0017 3900 [ 26A634B2E0FD87F23541AD13A503CA72 ] C:\Windows\System32\winmm.dll
18:33:35.0017 3900 C:\Windows\System32\winmm.dll - ok
18:33:35.0017 3900 [ 808D8A8B2A3074002852BC856D419576 ] C:\Windows\System32\comres.dll
18:33:35.0017 3900 C:\Windows\System32\comres.dll - ok
18:33:35.0017 3900 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\System32\dui70.dll
18:33:35.0017 3900 C:\Windows\System32\dui70.dll - ok
18:33:35.0032 3900 [ DCB7FCDCC97F87360F75D77425B81737 ] C:\Windows\System32\Sens.dll
18:33:35.0032 3900 C:\Windows\System32\Sens.dll - ok
18:33:35.0032 3900 [ 081E6E1C91AEC36758902A9F727CD23C ] C:\Windows\System32\uxsms.dll
18:33:35.0032 3900 C:\Windows\System32\uxsms.dll - ok
18:33:35.0048 3900 [ E30E5BB0DBA49EFE5BBBAFEA440CFBD9 ] C:\Windows\System32\wtsapi32.dll
18:33:35.0048 3900 C:\Windows\System32\wtsapi32.dll - ok
18:33:35.0048 3900 [ 836AEC603665F6DB83965EE57B3DCF57 ] C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
18:33:35.0048 3900 C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe - ok
18:33:35.0048 3900 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\System32\ksuser.dll
18:33:35.0048 3900 C:\Windows\System32\ksuser.dll - ok
18:33:35.0064 3900 [ B24ABFAB2D541996A38905369D511953 ] C:\Windows\System32\wdmaud.drv
18:33:35.0064 3900 C:\Windows\System32\wdmaud.drv - ok
18:33:35.0064 3900 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\System32\duser.dll
18:33:35.0064 3900 C:\Windows\System32\duser.dll - ok
18:33:35.0064 3900 [ 3E9A33113D663D8BD5ED38858E669652 ] C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
18:33:35.0064 3900 C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll - ok
18:33:35.0079 3900 [ 6B18F23108E6FA70B9F62B4D89668ED8 ] C:\Windows\System32\SndVolSSO.dll
18:33:35.0079 3900 C:\Windows\System32\SndVolSSO.dll - ok
18:33:35.0079 3900 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
18:33:35.0079 3900 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
18:33:35.0095 3900 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\System32\hid.dll
18:33:35.0095 3900 C:\Windows\System32\hid.dll - ok
18:33:35.0095 3900 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\System32\dwmapi.dll
18:33:35.0095 3900 C:\Windows\System32\dwmapi.dll - ok
18:33:35.0095 3900 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
18:33:35.0095 3900 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
18:33:35.0110 3900 [ 0C2AE180D8C35F723BA13A16AA9AC453 ] C:\Windows\System32\xmllite.dll
18:33:35.0110 3900 C:\Windows\System32\xmllite.dll - ok
18:33:35.0110 3900 [ AFBB5060A2DAD431A2EAEB2C86CFFE81 ] C:\Windows\System32\AudioSes.dll
18:33:35.0110 3900 C:\Windows\System32\AudioSes.dll - ok
18:33:35.0126 3900 [ E52EA34710A0361F933AD69F49C84D1E ] C:\Program Files\Sophos\Sophos Anti-Virus\ComponentManager.dll
18:33:35.0126 3900 C:\Program Files\Sophos\Sophos Anti-Virus\ComponentManager.dll - ok
18:33:35.0126 3900 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\System32\msacm32.drv
18:33:35.0126 3900 C:\Windows\System32\msacm32.drv - ok
18:33:35.0126 3900 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\System32\msacm32.dll
18:33:35.0126 3900 C:\Windows\System32\msacm32.dll - ok
18:33:35.0142 3900 [ 399868C2A642FDC05A24018F35C2BE90 ] C:\Program Files\Sophos\Sophos Anti-Virus\AuthorisedLists.dll
18:33:35.0142 3900 C:\Program Files\Sophos\Sophos Anti-Virus\AuthorisedLists.dll - ok
18:33:35.0142 3900 [ 691C8DFB208227F0CBB5C0897C742ACE ] C:\Windows\System32\WindowsCodecs.dll
18:33:35.0142 3900 C:\Windows\System32\WindowsCodecs.dll - ok
18:33:35.0142 3900 [ 6898F6A5BF6D34FF19E1A67E7A6BA61F ] C:\Program Files\Sophos\Sophos Anti-Virus\BackgroundScanning.dll
18:33:35.0142 3900 C:\Program Files\Sophos\Sophos Anti-Virus\BackgroundScanning.dll - ok
18:33:35.0157 3900 [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\System32\msiltcfg.dll
18:33:35.0157 3900 C:\Windows\System32\msiltcfg.dll - ok
18:33:35.0157 3900 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\System32\midimap.dll
18:33:35.0157 3900 C:\Windows\System32\midimap.dll - ok
18:33:35.0173 3900 [ F1317678AC2FBA9F640279290B2E2988 ] C:\Windows\System32\msi.dll
18:33:35.0173 3900 C:\Windows\System32\msi.dll - ok
18:33:35.0173 3900 [ BBA9D5A730D5E304117AD26923EBD8AA ] C:\Windows\System32\AudioEng.dll
18:33:35.0173 3900 C:\Windows\System32\AudioEng.dll - ok
18:33:35.0173 3900 [ 96F0F8F4DEE598C8D12AD9633E0CFE2A ] C:\Windows\System32\AUDIOKSE.dll
18:33:35.0173 3900 C:\Windows\System32\AUDIOKSE.dll - ok
18:33:35.0188 3900 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\System32\winbrand.dll
18:33:35.0188 3900 C:\Windows\System32\winbrand.dll - ok
18:33:35.0188 3900 [ 65BF13016A3C22775F3E17591AE5268A ] C:\Windows\System32\VaultCredProvider.dll
18:33:35.0188 3900 C:\Windows\System32\VaultCredProvider.dll - ok
18:33:35.0204 3900 [ AF0076C4737BCC103DC59AD97C2746EB ] C:\Program Files\Sophos\Sophos Anti-Virus\BHOManagement.dll
18:33:35.0204 3900 C:\Program Files\Sophos\Sophos Anti-Virus\BHOManagement.dll - ok
18:33:35.0204 3900 [ 9F1BB2E5177D8C7AF7CC45BFC18010C8 ] C:\Windows\System32\SmartcardCredentialProvider.dll
18:33:35.0204 3900 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
18:33:35.0204 3900 [ 17900A41EFBDA309E6283B303DC79A56 ] C:\Program Files\Sophos\Sophos Anti-Virus\Configuration.dll
18:33:35.0204 3900 C:\Program Files\Sophos\Sophos Anti-Virus\Configuration.dll - ok
18:33:35.0220 3900 [ E59F08ED9D2A128CE436BBFC232247F6 ] C:\Windows\System32\BioCredProv.dll
18:33:35.0220 3900 C:\Windows\System32\BioCredProv.dll - ok
18:33:35.0220 3900 [ 4E30ED3E551E867ADD1C8D58F5EDD9DF ] C:\Windows\System32\WMALFXGFXDSP.dll
18:33:35.0220 3900 C:\Windows\System32\WMALFXGFXDSP.dll - ok
18:33:35.0220 3900 [ 6BD796897B3269A82AF7F9147223C932 ] C:\Program Files\Sophos\Sophos Anti-Virus\Localisation.dll
18:33:35.0220 3900 C:\Program Files\Sophos\Sophos Anti-Virus\Localisation.dll - ok
18:33:35.0235 3900 [ 3FAD263CE1E2A6FFF40D00043B2275E3 ] C:\Windows\System32\winbio.dll
18:33:35.0235 3900 C:\Windows\System32\winbio.dll - ok
18:33:35.0235 3900 [ 70B4CA3B3D49CC567A5246444D398FC8 ] C:\Program Files\Sophos\Sophos Anti-Virus\Logging.dll
18:33:35.0235 3900 C:\Program Files\Sophos\Sophos Anti-Virus\Logging.dll - ok
18:33:35.0235 3900 [ 702A13ED6F2B4740FA77A7A19B382348 ] C:\Windows\System32\credui.dll
18:33:35.0235 3900 C:\Windows\System32\credui.dll - ok
18:33:35.0251 3900 [ 5DE691884C240227B733CC18BBFCA3D8 ] C:\Windows\System32\netapi32.dll
18:33:35.0251 3900 C:\Windows\System32\netapi32.dll - ok
18:33:35.0251 3900 [ 36B8D5903CEEF0AA42A1EE002BD27FF1 ] C:\Windows\System32\vaultcli.dll
18:33:35.0251 3900 C:\Windows\System32\vaultcli.dll - ok
18:33:35.0251 3900 [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\System32\mfplat.dll
18:33:35.0251 3900 C:\Windows\System32\mfplat.dll - ok
18:33:35.0266 3900 [ C6BB27D9A8AC13D4A44486F528B5C884 ] C:\Windows\System32\netutils.dll
18:33:35.0266 3900 C:\Windows\System32\netutils.dll - ok
18:33:35.0266 3900 [ F308CA923678AB11EE7CB29786F4E9F4 ] C:\Program Files\Sophos\Sophos Anti-Virus\ThreatManagement.dll
18:33:35.0266 3900 C:\Program Files\Sophos\Sophos Anti-Virus\ThreatManagement.dll - ok
18:33:35.0282 3900 [ 742AA02BD9FA3492C9E525BBD427D87D ] C:\Windows\System32\samcli.dll
18:33:35.0282 3900 C:\Windows\System32\samcli.dll - ok
18:33:35.0282 3900 [ 7AD12703039056D2A0815F85960E1FA1 ] C:\Windows\System32\wkscli.dll
18:33:35.0282 3900 C:\Windows\System32\wkscli.dll - ok
18:33:35.0282 3900 [ 6D8CACF3B1B54943EFCF420C2D667B37 ] C:\Windows\System32\certCredProvider.dll
18:33:35.0282 3900 C:\Windows\System32\certCredProvider.dll - ok
18:33:35.0298 3900 [ EF9BE0D56551F85F095A15B6B7F3B5AC ] C:\Program Files\Sophos\Sophos Anti-Virus\DetectionFeedback.dll
18:33:35.0298 3900 C:\Program Files\Sophos\Sophos Anti-Virus\DetectionFeedback.dll - ok
18:33:35.0298 3900 [ FFE4BEC5C187C426A17AE76A773063A6 ] C:\Windows\System32\rasplap.dll
18:33:35.0298 3900 C:\Windows\System32\rasplap.dll - ok
18:33:35.0298 3900 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\System32\rasapi32.dll
18:33:35.0298 3900 C:\Windows\System32\rasapi32.dll - ok
18:33:35.0313 3900 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\System32\rasman.dll
18:33:35.0313 3900 C:\Windows\System32\rasman.dll - ok
18:33:35.0313 3900 [ 406F7B9C71B99872670EE9A8D52E2FE5 ] C:\Windows\System32\rtutils.dll
18:33:35.0313 3900 C:\Windows\System32\rtutils.dll - ok
18:33:35.0313 3900 [ CC9BBCFC715FBEDF7AE476106FE653E9 ] C:\Windows\System32\winhttp.dll
18:33:35.0313 3900 C:\Windows\System32\winhttp.dll - ok
18:33:35.0329 3900 [ A86A1C5DF1C662D1C75815BF4794F16D ] C:\Windows\System32\webio.dll
18:33:35.0329 3900 C:\Windows\System32\webio.dll - ok
18:33:35.0329 3900 [ A12829E9974F57E9B5DBFEA7C93190F6 ] C:\Windows\System32\UXInit.dll
18:33:35.0329 3900 C:\Windows\System32\UXInit.dll - ok
18:33:35.0344 3900 [ 74A6E7F74035C2CF3DA76F2E118E32D2 ] C:\Program Files\Sophos\Sophos Anti-Virus\DriveProcessor.dll
18:33:35.0344 3900 C:\Program Files\Sophos\Sophos Anti-Virus\DriveProcessor.dll - ok
18:33:35.0344 3900 [ 9BD04D053BDC8CE96137436571CBBC41 ] C:\Program Files\Sophos\Sophos Anti-Virus\ICProcessors.dll
18:33:35.0344 3900 C:\Program Files\Sophos\Sophos Anti-Virus\ICProcessors.dll - ok
18:33:35.0344 3900 [ 909C0E5462CF62673A5B614DC0352C37 ] C:\Program Files\Sophos\Sophos Anti-Virus\FilterProcessors.dll
18:33:35.0344 3900 C:\Program Files\Sophos\Sophos Anti-Virus\FilterProcessors.dll - ok
18:33:35.0360 3900 [ CC9A556DD7A81D18914AED911A64EE25 ] C:\Program Files\Sophos\Sophos Anti-Virus\FSDecomposer.dll
18:33:35.0360 3900 C:\Program Files\Sophos\Sophos Anti-Virus\FSDecomposer.dll - ok
18:33:35.0360 3900 [ 41FBF68FA340AF1538AE145116A40E75 ] C:\Program Files\Sophos\Sophos Anti-Virus\ICManagement.dll
18:33:35.0360 3900 C:\Program Files\Sophos\Sophos Anti-Virus\ICManagement.dll - ok
18:33:35.0376 3900 [ 5D70EA7FDFB70D0168F4720931AF9549 ] C:\Program Files\Sophos\Sophos Anti-Virus\ScanManagement.dll
18:33:35.0376 3900 C:\Program Files\Sophos\Sophos Anti-Virus\ScanManagement.dll - ok
18:33:35.0376 3900 [ F1C4B439D3E2AB82E4E641CF60FAB4B3 ] C:\Program Files\Sophos\Sophos Anti-Virus\Persistance.dll
18:33:35.0376 3900 C:\Program Files\Sophos\Sophos Anti-Virus\Persistance.dll - ok
18:33:35.0376 3900 [ 0A7BA17561154BBE7907D968B2B1364F ] C:\Program Files\Sophos\Sophos Anti-Virus\VirusDetection.dll
18:33:35.0376 3900 C:\Program Files\Sophos\Sophos Anti-Virus\VirusDetection.dll - ok
18:33:35.0391 3900 [ 6095266CAAF5E75F394CFD4844CC4C25 ] C:\Windows\System32\IPHLPAPI.DLL
18:33:35.0391 3900 C:\Windows\System32\IPHLPAPI.DLL - ok
18:33:35.0391 3900 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\System32\winnsi.dll
18:33:35.0391 3900 C:\Windows\System32\winnsi.dll - ok
18:33:35.0391 3900 [ 2B0F0DE85DC0DAF54D1CA167BB76B64D ] C:\Program Files\Sophos\Sophos Anti-Virus\ScanEditFacade.dll
18:33:35.0391 3900 C:\Program Files\Sophos\Sophos Anti-Virus\ScanEditFacade.dll - ok
18:33:35.0407 3900 [ FA659B426139070DF9E2E4739C5CC9EF ] C:\Program Files\Sophos\Sophos Anti-Virus\ThreatDetection.dll
18:33:35.0407 3900 C:\Program Files\Sophos\Sophos Anti-Virus\ThreatDetection.dll - ok
18:33:35.0407 3900 [ 1A5395B70EC308D13B82F13D5902CE4D ] C:\Program Files\Sophos\Sophos Anti-Virus\SIPSManagement.dll
18:33:35.0407 3900 C:\Program Files\Sophos\Sophos Anti-Virus\SIPSManagement.dll - ok
18:33:35.0407 3900 [ 1509FCAB9D358AAEE7144DD563818A0B ] C:\Program Files\Sophos\Sophos Anti-Virus\SWIManagement.dll
18:33:35.0407 3900 C:\Program Files\Sophos\Sophos Anti-Virus\SWIManagement.dll - ok
18:33:35.0422 3900 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\System32\imageres.dll
18:33:35.0422 3900 C:\Windows\System32\imageres.dll - ok
18:33:35.0422 3900 [ D9F18652CC171D9AA437543E482E9CA3 ] C:\Program Files\Sophos\Sophos Anti-Virus\SystemInformation.dll
18:33:35.0422 3900 C:\Program Files\Sophos\Sophos Anti-Virus\SystemInformation.dll - ok
18:33:35.0438 3900 [ 5A424D3CE94E9B36F69CD0D16473FD20 ] C:\Program Files\Sophos\Sophos Anti-Virus\TamperProtectionManagement.dll
18:33:35.0438 3900 C:\Program Files\Sophos\Sophos Anti-Virus\TamperProtectionManagement.dll - ok
18:33:35.0438 3900 [ 62A4B4C405C0E2B519B879285CC825CC ] C:\Program Files\Sophos\Sophos Anti-Virus\Translators.dll
18:33:35.0438 3900 C:\Program Files\Sophos\Sophos Anti-Virus\Translators.dll - ok
18:33:35.0438 3900 [ 2A089E7AB1C81D9D2EF5CE9554DB97BB ] C:\Windows\System32\msxml6.dll
18:33:35.0438 3900 C:\Windows\System32\msxml6.dll - ok
18:33:35.0454 3900 [ A666C6DCB3BC1271C9E6FB01E6D41D09 ] C:\Program Files\Sophos\Sophos Anti-Virus\Security.dll
18:33:35.0454 3900 C:\Program Files\Sophos\Sophos Anti-Virus\Security.dll - ok
18:33:35.0454 3900 [ 637D7FE983F1981655B11732DEA2868A ] C:\Program Files\Sophos\Sophos Anti-Virus\EEConsumer.dll
18:33:35.0454 3900 C:\Program Files\Sophos\Sophos Anti-Virus\EEConsumer.dll - ok
18:33:35.0454 3900 [ 6E17657C8D63CA6CD0C7F15ED50C5524 ] C:\Program Files\Sophos\Sophos Anti-Virus\LegacyConsumers.dll
18:33:35.0454 3900 C:\Program Files\Sophos\Sophos Anti-Virus\LegacyConsumers.dll - ok
18:33:35.0469 3900 [ 596371A825C6ABB55E436B6F0966A24F ] C:\Windows\System32\wsnmp32.dll
18:33:35.0469 3900 C:\Windows\System32\wsnmp32.dll - ok
18:33:35.0469 3900 [ C0A731E7FAA5E11A1E86CDF60842C565 ] C:\Program Files\Sophos\Sophos Anti-Virus\SAVI.dll
18:33:35.0469 3900 C:\Program Files\Sophos\Sophos Anti-Virus\SAVI.dll - ok
18:33:35.0469 3900 [ 61E02CC3184B63FAFE0B83EAC8B3B8EF ] C:\Windows\System32\winspool.drv
18:33:35.0469 3900 C:\Windows\System32\winspool.drv - ok
18:33:35.0485 3900 [ 4D59A5B6EF0AF6F9FDF3D157534380AF ] C:\Windows\System32\oleacc.dll
18:33:35.0485 3900 C:\Windows\System32\oleacc.dll - ok
