Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

multiple issues - please help [Solved]


  • This topic is locked This topic is locked

#1
redleader74

redleader74

    Member

  • Member
  • PipPipPip
  • 195 posts

I have a Dell laptop running Windows 7 with multiple issues it seams.  Lots of browser redirects and in-browser pop-ups.  There's also something called Pro PC Cleaner that keeps popping up and running on its own.  I'm not sure where to start but I'm pretty sure there's a lof of software on this machine that shoudln't be on here and I can't tell which are viruses/malware and which are simply unwanted/unneeded software.  Where should I start?

 

Thanks.


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

 

Fresh Set of Logs Needed
Let's begin. Please follow the steps below.
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
    Only one of them will run on your system, that will be the right version.
2. Right click on the file and select Run as administrator (If you don't have this option simply double-click the file to open). When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.
     Note: Please do not attach any logs unless specifically requested. It's easier if you simply copy and paste them into your reply. It's OK if you have to use more than one post to do so.

 


  • 0

#3
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Peter Chang (administrator) on PETERCHANG-PC on 16-01-2015 11:46:01
Running from C:\Users\Peter Chang\Desktop
Loaded Profiles: Peter Chang (Available profiles: Peter Chang)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Tester Extension) C:\ProgramData\makulitsidwe\1.1.0.29\cozwdhost.exe
() C:\Users\Peter Chang\AppData\Roaming\VOPackage\VOsrv.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
() C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Tester Extension) C:\ProgramData\makulitsidwe\1.1.0.29\cozahost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\StormWatch.exe
(Tester Extension) C:\ProgramData\makulitsidwe\1.1.0.29\coz64host.exe
() C:\Users\Peter Chang\AppData\Local\wincheck\wincheck.exe
(Tester Extension) C:\ProgramData\makulitsidwe\1.1.0.29\coz32host.exe
() C:\Program Files (x86)\StormWatch\StormWatchApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Peter Chang\AppData\Local\GeniusBox\Client.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Tester Extension) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-22] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinCheck] => C:\Users\Peter Chang\AppData\Local\wincheck\wincheck.exe [267776 2015-01-13] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3782137376-2487312525-798218974-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3782137376-2487312525-798218974-1000\...\MountPoints2: {fc245614-4c06-11e3-a5d1-bc77370d42ff} - G:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245008 2015-01-05] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215312 2015-01-05] (Client Connect LTD)
Startup: C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
ShortcutTarget: StormWatch.lnk -> C:\Program Files (x86)\StormWatch\StormWatch.exe (Weather Protector LLC)
Startup: C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
ShortcutTarget: StormWatchApp.lnk -> C:\Program Files (x86)\StormWatch\StormWatchApp.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3782137376-2487312525-798218974-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3782137376-2487312525-798218974-1000] => http=127.0.0.1:49578;https=127.0.0.1:49578
HKU\S-1-5-21-3782137376-2487312525-798218974-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3782137376-2487312525-798218974-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...96682F6F2&SSPV=
SearchScopes: HKU\S-1-5-21-3782137376-2487312525-798218974-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3782137376-2487312525-798218974-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Cyti Web 1.0.0.6 -> {aa2fac44-d24d-4fed-9e32-397d138365f1} -> C:\Program Files (x86)\Cyti Web\CytiWebbho.dll (Cyti Web)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.10.1

FireFox:
========
FF ProfilePath: C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=M71F06DB9-A2BA-45B7-A498-1CC22CD7CCA1&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP55EBD7ED-3DC8-4920-B901-0A796682F6F2
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=M71F06DB9-A2BA-45B7-A498-1CC22CD7CCA1&SearchSource=55&CUI=&UM=8&UP=SP55EBD7ED-3DC8-4920-B901-0A796682F6F2&SSPV=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\user.js
FF SearchPlugin: C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\searchplugins\trovi-search.xml
FF Extension: Zoompic - C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\Extensions\[email protected] [2015-01-13]
FF Extension: Cyti Web 1.0.1 - C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\Extensions\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}.xpi [2015-01-13]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=M71F06DB9-A2BA-45B7-A498-1CC22CD7CCA1&SearchSource=55&CUI=&UM=8&UP=SP55EBD7ED-3DC8-4920-B901-0A796682F6F2&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=M71F06DB9-A2BA-45B7-A498-1CC22CD7CCA1&SearchSource=55&CUI=&UM=8&UP=SP55EBD7ED-3DC8-4920-B901-0A796682F6F2&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-03]
CHR Extension: (Google Drive) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03]
CHR Extension: (YouTube) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-03]
CHR Extension: (Google Search) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-03]
CHR Extension: (InboxAce) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdhaekeogebjjbaldibekfepbhogdng [2014-11-06]
CHR Extension: (MapsGalaxy) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nadeggfacbpjnhkfamjfhjmfklhfjgol [2015-01-05]
CHR Extension: (Google Wallet) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-03]
CHR Extension: (MapsGalaxy) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb [2014-10-17]
CHR Extension: (Gmail) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3342608 2015-01-05] (Client Connect LTD)
R2 cozaghost; C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe [472096 2015-01-08] (Tester Extension)
R2 cozwdhost; C:\ProgramData\makulitsidwe\1.1.0.29\cozwdhost.exe [199200 2015-01-08] (Tester Extension)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 servervo; C:\Users\Peter Chang\AppData\Roaming\VOPackage\VOsrv.exe [136192 2015-01-13] () [File not signed] <==== ATTENTION
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-21] (Weather Protector LLC)
R2 Update Cyti Web; C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe [529648 2015-01-14] ()
S2 Util Cyti Web; C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe [529648 2015-01-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [34816 2007-02-02] (ASIX Electronics Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 {689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64; C:\Windows\System32\drivers\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64.sys [48784 2015-01-13] (StdLib)
R1 {a6994947-8316-401e-82e4-23da215413fb}Gw64; C:\Windows\System32\drivers\{a6994947-8316-401e-82e4-23da215413fb}Gw64.sys [48784 2015-01-13] (StdLib)
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 11:46 - 2015-01-16 11:47 - 00014961 _____ () C:\Users\Peter Chang\Desktop\FRST.txt
2015-01-16 11:45 - 2015-01-16 11:46 - 00000000 ____D () C:\FRST
2015-01-16 11:44 - 2015-01-16 11:45 - 02125312 _____ (Farbar) C:\Users\Peter Chang\Desktop\FRST64.exe
2015-01-14 03:45 - 2015-01-13 20:36 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64.sys
2015-01-13 17:25 - 2015-01-13 17:25 - 00370040 _____ () C:\Users\Peter Chang\Downloads\Setup.exe
2015-01-13 15:39 - 2015-01-13 17:42 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-01-13 15:39 - 2015-01-13 17:42 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-01-13 15:39 - 2015-01-13 16:04 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-01-13 15:39 - 2015-01-13 15:39 - 00002840 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2015-01-13 15:39 - 2015-01-13 15:39 - 00002838 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2015-01-13 15:39 - 2015-01-13 15:39 - 00002838 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2015-01-13 15:39 - 2015-01-13 15:39 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-01-13 15:38 - 2015-01-13 15:38 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-01-13 15:36 - 2015-01-13 15:39 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-01-13 15:36 - 2015-01-13 15:36 - 00628496 _____ (CMI Limited) C:\Users\Peter Chang\AppData\Local\nsg6B6B.tmp
2015-01-13 15:36 - 2015-01-13 15:36 - 00000000 __SHD () C:\Users\Peter Chang\AppData\Roaming\AnyProtectEx
2015-01-13 14:26 - 2015-01-13 14:26 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\wincheck
2015-01-13 14:26 - 2015-01-13 07:40 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{a6994947-8316-401e-82e4-23da215413fb}Gw64.sys
2015-01-13 14:25 - 2015-01-13 14:25 - 00004534 _____ () C:\Windows\System32\Tasks\Validate Installation
2015-01-13 14:25 - 2015-01-13 14:25 - 00004326 _____ () C:\Windows\System32\Tasks\Check Updates
2015-01-13 14:25 - 2015-01-13 14:25 - 00003906 _____ () C:\Windows\System32\Tasks\GeniusBox
2015-01-13 14:25 - 2015-01-13 14:25 - 00000064 _____ () C:\Users\Peter Chang\AppData\Local\d1dffc9988ec3ec7cc062609a55dfa61
2015-01-13 14:25 - 2015-01-13 14:25 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\GeniusBox
2015-01-13 14:24 - 2015-01-13 17:41 - 00000000 ____D () C:\Program Files (x86)\ORBTR
2015-01-13 14:24 - 2015-01-13 14:24 - 00004036 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-13 14:24 - 2015-01-13 14:24 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\SearchProtect
2015-01-13 14:24 - 2015-01-13 14:24 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-01-13 14:23 - 2015-01-13 17:42 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-01-13 14:23 - 2015-01-13 14:24 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\VOPackage
2015-01-13 14:23 - 2015-01-13 14:23 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-01-13 14:23 - 2015-01-13 14:23 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2015-01-13 14:22 - 2015-01-16 11:02 - 00003482 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-01-13 14:22 - 2015-01-13 17:23 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\StormWatch
2015-01-13 14:22 - 2015-01-13 14:22 - 02092199 _____ () C:\Windows\shost.bin
2015-01-13 14:22 - 2015-01-13 14:22 - 00003218 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2015-01-13 14:22 - 2015-01-13 14:22 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2015-01-13 14:22 - 2015-01-13 14:22 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\Weather_Protector_LLC
2015-01-13 14:22 - 2015-01-13 14:22 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\Pro_PC_Cleaner
2015-01-13 14:22 - 2015-01-13 14:22 - 00000000 ____D () C:\Program Files (x86)\StormWatch
2015-01-13 14:21 - 2015-01-16 11:02 - 00000000 ____D () C:\Users\Peter Chang\Documents\ProPCCleaner
2015-01-13 14:21 - 2015-01-13 14:21 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Pro PC Cleaner
2015-01-13 14:21 - 2015-01-13 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
2015-01-13 14:21 - 2015-01-13 14:21 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner
2015-01-13 14:19 - 2015-01-14 20:55 - 00000000 ____D () C:\Program Files (x86)\Cyti Web
2015-01-13 14:19 - 2015-01-13 14:19 - 00596896 _____ () C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (3).exe
2015-01-13 14:19 - 2015-01-13 14:19 - 00596888 _____ () C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (4).exe
2015-01-13 14:19 - 2015-01-13 14:19 - 00000000 ____D () C:\ProgramData\makulitsidwe
2015-01-13 14:18 - 2015-01-13 14:18 - 00596904 _____ () C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe.exe
2015-01-13 14:18 - 2015-01-13 14:18 - 00596896 _____ () C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (1).exe
2015-01-13 14:18 - 2015-01-13 14:18 - 00596888 _____ () C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (2).exe
2015-01-13 12:32 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 12:32 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 12:32 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 12:32 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 12:32 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 12:32 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 12:32 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 12:32 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 12:32 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 12:32 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 12:32 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 12:32 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 12:32 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-02 23:58 - 2015-01-02 23:58 - 00000355 _____ () C:\Users\Peter Chang\Documents\Favorites - Shortcut.lnk
2014-12-22 21:09 - 2014-12-22 21:09 - 00000000 ____D () C:\Users\Peter Chang\Desktop\Old Firefox Data
2014-12-21 22:48 - 2014-12-21 22:48 - 00003036 _____ () C:\Windows\System32\Tasks\SlimCleaner Run
2014-12-21 22:48 - 2014-12-21 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
2014-12-21 22:13 - 2014-12-21 22:13 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-12-21 19:54 - 2014-12-21 19:54 - 00000000 ____D () C:\Windows\pss
2014-12-20 21:54 - 2014-12-20 21:54 - 00000000 __SHD () C:\Users\Peter Chang\AppData\Local\EmieBrowserModeList
2014-12-20 21:54 - 2014-12-20 21:54 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Apple Computer
2014-12-20 21:52 - 2014-12-20 21:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-18 13:35 - 2014-12-18 13:38 - 00000000 ____D () C:\Users\Peter Chang\Documents\Praise Songs
2014-12-17 20:25 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 20:25 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 11:39 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 11:35 - 2013-04-28 04:23 - 00007064 _____ () C:\Windows\setupact.log
2015-01-16 11:18 - 2013-03-25 19:59 - 02084259 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 11:16 - 2013-03-28 21:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 11:10 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 11:10 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 11:02 - 2014-06-03 20:49 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-16 11:01 - 2013-03-28 21:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 11:01 - 2013-03-28 21:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 11:01 - 2013-03-28 21:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-16 10:59 - 2014-12-10 16:45 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 14:55 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-14 10:44 - 2009-07-13 18:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-14 10:43 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 10:25 - 2013-07-24 05:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 09:56 - 2013-03-25 22:36 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 21:42 - 2013-04-14 22:18 - 00000000 ____D () C:\Users\Peter Chang\Documents\Parish Pointer
2015-01-13 17:41 - 2013-05-15 15:10 - 00153406 _____ () C:\Windows\PFRO.log
2015-01-13 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-12 21:58 - 2014-12-15 17:31 - 00000000 ____D () C:\Users\Peter Chang\Documents\Liturgy
2015-01-04 21:24 - 2013-03-27 23:10 - 00000000 ____D () C:\Users\Peter Chang\Documents\Other Church Files
2014-12-31 03:14 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 20:53 - 2013-03-27 23:11 - 00000000 ____D () C:\Users\Peter Chang\Documents\Sermon
2014-12-22 21:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-21 23:00 - 2013-03-09 22:15 - 00000000 ____D () C:\stvonly
2014-12-21 22:49 - 2013-03-25 20:54 - 00000000 ____D () C:\Windows\Panther
2014-12-21 22:48 - 2013-03-25 23:07 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-12-21 22:03 - 2013-03-25 20:18 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\VirtualStore
2014-12-20 21:59 - 2013-03-27 23:04 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-20 21:57 - 2014-11-06 15:19 - 00000000 ____D () C:\ProgramData\FastAgain 2014