18:33:35.0485 3900 [ 26CF5070EE505A06CA1A1275E7840F9B ] C:\Program Files\Sophos\Sophos Anti-Virus\osdp.dll
18:33:35.0485 3900 C:\Program Files\Sophos\Sophos Anti-Virus\osdp.dll - ok
18:33:35.0500 3900 [ A6EDF9CFB254CDF9F865DE8BA7305BF7 ] C:\Program Files\Sophos\Sophos Anti-Virus\veex.dll
18:33:35.0500 3900 C:\Program Files\Sophos\Sophos Anti-Virus\veex.dll - ok
18:33:35.0500 3900 [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\System32\dllhost.exe
18:33:35.0500 3900 C:\Windows\System32\dllhost.exe - ok
18:33:35.0500 3900 [ D3EAD1CF16BA729A7F7C9A5D94AA7C05 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
18:33:35.0500 3900 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll - ok
18:33:35.0516 3900 [ 0B31464B7B2D616BD5F7036673588EC1 ] C:\Windows\System32\IDStore.dll
18:33:35.0516 3900 C:\Windows\System32\IDStore.dll - ok
18:33:35.0516 3900 [ 3CA2BB895E204478C7A4C9BAF70970CE ] C:\Windows\System32\AtBroker.exe
18:33:35.0516 3900 C:\Windows\System32\AtBroker.exe - ok
18:33:35.0516 3900 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\System32\mpr.dll
18:33:35.0516 3900 C:\Windows\System32\mpr.dll - ok
18:33:35.0532 3900 [ 6DE80F60D7DE9CE6B8C2DDFDF79EF175 ] C:\Windows\System32\userinit.exe
18:33:35.0532 3900 C:\Windows\System32\userinit.exe - ok
18:33:35.0532 3900 [ 505BF4D1CADEB8D4F8BCD08D944DE25D ] C:\Windows\System32\dwm.exe
18:33:35.0532 3900 C:\Windows\System32\dwm.exe - ok
18:33:35.0532 3900 [ 60CC965A89E2072EBD26D63D5E1E1D18 ] C:\Windows\System32\dwmcore.dll
18:33:35.0532 3900 C:\Windows\System32\dwmcore.dll - ok
18:33:35.0547 3900 [ B73793F6A0EE0F61D6FA578B2EBF197A ] C:\Windows\System32\dwmredir.dll
18:33:35.0547 3900 C:\Windows\System32\dwmredir.dll - ok
18:33:35.0547 3900 [ AD8F6914F7A9AC28047389BE7AF56EBF ] C:\Windows\System32\d3d10_1.dll
18:33:35.0547 3900 C:\Windows\System32\d3d10_1.dll - ok
18:33:35.0547 3900 [ 9103E020906FC7A166F380EF2D2516B2 ] C:\Windows\System32\d3d10_1core.dll
18:33:35.0547 3900 C:\Windows\System32\d3d10_1core.dll - ok
18:33:35.0563 3900 [ DD76301614636306414EFA94A9AC5A03 ] C:\Windows\System32\dxgi.dll
18:33:35.0563 3900 C:\Windows\System32\dxgi.dll - ok
18:33:35.0563 3900 [ 2AF58D15EDC06EC6FDACCE1F19482BBF ] C:\Windows\explorer.exe
18:33:35.0563 3900 C:\Windows\explorer.exe - ok
18:33:35.0578 3900 [ 8898C95862D03D16B2A06DB4DB6BB6B2 ] C:\Windows\System32\ExplorerFrame.dll
18:33:35.0578 3900 C:\Windows\System32\ExplorerFrame.dll - ok
18:33:35.0578 3900 [ 0DFD0ADD7FF9C48938757220F1CEBE95 ] C:\Windows\System32\d3d10level9.dll
18:33:35.0578 3900 C:\Windows\System32\d3d10level9.dll - ok
18:33:35.0578 3900 [ 39C3B2EEBEE102ADDA573C346FF5F3B7 ] C:\Windows\System32\igdumd32.dll
18:33:35.0578 3900 C:\Windows\System32\igdumd32.dll - ok
18:33:35.0594 3900 [ 55D6494C2311707FD0AF7DB63DA4D656 ] C:\Windows\System32\igdumdx32.dll
18:33:35.0594 3900 C:\Windows\System32\igdumdx32.dll - ok
18:33:35.0594 3900 [ 2100560AF3F7F2948F2676E44DFB4ECF ] C:\Windows\System32\uDWM.dll
18:33:35.0594 3900 C:\Windows\System32\uDWM.dll - ok
18:33:35.0594 3900 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\System32\EhStorShell.dll
18:33:35.0594 3900 C:\Windows\System32\EhStorShell.dll - ok
18:33:35.0610 3900 [ 9141FE8D904CE682A3BDCFAE96BB04EF ] C:\Windows\System32\ntshrui.dll
18:33:35.0610 3900 C:\Windows\System32\ntshrui.dll - ok
18:33:35.0610 3900 [ ADD9D33D685DFADDFAD5AFB42CF31A70 ] C:\Windows\System32\cscapi.dll
18:33:35.0610 3900 C:\Windows\System32\cscapi.dll - ok
18:33:35.0610 3900 [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\System32\IconCodecService.dll
18:33:35.0610 3900 C:\Windows\System32\IconCodecService.dll - ok
18:33:35.0625 3900 [ 210898EEC3A6988F7893C8A5F8CFFF8E ] C:\Program Files\Sophos\Sophos Anti-Virus\ICAdapter.dll
18:33:35.0625 3900 C:\Program Files\Sophos\Sophos Anti-Virus\ICAdapter.dll - ok
18:33:35.0625 3900 [ 29CA5974FAB0E8AE4AA7814FE05CF832 ] C:\Windows\System32\dhcpcsvc6.dll
18:33:35.0625 3900 C:\Windows\System32\dhcpcsvc6.dll - ok
18:33:35.0625 3900 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\System32\dhcpcsvc.dll
18:33:35.0625 3900 C:\Windows\System32\dhcpcsvc.dll - ok
18:33:35.0641 3900 [ F8D3AD6D6495AD5C5BAA16FEC33CD824 ] C:\Program Files\Sophos\Sophos Anti-Virus\SophtainerAdapter.dll
18:33:35.0641 3900 C:\Program Files\Sophos\Sophos Anti-Virus\SophtainerAdapter.dll - ok
18:33:35.0641 3900 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] C:\Windows\System32\drivers\lltdio.sys
18:33:35.0641 3900 C:\Windows\System32\drivers\lltdio.sys - ok
18:33:35.0656 3900 [ 032B0D36AD92B582D869879F5AF5B928 ] C:\Windows\System32\drivers\rspndr.sys
18:33:35.0656 3900 C:\Windows\System32\drivers\rspndr.sys - ok
18:33:35.0656 3900 [ 55CA01BA19D0006C8F2639B6C045E08B ] C:\Windows\System32\lmhsvc.dll
18:33:35.0656 3900 C:\Windows\System32\lmhsvc.dll - ok
18:33:35.0656 3900 [ BA387E955E890C8A88306D9B8D06BF17 ] C:\Windows\System32\nsisvc.dll
18:33:35.0656 3900 C:\Windows\System32\nsisvc.dll - ok
18:33:35.0672 3900 [ 16707EC5FD029A4415B138796F0981CE ] C:\Windows\System32\nrpsrv.dll
18:33:35.0672 3900 C:\Windows\System32\nrpsrv.dll - ok
18:33:35.0672 3900 [ C56495FBD770712367CAD35E5DE72DA6 ] C:\Windows\System32\dhcpcore.dll
18:33:35.0672 3900 C:\Windows\System32\dhcpcore.dll - ok
18:33:35.0672 3900 [ 990A58A0B01720E419B55EFC5FF387F8 ] C:\Windows\System32\dhcpcore6.dll
18:33:35.0672 3900 C:\Windows\System32\dhcpcore6.dll - ok
18:33:35.0688 3900 [ B15BE77A2BACF9C3177D27518AFE26A9 ] C:\Windows\System32\dnsrslvr.dll
18:33:35.0688 3900 C:\Windows\System32\dnsrslvr.dll - ok
18:33:35.0688 3900 [ 158117F3CF278F01C6F24E89E2141E81 ] C:\Windows\System32\FWPUCLNT.DLL
18:33:35.0688 3900 C:\Windows\System32\FWPUCLNT.DLL - ok
18:33:35.0688 3900 [ 100103C6535C66265267F5EEA5F5846E ] C:\Windows\System32\dnsext.dll
18:33:35.0688 3900 C:\Windows\System32\dnsext.dll - ok
18:33:35.0703 3900 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] C:\Windows\System32\shsvcs.dll
18:33:35.0703 3900 C:\Windows\System32\shsvcs.dll - ok
18:33:35.0703 3900 [ DF1E5C82E4D09CF8105CC644980C4803 ] C:\Windows\System32\schedsvc.dll
18:33:35.0703 3900 C:\Windows\System32\schedsvc.dll - ok
18:33:35.0703 3900 [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\System32\ktmw32.dll
18:33:35.0703 3900 C:\Windows\System32\ktmw32.dll - ok
18:33:35.0719 3900 [ EF8808FEA65723214D79734BDB79EBF6 ] C:\Windows\System32\taskcomp.dll
18:33:35.0719 3900 C:\Windows\System32\taskcomp.dll - ok
18:33:35.0719 3900 [ DB7F4DE9079F8D073622F18A96A671D5 ] C:\Windows\System32\fveapi.dll
18:33:35.0719 3900 C:\Windows\System32\fveapi.dll - ok
18:33:35.0734 3900 [ EAFC149CD3BD78C443E31BB157841197 ] C:\Windows\System32\tbs.dll
18:33:35.0734 3900 C:\Windows\System32\tbs.dll - ok
18:33:35.0734 3900 [ C87F28A34B3840F4B40011D170B1A159 ] C:\Windows\System32\fvecerts.dll
18:33:35.0734 3900 C:\Windows\System32\fvecerts.dll - ok
18:33:35.0734 3900 [ AFFFB4F19EF1BFAAE31238B3C8E92252 ] C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
18:33:35.0734 3900 C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe - ok
18:33:35.0750 3900 [ E0FE1259D88A89493098D9269144FD5F ] C:\Windows\System32\wiarpc.dll
18:33:35.0750 3900 C:\Windows\System32\wiarpc.dll - ok
18:33:35.0750 3900 [ 8F4F5A5C1BAE72CE6EAEEA1CA3F98CA2 ] C:\Windows\System32\taskhost.exe
18:33:35.0750 3900 C:\Windows\System32\taskhost.exe - ok
18:33:35.0750 3900 [ 30B1FB181468066AC3047A2BEBE82E6B ] C:\Program Files\Sophos\Sophos Client Firewall\SCFMessaging.dll
18:33:35.0750 3900 C:\Program Files\Sophos\Sophos Client Firewall\SCFMessaging.dll - ok
18:33:35.0766 3900 [ EDCD1DF8D28E6E64737319AEBC4E2143 ] C:\Program Files\Sophos\Sophos Client Firewall\SecurityManager.dll
18:33:35.0766 3900 C:\Program Files\Sophos\Sophos Client Firewall\SecurityManager.dll - ok
18:33:35.0766 3900 [ 90FE9201DDA10F0DEC61997A8EDCE97A ] C:\Program Files\Sophos\Sophos Client Firewall\ConfigurationManager.dll
18:33:35.0766 3900 C:\Program Files\Sophos\Sophos Client Firewall\ConfigurationManager.dll - ok
18:33:35.0781 3900 [ AEB5BD90398C12F8F9FF39DE2E2D0C53 ] C:\Program Files\Common Files\Sophos\Sophos Client Firewall\ScfRes.dll
18:33:35.0781 3900 C:\Program Files\Common Files\Sophos\Sophos Client Firewall\ScfRes.dll - ok
18:33:35.0781 3900 [ F7CD6BC217C7277B987103002DD99032 ] C:\Windows\System32\HotStartUserAgent.dll
18:33:35.0781 3900 C:\Windows\System32\HotStartUserAgent.dll - ok
18:33:35.0781 3900 [ C531C7FD9E8B62021112787C4E2C5A5A ] C:\Windows\System32\drivers\http.sys
18:33:35.0781 3900 C:\Windows\System32\drivers\http.sys - ok
18:33:35.0797 3900 [ 76FC1A16C0A2EA7E8DDA595155CDDFD9 ] C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
18:33:35.0797 3900 C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe - ok
18:33:35.0797 3900 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\System32\wsock32.dll
18:33:35.0797 3900 C:\Windows\System32\wsock32.dll - ok
18:33:35.0797 3900 [ 3D7B2F9082B22DD62249B87541642927 ] C:\Program Files\Sophos\Sophos Client Firewall\engine.dll
18:33:35.0797 3900 C:\Program Files\Sophos\Sophos Client Firewall\engine.dll - ok
18:33:35.0812 3900 [ E17323B0AA9FB3FF9945731D736EDA2F ] C:\Windows\System32\spoolsv.exe
18:33:35.0812 3900 C:\Windows\System32\spoolsv.exe - ok
18:33:35.0812 3900 [ 6AFF0C31D4E817F821113743D746A65D ] C:\Program Files\Sophos\Sophos Client Firewall\FirewallConfiguration.dll
18:33:35.0812 3900 C:\Program Files\Sophos\Sophos Client Firewall\FirewallConfiguration.dll - ok
18:33:35.0812 3900 [ F58516E2DC0D963EF70D6BFC21FD82C4 ] C:\Windows\System32\PlaySndSrv.dll
18:33:35.0812 3900 C:\Windows\System32\PlaySndSrv.dll - ok
18:33:35.0828 3900 [ A8C936B01E23AABDBA2270CDBE8BEF36 ] C:\Program Files\Sophos\Sophos Client Firewall\libeay32.dll
18:33:35.0828 3900 C:\Program Files\Sophos\Sophos Client Firewall\libeay32.dll - ok
18:33:35.0828 3900 [ 40459812C632F26C80D8F60C98E6A685 ] C:\Program Files\Sophos\Sophos Client Firewall\FirewallMessaging.dll
18:33:35.0828 3900 C:\Program Files\Sophos\Sophos Client Firewall\FirewallMessaging.dll - ok
18:33:35.0828 3900 [ B43687C534A49700BF4B3C9898763752 ] C:\Windows\System32\MsCtfMonitor.dll
18:33:35.0844 3900 C:\Windows\System32\MsCtfMonitor.dll - ok
18:33:35.0844 3900 [ 2CBC9398C6642D68BCC2D4606E7FB674 ] C:\Program Files\Sophos\Sophos Client Firewall\op_data.dll
18:33:35.0844 3900 C:\Program Files\Sophos\Sophos Client Firewall\op_data.dll - ok
18:33:35.0844 3900 [ 415132079EAF93D6E90D9CA1B641F068 ] C:\Windows\System32\msutb.dll
18:33:35.0844 3900 C:\Windows\System32\msutb.dll - ok
18:33:35.0859 3900 [ 288953B6D1ABE40A9563A7D429AB101C ] C:\Program Files\Sophos\Sophos Client Firewall\SCFRes_op_data_en.dll
18:33:35.0859 3900 C:\Program Files\Sophos\Sophos Client Firewall\SCFRes_op_data_en.dll - ok
18:33:35.0859 3900 [ 5764C381949147EBCFB9A7134E2ABF06 ] C:\Windows\System32\odbc32.dll
18:33:35.0859 3900 C:\Windows\System32\odbc32.dll - ok
18:33:35.0859 3900 [ D92CA04CD1E304D45AEB3FFE7E9436A7 ] C:\Windows\System32\odbcjt32.dll
18:33:35.0859 3900 C:\Windows\System32\odbcjt32.dll - ok
18:33:35.0875 3900 [ FD3AD0CCC96A7287F156FC1E2E197D5E ] C:\Program Files\Sophos\Sophos Client Firewall\learning.dll
18:33:35.0875 3900 C:\Program Files\Sophos\Sophos Client Firewall\learning.dll - ok
18:33:35.0875 3900 [ 2782F37C5F266AD1FB369167E1CA97CC ] C:\Program Files\Sophos\Sophos Client Firewall\network.dll
18:33:35.0875 3900 C:\Program Files\Sophos\Sophos Client Firewall\network.dll - ok
18:33:35.0875 3900 [ F8952E80B7F778DA2F7AA8393CA2D30E ] C:\Windows\System32\taskeng.exe
18:33:35.0875 3900 C:\Windows\System32\taskeng.exe - ok
18:33:35.0890 3900 [ 659E04E74135927CA6D7BC5E75C84417 ] C:\Windows\System32\TSChannel.dll
18:33:35.0890 3900 C:\Windows\System32\TSChannel.dll - ok
18:33:35.0890 3900 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
18:33:35.0890 3900 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
18:33:35.0906 3900 [ FF60B8C5BBE73B0790B3332783B6FD81 ] C:\Program Files\Google\Update\1.3.21.153\goopdate.dll
18:33:35.0906 3900 C:\Program Files\Google\Update\1.3.21.153\goopdate.dll - ok
18:33:35.0906 3900 [ 1434CD59B7A020B0F3EAEF61953D4965 ] C:\Windows\System32\odbccp32.dll
18:33:35.0906 3900 C:\Windows\System32\odbccp32.dll - ok
18:33:35.0906 3900 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\System32\odbcint.dll
18:33:35.0906 3900 C:\Windows\System32\odbcint.dll - ok
18:33:35.0922 3900 [ 79C7CFAEA6879A8C1A1E8B5FFE8983AA ] C:\Windows\System32\dbghelp.dll
18:33:35.0922 3900 C:\Windows\System32\dbghelp.dll - ok
18:33:35.0922 3900 [ 8726802EA4FBFFA3FD54FD2449BF51D4 ] C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
18:33:35.0922 3900 C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe - ok
18:33:35.0922 3900 [ C9380B96A0D51B8109D19D13467ADA0B ] C:\Windows\System32\msjet40.dll
18:33:35.0922 3900 C:\Windows\System32\msjet40.dll - ok
18:33:35.0937 3900 [ 1F55C7C1E338047DC5E329011A781FB3 ] C:\Windows\System32\mswstr10.dll
18:33:35.0937 3900 C:\Windows\System32\mswstr10.dll - ok
18:33:35.0937 3900 [ 0089563F324FA784DA849D6A636141E0 ] C:\Windows\System32\mstask.dll
18:33:35.0937 3900 C:\Windows\System32\mstask.dll - ok
18:33:35.0937 3900 [ 03F86B6A95728E83364B67FCA192DFE9 ] C:\Windows\System32\odbcji32.dll
18:33:35.0937 3900 C:\Windows\System32\odbcji32.dll - ok
18:33:35.0953 3900 [ 870285A6C2429CFC47FF95DA49313664 ] C:\Windows\System32\msjter40.dll
18:33:35.0953 3900 C:\Windows\System32\msjter40.dll - ok
18:33:35.0953 3900 [ 0219B6F2329F4C1BC24580C83D0F3645 ] C:\Windows\System32\msjint40.dll
18:33:35.0953 3900 C:\Windows\System32\msjint40.dll - ok
18:33:35.0968 3900 [ F774DB03213C2014363DE8D22DD6BBEF ] C:\Windows\System32\msjtes40.dll
18:33:35.0968 3900 C:\Windows\System32\msjtes40.dll - ok
18:33:35.0968 3900 [ 73D1680C94C1B57F6D8E49B2AE8122ED ] C:\Windows\System32\vbajet32.dll
18:33:35.0968 3900 C:\Windows\System32\vbajet32.dll - ok
18:33:35.0968 3900 [ EFF10B20A6F094BC75385791C526546D ] C:\Windows\System32\expsrv.dll
18:33:35.0968 3900 C:\Windows\System32\expsrv.dll - ok
18:33:35.0984 3900 [ 18A54E132947CD98FEA9ACCC57F98F13 ] C:\Windows\System32\alg.exe
18:33:35.0984 3900 C:\Windows\System32\alg.exe - ok
18:33:35.0984 3900 [ FF207D67700AA18242AAF985D3E7D8F4 ] C:\Windows\System32\drivers\srvnet.sys
18:33:35.0984 3900 C:\Windows\System32\drivers\srvnet.sys - ok
18:33:35.0984 3900 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] C:\Windows\System32\drivers\bowser.sys
18:33:35.0984 3900 C:\Windows\System32\drivers\bowser.sys - ok
18:33:36.0000 3900 [ CA7570E42522E24324A12161DB14EC02 ] C:\Windows\System32\drivers\mrxsmb.sys
18:33:36.0000 3900 C:\Windows\System32\drivers\mrxsmb.sys - ok
18:33:36.0000 3900 [ F965C3AB2B2AE5C378F4562486E35051 ] C:\Windows\System32\drivers\mrxsmb10.sys
18:33:36.0000 3900 C:\Windows\System32\drivers\mrxsmb10.sys - ok
18:33:36.0000 3900 [ 25C38264A3C72594DD21D355D70D7A5D ] C:\Windows\System32\drivers\mrxsmb20.sys
18:33:36.0000 3900 C:\Windows\System32\drivers\mrxsmb20.sys - ok
18:33:36.0015 3900 [ 414BB592CAD8A79649D01F9D94318FB3 ] C:\Windows\System32\drivers\srv2.sys
18:33:36.0015 3900 C:\Windows\System32\drivers\srv2.sys - ok
18:33:36.0015 3900 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] C:\Windows\System32\drivers\srv.sys
18:33:36.0015 3900 C:\Windows\System32\drivers\srv.sys - ok
18:33:36.0015 3900 [ B9891F885DCF1F0513A51CB58493CB1F ] C:\Windows\System32\wkssvc.dll
18:33:36.0015 3900 C:\Windows\System32\wkssvc.dll - ok
18:33:36.0031 3900 [ 8F6BF790D3168224C16F2AF68A84438C ] C:\Windows\System32\srvsvc.dll
18:33:36.0031 3900 C:\Windows\System32\srvsvc.dll - ok
18:33:36.0031 3900 [ A0E691DC6589D4D2CBE373171D1A49E5 ] C:\Windows\System32\browser.dll
18:33:36.0031 3900 C:\Windows\System32\browser.dll - ok
18:33:36.0046 3900 [ E4B72E71EC37A59FE574A998A0C0EB9B ] C:\Windows\System32\netmsg.dll
18:33:36.0046 3900 C:\Windows\System32\netmsg.dll - ok
18:33:36.0046 3900 [ 2F94E3709F029512A1BD8F6C108D7B62 ] C:\Windows\System32\sscore.dll
18:33:36.0046 3900 C:\Windows\System32\sscore.dll - ok
18:33:36.0046 3900 [ 9092668DAF4061898FD3F2C19D8C7F85 ] C:\Windows\System32\clusapi.dll
18:33:36.0046 3900 C:\Windows\System32\clusapi.dll - ok
18:33:36.0062 3900 [ 9015EE5171BCB15653DA27024BD27128 ] C:\Windows\System32\resutils.dll
18:33:36.0062 3900 C:\Windows\System32\resutils.dll - ok
18:33:36.0062 3900 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] C:\Windows\System32\drivers\parport.sys
18:33:36.0062 3900 C:\Windows\System32\drivers\parport.sys - ok
18:33:36.0062 3900 [ 11A52CF7B265631DEEB24C6149309EFF ] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:33:36.0062 3900 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
18:33:36.0078 3900 [ 93F0FFD46BA1EE3AEECD07678DD8E510 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
18:33:36.0078 3900 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll - ok
18:33:36.0078 3900 [ 3E62E3122E534254DD314FA8A7B6BF48 ] C:\Windows\System32\drivers\asdrs.sys
18:33:36.0078 3900 C:\Windows\System32\drivers\asdrs.sys - ok
18:33:36.0078 3900 [ 3F9CA1ACFCB7CFF153B4B3DDB7E29373 ] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
18:33:36.0078 3900 C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe - ok
18:33:36.0093 3900 [ 1DAC855FB418E849E958C9D85F0F550E ] C:\Program Files\Anvisoft\Anvi Smart Defender\sqlite3.dll
18:33:36.0093 3900 C:\Program Files\Anvisoft\Anvi Smart Defender\sqlite3.dll - ok
18:33:36.0093 3900 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\System32\fltLib.dll
18:33:36.0093 3900 C:\Windows\System32\fltLib.dll - ok
18:33:36.0093 3900 [ 01142BC5CABD5A5AF89001CD2568ECC2 ] C:\Program Files\Anvisoft\Anvi Smart Defender\Swordfish.dll
18:33:36.0109 3900 C:\Program Files\Anvisoft\Anvi Smart Defender\Swordfish.dll - ok
18:33:36.0109 3900 [ 9AFCF85708576F3EF6FB868B6C604C01 ] C:\Windows\System32\drivers\asdws.sys
18:33:36.0109 3900 C:\Windows\System32\drivers\asdws.sys - ok
18:33:36.0109 3900 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] C:\Windows\System32\cryptsvc.dll
18:33:36.0109 3900 C:\Windows\System32\cryptsvc.dll - ok
18:33:36.0124 3900 [ 1F778C34C751E1B585E4FC66659BA904 ] C:\Windows\System32\cryptnet.dll
18:33:36.0124 3900 C:\Windows\System32\cryptnet.dll - ok
18:33:36.0124 3900 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] C:\Windows\System32\dps.dll
18:33:36.0124 3900 C:\Windows\System32\dps.dll - ok
18:33:36.0124 3900 [ 00A99DA54C14969A899ED316D16E9A9E ] C:\Windows\System32\efssvc.dll
18:33:36.0124 3900 C:\Windows\System32\efssvc.dll - ok
18:33:36.0140 3900 [ 21012407E8C74AA72BBB485B0FC197FE ] C:\Windows\System32\taskschd.dll
18:33:36.0140 3900 C:\Windows\System32\taskschd.dll - ok
18:33:36.0140 3900 [ EFBC1DD333C99CA52A1371C74D4BA7A7 ] C:\Windows\System32\vssapi.dll
18:33:36.0140 3900 C:\Windows\System32\vssapi.dll - ok
18:33:36.0140 3900 [ 61933976CFB6F3F2A0E14A1DA704ADF6 ] C:\Windows\System32\efscore.dll
18:33:36.0140 3900 C:\Windows\System32\efscore.dll - ok
18:33:36.0156 3900 [ 359C3AC547AA1D24EED35BE3AB3759DC ] C:\Windows\System32\efsutil.dll
18:33:36.0156 3900 C:\Windows\System32\efsutil.dll - ok
18:33:36.0156 3900 [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\System32\vsstrace.dll
18:33:36.0156 3900 C:\Windows\System32\vsstrace.dll - ok
18:33:36.0156 3900 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] C:\Windows\System32\FDResPub.dll
18:33:36.0156 3900 C:\Windows\System32\FDResPub.dll - ok
18:33:36.0171 3900 [ 206ECCF79765E9F3FC6CCA04114EE058 ] C:\Windows\System32\WSDApi.dll
18:33:36.0171 3900 C:\Windows\System32\WSDApi.dll - ok
18:33:36.0171 3900 [ 4262220B609AD082CE66914172597A96 ] C:\Windows\System32\webservices.dll
18:33:36.0171 3900 C:\Windows\System32\webservices.dll - ok
18:33:36.0171 3900 [ 89D90579E5FB1469CB0464F6512E42B7 ] C:\Windows\System32\fundisc.dll
18:33:36.0171 3900 C:\Windows\System32\fundisc.dll - ok
18:33:36.0187 3900 [ 2226496E34BD40734946A054B1CD657F ] C:\Windows\System32\nlasvc.dll
18:33:36.0187 3900 C:\Windows\System32\nlasvc.dll - ok
18:33:36.0187 3900 [ 3F2DEAFC463D75611CB9C5E36A8CCF15 ] C:\Windows\System32\ncsi.dll
18:33:36.0187 3900 C:\Windows\System32\ncsi.dll - ok
18:33:36.0202 3900 [ 9E0104BA49F4E6973749A02BF41344ED ] C:\Windows\System32\drivers\PEAuth.sys
18:33:36.0202 3900 C:\Windows\System32\drivers\PEAuth.sys - ok
18:33:36.0202 3900 [ AE6C778717DE2F6B0C0B5335036D3363 ] C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
18:33:36.0202 3900 C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe - ok
18:33:36.0202 3900 [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\System32\ssdpapi.dll
18:33:36.0202 3900 C:\Windows\System32\ssdpapi.dll - ok
18:33:36.0218 3900 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\System32\rasadhlp.dll
18:33:36.0218 3900 C:\Windows\System32\rasadhlp.dll - ok
18:33:36.0218 3900 [ 78B62E4C13378F737603136975A07E1A ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll
18:33:36.0218 3900 C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll - ok
18:33:36.0218 3900 [ 105319E3D66D6E1BAD22AADEC1E9E0DA ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll
18:33:36.0218 3900 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll - ok
18:33:36.0234 3900 [ B1A7437A886CE87B31A12A154ED33833 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
18:33:36.0234 3900 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe - ok
18:33:36.0234 3900 [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\System32\mscoree.dll
18:33:36.0234 3900 C:\Windows\System32\mscoree.dll - ok
18:33:36.0249 3900 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
18:33:36.0249 3900 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
18:33:36.0249 3900 [ 0786EA7E8DBDD3D8D6861E7D2C87E5E3 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
18:33:36.0249 3900 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
18:33:36.0249 3900 [ 2B0F70547A3E310DB6144DA9D6C07776 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
18:33:36.0249 3900 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll - ok
18:33:36.0265 3900 [ 56892E1DA69ABAF325C4B83CF5CCC53A ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
18:33:36.0265 3900 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll - ok
18:33:36.0265 3900 [ CD49F38F489F2742AE902482888BB118 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\bfceac53dda4bf7ba2f5020573f80163\System.ServiceProcess.ni.dll
18:33:36.0265 3900 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\bfceac53dda4bf7ba2f5020573f80163\System.ServiceProcess.ni.dll - ok
18:33:36.0280 3900 [ 2B6FC63A9D1D902B8B7B2B128D5D1C5A ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
18:33:36.0280 3900 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
18:33:36.0280 3900 [ CC71DEBA84E7AD3192BB6B48F62A1B0B ] C:\Program Files\Common Files\Intuit\QuickBooks\CFScan.dll
18:33:36.0280 3900 C:\Program Files\Common Files\Intuit\QuickBooks\CFScan.dll - ok
18:33:36.0280 3900 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\System32\shfolder.dll
18:33:36.0280 3900 C:\Windows\System32\shfolder.dll - ok
18:33:36.0296 3900 [ 912568E43E0D87C29412993FF49DBCB2 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBDBPortFinder.DLL
18:33:36.0296 3900 C:\Program Files\Common Files\Intuit\QuickBooks\QBDBPortFinder.DLL - ok
18:33:36.0296 3900 [ BD57B12FA4C21B1CE7DA3570410BF12D ] C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
18:33:36.0296 3900 C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe - ok
18:33:36.0296 3900 [ FC2741A70B84D7E7BA5F51A352669EE8 ] C:\Program Files\Common Files\Intuit\QuickBooks\stlport_r50.dll
18:33:36.0296 3900 C:\Program Files\Common Files\Intuit\QuickBooks\stlport_r50.dll - ok
18:33:36.0312 3900 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
18:33:36.0312 3900 C:\Windows\System32\drivers\secdrv.sys - ok
18:33:36.0312 3900 [ 58D926F3B2113BF849162C9C26FE21DC ] C:\Program Files\Internet Explorer\iexplore.exe
18:33:36.0312 3900 C:\Program Files\Internet Explorer\iexplore.exe - ok
18:33:36.0327 3900 [ B5774835A13B5ED31378AABD07746262 ] C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
18:33:36.0327 3900 C:\Program Files\Sophos\AutoUpdate\ALsvc.exe - ok
18:33:36.0327 3900 [ A94DC60A90EFD7A35C36D971E3EE7470 ] C:\Program Files\Sophos\AutoUpdate\msvcp71.dll
18:33:36.0327 3900 C:\Program Files\Sophos\AutoUpdate\msvcp71.dll - ok
18:33:36.0327 3900 [ 398308BE8586EE7AEE5F02D3F4D44ED5 ] C:\Program Files\Sophos\Sophos Anti-Virus\WSCClient.exe
18:33:36.0327 3900 C:\Program Files\Sophos\Sophos Anti-Virus\WSCClient.exe - ok
18:33:36.0343 3900 [ CA2F560921B7B8BE1CF555A5A18D54C3 ] C:\Program Files\Sophos\AutoUpdate\msvcr71.dll
18:33:36.0343 3900 C:\Program Files\Sophos\AutoUpdate\msvcr71.dll - ok
18:33:36.0343 3900 [ 079FC5AAA9963057548DF29F069EC406 ] C:\Windows\AppPatch\AcGenral.dll
18:33:36.0343 3900 C:\Windows\AppPatch\AcGenral.dll - ok
18:33:36.0343 3900 [ 374B26395852A9092BDE2E4C8D4D0C8D ] C:\Windows\System32\wscapi.dll
18:33:36.0343 3900 C:\Windows\System32\wscapi.dll - ok
18:33:36.0358 3900 [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\System32\wscisvif.dll
18:33:36.0358 3900 C:\Windows\System32\wscisvif.dll - ok
18:33:36.0358 3900 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\System32\sfc.dll
18:33:36.0358 3900 C:\Windows\System32\sfc.dll - ok
18:33:36.0358 3900 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\System32\sfc_os.dll
18:33:36.0358 3900 C:\Windows\System32\sfc_os.dll - ok
18:33:36.0374 3900 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\System32\wbem\wbemprox.dll
18:33:36.0374 3900 C:\Windows\System32\wbem\wbemprox.dll - ok
18:33:36.0374 3900 [ 96F3F676B4D0DF4DA9C4081358C4662F ] C:\Windows\System32\wbemcomn.dll
18:33:36.0374 3900 C:\Windows\System32\wbemcomn.dll - ok
18:33:36.0390 3900 [ A22825E7BB7018E8AF3E229A5AF17221 ] C:\Windows\System32\wiaservc.dll
18:33:36.0390 3900 C:\Windows\System32\wiaservc.dll - ok
18:33:36.0390 3900 [ B087F2B901570F6EF62F6C2E01A480F3 ] C:\Windows\System32\wiatrace.dll
18:33:36.0390 3900 C:\Windows\System32\wiatrace.dll - ok
18:33:36.0390 3900 [ AA5CA4A5F87C1576FF550A0372B3ED84 ] C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
18:33:36.0390 3900 C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe - ok
18:33:36.0405 3900 [ BF000DAB9748F4E597D39A6521C854D4 ] C:\Program Files\Sophos\AutoUpdate\config.dll
18:33:36.0405 3900 C:\Program Files\Sophos\AutoUpdate\config.dll - ok
18:33:36.0405 3900 [ 8CAC93E088836E3C479CE9AA33BB3F8F ] C:\Program Files\Sophos\AutoUpdate\ALUpdate.exe
18:33:36.0405 3900 C:\Program Files\Sophos\AutoUpdate\ALUpdate.exe - ok
18:33:36.0405 3900 [ 7015964571A7D78E376F61BF5D08F0BA ] C:\Program Files\Sophos\AutoUpdate\inetconn.dll
18:33:36.0405 3900 C:\Program Files\Sophos\AutoUpdate\inetconn.dll - ok
18:33:36.0421 3900 [ E64444523ADD154F86567C469BC0B17F ] C:\Windows\System32\drivers\tcpipreg.sys
18:33:36.0421 3900 C:\Windows\System32\drivers\tcpipreg.sys - ok
18:33:36.0421 3900 [ 04105C8DA62353589C29BDAEB8D88BD8 ] C:\Windows\System32\sysmain.dll
18:33:36.0421 3900 C:\Windows\System32\sysmain.dll - ok
18:33:36.0421 3900 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\System32\SensApi.dll
18:33:36.0421 3900 C:\Windows\System32\SensApi.dll - ok
18:33:36.0436 3900 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] C:\Windows\System32\trkwks.dll
18:33:36.0436 3900 C:\Windows\System32\trkwks.dll - ok
18:33:36.0436 3900 [ F62E510B6AD4C21EB9FE8668ED251826 ] C:\Windows\System32\wbem\WMIsvc.dll