Some content of TEMP:
====================
C:\Users\Peter Chang\AppData\Local\Temp\CloudBackup4105.exe
C:\Users\Peter Chang\AppData\Local\Temp\CloudBackup7497.exe
C:\Users\Peter Chang\AppData\Local\Temp\nszEB97.exe
C:\Users\Peter Chang\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 12:10

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Peter Chang at 2015-01-16 11:47:29
Running from C:\Users\Peter Chang\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.4 - CMI Limited) <==== ATTENTION
AppliedOnline Install (HKLM-x32\...\AppliedOnline Install_is1) (Version:  - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 64 bit (HKLM\...\{9040C3D4-2ACC-42DC-8850-4654CF3D2EEB}) (Version: 1.0.4 - Applied Systems, Inc.)
Cyti Web (HKLM\...\Cyti Web) (Version: 2015.01.13.202326 - Cyti Web) <==== ATTENTION!
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.2.1 - Synaptics Incorporated)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
GeniusBox 2.0 (HKLM-x32\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5 - Pro PC Cleaner)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.85 (HKLM-x32\...\Revo Uninstaller) (Version: 1.85 - VS Revo Group)
ScrewDrivers Client v4 x64 (rdp only) (HKLM\...\{3430BD20-FA33-4721-8225-AC5099EE2B73}) (Version: 4.7.02 - triCerat, Inc.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.30.69 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
StormWatch (HKU\S-1-5-21-3782137376-2487312525-798218974-1000\...\StormWatch) (Version: 1.0.1.36 - StormWatch) <==== ATTENTION!
WinCheck (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - WinCheck) <==== ATTENTION!
Windows Driver Package - Intel (NETwLv64) net  (10/07/2010 13.4.0.139) (HKLM\...\EA1C8ECD4E416637C38F0079F98C8C7B0A112265) (Version: 10/07/2010 13.4.0.139 - Intel)
Windows Driver Package - Intel (NETwNs64) net  (12/21/2010 14.0.1.2) (HKLM\...\1375ECB1EA968F5600A8606ED32CFC24D51A6054) (Version: 12/21/2010 14.0.1.2 - Intel)
Zoompic (HKLM-x32\...\zoompic) (Version: 1.1.0.29 - Zoompic) <==== ATTENTION!

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-12-2014 21:11:42 Windows Update
18-12-2014 11:33:42 Windows Modules Installer
18-12-2014 11:48:29 Windows Update
20-12-2014 21:52:51 Revo Uninstaller's restore point - Bing Bar
20-12-2014 21:54:28 Revo Uninstaller's restore point - Advanced SystemCare 6
20-12-2014 21:56:06 Revo Uninstaller's restore point - SlimCleaner
20-12-2014 21:56:16 Removed SlimCleaner
20-12-2014 21:57:30 Revo Uninstaller's restore point - FastAgain PC Booster
22-12-2014 21:09:50 Windows Update
26-12-2014 18:21:49 Windows Update
30-12-2014 19:52:31 Windows Update
03-01-2015 22:32:26 Windows Update
07-01-2015 17:25:44 Windows Update
10-01-2015 20:35:19 Windows Update
14-01-2015 10:25:16 Windows Modules Installer
16-01-2015 11:12:27 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2013-03-26 04:09 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2420DEE4-835A-4AE2-8EA1-ACEE465D5131} - System32\Tasks\{1EC19F47-1468-483B-89FF-8BC97A442463} => pcalua.exe -a "C:\Users\Peter Chang\Downloads\C3XKT_A00_setup_ZPE.exe" -d "C:\Users\Peter Chang\Downloads"
Task: {25312C1D-AE26-4BE0-B243-C65716B4F81E} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2014-08-21] (Pro PC Cleaner)
Task: {269E2A40-2C0C-4BE6-B41A-E438216FFDD3} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {2ECFCE8F-86F7-47AC-8164-825A0E450615} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-25] (MyPC Backup) <==== ATTENTION
Task: {3207386B-8E06-409B-9090-983BFB9E79BC} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-13] (AnyProtect.com) <==== ATTENTION
Task: {7937DBA1-20ED-483D-BCA5-D10763393635} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Peter Chang\AppData\Local\GeniusBox\client.exe"
Task: {B6683BEA-87A8-4D5A-9B41-A09F56442457} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BD118BE2-01E3-4E61-8E23-FB8A1D704A88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-03] (Google Inc.)
Task: {C0825733-F097-4FBE-B843-C1552B437BAD} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2014-08-21] ()
Task: {D229D97F-1FBF-4BE8-9678-FD9D337ADC01} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-13] (AnyProtect.com) <==== ATTENTION
Task: {ECAAB7FC-218D-4970-8ED3-E7E3D98E1508} - System32\Tasks\Check Updates => C:\Users\Peter Chang\AppData\Local\GeniusBox\updater.exe [2015-01-06] ()
Task: {EF3F16ED-B0EC-4CB7-B248-5C196A60A399} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-13] (AnyProtect.com) <==== ATTENTION
Task: {F380614C-8269-4E62-8C6B-8F6B0002E1D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-16] (Adobe Systems Incorporated)
Task: {F62263B3-316E-49BC-A78A-54FBFFBFC6DC} - System32\Tasks\Validate Installation => C:\Users\Peter Chang\AppData\Local\GeniusBox\updater.exe [2015-01-06] ()
Task: {F78C3A1D-35FF-41C3-AFCD-132BB22265AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-13 14:23 - 2014-11-25 11:29 - 00299008 _____ () C:\Program Files (x86)\MyPC Backup\AlphaFS.dll
2015-01-13 14:24 - 2015-01-13 14:24 - 00136192 _____ () C:\Users\Peter Chang\AppData\Roaming\VOPackage\VOsrv.exe
2015-01-13 12:25 - 2015-01-14 20:55 - 00529648 _____ () C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe
2012-10-10 01:22 - 2012-10-10 01:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-13 13:09 - 2015-01-13 13:09 - 00267776 _____ () C:\Users\Peter Chang\AppData\Local\wincheck\wincheck.exe
2014-11-25 11:47 - 2014-11-25 11:47 - 01465880 _____ () C:\Program Files (x86)\StormWatch\StormWatchApp.exe
2014-12-22 07:12 - 2015-01-06 10:45 - 01882336 _____ () C:\Users\Peter Chang\AppData\Local\GeniusBox\Client.exe
2015-01-13 14:23 - 2014-11-25 11:37 - 00012800 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-10-21 20:06 - 2014-10-21 20:07 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupreg: ScrewDrivers RDP Plugin => C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3782137376-2487312525-798218974-500 - Administrator - Disabled)
Guest (S-1-5-21-3782137376-2487312525-798218974-501 - Limited - Disabled)
Peter Chang (S-1-5-21-3782137376-2487312525-798218974-1000 - Administrator - Enabled) => C:\Users\Peter Chang

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 11:11:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 32.0.3.5379, time stamp: 0x54224e6b
Faulting module name: kernel32.dll, version: 6.1.7601.18409, time stamp: 0x53159a85
Exception code: 0xc0000005
Fault offset: 0x000115e3
Faulting process id: 0x14c4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/16/2015 11:02:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cozaghost.exe, version: 1.1.0.29, time stamp: 0x54aee97b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xdcc
Faulting application start time: 0xcozaghost.exe0
Faulting application path: cozaghost.exe1
Faulting module path: cozaghost.exe2
Report Id: cozaghost.exe3

Error: (01/16/2015 11:02:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ProPCCleaner.exe version 2.5.5.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f34

Start Time: 01d031be8f61986e

Termination Time: 0

Application Path: C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe

Report Id:

Error: (01/14/2015 02:55:44 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Tester Extension because of this error.

Program: Tester Extension
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (01/14/2015 02:55:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cozaghost.exe, version: 1.1.0.29, time stamp: 0x54aee97b
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000096
Fault offset: 0x00048665
Faulting process id: 0xa84
Faulting application start time: 0xcozaghost.exe0
Faulting application path: cozaghost.exe1
Faulting module path: cozaghost.exe2
Report Id: cozaghost.exe3

Error: (01/14/2015 10:44:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 09:55:56 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (01/13/2015 05:43:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 05:56:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 08:59:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/16/2015 11:02:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The cozaghost service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/14/2015 02:55:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update Cyti Web service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (01/14/2015 10:44:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozaghost service failed to start due to the following error:
%%1053

Error: (01/14/2015 10:44:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the cozaghost service to connect.

Error: (01/14/2015 10:43:02 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:42:12 AM on ‎1/‎14/‎2015 was unexpected.

Error: (01/13/2015 05:42:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozaghost service failed to start due to the following error:
%%1053

Error: (01/13/2015 05:42:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the cozaghost service to connect.

Error: (01/08/2015 05:55:18 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:54:11 PM on ‎1/‎8/‎2015 was unexpected.

Error: (12/22/2014 08:52:47 PM) (Source: Microsoft Antimalware) (EventID: 1005) (User: )
Description: %PeterChang-PC60 scan has encountered an error and terminated.

    Scan ID: {100969DF-6555-4FBC-8DC9-392E112B962B}

    Scan Type: %PeterChang-PC02

    Scan Parameters: %PeterChang-PC06

    User: PeterChang-PC\Peter Chang

    Error Code: %PeterChang-PC601

    Error description: %PeterChang-PC602

Error: (12/21/2014 10:44:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (01/16/2015 11:11:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bkernel32.dll6.1.7601.1840953159a85c0000005000115e314c401d031c02961b3e9C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\syswow64\kernel32.dll82a32b1a-9db3-11e4-aff4-bc77370d42ff

Error: (01/16/2015 11:02:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cozaghost.exe1.1.0.2954aee97bunknown0.0.0.000000000c000000500000000dcc01d031bea084e69cC:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exeunknown4347730f-9db2-11e4-aff4-bc77370d42ff

Error: (01/16/2015 11:02:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ProPCCleaner.exe2.5.5.0f3401d031be8f61986e0C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe

Error: (01/14/2015 02:55:44 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Tester Extension000000000

Error: (01/14/2015 02:55:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: cozaghost.exe1.1.0.2954aee97bole32.dll6.1.7601.175144ce7b96fc000009600048665a8401d0302a1be9881dC:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exeC:\Windows\syswow64\ole32.dll780c4861-9c40-11e4-aff4-bc77370d42ff

Error: (01/14/2015 10:44:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 09:55:56 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (01/13/2015 05:43:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/08/2015 05:56:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/22/2014 08:59:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 52%
Total physical RAM: 2960.17 MB
Available physical RAM: 1395.42 MB
Total Pagefile: 5918.52 MB
Available Pagefile: 3955.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:275.52 GB) (Free:191.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:22.46 GB) (Free:14.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive d: detected.

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=22.5 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=275.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=10 MB) - (Type=17) ATTENTION ===> Suspicious partition bootkit on partition 4

==================== End Of Log ============================


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thanks for the information. Wow, there's a lot of stuff on here to be cleaned. Let's start with the following.

 

Step#1 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

AnyProtect
Cyti Web
GeniusBox 2.0
MyPC Backup 
Pro PC Cleaner
Search Protect
SlimCleaner
StormWatch
WinCheck
Zoompic

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   13.77KB   225 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply. 

 

Step#3 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

 

Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#5 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 

 

 

Items for your next post

1. FRST Fix log

2. Rootkit scan log

3. Adwcleaner log

4. Fresh FRST & Addition logs


  • 0

#5
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Peter Chang (administrator) on PETERCHANG-PC on 16-01-2015 16:03:50
Running from C:\Users\Peter Chang\Desktop
Loaded Profiles: Peter Chang (Available profiles: Peter Chang)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-22] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3782137376-2487312525-798218974-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3782137376-2487312525-798218974-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.10.1

FireFox:
========
FF ProfilePath: C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300
FF DefaultSearchEngine: Google
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Slides) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-16]
CHR Extension: (Google Docs) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-16]
CHR Extension: (Google Drive) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-16]
CHR Extension: (YouTube) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-16]
CHR Extension: (Google Search) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-16]
CHR Extension: (Google Sheets) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-16]
CHR Extension: (Google Wallet) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
CHR Extension: (Gmail) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [34816 2007-02-02] (ASIX Electronics Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 16:02 - 2015-01-16 16:02 - 02125312 _____ (Farbar) C:\Users\Peter Chang\Downloads\FRST64.exe
2015-01-16 16:00 - 2015-01-16 16:00 - 00002602 _____ () C:\Users\Peter Chang\Desktop\AdwCleaner[S0].txt
2015-01-16 15:40 - 2015-01-16 15:58 - 00000000 ____D () C:\AdwCleaner
2015-01-16 15:39 - 2015-01-16 15:39 - 02191360 _____ () C:\Users\Peter Chang\Desktop\AdwCleaner.exe
2015-01-16 15:33 - 2015-01-16 15:33 - 00002422 _____ () C:\Users\Peter Chang\Desktop\aswMBR.txt
2015-01-16 15:33 - 2015-01-16 15:33 - 00000512 _____ () C:\Users\Peter Chang\Desktop\MBR.dat
2015-01-16 14:56 - 2015-01-16 14:57 - 05198336 _____ (AVAST Software) C:\Users\Peter Chang\Desktop\aswMBR.exe
2015-01-16 14:36 - 2015-01-16 14:49 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-16 14:35 - 2015-01-16 14:35 - 00000328 _____ () C:\Windows\Tasks\Tempo Runner coz64host.job
2015-01-16 14:34 - 2015-01-16 14:36 - 00000326 _____ () C:\Windows\Tasks\Tempo Runner cozahost.job
2015-01-16 14:34 - 2015-01-16 14:35 - 00002790 _____ () C:\Windows\System32\Tasks\Tempo Runner cozahost
2015-01-16 14:34 - 2015-01-16 14:35 - 00000328 _____ () C:\Windows\Tasks\Tempo Runner coz32host.job
2015-01-16 13:58 - 2015-01-16 13:58 - 00001266 _____ () C:\Users\Peter Chang\Desktop\Revo Uninstaller.lnk
2015-01-16 13:56 - 2015-01-16 13:56 - 01114576 _____ () C:\Users\Peter Chang\Desktop\revosetup.exe
2015-01-16 11:46 - 2015-01-16 16:04 - 00008192 _____ () C:\Users\Peter Chang\Desktop\FRST.txt
2015-01-16 11:45 - 2015-01-16 16:03 - 00000000 ____D () C:\FRST
2015-01-16 11:44 - 2015-01-16 11:45 - 02125312 _____ (Farbar) C:\Users\Peter Chang\Desktop\FRST64.exe
2015-01-13 17:25 - 2015-01-13 17:25 - 00370040 _____ () C:\Users\Peter Chang\Downloads\Setup.exe
2015-01-13 15:38 - 2015-01-13 15:38 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-01-13 12:32 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 12:32 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 12:32 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 12:32 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 12:32 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 12:32 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 12:32 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 12:32 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 12:32 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 12:32 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 12:32 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 12:32 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 12:32 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-02 23:58 - 2015-01-02 23:58 - 00000355 _____ () C:\Users\Peter Chang\Documents\Favorites - Shortcut.lnk
2014-12-22 21:09 - 2014-12-22 21:09 - 00000000 ____D () C:\Users\Peter Chang\Desktop\Old Firefox Data
2014-12-21 22:13 - 2014-12-21 22:13 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-12-21 19:54 - 2014-12-21 19:54 - 00000000 ____D () C:\Windows\pss
2014-12-20 21:54 - 2014-12-20 21:54 - 00000000 __SHD () C:\Users\Peter Chang\AppData\Local\EmieBrowserModeList
2014-12-20 21:54 - 2014-12-20 21:54 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Apple Computer
2014-12-20 21:52 - 2015-01-16 13:58 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-18 13:35 - 2014-12-18 13:38 - 00000000 ____D () C:\Users\Peter Chang\Documents\Praise Songs
2014-12-17 20:25 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 20:25 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 16:02 - 2013-03-25 19:59 - 01076378 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 15:59 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 15:58 - 2013-05-15 15:10 - 00158908 _____ () C:\Windows\PFRO.log
2015-01-16 15:58 - 2013-04-28 04:23 - 00007232 _____ () C:\Windows\setupact.log
2015-01-16 15:15 - 2013-03-28 21:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 14:56 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 14:56 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 14:49 - 2013-03-26 21:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 14:47 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-16 14:39 - 2014-10-21 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 14:37 - 2009-07-13 18:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-16 11:39 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 11:02 - 2014-06-03 20:49 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-16 11:01 - 2013-03-28 21:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 11:01 - 2013-03-28 21:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 11:01 - 2013-03-28 21:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-16 10:59 - 2014-12-10 16:45 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 10:25 - 2013-07-24 05:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 09:56 - 2013-03-25 22:36 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 21:42 - 2013-04-14 22:18 - 00000000 ____D () C:\Users\Peter Chang\Documents\Parish Pointer
2015-01-13 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-12 21:58 - 2014-12-15 17:31 - 00000000 ____D () C:\Users\Peter Chang\Documents\Liturgy
2015-01-04 21:24 - 2013-03-27 23:10 - 00000000 ____D () C:\Users\Peter Chang\Documents\Other Church Files
2014-12-31 03:14 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 20:53 - 2013-03-27 23:11 - 00000000 ____D () C:\Users\Peter Chang\Documents\Sermon
2014-12-22 21:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-21 23:00 - 2013-03-09 22:15 - 00000000 ____D () C:\stvonly
2014-12-21 22:49 - 2013-03-25 20:54 - 00000000 ____D () C:\Windows\Panther
2014-12-21 22:03 - 2013-03-25 20:18 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\VirtualStore
2014-12-20 21:59 - 2013-03-27 23:04 - 00000000 ____D () C:\Program Files (x86)\IObit

Some content of TEMP:
====================
C:\Users\Peter Chang\AppData\Local\Temp\Quarantine.exe
C:\Users\Peter Chang\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 12:10