18:33:36.0436 3900 C:\Windows\System32\wbem\WMIsvc.dll - ok
18:33:36.0436 3900 [ 881D9F2D6E04E1C323050CF1574870F7 ] C:\Windows\System32\wbem\WinMgmtR.dll
18:33:36.0436 3900 C:\Windows\System32\wbem\WinMgmtR.dll - ok
18:33:36.0452 3900 [ 0E7441BE4D8C31C7F94D4E09AF8339C8 ] C:\Windows\System32\wbem\WmiDcPrv.dll
18:33:36.0452 3900 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
18:33:36.0452 3900 [ 1CEDFE91F527858CACA1B08B04666BC0 ] C:\Windows\System32\wbem\fastprox.dll
18:33:36.0452 3900 C:\Windows\System32\wbem\fastprox.dll - ok
18:33:36.0468 3900 [ 801211DCFD6414FFA48BCA661A76C6FA ] C:\Windows\System32\wbem\wbemcore.dll
18:33:36.0468 3900 C:\Windows\System32\wbem\wbemcore.dll - ok
18:33:36.0468 3900 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\System32\ntdsapi.dll
18:33:36.0468 3900 C:\Windows\System32\ntdsapi.dll - ok
18:33:36.0468 3900 [ 5AE88135C6A86FCD67BA16AFBB1C8389 ] C:\Windows\System32\wbem\esscli.dll
18:33:36.0468 3900 C:\Windows\System32\wbem\esscli.dll - ok
18:33:36.0483 3900 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\System32\wbem\wbemsvc.dll
18:33:36.0483 3900 C:\Windows\System32\wbem\wbemsvc.dll - ok
18:33:36.0483 3900 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\System32\wbem\wmiutils.dll
18:33:36.0483 3900 C:\Windows\System32\wbem\wmiutils.dll - ok
18:33:36.0483 3900 [ 371E3B05894549113D07CD3081ED55EF ] C:\Windows\System32\wbem\repdrvfs.dll
18:33:36.0483 3900 C:\Windows\System32\wbem\repdrvfs.dll - ok
18:33:36.0499 3900 [ B8F4A6990A6295159792B4AD189D460D ] C:\Windows\System32\wbem\WmiPrvSD.dll
18:33:36.0499 3900 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
18:33:36.0499 3900 [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\System32\ncobjapi.dll
18:33:36.0499 3900 C:\Windows\System32\ncobjapi.dll - ok
18:33:36.0499 3900 [ B350509B6C9296529BC464C60FEEAEF1 ] C:\Windows\System32\wbem\wbemess.dll
18:33:36.0499 3900 C:\Windows\System32\wbem\wbemess.dll - ok
18:33:36.0514 3900 [ C1A857A7BC0BBF57B6115CA7AC4E2F6B ] C:\Windows\System32\taskmgr.exe
18:33:36.0514 3900 C:\Windows\System32\taskmgr.exe - ok
18:33:36.0514 3900 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] C:\Windows\System32\wdi.dll
18:33:36.0514 3900 C:\Windows\System32\wdi.dll - ok
18:33:36.0530 3900 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] C:\Windows\System32\hidserv.dll
18:33:36.0530 3900 C:\Windows\System32\hidserv.dll - ok
18:33:36.0530 3900 [ B7F658A2EBC07129538AD9AB35212637 ] C:\Windows\System32\wpdbusenum.dll
18:33:36.0530 3900 C:\Windows\System32\wpdbusenum.dll - ok
18:33:36.0530 3900 [ 36060A75D9EDB1AEF0825988C7DD8511 ] C:\Windows\System32\PortableDeviceApi.dll
18:33:36.0530 3900 C:\Windows\System32\PortableDeviceApi.dll - ok
18:33:36.0546 3900 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] C:\Windows\System32\appinfo.dll
18:33:36.0546 3900 C:\Windows\System32\appinfo.dll - ok
18:33:36.0546 3900 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] C:\Windows\System32\aelupsvc.dll
18:33:36.0546 3900 C:\Windows\System32\aelupsvc.dll - ok
18:33:36.0546 3900 [ 91DA0906B27ADC98B7CC9D17F6F8227C ] C:\Windows\System32\umb.dll
18:33:36.0546 3900 C:\Windows\System32\umb.dll - ok
18:33:36.0561 3900 [ C693E642ACFBDD76433AF6BE3C3EEE6F ] C:\Windows\System32\PortableDeviceConnectApi.dll
18:33:36.0561 3900 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
18:33:36.0561 3900 [ 86CAA1B14F29093EC790779F47C9D99F ] C:\Windows\System32\diagperf.dll
18:33:36.0561 3900 C:\Windows\System32\diagperf.dll - ok
18:33:36.0561 3900 [ 7E82616BEE76BF5EAA5B30F681414E21 ] C:\Windows\System32\perftrack.dll
18:33:36.0561 3900 C:\Windows\System32\perftrack.dll - ok
18:33:36.0577 3900 [ 8019A904EBB6F8CFBA9E41A76A99604A ] C:\Windows\System32\wer.dll
18:33:36.0577 3900 C:\Windows\System32\wer.dll - ok
18:33:36.0577 3900 [ 8B794AE6D5C7D42092804BC39A2EB8F6 ] C:\Windows\System32\aepic.dll
18:33:36.0577 3900 C:\Windows\System32\aepic.dll - ok
18:33:36.0592 3900 [ D99621C0735B21DCC8BC4FEF02F379EF ] C:\Windows\System32\Apphlpdm.dll
18:33:36.0592 3900 C:\Windows\System32\Apphlpdm.dll - ok
18:33:36.0592 3900 [ F8E882C10AF4C29E378D1E28D4817CB1 ] C:\Windows\System32\pnpts.dll
18:33:36.0592 3900 C:\Windows\System32\pnpts.dll - ok
18:33:36.0592 3900 [ 7FFD52D73352806969D424EF327D10A7 ] C:\Windows\System32\radardt.dll
18:33:36.0592 3900 C:\Windows\System32\radardt.dll - ok
18:33:36.0592 3900 [ 23D5AE191D918BB82FD8027E1BA869D4 ] C:\Windows\System32\wdiasqmmodule.dll
18:33:36.0592 3900 C:\Windows\System32\wdiasqmmodule.dll - ok
18:33:36.0608 3900 [ C5C867CD7EFAC60D5021223E374DEEC5 ] C:\Windows\System32\dimsjob.dll
18:33:36.0608 3900 C:\Windows\System32\dimsjob.dll - ok
18:33:36.0608 3900 [ 867C301E8B790040AE9CF6486E8041DF ] C:\Windows\System32\drivers\WUDFRd.sys
18:33:36.0608 3900 C:\Windows\System32\drivers\WUDFRd.sys - ok
18:33:36.0624 3900 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\System32\npmproxy.dll
18:33:36.0624 3900 C:\Windows\System32\npmproxy.dll - ok
18:33:36.0624 3900 [ 169F916EFEAA44487E65305B7D2D754B ] C:\Windows\System32\runonce.exe
18:33:36.0624 3900 C:\Windows\System32\runonce.exe - ok
18:33:36.0624 3900 [ 8AE6DD9A6D246004DA047F704F0CC487 ] C:\Windows\System32\cmd.exe
18:33:36.0624 3900 C:\Windows\System32\cmd.exe - ok
18:33:36.0639 3900 [ 06325E5412596F7B4A8170519EF64392 ] C:\Windows\System32\conhost.exe
18:33:36.0639 3900 C:\Windows\System32\conhost.exe - ok
18:33:36.0639 3900 [ A5A2C690C2B9417D79998EBB1C782564 ] C:\Windows\System32\ieframe.dll
18:33:36.0639 3900 C:\Windows\System32\ieframe.dll - ok
18:33:36.0639 3900 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] C:\Windows\System32\drivers\WUDFPf.sys
18:33:36.0639 3900 C:\Windows\System32\drivers\WUDFPf.sys - ok
18:33:36.0655 3900 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] C:\Windows\System32\WUDFSvc.dll
18:33:36.0655 3900 C:\Windows\System32\WUDFSvc.dll - ok
18:33:36.0655 3900 [ 980B6A5F92B8DB235C4A26728C2BE732 ] C:\Windows\System32\WUDFHost.exe
18:33:36.0655 3900 C:\Windows\System32\WUDFHost.exe - ok
18:33:36.0655 3900 [ E07B77C3BDC82A024E294FB67ABFEDA0 ] C:\Windows\System32\shdocvw.dll
18:33:36.0655 3900 C:\Windows\System32\shdocvw.dll - ok
18:33:36.0670 3900 [ A36F7A256E65D858A7039DB00ADEEBDD ] C:\Windows\System32\WUDFx.dll
18:33:36.0670 3900 C:\Windows\System32\WUDFx.dll - ok
18:33:36.0670 3900 [ 7ABBDC3B08950992D218FA1E52D52A96 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
18:33:36.0670 3900 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
18:33:36.0686 3900 [ E6EE5019E84F23C9FFFF7B6E2A5158D0 ] C:\Windows\System32\WMVCORE.DLL
18:33:36.0686 3900 C:\Windows\System32\WMVCORE.DLL - ok
18:33:36.0686 3900 [ A7DD56261518373F70F23079EB3CD0A2 ] C:\Windows\System32\WMASF.DLL
18:33:36.0686 3900 C:\Windows\System32\WMASF.DLL - ok
18:33:36.0686 3900 [ 81490FDAE27F0082E5CC2DC78DCA96FA ] C:\Windows\System32\PortableDeviceClassExtension.dll
18:33:36.0686 3900 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
18:33:36.0702 3900 [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\System32\PortableDeviceTypes.dll
18:33:36.0702 3900 C:\Windows\System32\PortableDeviceTypes.dll - ok
18:33:36.0702 3900 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Del\AppData\Local\Temp\C48190DA-BB41-4D83-A250-9766147625F8.exe
18:33:36.0702 3900 C:\Users\Del\AppData\Local\Temp\C48190DA-BB41-4D83-A250-9766147625F8.exe - ok
18:33:36.0702 3900 [ 14486EB6AF542F2BD3239F7FC3E713F7 ] C:\Windows\System32\pautoenr.dll
18:33:36.0702 3900 C:\Windows\System32\pautoenr.dll - ok
18:33:36.0717 3900 [ 0174C3636D001197F10A52DB8BBF960D ] C:\Windows\System32\certcli.dll
18:33:36.0717 3900 C:\Windows\System32\certcli.dll - ok
18:33:36.0717 3900 [ 9D37CF187096B79ACD1C343F7C382352 ] C:\Windows\System32\CertEnroll.dll
18:33:36.0717 3900 C:\Windows\System32\CertEnroll.dll - ok
18:33:36.0717 3900 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\System32\winrnr.dll
18:33:36.0717 3900 C:\Windows\System32\winrnr.dll - ok
18:33:36.0733 3900 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\System32\NapiNSP.dll
18:33:36.0733 3900 C:\Windows\System32\NapiNSP.dll - ok
18:33:36.0733 3900 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\System32\pnrpnsp.dll
18:33:36.0733 3900 C:\Windows\System32\pnrpnsp.dll - ok
18:33:36.0748 3900 [ 358AB7956D3160000726574083DFC8A6 ] C:\Windows\System32\pcasvc.dll
18:33:36.0748 3900 C:\Windows\System32\pcasvc.dll - ok
18:33:36.0748 3900 [ 99103984D22678A16D8A53B7CCA0958E ] C:\Windows\System32\iedkcs32.dll
18:33:36.0748 3900 C:\Windows\System32\iedkcs32.dll - ok
18:33:36.0748 3900 [ AE571A4036D5770B64E10EA49CB930FE ] C:\Windows\System32\ie4uinit.exe
18:33:36.0748 3900 C:\Windows\System32\ie4uinit.exe - ok
18:33:36.0764 3900 [ 175383778EB24D98C84E624021E3AA0B ] C:\Windows\System32\aeevts.dll
18:33:36.0764 3900 C:\Windows\System32\aeevts.dll - ok
18:33:36.0764 3900 [ C338915320CBEBFDB6DA3F0E6B069754 ] C:\Windows\System32\timedate.cpl
18:33:36.0764 3900 C:\Windows\System32\timedate.cpl - ok
18:33:36.0764 3900 [ B6C4063297C7D07CD0532BDC3350436C ] C:\Windows\System32\actxprxy.dll
18:33:36.0764 3900 C:\Windows\System32\actxprxy.dll - ok
18:33:36.0780 3900 [ A0F1DFC9E47B2524213AFF32E26BE92D ] C:\Program Files\Windows Media Player\wmplayer.exe
18:33:36.0780 3900 C:\Program Files\Windows Media Player\wmplayer.exe - ok
18:33:36.0780 3900 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\System32\linkinfo.dll
18:33:36.0780 3900 C:\Windows\System32\linkinfo.dll - ok
18:33:36.0780 3900 [ 072C64FE4977D1D7FECDB03AE7DFF45D ] C:\Windows\System32\gameux.dll
18:33:36.0780 3900 C:\Windows\System32\gameux.dll - ok
18:33:36.0795 3900 [ FBE9BC55CF7ED9CC1452F7AF02C31864 ] C:\Windows\System32\msftedit.dll
18:33:36.0795 3900 C:\Windows\System32\msftedit.dll - ok
18:33:36.0795 3900 [ 26025A46FB3FDB40FF06BBF1834093B5 ] C:\Windows\System32\msls31.dll
18:33:36.0795 3900 C:\Windows\System32\msls31.dll - ok
18:33:36.0811 3900 [ 7896EFFDEE215C172BE724A64931EF1C ] C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
18:33:36.0811 3900 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll - ok
18:33:36.0811 3900 [ 3A0647BDED81DBE0BCBB51D70B22C9E0 ] C:\Program Files\Java\jre6\bin\jusched.exe
18:33:36.0811 3900 C:\Program Files\Java\jre6\bin\jusched.exe - ok
18:33:36.0811 3900 [ 3E19163966261CCDBA4C8C030E601998 ] C:\Windows\System32\DeviceCenter.dll
18:33:36.0811 3900 C:\Windows\System32\DeviceCenter.dll - ok
18:33:36.0826 3900 [ 47098E5D669470801621AC09C7C77CC0 ] C:\Windows\System32\SearchFolder.dll
18:33:36.0826 3900 C:\Windows\System32\SearchFolder.dll - ok
18:33:36.0826 3900 [ D20AD241AE7B90089F4AE9A8A19F0FA7 ] C:\Program Files\Microsoft Office\Office\OSA9.EXE
18:33:36.0826 3900 C:\Program Files\Microsoft Office\Office\OSA9.EXE - ok
18:33:36.0826 3900 [ DBE2AA52B5D67DA319D33A175B8BB41E ] C:\Windows\System32\thumbcache.dll
18:33:36.0826 3900 C:\Windows\System32\thumbcache.dll - ok
18:33:36.0842 3900 [ 4A056D7392F31EDA3AE1975E7010D7E3 ] C:\Windows\System32\networkexplorer.dll
18:33:36.0842 3900 C:\Windows\System32\networkexplorer.dll - ok
18:33:36.0842 3900 [ 68239842340DDFF8993DFD9127553EDA ] C:\Windows\System32\igfxtray.exe
18:33:36.0842 3900 C:\Windows\System32\igfxtray.exe - ok
18:33:36.0842 3900 [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\System32\drprov.dll
18:33:36.0842 3900 C:\Windows\System32\drprov.dll - ok
18:33:36.0858 3900 [ 06018B349666595970E15397E78A0D77 ] C:\Windows\System32\ntlanman.dll
18:33:36.0858 3900 C:\Windows\System32\ntlanman.dll - ok
18:33:36.0858 3900 [ 5AA237EAF522154183AB8E95F2099827 ] C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
18:33:36.0858 3900 C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
18:33:36.0873 3900 [ 7FB5696EBCB8131AD2E2DEFE5F19C4B5 ] C:\Windows\System32\davclnt.dll
18:33:36.0873 3900 C:\Windows\System32\davclnt.dll - ok
18:33:36.0873 3900 [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\System32\davhlpr.dll
18:33:36.0873 3900 C:\Windows\System32\davhlpr.dll - ok
18:33:36.0873 3900 [ FCD688586654203879805259141D76FF ] C:\Windows\System32\hccutils.dll
18:33:36.0873 3900 C:\Windows\System32\hccutils.dll - ok
18:33:36.0889 3900 [ 004763BDF8E48244DBB9FDFDE3065EBC ] C:\Windows\System32\hkcmd.exe
18:33:36.0889 3900 C:\Windows\System32\hkcmd.exe - ok
18:33:36.0889 3900 [ D9C51528488EA0D98D3C4D02ABD16759 ] C:\Windows\System32\igfxsrvc.exe
18:33:36.0889 3900 C:\Windows\System32\igfxsrvc.exe - ok
18:33:36.0889 3900 [ CD1102E5D340216138C7F56FA8D26998 ] C:\Windows\System32\igfxpers.exe
18:33:36.0889 3900 C:\Windows\System32\igfxpers.exe - ok
18:33:36.0904 3900 [ 15FFBB6BAD65E3E043929546F84B9C6C ] C:\Program Files\Sophos\AutoUpdate\ALMon.exe
18:33:36.0904 3900 C:\Program Files\Sophos\AutoUpdate\ALMon.exe - ok
18:33:36.0904 3900 [ ECF6459A9C158BA07877221CF86D9E81 ] C:\Windows\System32\igfxsrvc.dll
18:33:36.0904 3900 C:\Windows\System32\igfxsrvc.dll - ok
18:33:36.0904 3900 [ AED01A07B3F9B7AC9EBEC89EBE78B0A1 ] C:\Windows\System32\igfxdev.dll
18:33:36.0904 3900 C:\Windows\System32\igfxdev.dll - ok
18:33:36.0920 3900 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\Program Files\Sophos\AutoUpdate\MFC71.dll
18:33:36.0920 3900 C:\Program Files\Sophos\AutoUpdate\MFC71.dll - ok
18:33:36.0920 3900 [ F7DD2D785280DB73DC9060F80361BEFB ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
18:33:36.0920 3900 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
18:33:36.0920 3900 [ 2AC91779A31284C0F5AB36501B96264C ] C:\Windows\System32\igfxrenu.lrc
18:33:36.0920 3900 C:\Windows\System32\igfxrenu.lrc - ok
18:33:36.0936 3900 [ AF43C4F7F3C8BC95DAD95024F96CDC4A ] C:\Program Files\QuickTime\qttask.exe
18:33:36.0936 3900 C:\Program Files\QuickTime\qttask.exe - ok