==================== End Of Log ============================

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-16 15:02:40
-----------------------------
15:02:40.086    OS Version: Windows x64 6.1.7601 Service Pack 1
15:02:40.086    Number of processors: 4 586 0x2A07
15:02:40.086    ComputerName: PETERCHANG-PC  UserName: Peter Chang
15:02:41.240    Initialize success
15:02:41.350    VM: initialized successfully
15:02:41.350    VM: Intel CPU supported
15:02:43.986    VM: supported disk I/O ataport.SYS
15:19:56.396    AVAST engine defs: 15011601
15:20:27.845    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:20:27.861    Disk 0 Vendor: WDC_WD3200BEKT-75PVMT0 01.01A01 Size: 305245MB BusType: 11
15:20:28.001    VM: Disk 0 MBR read successfully
15:20:28.001    Disk 0 MBR scan
15:20:28.079    Disk 0 Windows 7 default MBR code
15:20:28.079    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      101 MB offset 63
15:20:28.111    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        23000 MB offset 208845
15:20:28.142    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       282128 MB offset 47312845
15:20:28.142    Disk 0 default boot code
15:20:28.189    Disk 0 Partition 4 00     17 Hidd HPFS/NTFS NTFS           10 MB offset 625113088
15:20:28.813    Disk 0 scanning C:\Windows\system32\drivers
15:20:42.759    Service scanning
15:21:08.577    Modules scanning
15:21:08.577    Disk 0 trace - called modules:
15:21:08.624    ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:21:08.640    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003436060]
15:21:08.655    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80032e1cb0]
15:21:08.655    5 stdcfltn.sys[fffff88001936c52] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80031d5060]
15:21:09.872    AVAST engine scan C:\Windows
15:21:12.696    AVAST engine scan C:\Windows\system32
15:25:20.564    AVAST engine scan C:\Windows\system32\drivers
15:25:37.085    AVAST engine scan C:\Users\Peter Chang
15:27:40.528    AVAST engine scan C:\ProgramData
15:28:21.634    Disk 0 statistics 3346709/0/26 @ 8.87 MB/s
15:28:21.650    Scan finished successfully
15:33:56.878    Disk 0 MBR has been saved successfully to "C:\Users\Peter Chang\Desktop\MBR.dat"
15:33:56.925    The log file has been saved successfully to "C:\Users\Peter Chang\Desktop\aswMBR.txt"

 

 

# AdwCleaner v4.107 - Report created 16/01/2015 at 15:58:02
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Peter Chang - PETERCHANG-PC
# Running from : C:\Users\Peter Chang\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : {921265c3-88e5-40e1-8d74-df5314572900}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Peter Chang\AppData\Roaming\DriverCure
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKLM\SOFTWARE\ORBTR
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[egq0d27k.default-1419311337300\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,eBay,Twitter,Wikipedia (en),Trovi search,DuckDuckGo");

-\\ Google Chrome v39.0.2171.99


*************************

AdwCleaner[R0].txt - [2537 octets] - [16/01/2015 15:40:51]
AdwCleaner[S0].txt - [2438 octets] - [16/01/2015 15:58:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2498 octets] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Peter Chang (administrator) on PETERCHANG-PC on 16-01-2015 16:03:50
Running from C:\Users\Peter Chang\Desktop
Loaded Profiles: Peter Chang (Available profiles: Peter Chang)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-22] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3782137376-2487312525-798218974-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3782137376-2487312525-798218974-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.10.1

FireFox:
========
FF ProfilePath: C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300
FF DefaultSearchEngine: Google
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (Google Slides) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-16]
CHR Extension: (Google Docs) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-16]
CHR Extension: (Google Drive) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-16]
CHR Extension: (YouTube) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-16]
CHR Extension: (Google Search) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-16]
CHR Extension: (Google Sheets) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-16]
CHR Extension: (Google Wallet) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
CHR Extension: (Gmail) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [34816 2007-02-02] (ASIX Electronics Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 16:02 - 2015-01-16 16:02 - 02125312 _____ (Farbar) C:\Users\Peter Chang\Downloads\FRST64.exe
2015-01-16 16:00 - 2015-01-16 16:00 - 00002602 _____ () C:\Users\Peter Chang\Desktop\AdwCleaner[S0].txt
2015-01-16 15:40 - 2015-01-16 15:58 - 00000000 ____D () C:\AdwCleaner
2015-01-16 15:39 - 2015-01-16 15:39 - 02191360 _____ () C:\Users\Peter Chang\Desktop\AdwCleaner.exe
2015-01-16 15:33 - 2015-01-16 15:33 - 00002422 _____ () C:\Users\Peter Chang\Desktop\aswMBR.txt
2015-01-16 15:33 - 2015-01-16 15:33 - 00000512 _____ () C:\Users\Peter Chang\Desktop\MBR.dat
2015-01-16 14:56 - 2015-01-16 14:57 - 05198336 _____ (AVAST Software) C:\Users\Peter Chang\Desktop\aswMBR.exe
2015-01-16 14:36 - 2015-01-16 14:49 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-16 14:35 - 2015-01-16 14:35 - 00000328 _____ () C:\Windows\Tasks\Tempo Runner coz64host.job
2015-01-16 14:34 - 2015-01-16 14:36 - 00000326 _____ () C:\Windows\Tasks\Tempo Runner cozahost.job
2015-01-16 14:34 - 2015-01-16 14:35 - 00002790 _____ () C:\Windows\System32\Tasks\Tempo Runner cozahost
2015-01-16 14:34 - 2015-01-16 14:35 - 00000328 _____ () C:\Windows\Tasks\Tempo Runner coz32host.job
2015-01-16 13:58 - 2015-01-16 13:58 - 00001266 _____ () C:\Users\Peter Chang\Desktop\Revo Uninstaller.lnk
2015-01-16 13:56 - 2015-01-16 13:56 - 01114576 _____ () C:\Users\Peter Chang\Desktop\revosetup.exe
2015-01-16 11:46 - 2015-01-16 16:04 - 00008192 _____ () C:\Users\Peter Chang\Desktop\FRST.txt
2015-01-16 11:45 - 2015-01-16 16:03 - 00000000 ____D () C:\FRST
2015-01-16 11:44 - 2015-01-16 11:45 - 02125312 _____ (Farbar) C:\Users\Peter Chang\Desktop\FRST64.exe
2015-01-13 17:25 - 2015-01-13 17:25 - 00370040 _____ () C:\Users\Peter Chang\Downloads\Setup.exe
2015-01-13 15:38 - 2015-01-13 15:38 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-01-13 12:32 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 12:32 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 12:32 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 12:32 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 12:32 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 12:32 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 12:32 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 12:32 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 12:32 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 12:32 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 12:32 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 12:32 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 12:32 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-02 23:58 - 2015-01-02 23:58 - 00000355 _____ () C:\Users\Peter Chang\Documents\Favorites - Shortcut.lnk
2014-12-22 21:09 - 2014-12-22 21:09 - 00000000 ____D () C:\Users\Peter Chang\Desktop\Old Firefox Data
2014-12-21 22:13 - 2014-12-21 22:13 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-12-21 19:54 - 2014-12-21 19:54 - 00000000 ____D () C:\Windows\pss
2014-12-20 21:54 - 2014-12-20 21:54 - 00000000 __SHD () C:\Users\Peter Chang\AppData\Local\EmieBrowserModeList
2014-12-20 21:54 - 2014-12-20 21:54 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Apple Computer
2014-12-20 21:52 - 2015-01-16 13:58 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-18 13:35 - 2014-12-18 13:38 - 00000000 ____D () C:\Users\Peter Chang\Documents\Praise Songs
2014-12-17 20:25 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 20:25 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 16:02 - 2013-03-25 19:59 - 01076378 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 15:59 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 15:58 - 2013-05-15 15:10 - 00158908 _____ () C:\Windows\PFRO.log
2015-01-16 15:58 - 2013-04-28 04:23 - 00007232 _____ () C:\Windows\setupact.log
2015-01-16 15:15 - 2013-03-28 21:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 14:56 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 14:56 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 14:49 - 2013-03-26 21:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 14:47 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-16 14:39 - 2014-10-21 20:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-16 14:37 - 2009-07-13 18:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-16 11:39 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 11:02 - 2014-06-03 20:49 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-16 11:01 - 2013-03-28 21:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-16 11:01 - 2013-03-28 21:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-16 11:01 - 2013-03-28 21:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-16 10:59 - 2014-12-10 16:45 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 10:25 - 2013-07-24 05:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 09:56 - 2013-03-25 22:36 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 21:42 - 2013-04-14 22:18 - 00000000 ____D () C:\Users\Peter Chang\Documents\Parish Pointer
2015-01-13 14:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-12 21:58 - 2014-12-15 17:31 - 00000000 ____D () C:\Users\Peter Chang\Documents\Liturgy
2015-01-04 21:24 - 2013-03-27 23:10 - 00000000 ____D () C:\Users\Peter Chang\Documents\Other Church Files
2014-12-31 03:14 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 20:53 - 2013-03-27 23:11 - 00000000 ____D () C:\Users\Peter Chang\Documents\Sermon
2014-12-22 21:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-21 23:00 - 2013-03-09 22:15 - 00000000 ____D () C:\stvonly
2014-12-21 22:49 - 2013-03-25 20:54 - 00000000 ____D () C:\Windows\Panther
2014-12-21 22:03 - 2013-03-25 20:18 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\VirtualStore
2014-12-20 21:59 - 2013-03-27 23:04 - 00000000 ____D () C:\Program Files (x86)\IObit

Some content of TEMP:
====================
C:\Users\Peter Chang\AppData\Local\Temp\Quarantine.exe
C:\Users\Peter Chang\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 12:10