18:33:36.0936 3900 [ 92DA9EDE07390B4352B29DD82079E398 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
18:33:36.0936 3900 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
18:33:36.0951 3900 [ 8B22CF51B907E3A221267CF1E502993A ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
18:33:36.0951 3900 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
18:33:36.0951 3900 [ 4E8012DFB94BEB686DB3E020D4B366DC ] C:\Program Files\Sophos\AutoUpdate\en\almonres.dll
18:33:36.0951 3900 C:\Program Files\Sophos\AutoUpdate\en\almonres.dll - ok
18:33:36.0951 3900 [ CBA3C6E3492C45D8BDF03262E2550617 ] C:\Program Files\Sophos\AutoUpdate\swlocale.dll
18:33:36.0951 3900 C:\Program Files\Sophos\AutoUpdate\swlocale.dll - ok
18:33:36.0967 3900 [ 054B87C872292A960B9B8A834B34DFA7 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
18:33:36.0967 3900 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
18:33:36.0967 3900 [ 638C7596B493F5F77DB9EF6BAD8FE46C ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
18:33:36.0967 3900 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
18:33:36.0982 3900 [ 794950DB77AA590C2964ECA0A5874A09 ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
18:33:36.0982 3900 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
18:33:36.0982 3900 [ 250BF888DDBE88D61EB19A9D4957C794 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
18:33:36.0982 3900 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
18:33:36.0982 3900 [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
18:33:36.0982 3900 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
18:33:36.0998 3900 [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
18:33:36.0998 3900 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
18:33:36.0998 3900 [ 119C053FF0DC31C84AA39497109556A5 ] C:\Windows\System32\igfxress.dll
18:33:36.0998 3900 C:\Windows\System32\igfxress.dll - ok
18:33:36.0998 3900 [ 4C5440275C0CC16B7387E0B76CF5A530 ] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
18:33:36.0998 3900 C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe - ok
18:33:37.0014 3900 [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
18:33:37.0014 3900 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
18:33:37.0014 3900 [ B3A77328B1FA9BFF65CC01A718399F53 ] C:\Program Files\Microsoft Office\Office\EXCEL.EXE
18:33:37.0014 3900 C:\Program Files\Microsoft Office\Office\EXCEL.EXE - ok
18:33:37.0029 3900 [ 37CF2461CB5E40C4CFAB82C8FC79A2BC ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
18:33:37.0029 3900 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
18:33:37.0029 3900 [ 6EC594AB7EFA45EACDE65FD4040F53D9 ] C:\Windows\System32\riched20.dll
18:33:37.0029 3900 C:\Windows\System32\riched20.dll - ok
18:33:37.0029 3900 [ 9BCD2CECA87CF07507E3B23F0AADDF57 ] C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
18:33:37.0029 3900 C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE - ok
18:33:37.0045 3900 [ E75963624A3F55C90AC8A7C2E65072FF ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
18:33:37.0045 3900 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
18:33:37.0045 3900 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\System32\msimg32.dll
18:33:37.0045 3900 C:\Windows\System32\msimg32.dll - ok
18:33:37.0045 3900 [ FC33CBBB9CADCEC307DA010FE763D04C ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
18:33:37.0045 3900 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
18:33:37.0060 3900 [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
18:33:37.0060 3900 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
18:33:37.0060 3900 [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
18:33:37.0060 3900 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
18:33:37.0076 3900 [ A5BD91615B41BFA6D8886D445BB6B63F ] C:\Program Files\Microsoft Office\Office\POWERPNT.EXE
18:33:37.0076 3900 C:\Program Files\Microsoft Office\Office\POWERPNT.EXE - ok
18:33:37.0076 3900 [ 09669FF47664A66FDC45C4A018FDC4CF ] C:\Program Files\Browsersafeguard\BrowserSafeguard.exe
18:33:37.0076 3900 C:\Program Files\Browsersafeguard\BrowserSafeguard.exe - ok
18:33:37.0092 3900 [ 73862FF693168369A90F046E7F227B83 ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
18:33:37.0092 3900 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
18:33:37.0092 3900 [ 6559286A3D75A5F5F6DCDB77851EE8E5 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
18:33:37.0092 3900 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - ok
18:33:37.0092 3900 [ 9E3DB741CD90B26284C41494684EB238 ] C:\Program Files\Sophos\Sophos Anti-Virus\DesktopMessaging.dll
18:33:37.0092 3900 C:\Program Files\Sophos\Sophos Anti-Virus\DesktopMessaging.dll - ok
18:33:37.0107 3900 [ 75B3F2285F2E9BD2044EB820F1823370 ] C:\Program Files\Sophos\Sophos Anti-Virus\SavNeutralRes.dll
18:33:37.0107 3900 C:\Program Files\Sophos\Sophos Anti-Virus\SavNeutralRes.dll - ok
18:33:37.0107 3900 [ 2B71486B92499604EE7C1B129FCFB97B ] C:\Program Files\CamToPrint\PassportPhoto\CamToPrintTray.exe
18:33:37.0107 3900 C:\Program Files\CamToPrint\PassportPhoto\CamToPrintTray.exe - ok
18:33:37.0107 3900 [ 97F17505834562D6115B1734A0AEAFD4 ] C:\Program Files\Sophos\Sophos Anti-Virus\SavResEng.dll
18:33:37.0107 3900 C:\Program Files\Sophos\Sophos Anti-Virus\SavResEng.dll - ok
18:33:37.0123 3900 [ 6EAB698049C55DBEB418BB8300A747FC ] C:\Program Files\Sophos\Sophos Client Firewall\FirewallNAIPlugin.dll
18:33:37.0123 3900 C:\Program Files\Sophos\Sophos Client Firewall\FirewallNAIPlugin.dll - ok
18:33:37.0123 3900 [ 10EAF74F531DAAAE9EB32E77C8E1A24D ] C:\Program Files\Microsoft Office\Office\MSO9.DLL
18:33:37.0123 3900 C:\Program Files\Microsoft Office\Office\MSO9.DLL - ok
18:33:37.0123 3900 [ 7117F034706E1C3EEEC762C09710F522 ] C:\Program Files\Sophos\Sophos Client Firewall\SCFRes_SCFTray_en.dll
18:33:37.0123 3900 C:\Program Files\Sophos\Sophos Client Firewall\SCFRes_SCFTray_en.dll - ok
18:33:37.0138 3900 [ 6924FF74CFB0DF72F79A84358F972FD9 ] C:\Program Files\Microsoft Office\Office\WINWORD.EXE
18:33:37.0138 3900 C:\Program Files\Microsoft Office\Office\WINWORD.EXE - ok
18:33:37.0138 3900 [ 3C9506C084562CB7F8F0ED6EFF64A915 ] C:\Program Files\Sophos\Sophos Client Firewall\SystemProxies.dll
18:33:37.0138 3900 C:\Program Files\Sophos\Sophos Client Firewall\SystemProxies.dll - ok
18:33:37.0154 3900 [ A1500495C5E273A907004B6B362C95F9 ] C:\Program Files\Common Files\Sophos\Sophos Client Firewall\scfcfg.dll
18:33:37.0154 3900 C:\Program Files\Common Files\Sophos\Sophos Client Firewall\scfcfg.dll - ok
18:33:37.0154 3900 [ 2A0DD9961ED969EB10781DBC57EBA9CC ] C:\Program Files\QuickTime\QuickTimePlayer.exe
18:33:37.0154 3900 C:\Program Files\QuickTime\QuickTimePlayer.exe - ok
18:33:37.0170 3900 [ 9C7E3C8A423087094A7260EB6F7825B7 ] C:\Program Files\Common Files\Sophos\Sophos Client Firewall\ScfRes_SCFCfg_en.dll
18:33:37.0170 3900 C:\Program Files\Common Files\Sophos\Sophos Client Firewall\ScfRes_SCFCfg_en.dll - ok
18:33:37.0170 3900 [ 6E9E439517D89EDC9A6CB1E94489620A ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
18:33:37.0170 3900 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok
18:33:37.0185 3900 [ 94D0BF03AEB90598923173E3379CB1DD ] C:\Program Files\Sophos\Sophos Anti-Virus\SavProxy.exe
18:33:37.0185 3900 C:\Program Files\Sophos\Sophos Anti-Virus\SavProxy.exe - ok
18:33:37.0185 3900 [ 2A979B56AD277879CB4F25D25E531D79 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
18:33:37.0185 3900 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll - ok
18:33:37.0185 3900 [ AEC5C09809C3EAD1C16AC86EF098E565 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbuchannel.dll
18:33:37.0185 3900 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbuchannel.dll - ok
18:33:37.0201 3900 [ FC2741A70B84D7E7BA5F51A352669EE8 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\stlport_r50.dll
18:33:37.0201 3900 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\stlport_r50.dll - ok
18:33:37.0201 3900 [ 0122E3120DE2429DCDCD80BA7F9ABA04 ] C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBSendError20.dll
18:33:37.0201 3900 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBSendError20.dll - ok
18:33:37.0216 3900 [ 0F6DDF69657EAA26A8A533B5227BF8F7 ] C:\Windows\System32\jsproxy.dll
18:33:37.0216 3900 C:\Windows\System32\jsproxy.dll - ok
18:33:37.0216 3900 [ F5DD097058C147CDE4C5AA476B2F3F2C ] C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll
18:33:37.0216 3900 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll - ok
18:33:37.0216 3900 [ 6850CAB88C6689D9A9936AFF033578AF ] C:\Windows\System32\stobject.dll
18:33:37.0232 3900 C:\Windows\System32\stobject.dll - ok
18:33:37.0232 3900 [ DAD1F753E1F8563629FBC93F8B15D9F8 ] C:\Windows\System32\batmeter.dll
18:33:37.0232 3900 C:\Windows\System32\batmeter.dll - ok
18:33:37.0232 3900 [ A77F650FE3C5AC3B5D26DBD86D7E18E0 ] C:\Windows\System32\InetClnt.dll
18:33:37.0232 3900 C:\Windows\System32\InetClnt.dll - ok
18:33:37.0248 3900 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\System32\oledlg.dll
18:33:37.0248 3900 C:\Windows\System32\oledlg.dll - ok
18:33:37.0248 3900 [ 803768444B482D61B92D715A05B5712A ] C:\Windows\System32\prnfldr.dll
18:33:37.0248 3900 C:\Windows\System32\prnfldr.dll - ok
18:33:37.0263 3900 [ 0DCA6A11D09D4C2CBE6B898B897EA915 ] C:\Windows\System32\UIAnimation.dll
18:33:37.0263 3900 C:\Windows\System32\UIAnimation.dll - ok
18:33:37.0263 3900 [ 3FF0FA0A81910617739644A06D06D016 ] C:\Windows\System32\fdProxy.dll
18:33:37.0263 3900 C:\Windows\System32\fdProxy.dll - ok
18:33:37.0263 3900 [ 95DECD7EE37E740F4176BAF60897A92F ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90.dll
18:33:37.0263 3900 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90.dll - ok
18:33:37.0279 3900 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] C:\Windows\System32\provsvc.dll
18:33:37.0279 3900 C:\Windows\System32\provsvc.dll - ok
18:33:37.0279 3900 [ 43521B58A2632B24DFE8F92364DA80D1 ] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.exe
18:33:37.0279 3900 C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.exe - ok
18:33:37.0294 3900 [ 346FA50E19439983EA049B36385D88AF ] C:\Program Files\QuickTime\PictureViewer.exe
18:33:37.0294 3900 C:\Program Files\QuickTime\PictureViewer.exe - ok
18:33:37.0294 3900 [ 6EC0A1BC384DA75511FAEDE0B45A82D4 ] C:\Windows\System32\DXP.dll
18:33:37.0294 3900 C:\Windows\System32\DXP.dll - ok
18:33:37.0294 3900 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\System32\dsound.dll
18:33:37.0294 3900 C:\Windows\System32\dsound.dll - ok
18:33:37.0310 3900 [ 7459301D21C2E21468823F73042D9F87 ] C:\Windows\System32\d3d9.dll
18:33:37.0310 3900 C:\Windows\System32\d3d9.dll - ok
18:33:37.0310 3900 [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\System32\Syncreg.dll
18:33:37.0310 3900 C:\Windows\System32\Syncreg.dll - ok
18:33:37.0326 3900 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\System32\d3d8thk.dll
18:33:37.0326 3900 C:\Windows\System32\d3d8thk.dll - ok
18:33:37.0326 3900 [ F8F03D206F7D5811D630349A23E9B9B9 ] C:\Windows\ehome\ehSSO.dll
18:33:37.0326 3900 C:\Windows\ehome\ehSSO.dll - ok
18:33:37.0341 3900 [ 205B7034B64DE5A68DEB96B47B7E889B ] C:\Windows\System32\mscms.dll
18:33:37.0341 3900 C:\Windows\System32\mscms.dll - ok
18:33:37.0341 3900 [ 90FB1802D488FFA9029854A77D4F3F27 ] C:\Windows\System32\oleaccrc.dll
18:33:37.0341 3900 C:\Windows\System32\oleaccrc.dll - ok
18:33:37.0341 3900 [ F7611E0F05B4EB272102CA9883CA98A7 ] C:\Windows\System32\netshell.dll
18:33:37.0341 3900 C:\Windows\System32\netshell.dll - ok
18:33:37.0357 3900 [ C5C0754B097B73B971AAD070509024DB ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
18:33:37.0357 3900 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll - ok
18:33:37.0357 3900 [ C31386FC820C2044AF1C9D83615B4226 ] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.dll
18:33:37.0357 3900 C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_174_ActiveX.dll - ok
18:33:37.0372 3900 [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\System32\AltTab.dll
18:33:37.0372 3900 C:\Windows\System32\AltTab.dll - ok
18:33:37.0372 3900 [ 4B91F76D089D27C6783B278C34A65481 ] C:\Program Files\Intuit\QuickBooks 2010\QBW32.EXE
18:33:37.0372 3900 C:\Program Files\Intuit\QuickBooks 2010\QBW32.EXE - ok
18:33:37.0388 3900 [ 651DBBED569E276E7FF5B491B041828E ] C:\Users\Del\Desktop\PassportVisaPhotoCropper_2.0.0.0.exe
18:33:37.0388 3900 C:\Users\Del\Desktop\PassportVisaPhotoCropper_2.0.0.0.exe - ok
18:33:37.0388 3900 [ 5E08AC958BE05247FF1539E0D1CE7905 ] C:\Windows\System32\dinput8.dll
18:33:37.0388 3900 C:\Windows\System32\dinput8.dll - ok
18:33:37.0388 3900 [ F5EB1E039498D6F1D106E96CE7C1F3C6 ] C:\Windows\System32\WPDShServiceObj.dll
18:33:37.0388 3900 C:\Windows\System32\WPDShServiceObj.dll - ok
18:33:37.0404 3900 [ 71402C7923F6B7F8ACB48E50F35463E7 ] C:\Windows\System32\SearchIndexer.exe
18:33:37.0404 3900 C:\Windows\System32\SearchIndexer.exe - ok
18:33:37.0404 3900 [ 2862A3819BBC9757DD27BAC41A4E0A3E ] C:\Windows\System32\pnidui.dll
18:33:37.0404 3900 C:\Windows\System32\pnidui.dll - ok
18:33:37.0419 3900 [ 45F0F12A11861CE0FB682B87A310FE41 ] C:\Windows\System32\QUTIL.DLL
18:33:37.0419 3900 C:\Windows\System32\QUTIL.DLL - ok
18:33:37.0419 3900 [ D4C438883154C3D082FB2E629191C45F ] C:\Windows\System32\srchadmin.dll
18:33:37.0419 3900 C:\Windows\System32\srchadmin.dll - ok
18:33:37.0419 3900 [ 7271B48B193C9624416BD5006CD8B92F ] C:\Windows\System32\tquery.dll
18:33:37.0419 3900 C:\Windows\System32\tquery.dll - ok
18:33:37.0435 3900 [ 6C7ED975BDC6FCCEC1562C86DD357BC3 ] C:\Users\Del\Desktop\PassportPhotoSoftwareFree.exe
18:33:37.0435 3900 C:\Users\Del\Desktop\PassportPhotoSoftwareFree.exe - ok