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Peter Chang at 2015-01-16 16:05:05
Running from C:\Users\Peter Chang\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
AppliedOnline Install (HKLM-x32\...\AppliedOnline Install_is1) (Version:  - Applied Systems, Inc.)
AppliedOnline Upload Center Launcher - 64 bit (HKLM\...\{9040C3D4-2ACC-42DC-8850-4654CF3D2EEB}) (Version: 1.0.4 - Applied Systems, Inc.)
Cyti Web (HKLM\...\Cyti Web) (Version: 2015.01.13.202326 - Cyti Web) <==== ATTENTION!
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.3.2.1 - Synaptics Incorporated)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.85 (HKLM-x32\...\Revo Uninstaller) (Version: 1.85 - VS Revo Group)
ScrewDrivers Client v4 x64 (rdp only) (HKLM\...\{3430BD20-FA33-4721-8225-AC5099EE2B73}) (Version: 4.7.02 - triCerat, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Windows Driver Package - Intel (NETwLv64) net  (10/07/2010 13.4.0.139) (HKLM\...\EA1C8ECD4E416637C38F0079F98C8C7B0A112265) (Version: 10/07/2010 13.4.0.139 - Intel)
Windows Driver Package - Intel (NETwNs64) net  (12/21/2010 14.0.1.2) (HKLM\...\1375ECB1EA968F5600A8606ED32CFC24D51A6054) (Version: 12/21/2010 14.0.1.2 - Intel)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-12-2014 21:54:28 Revo Uninstaller's restore point - Advanced SystemCare 6
20-12-2014 21:56:06 Revo Uninstaller's restore point - SlimCleaner
20-12-2014 21:56:16 Removed SlimCleaner
20-12-2014 21:57:30 Revo Uninstaller's restore point - FastAgain PC Booster
22-12-2014 21:09:50 Windows Update
26-12-2014 18:21:49 Windows Update
30-12-2014 19:52:31 Windows Update
03-01-2015 22:32:26 Windows Update
07-01-2015 17:25:44 Windows Update
10-01-2015 20:35:19 Windows Update
14-01-2015 10:25:16 Windows Modules Installer
16-01-2015 11:12:27 Windows Update
16-01-2015 13:59:55 Revo Uninstaller's restore point - AnyProtect
16-01-2015 14:02:19 Revo Uninstaller's restore point - GeniusBox 2.0
16-01-2015 14:10:15 Revo Uninstaller's restore point - Pro PC Cleaner
16-01-2015 14:14:15 Revo Uninstaller's restore point - Search Protect
16-01-2015 14:21:49 Revo Uninstaller's restore point - SlimCleaner
16-01-2015 14:22:10 Removed SlimCleaner
16-01-2015 14:23:59 Revo Uninstaller's restore point - StormWatch
16-01-2015 14:28:18 Revo Uninstaller's restore point - WinCheck
16-01-2015 14:30:13 Revo Uninstaller's restore point - Zoompic
16-01-2015 14:47:10 Restore Point Created by FRST

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2013-03-26 04:09 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2420DEE4-835A-4AE2-8EA1-ACEE465D5131} - System32\Tasks\{1EC19F47-1468-483B-89FF-8BC97A442463} => pcalua.exe -a "C:\Users\Peter Chang\Downloads\C3XKT_A00_setup_ZPE.exe" -d "C:\Users\Peter Chang\Downloads"
Task: {48259B0C-A013-48B9-9434-121084AF9297} - System32\Tasks\Tempo Runner cozahost => C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
Task: {B6683BEA-87A8-4D5A-9B41-A09F56442457} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BD118BE2-01E3-4E61-8E23-FB8A1D704A88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-03] (Google Inc.)
Task: {F380614C-8269-4E62-8C6B-8F6B0002E1D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-16] (Adobe Systems Incorporated)
Task: {F78C3A1D-35FF-41C3-AFCD-132BB22265AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-03] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Tempo Runner coz32host.job => C:\ProgramData\makulitsidwe\1.1.0.29\coz32host.exe
Task: C:\Windows\Tasks\Tempo Runner coz64host.job => C:\ProgramData\makulitsidwe\1.1.0.29\coz64host.exe
Task: C:\Windows\Tasks\Tempo Runner cozahost.job => C:\ProgramData\makulitsidwe\1.1.0.29\cozahost.exe

==================== Loaded Modules (whitelisted) =============

2012-10-10 01:22 - 2012-10-10 01:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-21 20:06 - 2015-01-16 14:39 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupreg: ScrewDrivers RDP Plugin => C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3782137376-2487312525-798218974-500 - Administrator - Disabled)
Guest (S-1-5-21-3782137376-2487312525-798218974-501 - Limited - Disabled)
Peter Chang (S-1-5-21-3782137376-2487312525-798218974-1000 - Administrator - Enabled) => C:\Users\Peter Chang

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 04:00:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 02:51:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 02:47:08 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c1c117e6-9226-4c37-a59a-e0491dcdf48a}

Error: (01/16/2015 02:47:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version: 34.0.5.5443, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0xf60
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/16/2015 02:36:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 11:51:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 32.0.3.5379, time stamp: 0x54224e6b
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x0003621f
Faulting process id: 0x2768
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/16/2015 11:11:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 32.0.3.5379, time stamp: 0x54224e6b
Faulting module name: kernel32.dll, version: 6.1.7601.18409, time stamp: 0x53159a85
Exception code: 0xc0000005
Fault offset: 0x000115e3
Faulting process id: 0x14c4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/16/2015 11:02:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cozaghost.exe, version: 1.1.0.29, time stamp: 0x54aee97b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xdcc
Faulting application start time: 0xcozaghost.exe0
Faulting application path: cozaghost.exe1
Faulting module path: cozaghost.exe2
Report Id: cozaghost.exe3

Error: (01/16/2015 11:02:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ProPCCleaner.exe version 2.5.5.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f34

Start Time: 01d031be8f61986e

Termination Time: 0

Application Path: C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe

Report Id:

Error: (01/14/2015 02:55:44 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Tester Extension because of this error.

Program: Tester Extension
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0


System errors:
=============
Error: (01/16/2015 03:58:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/16/2015 03:58:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/16/2015 03:58:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/16/2015 02:48:08 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (01/16/2015 02:47:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Cyti Web service failed to start due to the following error:
%%2

Error: (01/16/2015 02:47:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Cyti Web service failed to start due to the following error:
%%2

Error: (01/16/2015 02:47:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Util Cyti Web service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (01/16/2015 02:47:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Computer Backup (MyPC Backup) service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/16/2015 02:47:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/16/2015 02:47:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (01/16/2015 04:00:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 02:51:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 02:47:08 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c1c117e6-9226-4c37-a59a-e0491dcdf48a}

Error: (01/16/2015 02:47:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425f6001d031dda3e1c3a6C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll96547d0f-9dd1-11e4-aca1-bc77370d42ff

Error: (01/16/2015 02:36:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 11:51:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bntdll.dll6.1.7601.18247521ea8e7c00000050003621f276801d031c5c1da0ca9C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\ntdll.dll1e6db839-9db9-11e4-aff4-bc77370d42ff

Error: (01/16/2015 11:11:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bkernel32.dll6.1.7601.1840953159a85c0000005000115e314c401d031c02961b3e9C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\syswow64\kernel32.dll82a32b1a-9db3-11e4-aff4-bc77370d42ff

Error: (01/16/2015 11:02:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cozaghost.exe1.1.0.2954aee97bunknown0.0.0.000000000c000000500000000dcc01d031bea084e69cC:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exeunknown4347730f-9db2-11e4-aff4-bc77370d42ff

Error: (01/16/2015 11:02:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ProPCCleaner.exe2.5.5.0f3401d031be8f61986e0C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe

Error: (01/14/2015 02:55:44 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Tester Extension000000000


==================== Memory info ===========================

Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 55%
Total physical RAM: 2960.17 MB
Available physical RAM: 1314.31 MB
Total Pagefile: 5918.52 MB
Available Pagefile: 4266.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:275.52 GB) (Free:195.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:22.46 GB) (Free:14.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive d: detected.

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=22.5 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=275.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=10 MB) - (Type=17) ATTENTION ===> Suspicious partition bootkit on partition 4

==================== End Of Log ============================


  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

It doesn't appear that you posted the fixlog.txt file from Step#2 above? Can you please?