18:33:37.0435 3900 [ 51138BEEA3E2C21EC44D0932C71762A8 ] C:\Windows\System32\rundll32.exe
18:33:37.0435 3900 C:\Windows\System32\rundll32.exe - ok
18:33:37.0450 3900 [ AF7B90272B5A4E4B3D347B39702435CC ] C:\Windows\System32\mssrch.dll
18:33:37.0450 3900 C:\Windows\System32\mssrch.dll - ok
18:33:37.0450 3900 [ D720800C2AA3C6889B538011ED6C6B1B ] C:\Windows\System32\esent.dll
18:33:37.0450 3900 C:\Windows\System32\esent.dll - ok
18:33:37.0466 3900 [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\System32\msidle.dll
18:33:37.0466 3900 C:\Windows\System32\msidle.dll - ok
18:33:37.0466 3900 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] C:\Windows\System32\netman.dll
18:33:37.0466 3900 C:\Windows\System32\netman.dll - ok
18:33:37.0466 3900 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\System32\mssprxy.dll
18:33:37.0466 3900 C:\Windows\System32\mssprxy.dll - ok
18:33:37.0482 3900 [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\System32\rasdlg.dll
18:33:37.0482 3900 C:\Windows\System32\rasdlg.dll - ok
18:33:37.0482 3900 [ E8D0FA821AAA7DF5EE42E1AA4D7E4193 ] C:\Windows\System32\mprapi.dll
18:33:37.0482 3900 C:\Windows\System32\mprapi.dll - ok
18:33:37.0497 3900 [ C5B5CCDBF8ED1475240313ED88234E3F ] C:\Windows\System32\netcfgx.dll
18:33:37.0497 3900 C:\Windows\System32\netcfgx.dll - ok
18:33:37.0497 3900 [ F79828CEF4F501F60F94B1CD00C47041 ] C:\Windows\System32\dot3api.dll
18:33:37.0497 3900 C:\Windows\System32\dot3api.dll - ok
18:33:37.0513 3900 [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\System32\wlanhlp.dll
18:33:37.0513 3900 C:\Windows\System32\wlanhlp.dll - ok
18:33:37.0513 3900 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\System32\wlanapi.dll
18:33:37.0513 3900 C:\Windows\System32\wlanapi.dll - ok
18:33:37.0513 3900 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\System32\wlanutil.dll
18:33:37.0513 3900 C:\Windows\System32\wlanutil.dll - ok
18:33:37.0528 3900 [ ADEE99F825F8C247C37541EA102CA975 ] C:\Windows\System32\onex.dll
18:33:37.0528 3900 C:\Windows\System32\onex.dll - ok
18:33:37.0528 3900 [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\System32\eappprxy.dll
18:33:37.0528 3900 C:\Windows\System32\eappprxy.dll - ok
18:33:37.0528 3900 [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\System32\eappcfg.dll
18:33:37.0528 3900 C:\Windows\System32\eappcfg.dll - ok
18:33:37.0544 3900 [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\System32\hnetcfg.dll
18:33:37.0544 3900 C:\Windows\System32\hnetcfg.dll - ok
18:33:37.0544 3900 [ 53683A331F8A1BB20ADD0330F1DE6388 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
18:33:37.0544 3900 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
18:33:37.0544 3900 [ C02AA67276FEE0C15CC4D6D616BDE95E ] C:\Windows\System32\WWanAPI.dll
18:33:37.0544 3900 C:\Windows\System32\WWanAPI.dll - ok
18:33:37.0560 3900 [ F2ED6D00921CA138289E5E0CCB9ABF87 ] C:\Windows\System32\wwapi.dll
18:33:37.0560 3900 C:\Windows\System32\wwapi.dll - ok
18:33:37.0560 3900 [ 99BD4B9B15A823A6C46B561329178122 ] C:\Windows\System32\QAGENT.DLL
18:33:37.0560 3900 C:\Windows\System32\QAGENT.DLL - ok
18:33:37.0575 3900 [ 2D15C41214F518FC3C72A4C01C30882F ] C:\Windows\System32\bthprops.cpl
18:33:37.0575 3900 C:\Windows\System32\bthprops.cpl - ok
18:33:37.0575 3900 [ B63E24E9271E99FD4540E3CA22A937DA ] C:\Windows\System32\en-US\tquery.dll.mui
18:33:37.0575 3900 C:\Windows\System32\en-US\tquery.dll.mui - ok
18:33:37.0591 3900 [ 8F8AB20AA863EA95A421B9D54C74F20C ] C:\Program Files\Windows Media Player\wmpnssci.dll
18:33:37.0591 3900 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
18:33:37.0591 3900 [ F09D6EF7529D379C4A89E359B5D55407 ] C:\Users\Del\Desktop\nuvi660_490.exe
18:33:37.0591 3900 C:\Users\Del\Desktop\nuvi660_490.exe - ok
18:33:37.0591 3900 [ CB7633FF7131FB4AA25A09A619082F60 ] C:\Windows\AppPatch\AcLayers.dll
18:33:37.0591 3900 C:\Windows\AppPatch\AcLayers.dll - ok
18:33:37.0606 3900 [ 7D5A321BDDE6AF03A0E5011A61387B8A ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
18:33:37.0606 3900 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll - ok
18:33:37.0606 3900 [ 77FBD400984CF72BA0FC4B3489D65F74 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
18:33:37.0606 3900 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
18:33:37.0622 3900 [ 0C8D133705BB3787F2022FDB6BE6F3AE ] C:\Users\Del\Desktop\VEW.exe
18:33:37.0622 3900 C:\Users\Del\Desktop\VEW.exe - ok
18:33:37.0622 3900 [ DE76461D3E5EBE1C762967D21C17B8C0 ] C:\Windows\System32\wmdrmdev.dll
18:33:37.0622 3900 C:\Windows\System32\wmdrmdev.dll - ok
18:33:37.0622 3900 [ 47D052D9EE1FD3BA2A55D13F61E3EF24 ] C:\Windows\System32\drmv2clt.dll
18:33:37.0622 3900 C:\Windows\System32\drmv2clt.dll - ok
18:33:37.0638 3900 [ C2D6A4475B87651D5909E364439FDA52 ] C:\Windows\System32\FXSST.dll
18:33:37.0638 3900 C:\Windows\System32\FXSST.dll - ok
18:33:37.0638 3900 [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\System32\FXSAPI.dll
18:33:37.0638 3900 C:\Windows\System32\FXSAPI.dll - ok
18:33:37.0638 3900 [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\System32\FXSRESM.dll
18:33:37.0638 3900 C:\Windows\System32\FXSRESM.dll - ok
18:33:37.0653 3900 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] C:\Windows\System32\FXSSVC.exe
18:33:37.0653 3900 C:\Windows\System32\FXSSVC.exe - ok
18:33:37.0653 3900 [ 9967BCE6CF289223ADC2FBF311C6A78F ] C:\Windows\System32\wmp.dll
18:33:37.0653 3900 C:\Windows\System32\wmp.dll - ok
18:33:37.0653 3900 [ 7E0AB74553476622FB6AE36F73D97D35 ] C:\Windows\System32\drivers\fastfat.sys
18:33:37.0653 3900 C:\Windows\System32\drivers\fastfat.sys - ok
18:33:37.0669 3900 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Del\Desktop\tdsskiller.exe
18:33:37.0669 3900 C:\Users\Del\Desktop\tdsskiller.exe - ok
18:33:37.0669 3900 [ DE92625114A5A02C715F7E03CA3F6016 ] C:\Windows\System32\blackbox.dll
18:33:37.0669 3900 C:\Windows\System32\blackbox.dll - ok
18:33:37.0684 3900 [ DF31CBB476862E650F133C9A669EC532 ] C:\Users\Del\Desktop\installspeedfan444.exe
18:33:37.0684 3900 C:\Users\Del\Desktop\installspeedfan444.exe - ok
18:33:37.0684 3900 [ 6814300419C92B2B99CE4AAE4D1BA17A ] C:\Windows\System32\upnp.dll
18:33:37.0684 3900 C:\Windows\System32\upnp.dll - ok
18:33:37.0684 3900 [ FA05241C7BC7EBCC36AF78299D0D37FE ] C:\Windows\System32\wmploc.DLL
18:33:37.0684 3900 C:\Windows\System32\wmploc.DLL - ok
18:33:37.0700 3900 [ D887C9FD02AC9FA880F6E5027A43E118 ] C:\Windows\System32\ssdpsrv.dll
18:33:37.0700 3900 C:\Windows\System32\ssdpsrv.dll - ok
18:33:37.0700 3900 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\54121653.sys
18:33:37.0700 3900 C:\Windows\System32\drivers\54121653.sys - ok
18:33:37.0700 3900 [ 715770992D98E92095F5D7510311407C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
18:33:37.0700 3900 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll - ok
18:33:37.0716 3900 [ 177DF28315BF4300ECB5CBEEEE961292 ] C:\Windows\System32\webcheck.dll
18:33:37.0716 3900 C:\Windows\System32\webcheck.dll - ok
18:33:37.0716 3900 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\System32\mlang.dll
18:33:37.0716 3900 C:\Windows\System32\mlang.dll - ok
18:33:37.0716 3900 [ 8C7FE6B9559204765849BFF308764FA5 ] C:\Windows\System32\SyncCenter.dll
18:33:37.0716 3900 C:\Windows\System32\SyncCenter.dll - ok
18:33:37.0731 3900 [ 5F16C07CFA97228DB5AC98D61D770827 ] C:\Windows\System32\imapi2.dll
18:33:37.0731 3900 C:\Windows\System32\imapi2.dll - ok
18:33:37.0731 3900 [ 8CC4ECA2177510674DB92BB8F1CEBBEE ] C:\Windows\System32\hgcpl.dll
18:33:37.0731 3900 C:\Windows\System32\hgcpl.dll - ok
18:33:37.0747 3900 [ F3222C893BD2F5821A0179E5C71E88FB ] C:\Windows\System32\fdPHost.dll
18:33:37.0747 3900 C:\Windows\System32\fdPHost.dll - ok
18:33:37.0747 3900 [ DE6F4B7E62FDE776F3DE8E5FB5A05C48 ] C:\Windows\System32\fdWSD.dll
18:33:37.0747 3900 C:\Windows\System32\fdWSD.dll - ok
18:33:37.0747 3900 [ 674611721264013DB169EC12AFC9C3B6 ] C:\Windows\System32\fdSSDP.dll
18:33:37.0747 3900 C:\Windows\System32\fdSSDP.dll - ok
18:33:37.0762 3900 [ 4C14DD5BC87E3D5AA225D13CCE612C2B ] C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
18:33:37.0762 3900 C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
18:33:37.0762 3900 [ AB4EA33CB60256FEE1D8FBE2AAAF333E ] C:\Program Files\Internet Explorer\ieproxy.dll
18:33:37.0762 3900 C:\Program Files\Internet Explorer\ieproxy.dll - ok
18:33:37.0762 3900 [ DB720532E9CED8D1F3D036D85C4B3E8C ] C:\Users\Del\Desktop\IDPS.exe
18:33:37.0762 3900 C:\Users\Del\Desktop\IDPS.exe - ok
18:33:37.0778 3900 [ E175F9C726120B4DA11630FE3F7BD6D4 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a97f4e39d47dc3d5098150a8b14a9662\Microsoft.VisualBasic.ni.dll
18:33:37.0778 3900 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a97f4e39d47dc3d5098150a8b14a9662\Microsoft.VisualBasic.ni.dll - ok
18:33:37.0778 3900 [ 9DA78C1F1F15CE5424EDF18CE4728C01 ] C:\Windows\System32\wmpps.dll
18:33:37.0778 3900 C:\Windows\System32\wmpps.dll - ok
18:33:37.0794 3900 [ 00D1F89836927C0F2E37321E6B441FCE ] C:\Windows\System32\msxml3.dll
18:33:37.0794 3900 C:\Windows\System32\msxml3.dll - ok
18:33:37.0794 3900 [ 7B1B69554D86DC0A237642A01246663B ] C:\Windows\System32\wmpmde.dll
18:33:37.0794 3900 C:\Windows\System32\wmpmde.dll - ok
18:33:37.0794 3900 [ 8E33E2B24306C5249154322BC99493F5 ] C:\Windows\System32\httpapi.dll
18:33:37.0794 3900 C:\Windows\System32\httpapi.dll - ok
18:33:37.0809 3900 [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
18:33:37.0809 3900 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
18:33:37.0809 3900 [ 2134092B55E59445F3286F5EB331C28A ] C:\Program Files\CamToPrint\PassportPhoto\Cryptographer.dll
18:33:37.0809 3900 C:\Program Files\CamToPrint\PassportPhoto\Cryptographer.dll - ok
18:33:37.0809 3900 [ 62D6C0C69ADFB00C3EB9A0CC81F39EE6 ] C:\Windows\System32\WinSATAPI.dll
18:33:37.0809 3900 C:\Windows\System32\WinSATAPI.dll - ok
18:33:37.0825 3900 [ 25FC9E3237D9DC8F7511AF13E70C49BC ] C:\Windows\System32\MSMPEG2ENC.DLL
18:33:37.0825 3900 C:\Windows\System32\MSMPEG2ENC.DLL - ok
18:33:37.0825 3900 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\System32\devenum.dll
18:33:37.0825 3900 C:\Windows\System32\devenum.dll - ok
18:33:37.0840 3900 [ 70F03B29A62194E69911952B3640D9D2 ] C:\Windows\System32\msdmo.dll
18:33:37.0840 3900 C:\Windows\System32\msdmo.dll - ok
18:33:37.0840 3900 [ 3AF5A9B45A87FE4998C4DC86E06ABA83 ] C:\Users\Del\Desktop\FRST.exe
18:33:37.0840 3900 C:\Users\Del\Desktop\FRST.exe - ok
18:33:37.0840 3900 [ 833FBB672460EFCE8011D262175FAD33 ] C:\Windows\System32\upnphost.dll
18:33:37.0840 3900 C:\Windows\System32\upnphost.dll - ok
18:33:37.0856 3900 [ 203C3380A744CA5B9B1A9CAEB57F7D57 ] C:\Windows\System32\wbem\WmiPrvSE.exe
18:33:37.0856 3900 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
18:33:37.0856 3900 [ 60386A010E5961A05855340946538844 ] C:\Windows\System32\wbem\wmiprov.dll
18:33:37.0856 3900 C:\Windows\System32\wbem\wmiprov.dll - ok
18:33:37.0856 3900 [ AB88E5BBC2853151FE0DBE15F8ECB78C ] C:\Users\Del\Desktop\DMT.exe
18:33:37.0856 3900 C:\Users\Del\Desktop\DMT.exe - ok
18:33:37.0872 3900 [ F553C17DE347A663F1800F4D6ADD5556 ] C:\Users\Del\Desktop\diagnose.exe
18:33:37.0872 3900 C:\Users\Del\Desktop\diagnose.exe - ok
18:33:37.0872 3900 [ E6A11F61FF594EBBBA7F9B390A6B03F0 ] C:\Users\Del\Desktop\BRC_109_Setup.exe
18:33:37.0872 3900 C:\Users\Del\Desktop\BRC_109_Setup.exe - ok
18:33:37.0872 3900 [ 67CA36B29656F214920B05B1EA8C6F9F ] C:\Users\Del\Desktop\B2CAppSetup.exe
18:33:37.0872 3900 C:\Users\Del\Desktop\B2CAppSetup.exe - ok
18:33:37.0887 3900 [ B0222BD0F9D97488D691BCC02B051A92 ] C:\Windows\ehome\ehshell.exe
18:33:37.0887 3900 C:\Windows\ehome\ehshell.exe - ok
18:33:37.0887 3900 [ 230EA9ABBC3432CDE388F4891E76E867 ] C:\Windows\System32\udhisapi.dll
18:33:37.0887 3900 C:\Windows\System32\udhisapi.dll - ok
18:33:37.0887 3900 [ B02D4E4A4EBEF9E33488969DF6E9BC22 ] C:\Windows\System32\ntkrnlpa.exe
18:33:37.0887 3900 C:\Windows\System32\ntkrnlpa.exe - ok
18:33:37.0903 3900 [ DA1919D896DBD5895E138932AE9E398B ] C:\Windows\System32\browserchoice.exe
18:33:37.0903 3900 C:\Windows\System32\browserchoice.exe - ok
18:33:37.0903 3900 [ DF6188E434F2CB1BE9371753E01BDF4F ] C:\Windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\wordicon.exe
18:33:37.0903 3900 C:\Windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\wordicon.exe - ok
18:33:37.0918 3900 [ 0F0EE7DE3436E6F8F0E19DACAC7B5730 ] C:\Windows\System32\mf.dll
18:33:37.0918 3900 C:\Windows\System32\mf.dll - ok
18:33:37.0918 3900 [ 3809706EB1866F53ABD0B1621B307CC0 ] C:\Windows\System32\mfds.dll
18:33:37.0918 3900 C:\Windows\System32\mfds.dll - ok
18:33:37.0918 3900 [ B9980FCD160D1EC1422B111C74B56DB2 ] C:\Windows\System32\quartz.dll
18:33:37.0918 3900 C:\Windows\System32\quartz.dll - ok
18:33:37.0934 3900 [ 571983C303CA1F7C7063CCD5F8BC56FB ] C:\Program Files\BRC\BRC.exe
18:33:37.0934 3900 C:\Program Files\BRC\BRC.exe - ok
18:33:37.0934 3900 [ 53DC142152B0DD6CAFD4C4E8100B0665 ] C:\Program Files\Sony\Remote Keyboard\VNKApp.exe
18:33:37.0934 3900 C:\Program Files\Sony\Remote Keyboard\VNKApp.exe - ok
18:33:37.0934 3900 [ 2829EA1CDA353987B5552DB955F3B736 ] C:\Windows\System32\msmpeg2adec.dll
18:33:37.0934 3900 C:\Windows\System32\msmpeg2adec.dll - ok
18:33:37.0950 3900 [ 3DE43BFDAF3F8979699650202AA18B12 ] C:\Windows\System32\msmpeg2vdec.dll
18:33:37.0950 3900 C:\Windows\System32\msmpeg2vdec.dll - ok
18:33:37.0950 3900 [ 39BFD86634004B7C0D3FD81D2CBB8F92 ] C:\Program Files\Windows NT\Accessories\wordpad.exe
18:33:37.0950 3900 C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
18:33:37.0950 3900 [ 5A75FF83FE4EC87EC205ED12B79AC11D ] C:\Windows\System32\evr.dll
18:33:37.0950 3900 C:\Windows\System32\evr.dll - ok