  • 0

#7
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01
Ran by Peter Chang at 2015-01-16 14:47:01 Run:1
Running from C:\Users\Peter Chang\Desktop
Loaded Profiles: Peter Chang (Available profiles: Peter Chang)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Tester Extension) C:\ProgramData\makulitsidwe\1.1.0.29\cozwdhost.exe
() C:\Users\Peter Chang\AppData\Roaming\VOPackage\VOsrv.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
() C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Tester Extension) C:\ProgramData\makulitsidwe\1.1.0.29\cozahost.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe
(Weather Protector LLC) C:\Program Files (x86)\StormWatch\StormWatch.exe
(Tester Extension) C:\ProgramData\makulitsidwe\1.1.0.29\coz64host.exe
() C:\Users\Peter Chang\AppData\Local\wincheck\wincheck.exe
(Tester Extension) C:\ProgramData\makulitsidwe\1.1.0.29\coz32host.exe
() C:\Program Files (x86)\StormWatch\StormWatchApp.exe
() C:\Users\Peter Chang\AppData\Local\GeniusBox\Client.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Tester Extension) C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
C:\Program Files (x86)\MyPC Backup
C:\ProgramData\makulitsidwe
C:\Users\Peter Chang\AppData\Roaming\VOPackage
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\Cyti Web
C:\Program Files (x86)\StormWatch
C:\Users\Peter Chang\AppData\Local\wincheck
C:\Users\Peter Chang\AppData\Local\GeniusBox
HKLM-x32\...\Run: [WinCheck] => C:\Users\Peter Chang\AppData\Local\wincheck\wincheck.exe [267776 2015-01-13] ()
HKU\S-1-5-21-3782137376-2487312525-798218974-1000\...\MountPoints2: {fc245614-4c06-11e3-a5d1-bc77370d42ff} - G:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245008 2015-01-05] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215312 2015-01-05] (Client Connect LTD)
Startup: C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
ShortcutTarget: StormWatch.lnk -> C:\Program Files (x86)\StormWatch\StormWatch.exe (Weather Protector LLC)
Startup: C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
ShortcutTarget: StormWatchApp.lnk -> C:\Program Files (x86)\StormWatch\StormWatchApp.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-3782137376-2487312525-798218974-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3782137376-2487312525-798218974-1000] => http=127.0.0.1:49578;https=127.0.0.1:49578
HKU\S-1-5-21-3782137376-2487312525-798218974-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...96682F6F2&SSPV=
SearchScopes: HKU\S-1-5-21-3782137376-2487312525-798218974-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3782137376-2487312525-798218974-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...rchTerms}&SSPV=
BHO-x32: Cyti Web 1.0.0.6 -> {aa2fac44-d24d-4fed-9e32-397d138365f1} -> C:\Program Files (x86)\Cyti Web\CytiWebbho.dll (Cyti Web)
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=M71F06DB9-A2BA-45B7-A498-1CC22CD7CCA1&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP55EBD7ED-3DC8-4920-B901-0A796682F6F2
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=M71F06DB9-A2BA-45B7-A498-1CC22CD7CCA1&SearchSource=55&CUI=&UM=8&UP=SP55EBD7ED-3DC8-4920-B901-0A796682F6F2&SSPV=
FF user.js: detected! => C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\user.js
FF SearchPlugin: C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\searchplugins\trovi-search.xml
FF Extension: Zoompic - C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\Extensions\[email protected] [2015-01-13]
FF Extension: Cyti Web 1.0.1 - C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\Extensions\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}.xpi [2015-01-13]
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=M71F06DB9-A2BA-45B7-A498-1CC22CD7CCA1&SearchSource=55&CUI=&UM=8&UP=SP55EBD7ED-3DC8-4920-B901-0A796682F6F2&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3332128&octid=EB_ORIGINAL_CTID&ISID=M71F06DB9-A2BA-45B7-A498-1CC22CD7CCA1&SearchSource=55&CUI=&UM=8&UP=SP55EBD7ED-3DC8-4920-B901-0A796682F6F2&SSPV="
CHR Extension: (InboxAce) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdhaekeogebjjbaldibekfepbhogdng [2014-11-06]
CHR Extension: (MapsGalaxy) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nadeggfacbpjnhkfamjfhjmfklhfjgol [2015-01-05]
CHR Extension: (MapsGalaxy) - C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb [2014-10-17]
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3342608 2015-01-05] (Client Connect LTD)
R2 cozaghost; C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe [472096 2015-01-08] (Tester Extension)
R2 cozwdhost; C:\ProgramData\makulitsidwe\1.1.0.29\cozwdhost.exe [199200 2015-01-08] (Tester Extension)
R2 servervo; C:\Users\Peter Chang\AppData\Roaming\VOPackage\VOsrv.exe [136192 2015-01-13] () [File not signed] <==== ATTENTION
R2 SWUpdater; C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe [17584 2014-11-21] (Weather Protector LLC)
R2 Update Cyti Web; C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe [529648 2015-01-14] ()
S2 Util Cyti Web; C:\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe [529648 2015-01-14] ()
R1 {689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64; C:\Windows\System32\drivers\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64.sys [48784 2015-01-13] (StdLib)
C:\Windows\System32\drivers\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64.sys
R1 {a6994947-8316-401e-82e4-23da215413fb}Gw64; C:\Windows\System32\drivers\{a6994947-8316-401e-82e4-23da215413fb}Gw64.sys [48784 2015-01-13] (StdLib)
C:\Windows\System32\drivers\{a6994947-8316-401e-82e4-23da215413fb}Gw64.sys
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
C:\Windows\system32\drivers\SPPD.sys
2015-01-13 15:39 - 2015-01-13 17:42 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-01-13 15:39 - 2015-01-13 17:42 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-01-13 15:39 - 2015-01-13 16:04 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-01-13 15:39 - 2015-01-13 15:39 - 00002840 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2015-01-13 15:39 - 2015-01-13 15:39 - 00002838 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2015-01-13 15:39 - 2015-01-13 15:39 - 00002838 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2015-01-13 15:39 - 2015-01-13 15:39 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-01-13 15:36 - 2015-01-13 15:39 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-01-13 15:36 - 2015-01-13 15:36 - 00628496 _____ (CMI Limited) C:\Users\Peter Chang\AppData\Local\nsg6B6B.tmp
2015-01-13 15:36 - 2015-01-13 15:36 - 00000000 __SHD () C:\Users\Peter Chang\AppData\Roaming\AnyProtectEx
2015-01-13 14:26 - 2015-01-13 14:26 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\wincheck
2015-01-13 14:26 - 2015-01-13 07:40 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{a6994947-8316-401e-82e4-23da215413fb}Gw64.sys
2015-01-13 14:25 - 2015-01-13 14:25 - 00004534 _____ () C:\Windows\System32\Tasks\Validate Installation
2015-01-13 14:25 - 2015-01-13 14:25 - 00004326 _____ () C:\Windows\System32\Tasks\Check Updates
2015-01-13 14:25 - 2015-01-13 14:25 - 00003906 _____ () C:\Windows\System32\Tasks\GeniusBox
2015-01-13 14:25 - 2015-01-13 14:25 - 00000064 _____ () C:\Users\Peter Chang\AppData\Local\d1dffc9988ec3ec7cc062609a55dfa61
2015-01-13 14:25 - 2015-01-13 14:25 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\GeniusBox
2015-01-13 14:24 - 2015-01-13 17:41 - 00000000 ____D () C:\Program Files (x86)\ORBTR
2015-01-13 14:24 - 2015-01-13 14:24 - 00004036 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-13 14:24 - 2015-01-13 14:24 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\SearchProtect
2015-01-13 14:24 - 2015-01-13 14:24 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-01-13 14:23 - 2015-01-13 17:42 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-01-13 14:23 - 2015-01-13 14:24 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\VOPackage
2015-01-13 14:23 - 2015-01-13 14:23 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-01-13 14:23 - 2015-01-13 14:23 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2015-01-13 14:22 - 2015-01-16 11:02 - 00003482 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Popup
2015-01-13 14:22 - 2015-01-13 17:23 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\StormWatch
2015-01-13 14:22 - 2015-01-13 14:22 - 02092199 _____ () C:\Windows\shost.bin
2015-01-13 14:22 - 2015-01-13 14:22 - 00003218 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2015-01-13 14:22 - 2015-01-13 14:22 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2015-01-13 14:22 - 2015-01-13 14:22 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\Weather_Protector_LLC
2015-01-13 14:22 - 2015-01-13 14:22 - 00000000 ____D () C:\Users\Peter Chang\AppData\Local\Pro_PC_Cleaner
2015-01-13 14:22 - 2015-01-13 14:22 - 00000000 ____D () C:\Program Files (x86)\StormWatch
2015-01-13 14:21 - 2015-01-16 11:02 - 00000000 ____D () C:\Users\Peter Chang\Documents\ProPCCleaner
2015-01-13 14:21 - 2015-01-13 14:21 - 00000000 ____D () C:\Users\Peter Chang\AppData\Roaming\Pro PC Cleaner
2015-01-13 14:21 - 2015-01-13 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
2015-01-13 14:21 - 2015-01-13 14:21 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner
2015-01-13 14:19 - 2015-01-14 20:55 - 00000000 ____D () C:\Program Files (x86)\Cyti Web
2015-01-13 14:19 - 2015-01-13 14:19 - 00596896 _____ () C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (3).exe
2015-01-13 14:19 - 2015-01-13 14:19 - 00596888 _____ () C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (4).exe
2015-01-13 14:19 - 2015-01-13 14:19 - 00000000 ____D () C:\ProgramData\makulitsidwe
2015-01-13 14:18 - 2015-01-13 14:18 - 00596904 _____ () C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe.exe
2015-01-13 14:18 - 2015-01-13 14:18 - 00596896 _____ () C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (1).exe
2015-01-13 14:18 - 2015-01-13 14:18 - 00596888 _____ () C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (2).exe
2014-12-21 22:48 - 2013-03-25 23:07 - 00000000 ____D () C:\Program Files (x86)\SlimCleaner
2014-12-20 21:57 - 2014-11-06 15:19 - 00000000 ____D () C:\ProgramData\FastAgain 2014
Task: {25312C1D-AE26-4BE0-B243-C65716B4F81E} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2014-08-21] (Pro PC Cleaner)
Task: {269E2A40-2C0C-4BE6-B41A-E438216FFDD3} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {2ECFCE8F-86F7-47AC-8164-825A0E450615} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-25] (MyPC Backup) <==== ATTENTION
Task: {3207386B-8E06-409B-9090-983BFB9E79BC} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-13] (AnyProtect.com) <==== ATTENTION
Task: {7937DBA1-20ED-483D-BCA5-D10763393635} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Peter Chang\AppData\Local\GeniusBox\client.exe"
Task: {C0825733-F097-4FBE-B843-C1552B437BAD} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2014-08-21] ()
Task: {D229D97F-1FBF-4BE8-9678-FD9D337ADC01} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-13] (AnyProtect.com) <==== ATTENTION
Task: {ECAAB7FC-218D-4970-8ED3-E7E3D98E1508} - System32\Tasks\Check Updates => C:\Users\Peter Chang\AppData\Local\GeniusBox\updater.exe [2015-01-06] ()
Task: {EF3F16ED-B0EC-4CB7-B248-5C196A60A399} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-13] (AnyProtect.com) <==== ATTENTION
Task: {F62263B3-316E-49BC-A78A-54FBFFBFC6DC} - System32\Tasks\Validate Installation => C:\Users\Peter Chang\AppData\Local\GeniusBox\updater.exe [2015-01-06] ()
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
EmptyTemp:




 






 