18:33:37.0965 3900 [ 5EBA224D227654AD998EFFDCD1B30BFE ] C:\Program Files\Windows Live\Mail\wlmail.exe
18:33:37.0965 3900 C:\Program Files\Windows Live\Mail\wlmail.exe - ok
18:33:37.0965 3900 [ CFE0D54AF7E1B87C92ED99E596410737 ] C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
18:33:37.0965 3900 C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe - ok
18:33:37.0981 3900 [ 6AC23D88F560593F5138F54C751A9979 ] C:\Windows\System32\sqmapi.dll
18:33:37.0981 3900 C:\Windows\System32\sqmapi.dll - ok
18:33:37.0981 3900 [ 4D6BF9D63E4710B40A7F486DCD86E534 ] C:\Windows\Installer\{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}\WLXPhotoGalleryIcon.exe
18:33:37.0981 3900 C:\Windows\Installer\{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}\WLXPhotoGalleryIcon.exe - ok
18:33:37.0981 3900 [ D63E1E009F46C45EFDA4C6CA59E5C8A3 ] C:\Program Files\SpeedFan\speedfan.exe
18:33:37.0981 3900 C:\Program Files\SpeedFan\speedfan.exe - ok
18:33:37.0996 3900 [ E97295DE2A9FDE547FEAB4FE41DF16CA ] C:\Windows\System32\mspaint.exe
18:33:37.0996 3900 C:\Windows\System32\mspaint.exe - ok
18:33:37.0996 3900 [ B2A8957E9CDDCF307E7DC503D34FEF3E ] C:\Program Files\Sophos\Sophos Anti-Virus\SavMain.exe
18:33:37.0996 3900 C:\Program Files\Sophos\Sophos Anti-Virus\SavMain.exe - ok
18:33:37.0996 3900 [ 5A8EBF167F36A7C0D6E9BDD027D55EEB ] C:\Program Files\DVD Maker\DVDMaker.exe
18:33:37.0996 3900 C:\Program Files\DVD Maker\DVDMaker.exe - ok
18:33:38.0012 3900 [ 4884DA7754823B44CCC2B2106F21146E ] C:\Windows\System32\calc.exe
18:33:38.0012 3900 C:\Windows\System32\calc.exe - ok
18:33:38.0012 3900 [ 17CA0EAE649E44D365652727766F3AB0 ] C:\Program Files\RC Plane Master\RCPlaneMaster.exe
18:33:38.0012 3900 C:\Program Files\RC Plane Master\RCPlaneMaster.exe - ok
18:33:38.0028 3900 [ B2245A7F82DBD38165037E386447531A ] C:\Program Files\Sony\PMB\PMBBrowser.exe
18:33:38.0028 3900 C:\Program Files\Sony\PMB\PMBBrowser.exe - ok
18:33:38.0028 3900 [ 0DCFC2BF9979DA1CDA63EEA904D115CF ] C:\Program Files\Sony\PMB\PMBLauncher.exe
18:33:38.0028 3900 C:\Program Files\Sony\PMB\PMBLauncher.exe - ok
18:33:38.0028 3900 [ 2CF4B409845ACCD5BCC2868D8ABA3BF8 ] C:\Program Files\P&O Cruises Live Ship Tracker\P&O Cruises Live Ship Tracker.exe
18:33:38.0028 3900 C:\Program Files\P&O Cruises Live Ship Tracker\P&O Cruises Live Ship Tracker.exe - ok
18:33:38.0043 3900 [ 4C0A720AB377391D7D2EDE1ED905A420 ] C:\Program Files\CCleaner\CCleaner.exe
18:33:38.0043 3900 C:\Program Files\CCleaner\CCleaner.exe - ok
18:33:38.0043 3900 [ 5D55AF247C0472A19FCE06F3AE02124E ] C:\Program Files\Anvisoft\Anvi Smart Defender\ASD.exe
18:33:38.0043 3900 C:\Program Files\Anvisoft\Anvi Smart Defender\ASD.exe - ok
18:33:38.0059 3900 [ 5D66CBCDA60ECCE893B8E69BD5F23F92 ] C:\Windows\System32\SearchProtocolHost.exe
18:33:38.0059 3900 C:\Windows\System32\SearchProtocolHost.exe - ok
18:33:38.0059 3900 [ 7FFE38A9BCE22AED21A0CEA1E6EAD1B5 ] C:\Windows\System32\SearchFilterHost.exe
18:33:38.0059 3900 C:\Windows\System32\SearchFilterHost.exe - ok
18:33:38.0059 3900 [ ADC11749E6698FC30C603DFCCC4F98F2 ] C:\Program Files\Windows Live\Contacts\wlcomm.exe
18:33:38.0059 3900 C:\Program Files\Windows Live\Contacts\wlcomm.exe - ok
18:33:38.0074 3900 [ F148865E4AC4F715E322EA06E6E21D84 ] C:\Windows\System32\wbem\NCProv.dll
18:33:38.0074 3900 C:\Windows\System32\wbem\NCProv.dll - ok
18:33:38.0074 3900 [ 34EBD4FF6A24D86BB4716D6AFCC1A89B ] C:\Program Files\Apple Software Update\SoftwareUpdate.exe
18:33:38.0074 3900 C:\Program Files\Apple Software Update\SoftwareUpdate.exe - ok
18:33:38.0074 3900 [ 84E7FE082DD536BF1336CCF75BC53BB8 ] C:\Program Files\Microsoft Office\Office\MSACCESS.EXE
18:33:38.0074 3900 C:\Program Files\Microsoft Office\Office\MSACCESS.EXE - ok
18:33:38.0090 3900 [ FA389F50940205526C5F22CD5905BE3E ] C:\Program Files\Sophos\Sophos Anti-Virus\SAVCleanupService.exe
18:33:38.0090 3900 C:\Program Files\Sophos\Sophos Anti-Virus\SAVCleanupService.exe - ok
18:33:38.0090 3900 [ D7D01106F3ABB80C027558A1E882ED6C ] C:\Users\Del\Desktop\SPUDownloadManager_1111a.exe
18:33:38.0090 3900 C:\Users\Del\Desktop\SPUDownloadManager_1111a.exe - ok
18:33:38.0106 3900 [ 8A4883F5E7AC37444F23279239553878 ] C:\Windows\regedit.exe
18:33:38.0106 3900 C:\Windows\regedit.exe - ok
18:33:38.0106 3900 [ 9ECBE68EAA851B22FA9ECFE33AFA0043 ] C:\Program Files\Intuit\QuickBooks 2010\QBW32SimplestartLimited.exe
18:33:38.0106 3900 C:\Program Files\Intuit\QuickBooks 2010\QBW32SimplestartLimited.exe - ok
18:33:38.0106 3900 [ 68D3C83DD23AA5C694BAC3540A01023F ] C:\Windows\Installer\{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
18:33:38.0106 3900 C:\Windows\Installer\{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe - ok
18:33:38.0121 3900 [ D2924C6DBE11C02BFECA18162269F398 ] C:\Program Files\MotoCalc8\MotoCalc.exe
18:33:38.0121 3900 C:\Program Files\MotoCalc8\MotoCalc.exe - ok
18:33:38.0121 3900 [ D378BFFB70923139D6A4F546864AA61C ] C:\Windows\System32\notepad.exe
18:33:38.0121 3900 C:\Windows\System32\notepad.exe - ok
18:33:38.0121 3900 [ 014DC3112CC716777AC3CE8DA5895221 ] C:\Program Files\CamToPrint\PassportPhoto\CamToPrint.exe
18:33:38.0121 3900 C:\Program Files\CamToPrint\PassportPhoto\CamToPrint.exe - ok
18:33:38.0137 3900 [ 413CA4D6F250DC70DFCB6923E6AF8267 ] C:\Program Files\FreshDevices\FreshDiagnose\fdiag.exe
18:33:38.0137 3900 C:\Program Files\FreshDevices\FreshDiagnose\fdiag.exe - ok
18:33:38.0137 3900 [ 63B1F52B758B89A6533091871C865A3D ] C:\Windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\xlicons.exe
18:33:38.0137 3900 C:\Windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\xlicons.exe - ok
18:33:38.0152 3900 [ 70E59D7731136CBADA308B433BA81039 ] C:\Program Files\Microsoft Office\Office\MSOHTMED.EXE
18:33:38.0152 3900 C:\Program Files\Microsoft Office\Office\MSOHTMED.EXE - ok
18:33:38.0152 3900 [ CC2C991D4D62B08C9487A5279D4A2EE3 ] C:\Program Files\Microsoft Office\Office\1033\MSOHELP.EXE
18:33:38.0152 3900 C:\Program Files\Microsoft Office\Office\1033\MSOHELP.EXE - ok
18:33:38.0152 3900 [ 7932AADAFBD6BBBF624C033F487A01B2 ] C:\Program Files\Microsoft Office\Office\MSO7FTP.EXE
18:33:38.0152 3900 C:\Program Files\Microsoft Office\Office\MSO7FTP.EXE - ok
18:33:38.0168 3900 [ 086A00D462089813688461E0813DD529 ] C:\Windows\System32\localspl.dll
18:33:38.0168 3900 C:\Windows\System32\localspl.dll - ok
18:33:38.0168 3900 [ 629181C26A78EB66B0B4E774E5AC2882 ] C:\Windows\System32\spoolss.dll
18:33:38.0168 3900 C:\Windows\System32\spoolss.dll - ok
18:33:38.0168 3900 [ DDA6CFD632DCB8D9C72ADA58799BF776 ] C:\Windows\System32\PrintIsolationProxy.dll
18:33:38.0168 3900 C:\Windows\System32\PrintIsolationProxy.dll - ok
18:33:38.0184 3900 [ 6043879D143A3A4DF6DF2615B08FE9FB ] C:\Windows\System32\CNBLM3_3.DLL
18:33:38.0184 3900 C:\Windows\System32\CNBLM3_3.DLL - ok
18:33:38.0184 3900 [ D5CC5113671AC70993A5B46923212F16 ] C:\Windows\System32\FXSMON.dll
18:33:38.0184 3900 C:\Windows\System32\FXSMON.dll - ok
18:33:38.0184 3900 [ B390C1D825C7687493BEDE237C6C2F25 ] C:\Windows\System32\tcpmon.dll
18:33:38.0184 3900 C:\Windows\System32\tcpmon.dll - ok
18:33:38.0199 3900 [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\System32\snmpapi.dll
18:33:38.0199 3900 C:\Windows\System32\snmpapi.dll - ok
18:33:38.0199 3900 [ 923CDD30092DB73EC4A0EBCDDD16C686 ] C:\Windows\System32\usbmon.dll
18:33:38.0199 3900 C:\Windows\System32\usbmon.dll - ok
18:33:38.0215 3900 [ A8EB761DE499242BECF153B2B34F020E ] C:\Windows\System32\WSDMon.dll
18:33:38.0215 3900 C:\Windows\System32\WSDMon.dll - ok
18:33:38.0215 3900 [ F34CFADA6C48DAA41B996D24C7D8D3CA ] C:\Windows\System32\fdPnp.dll
18:33:38.0215 3900 C:\Windows\System32\fdPnp.dll - ok
18:33:38.0215 3900 [ DBD10464E7246C9E722025DEBC093D01 ] C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
18:33:38.0215 3900 C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll - ok
18:33:38.0230 3900 [ 19543C26B7F6554D04D6BBF650648907 ] C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL
18:33:38.0230 3900 C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL - ok
18:33:38.0230 3900 [ DD670B01D42CCC61232320E120B62033 ] C:\Windows\System32\win32spl.dll
18:33:38.0230 3900 C:\Windows\System32\win32spl.dll - ok
18:33:38.0230 3900 [ 258A532CFFAAD910B5B14F27DCD7BFB3 ] C:\Windows\System32\inetpp.dll
18:33:38.0230 3900 C:\Windows\System32\inetpp.dll - ok
18:33:38.0246 3900 [ 52FC6799B30366814D1CE6E5C2E28875 ] C:\Windows\System32\ntprint.dll
18:33:38.0246 3900 C:\Windows\System32\ntprint.dll - ok
18:33:38.0246 3900 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:33:38.0246 3900 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
18:33:38.0246 3900 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\System32\msvcr100_clr0400.dll
18:33:38.0246 3900 C:\Windows\System32\msvcr100_clr0400.dll - ok
18:33:38.0262 3900 [ 7FE4995528A7529A761875151EE3D512 ] C:\Windows\System32\FntCache.dll
18:33:38.0262 3900 C:\Windows\System32\FntCache.dll - ok
18:33:38.0262 3900 [ 3BB83E5D05F06553A01A742435987AFD ] C:\Program Files\Google\Update\1.3.21.153\goopdateres_en-GB.dll
18:33:38.0262 3900 C:\Program Files\Google\Update\1.3.21.153\goopdateres_en-GB.dll - ok
18:33:38.0277 3900 [ 4C287F9069FEDBD791178876EE9DE536 ] C:\Windows\System32\sppsvc.exe
18:33:38.0277 3900 C:\Windows\System32\sppsvc.exe - ok
18:33:38.0277 3900 [ D16D818E9930A6E5B4F6476DD0998D1A ] C:\Windows\System32\drivers\spsys.sys
18:33:38.0277 3900 C:\Windows\System32\drivers\spsys.sys - ok
18:33:38.0277 3900 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\Windows\System32\wuaueng.dll
18:33:38.0277 3900 C:\Windows\System32\wuaueng.dll - ok
18:33:38.0293 3900 [ DEF30CBEA881149C2AFFDF9A059FB759 ] C:\Windows\System32\cabinet.dll
18:33:38.0293 3900 C:\Windows\System32\cabinet.dll - ok
18:33:38.0293 3900 [ 387A8A473ECC5BA02CF453277C1F3274 ] C:\Windows\System32\mspatcha.dll
18:33:38.0293 3900 C:\Windows\System32\mspatcha.dll - ok
18:33:38.0293 3900 [ 57D56901BA1B27EE1EEE94497F3DB41D ] C:\Windows\System32\sppwinob.dll
18:33:38.0293 3900 C:\Windows\System32\sppwinob.dll - ok
18:33:38.0308 3900 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\Windows\System32\wups.dll
18:33:38.0308 3900 C:\Windows\System32\wups.dll - ok
18:33:38.0308 3900 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\Windows\System32\wups2.dll
18:33:38.0308 3900 C:\Windows\System32\wups2.dll - ok
18:33:38.0308 3900 [ 58E1354D5CF82E33AF9A1CD1E31C9ED7 ] C:\Windows\System32\sppobjs.dll
18:33:38.0308 3900 C:\Windows\System32\sppobjs.dll - ok
18:33:38.0324 3900 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] C:\Windows\System32\drivers\asyncmac.sys
18:33:38.0324 3900 C:\Windows\System32\drivers\asyncmac.sys - ok
18:33:38.0324 3900 [ C8E3A30A36D8D0B9BEFFC7DD57836D24 ] C:\Program Files\Google\Update\1.3.21.153\psmachine.dll
18:33:38.0324 3900 C:\Program Files\Google\Update\1.3.21.153\psmachine.dll - ok
18:33:38.0340 3900 [ E530A15E1DC33EF3D84322586284DA2E ] C:\Windows\System32\wbem\cimwin32.dll
18:33:38.0340 3900 C:\Windows\System32\wbem\cimwin32.dll - ok
18:33:38.0340 3900 [ 173ACF6C35627AF10D8A449AB8D61C0E ] C:\Windows\System32\framedynos.dll
18:33:38.0340 3900 C:\Windows\System32\framedynos.dll - ok
18:33:38.0340 3900 [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\System32\security.dll
18:33:38.0340 3900 C:\Windows\System32\security.dll - ok
18:33:38.0355 3900 [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\System32\dssenh.dll
18:33:38.0355 3900 C:\Windows\System32\dssenh.dll - ok
18:33:38.0355 3900 [ A81AF063D965A321D577AE3C24ADA449 ] C:\Windows\System32\browcli.dll
18:33:38.0355 3900 C:\Windows\System32\browcli.dll - ok
18:33:38.0355 3900 [ 7F87FEBFBCEE844A080A76C83A1B013F ] C:\Windows\System32\schedcli.dll
18:33:38.0355 3900 C:\Windows\System32\schedcli.dll - ok
18:33:38.0371 3900 [ 43BE3B9CA431F88E049928DC45C4365C ] C:\Windows\System32\wbem\wmipcima.dll
18:33:38.0371 3900 C:\Windows\System32\wbem\wmipcima.dll - ok
18:33:38.0371 3900 [ AFF03EAADAB9BE41A98B76332B980283 ] C:\Windows\System32\wmi.dll
18:33:38.0371 3900 C:\Windows\System32\wmi.dll - ok
18:33:38.0386 3900 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\Windows\System32\wuauclt.exe
18:33:38.0386 3900 C:\Windows\System32\wuauclt.exe - ok
18:33:38.0386 3900 [ 285C594C4913FA9DC7BB6BA3AD6F101A ] C:\Windows\System32\wucltux.dll
18:33:38.0386 3900 C:\Windows\System32\wucltux.dll - ok
18:33:38.0386 3900 [ 52799EAD792B0E9AE7FD4BA5BD18FE5C ] C:\Windows\System32\wbem\WMIADAP.exe
18:33:38.0386 3900 C:\Windows\System32\wbem\WMIADAP.exe - ok
18:33:38.0402 3900 [ 0842FB9AC27460E2B0107F6B3A872FD5 ] C:\Windows\System32\raserver.exe
18:33:38.0402 3900 C:\Windows\System32\raserver.exe - ok
18:33:38.0402 3900 [ 529879612A7FAE235914E3AA6A9A669C ] C:\Windows\System32\loadperf.dll
18:33:38.0402 3900 C:\Windows\System32\loadperf.dll - ok
18:33:38.0402 3900 ============================================================
18:33:38.0402 3900 Scan finished
18:33:38.0402 3900 ============================================================
18:33:38.0418 3896 Detected object count: 4
18:33:38.0418 3896 Actual detected object count: 4
18:34:28.0696 3896 FreshIO ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:28.0696 3896 FreshIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:28.0696 3896 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:28.0696 3896 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:28.0696 3896 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:28.0696 3896 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:34:28.0696 3896 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
18:34:28.0696 3896 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:35:00.0254 2624 Deinitialize success

[70delboy]

Now Malwarebues

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.22.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Del :: DEL-PC [administrator]

22/09/2013 18:46:03
mbam-log-2013-09-22 (18-46-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353892
Time elapsed: 29 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7148263E-9744-4719-BEA3-8766FC18932B} (PUP.Optional.7Go.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7148263E-9744-4719-BEA3-8766FC18932B} (PUP.Optional.7Go.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A66261FC-B82E-4EC7-9F6D-C2F36B871DF0} (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: http://www2.delta-se...913_m1&tsp=5009 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|bProtectTabs (PUP.Optional.BrowserProtect.A) -> Data: http://www2.delta-se...913_m1&tsp=5009 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 7
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Roaming\SpeedAnalysis3 (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Roaming\7go (PUP.Optional.7Go.A) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\ProgramData\BitGuard\2.6.1673.238 (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BitGuard.A) -> Delete on reboot.

Files Detected: 27
C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2568410734-3031030142-1223416489-1001\$R2A0D11B6 (Rootkit.0Access.ED) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2568410734-3031030142-1223416489-1001\$R7A3541B0 (Rootkit.0Access.ED) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Local\Temp\8D3AB897-BAB0-7891-810F-3C9E5748B527\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Local\Temp\8D3AB897-BAB0-7891-810F-3C9E5748B527\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Local\Temp\8D3AB897-BAB0-7891-810F-3C9E5748B527\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Local\Temp\8D3AB897-BAB0-7891-810F-3C9E5748B527\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Local\Temp\8D3AB897-BAB0-7891-810F-3C9E5748B527\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Local\Temp\8D3AB897-BAB0-7891-810F-3C9E5748B527\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Local\Temp\8D3AB897-BAB0-7891-810F-3C9E5748B527\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Local\Temp\nswE25B.tmp\protector.dll (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
C:\Users\Del\Local Settings\Temporary Internet Files\Content.IE5\QN3USVWR\pack[1].7z (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
C:\Users\Del\Local Settings\Temporary Internet Files\Content.IE5\RX40KC2A\Setup[2].exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\Users\Del\Local Settings\Temporary Internet Files\Content.IE5\V5HDA8EG\$v+YMVJlsZAc1njM+[1].exe (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Del\Local Settings\Temporary Internet Files\Content.IE5\V5HDA8EG\DeltaTB_20130715[1].exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Roaming\speedanalysis.ico (PUP.Optional.SpeedAnalysis2.A) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Roaming\SpeedAnalysis3\speedanalysis.crx (PUP.Optional.SpeedAnalysis3.A) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Roaming\7go\7go.crx (PUP.Optional.7Go.A) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Roaming\7go\DeskTopIcon.ico (PUP.Optional.7Go.A) -> Quarantined and deleted successfully.
C:\Users\Del\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.BitGuard.A) -> Delete on reboot.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.
C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BitGuard.A) -> Quarantined and deleted successfully.

(end)

[70delboy]

Hi there again
Presumably I should delete the files quarantined by the Sophos antivirus?

delboy

[maliprog]

Hi 70delboy,

Presumably I should delete the files quarantined by the Sophos antivirus?

You can do this when we make sure your system is clean at the end.

How is your system now? Any problems?

[70delboy]

Hi there
The system seems to be responding a lot quicker now so a great improvement. There are still AV warnings coming up. Currently these files are in quarantine.

Mal/Zbot-FG
BProtector

Thanks
delboy