*****************

Restore point was successfully created.
Processes closed successfully.
[1592] C:\Program Files (x86)\MyPC Backup\BackupStack.exe => Process closed successfully.
C:\ProgramData\makulitsidwe\1.1.0.29\cozwdhost.exe => No running process found
C:\Users\Peter Chang\AppData\Roaming\VOPackage\VOsrv.exe => No running process found
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe => No running process found
C:\Program Files (x86)\Cyti Web\updateCytiWeb.exe => No running process found
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe => No running process found
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe => No running process found
C:\ProgramData\makulitsidwe\1.1.0.29\cozahost.exe => No running process found
C:\Program Files (x86)\StormWatch\SWUpdaterSvc.exe => No running process found
C:\Program Files (x86)\StormWatch\StormWatch.exe => No running process found
C:\ProgramData\makulitsidwe\1.1.0.29\coz64host.exe => No running process found
C:\Users\Peter Chang\AppData\Local\wincheck\wincheck.exe => No running process found
C:\ProgramData\makulitsidwe\1.1.0.29\coz32host.exe => No running process found
C:\Program Files (x86)\StormWatch\StormWatchApp.exe => No running process found
C:\Users\Peter Chang\AppData\Local\GeniusBox\Client.exe => No running process found
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe => No running process found
C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe => No running process found
C:\Program Files (x86)\MyPC Backup => Moved successfully.
C:\ProgramData\makulitsidwe => Moved successfully.
C:\Users\Peter Chang\AppData\Roaming\VOPackage => Moved successfully.
"C:\Program Files (x86)\SearchProtect" => File/Directory not found.
C:\Program Files (x86)\Cyti Web => Moved successfully.
"C:\Program Files (x86)\StormWatch" => File/Directory not found.
"C:\Users\Peter Chang\AppData\Local\wincheck" => File/Directory not found.
"C:\Users\Peter Chang\AppData\Local\GeniusBox" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WinCheck => Value not found.
"HKU\S-1-5-21-3782137376-2487312525-798218974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc245614-4c06-11e3-a5d1-bc77370d42ff}" => Key deleted successfully.
HKCR\CLSID\{fc245614-4c06-11e3-a5d1-bc77370d42ff} => Key not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value Data not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value Data not found.
C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found.
C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk not found.
C:\Program Files (x86)\StormWatch\StormWatch.exe not found.
C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk not found.
C:\Program Files (x86)\StormWatch\StormWatchApp.exe not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-3782137376-2487312525-798218974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-3782137376-2487312525-798218974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-3782137376-2487312525-798218974-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3782137376-2487312525-798218974-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3782137376-2487312525-798218974-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa2fac44-d24d-4fed-9e32-397d138365f1}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{aa2fac44-d24d-4fed-9e32-397d138365f1}" => Key deleted successfully.
Firefox newtab deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\user.js => Moved successfully.
C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\searchplugins\trovi-search.xml => Moved successfully.
C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\Extensions\[email protected] => Moved successfully.
C:\Users\Peter Chang\AppData\Roaming\Mozilla\Firefox\Profiles\egq0d27k.default-1419311337300\Extensions\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}.xpi => Moved successfully.
Chrome HomePage not detected.
Chrome StartupUrls not detected.
C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdhaekeogebjjbaldibekfepbhogdng => Moved successfully.
C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nadeggfacbpjnhkfamjfhjmfklhfjgol => Moved successfully.
C:\Users\Peter Chang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb => Moved successfully.
BackupStack => Service deleted successfully.
CltMngSvc => Service not found.
cozaghost => Service not found.
cozwdhost => Service not found.
servervo => Service deleted successfully.
SWUpdater => Service not found.
Update Cyti Web => Service deleted successfully.
Util Cyti Web => Service deleted successfully.
{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64 => Service stopped successfully.
{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64 => Service deleted successfully.
C:\Windows\System32\drivers\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64.sys => Moved successfully.
{a6994947-8316-401e-82e4-23da215413fb}Gw64 => Service stopped successfully.
{a6994947-8316-401e-82e4-23da215413fb}Gw64 => Service deleted successfully.
C:\Windows\System32\drivers\{a6994947-8316-401e-82e4-23da215413fb}Gw64.sys => Moved successfully.
SPPD => Service not found.
"C:\Windows\system32\drivers\SPPD.sys" => File/Directory not found.
C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
"C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup" => File/Directory not found.
"C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.
C:\Users\Peter Chang\AppData\Local\nsg6B6B.tmp => Moved successfully.
C:\Users\Peter Chang\AppData\Roaming\AnyProtectEx => Moved successfully.
"C:\Users\Peter Chang\AppData\Local\wincheck" => File/Directory not found.
"C:\Windows\system32\Drivers\{a6994947-8316-401e-82e4-23da215413fb}Gw64.sys" => File/Directory not found.
"C:\Windows\System32\Tasks\Validate Installation" => File/Directory not found.
"C:\Windows\System32\Tasks\Check Updates" => File/Directory not found.
"C:\Windows\System32\Tasks\GeniusBox" => File/Directory not found.
C:\Users\Peter Chang\AppData\Local\d1dffc9988ec3ec7cc062609a55dfa61 => Moved successfully.
"C:\Users\Peter Chang\AppData\Local\GeniusBox" => File/Directory not found.
C:\Program Files (x86)\ORBTR => Moved successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"C:\Users\Peter Chang\AppData\Local\SearchProtect" => File/Directory not found.
"C:\Program Files (x86)\SearchProtect" => File/Directory not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"C:\Users\Peter Chang\AppData\Roaming\VOPackage" => File/Directory not found.
C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage => Moved successfully.
C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup => Moved successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully.
"C:\Users\Peter Chang\AppData\Local\StormWatch" => File/Directory not found.
C:\Windows\shost.bin => Moved successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Start => Moved successfully.
"C:\Users\Peter Chang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch" => File/Directory not found.
"C:\Users\Peter Chang\AppData\Local\Weather_Protector_LLC" => File/Directory not found.
C:\Users\Peter Chang\AppData\Local\Pro_PC_Cleaner => Moved successfully.
"C:\Program Files (x86)\StormWatch" => File/Directory not found.
C:\Users\Peter Chang\Documents\ProPCCleaner => Moved successfully.
"C:\Users\Peter Chang\AppData\Roaming\Pro PC Cleaner" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner" => File/Directory not found.
"C:\Program Files (x86)\Pro PC Cleaner" => File/Directory not found.
"C:\Program Files (x86)\Cyti Web" => File/Directory not found.
C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (3).exe => Moved successfully.
C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (4).exe => Moved successfully.
"C:\ProgramData\makulitsidwe" => File/Directory not found.
C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe.exe => Moved successfully.
C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (1).exe => Moved successfully.
C:\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (2).exe => Moved successfully.
C:\Program Files (x86)\SlimCleaner => Moved successfully.
C:\ProgramData\FastAgain 2014 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{25312C1D-AE26-4BE0-B243-C65716B4F81E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25312C1D-AE26-4BE0-B243-C65716B4F81E}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Start not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{269E2A40-2C0C-4BE6-B41A-E438216FFDD3} => Key not found.
C:\Windows\System32\Tasks\SlimCleaner Run not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Run => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2ECFCE8F-86F7-47AC-8164-825A0E450615}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ECFCE8F-86F7-47AC-8164-825A0E450615}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3207386B-8E06-409B-9090-983BFB9E79BC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3207386B-8E06-409B-9090-983BFB9E79BC}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7937DBA1-20ED-483D-BCA5-D10763393635} => Key not found.
C:\Windows\System32\Tasks\GeniusBox not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0825733-F097-4FBE-B843-C1552B437BAD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0825733-F097-4FBE-B843-C1552B437BAD}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Popup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D229D97F-1FBF-4BE8-9678-FD9D337ADC01}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D229D97F-1FBF-4BE8-9678-FD9D337ADC01}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECAAB7FC-218D-4970-8ED3-E7E3D98E1508} => Key not found.
C:\Windows\System32\Tasks\Check Updates not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Check Updates => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF3F16ED-B0EC-4CB7-B248-5C196A60A399}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF3F16ED-B0EC-4CB7-B248-5C196A60A399}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F62263B3-316E-49BC-A78A-54FBFFBFC6DC} => Key not found.
C:\Windows\System32\Tasks\Validate Installation not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Validate Installation => Key not found.
C:\Windows\Tasks\APSnotifierPP1.job not found.
C:\Windows\Tasks\APSnotifierPP2.job not found.
C:\Windows\Tasks\APSnotifierPP3.job not found.
EmptyTemp: => Removed 3.8 GB temporary data.


The system needed a reboot.

==== End of Fixlog 14:48:42 ====


  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Perfect thanks. I do want to point out the following before we continue. If you decide to continue, just follow the steps following it. Thanks.

 

Critical Malware Found!
 
WARNING!!! - One or more of the identified infections is known to use a backdoor.
 
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.
 

 

 

Step#1 - ListParts Inquiry
1. Please download to your desktop and run ListParts64 by Farbar
2. Click on Scan button.
3. Scan result will open in Notepad.
4. Post the log (Result.txt) in your next reply.


  • 0

#9
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts

ListParts by Farbar Version: 31-07-2014
Ran by Peter Chang (administrator) on 17-01-2015 at 17:43:36
Windows 7 (X64)
Running From: C:\Users\Peter Chang\Desktop
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 41%
Total physical RAM: 2960.17 MB
Available physical RAM: 1742.93 MB
Total Pagefile: 5918.52 MB
Available Pagefile: 4510.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.92 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:275.52 GB) (Free:196.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:22.46 GB) (Free:14.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive d: detected. Check for MBR/Partition infection.

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB      0 B         
  Disk 1    No Media           0 B      0 B         

Partitions of Disk 0:
===============

Disk ID: 07F2837E

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM                101 MB    31 KB
  Partition 2    Primary             22 GB   101 MB
  Partition 3    Primary            275 GB    22 GB
  Partition 4    Primary             10 MB   298 GB

======================================================================================================

Disk: 0
Partition 1
Type  : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     D   RECOVERY     NTFS   Partition     22 GB  Healthy            

======================================================================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition    275 GB  Healthy    System (partition with boot components)  

======================================================================================================

Disk: 0
Partition 4
Type  : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 07F2837E
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=22 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=276 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=10 MB) - (Type=17) ATTENTION ===> Suspicious partition bootkit on partition 4


****** End Of Log ******


  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

OK, let's remove the malware partition. Please do the following.

 

Step#1 - ListParts Fix
1. Open Notepad.
2. Copy and paste the contents of the quote box below into Notepad. To do this highlight the contents of the box and right click on it and choose copy. Paste into the open notepad.

    Do not include the word Quote.


Disk=0 Partition=4 delete

 
3. Save to your desktop as Fix.txt.
4. Double click ListParts/ListParts64 to run it.
5. Press the Fix button.
6. ListParts will process the script in Fix.txt and create a text file on the desktop named LISTPARTSFIXLOG.TXT. Please post this in your next reply.
7. When finished, press the Scan button.
8. A log Result.txt will open on your Desktop.
9. Post back the contents of the log.

 

Caution: This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unbootable.


  • 0

Advertisements


#11
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts

Script used: "Disk=0 Partition=4 delete"
 

ListParts by Farbar Version: 31-07-2014
Ran by Peter Chang (administrator) on 19-01-2015 at 08:14:27
Windows 7 (X64)
Running From: C:\Users\Peter Chang\Desktop
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 73%
Total physical RAM: 2960.17 MB
Available physical RAM: 786.39 MB
Total Pagefile: 5918.52 MB
Available Pagefile: 3782.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.92 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:275.52 GB) (Free:196.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:22.46 GB) (Free:14.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive d: detected. Check for MBR/Partition infection.

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB    13 MB         
  Disk 1    No Media           0 B      0 B         

Partitions of Disk 0:
===============

Disk ID: 07F2837E

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM                101 MB    31 KB
  Partition 2    Primary             22 GB   101 MB
  Partition 3    Primary            275 GB    22 GB

======================================================================================================

Disk: 0
Partition 1
Type  : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     D   RECOVERY     NTFS   Partition     22 GB  Healthy            

======================================================================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   OS           NTFS   Partition    275 GB  Healthy    System (partition with boot components)  

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 07F2837E
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=22 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=276 GB) - (Type=07 NTFS)


****** End Of Log ******


  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Good job! The malware partition was removed. OK, let's continue to get this cleaned up.

 

Step#1 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

 

Cyti Web (You may have missed this one from the last batch of uninstalls)

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   922bytes   276 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#3 - JRT
 
Note: Please disable your Antivirus Software before doing Bullet#1. Info on how to do this is here.
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.
 

 

Step#4 - TDSSKiller - Check for Infected MBR/BCD Entries
 
Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Right-click on TDSSKiller.exe and select Run as administrator. Allow to run if prompted.
  • Accept the End User License Agreement & KSN Statement
  • Click on Change parameters.
  • Another window will appear.
  • Check "Verify file digital signatures" and "Detect TDLFS file system".
  • Check "Loaded modules" under the Objects to scan section. You will be prompted to reboot. Please do so.
  • Reboot.JPG
  • Once the computer is rebooted, TDDSKiller will open again.
  • Click the Start Scan button.
  • The scan should only take a few minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. If there are multiple logs, please post the most current.

 

 

 

Items for your next post

1. Fixlist log

2. Junkware log

3. TDSSKiller log

 


  • 0

#13
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts

I couldn't find Cyti Web on either the built in windows program  uninstaller or Revo Uninstaller.  Also, TDSS generated two logs (I attached them both) and didn't detect anything.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Peter Chang at 2015-01-19 17:56:31 Run:2
Running from C:\Users\Peter Chang\Desktop
Loaded Profiles: Peter Chang (Available profiles: Peter Chang)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
Task: C:\Windows\Tasks\Tempo Runner coz32host.job => C:\ProgramData\makulitsidwe\1.1.0.29\coz32host.exe
Task: C:\Windows\Tasks\Tempo Runner coz64host.job => C:\ProgramData\makulitsidwe\1.1.0.29\coz64host.exe
Task: C:\Windows\Tasks\Tempo Runner cozahost.job => C:\ProgramData\makulitsidwe\1.1.0.29\cozahost.exe
Task: {48259B0C-A013-48B9-9434-121084AF9297} - System32\Tasks\Tempo Runner cozahost => C:\ProgramData\makulitsidwe\1.1.0.29\cozaghost.exe
C:\ProgramData\makulitsidwe
2015-01-16 14:35 - 2015-01-16 14:35 - 00000328 _____ () C:\Windows\Tasks\Tempo Runner coz64host.job
2015-01-16 14:34 - 2015-01-16 14:36 - 00000326 _____ () C:\Windows\Tasks\Tempo Runner cozahost.job
2015-01-16 14:34 - 2015-01-16 14:35 - 00002790 _____ () C:\Windows\System32\Tasks\Tempo Runner cozahost
2015-01-16 14:34 - 2015-01-16 14:35 - 00000328 _____ () C:\Windows\Tasks\Tempo Runner coz32host.job
EmptyTemp:
 
*****************

Restore point was successfully created.
C:\Windows\Tasks\Tempo Runner coz32host.job => Moved successfully.
C:\Windows\Tasks\Tempo Runner coz64host.job => Moved successfully.
C:\Windows\Tasks\Tempo Runner cozahost.job => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48259B0C-A013-48B9-9434-121084AF9297}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48259B0C-A013-48B9-9434-121084AF9297}" => Key deleted successfully.
C:\Windows\System32\Tasks\Tempo Runner cozahost => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tempo Runner cozahost" => Key deleted successfully.
"C:\ProgramData\makulitsidwe" => File/Directory not found.
"C:\Windows\Tasks\Tempo Runner coz64host.job" => File/Directory not found.
"C:\Windows\Tasks\Tempo Runner cozahost.job" => File/Directory not found.
"C:\Windows\System32\Tasks\Tempo Runner cozahost" => File/Directory not found.
"C:\Windows\Tasks\Tempo Runner coz32host.job" => File/Directory not found.
EmptyTemp: => Removed 323.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:57:04 ====

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Peter Chang on Mon 01/19/2015 at 18:11:27.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Peter Chang\AppData\Roaming\mozilla\firefox\profiles\egq0d27k.default-1419311337300\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/19/2015 at 18:14:43.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

18:19:15.0998 0x0a70  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
18:19:21.0739 0x0a70  ============================================================
18:19:21.0739 0x0a70  Current date / time: 2015/01/19 18:19:21.0739
18:19:21.0739 0x0a70  SystemInfo:
18:19:21.0740 0x0a70  
18:19:21.0740 0x0a70  OS Version: 6.1.7601 ServicePack: 1.0
18:19:21.0740 0x0a70  Product type: Workstation
18:19:21.0740 0x0a70  ComputerName: PETERCHANG-PC
18:19:21.0740 0x0a70  UserName: Peter Chang
18:19:21.0740 0x0a70  Windows directory: C:\Windows
18:19:21.0740 0x0a70  System windows directory: C:\Windows
18:19:21.0740 0x0a70  Running under WOW64
18:19:21.0740 0x0a70  Processor architecture: Intel x64
18:19:21.0741 0x0a70  Number of processors: 4
18:19:21.0741 0x0a70  Page size: 0x1000
18:19:21.0741 0x0a70  Boot type: Normal boot
18:19:21.0741 0x0a70  ============================================================
18:19:25.0624 0x0a70  KLMD registered as C:\Windows\system32\drivers\57743596.sys
18:19:26.0018 0x0a70  System UUID: {337D83FD-6456-57F4-9DB5-C42042A52FFA}
18:19:26.0684 0x0a70  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:19:26.0702 0x0a70  ============================================================
18:19:26.0702 0x0a70  \Device\Harddisk0\DR0:
18:19:26.0702 0x0a70  MBR partitions:
18:19:26.0702 0x0a70  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x2CEC000
18:19:26.0702 0x0a70  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2D1EFCD, BlocksNum 0x227082E3
18:19:26.0702 0x0a70  ============================================================
18:19:26.0724 0x0a70  C: <-> \Device\Harddisk0\DR0\Partition2
18:19:26.0745 0x0a70  D: <-> \Device\Harddisk0\DR0\Partition1
18:19:26.0745 0x0a70  ============================================================
18:19:26.0745 0x0a70  Initialize success
18:19:26.0745 0x0a70  ============================================================
18:19:55.0098 0x099c  KLMD registered as C:\Windows\system32\drivers\78677405.sys
18:19:56.0393 0x099c  Deinitialize success
 

 

18:22:46.0605 0x04e0  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
18:22:47.0073 0x04e0  ============================================================
18:22:47.0073 0x04e0  Current date / time: 2015/01/19 18:22:47.0073
18:22:47.0073 0x04e0  SystemInfo:
18:22:47.0073 0x04e0  
18:22:47.0073 0x04e0  OS Version: 6.1.7601 ServicePack: 1.0
18:22:47.0073 0x04e0  Product type: Workstation
18:22:47.0073 0x04e0  ComputerName: PETERCHANG-PC
18:22:47.0073 0x04e0  UserName: Peter Chang
18:22:47.0073 0x04e0  Windows directory: C:\Windows
18:22:47.0073 0x04e0  System windows directory: C:\Windows
18:22:47.0073 0x04e0  Running under WOW64
18:22:47.0073 0x04e0  Processor architecture: Intel x64
18:22:47.0073 0x04e0  Number of processors: 4
18:22:47.0073 0x04e0  Page size: 0x1000
18:22:47.0073 0x04e0  Boot type: Normal boot
18:22:47.0073 0x04e0  ============================================================
18:22:47.0073 0x04e0  BG loaded
18:22:48.0789 0x04e0  System UUID: {337D83FD-6456-57F4-9DB5-C42042A52FFA}
18:22:51.0239 0x04e0  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:22:51.0254 0x04e0  ============================================================
18:22:51.0254 0x04e0  \Device\Harddisk0\DR0:
18:22:51.0254 0x04e0  MBR partitions:
18:22:51.0254 0x04e0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x2CEC000
18:22:51.0254 0x04e0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2D1EFCD, BlocksNum 0x227082E3
18:22:51.0254 0x04e0  ============================================================
18:22:51.0301 0x04e0  C: <-> \Device\Harddisk0\DR0\Partition2
18:22:52.0393 0x04e0  D: <-> \Device\Harddisk0\DR0\Partition1
18:22:52.0393 0x04e0  ============================================================
18:22:52.0393 0x04e0  Initialize success
18:22:52.0393 0x04e0  ============================================================
18:23:18.0489 0x0d54  ============================================================
18:23:18.0489 0x0d54  Scan started
18:23:18.0489 0x0d54  Mode: Manual;
18:23:18.0489 0x0d54  ============================================================
18:23:18.0489 0x0d54  KSN ping started
18:23:21.0485 0x0d54  KSN ping finished: true
18:23:23.0903 0x0d54  ================ Scan system memory ========================
18:23:23.0903 0x0d54  System memory - ok
18:23:23.0903 0x0d54  ================ Scan services =============================
18:23:24.0074 0x0d54  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:23:24.0105 0x0d54  1394ohci - ok
18:23:24.0152 0x0d54  [ AEDB94A49236F5FF060C90E09E70281F, 111ADF5A4B19A31A86DD9D62F06C065B983A11E3286BA973D0080FBB38D2E514 ] Acceler         C:\Windows\system32\DRIVERS\Accelern.sys
18:23:24.0152 0x0d54  Acceler - ok
18:23:24.0183 0x0d54  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:23:24.0183 0x0d54  ACPI - ok
18:23:24.0199 0x0d54  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:23:24.0199 0x0d54  AcpiPmi - ok
18:23:24.0293 0x0d54  [ 3927397AC60D943DAF8808AFFED582B7, 2688254085C219E8CA9C5494ABDAD8FAE52533CEF7FA3C152715E0B78D591BCF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:23:24.0308 0x0d54  AdobeARMservice - ok
18:23:24.0417 0x0d54  [ CB1719E3EA00A0C114A8AD2655F43754, B38D21C4A7A83904CADEBA96A56AA5D1807C412A8E0BEFC889DF20D02941E570 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:23:24.0449 0x0d54  AdobeFlashPlayerUpdateSvc - ok
18:23:24.0495 0x0d54  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:23:24.0527 0x0d54  adp94xx - ok
18:23:24.0527 0x0d54  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:23:24.0542 0x0d54  adpahci - ok
18:23:24.0558 0x0d54  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:23:24.0573 0x0d54  adpu320 - ok
18:23:24.0605 0x0d54  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:23:24.0605 0x0d54  AeLookupSvc - ok
18:23:24.0698 0x0d54  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:23:24.0714 0x0d54  AERTFilters - ok
18:23:24.0792 0x0d54  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
18:23:24.0807 0x0d54  AFD - ok
18:23:24.0823 0x0d54  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:23:24.0823 0x0d54  agp440 - ok
18:23:24.0839 0x0d54  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:23:24.0839 0x0d54  ALG - ok
18:23:24.0870 0x0d54  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:23:24.0885 0x0d54  aliide - ok
18:23:24.0885 0x0d54  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:23:24.0885 0x0d54  amdide - ok
18:23:24.0917 0x0d54  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:23:24.0917 0x0d54  AmdK8 - ok
18:23:24.0932 0x0d54  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:23:24.0932 0x0d54  AmdPPM - ok
18:23:24.0963 0x0d54  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:23:24.0979 0x0d54  amdsata - ok
18:23:24.0995 0x0d54  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:23:25.0010 0x0d54  amdsbs - ok
18:23:25.0010 0x0d54  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:23:25.0010 0x0d54  amdxata - ok
18:23:25.0026 0x0d54  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
18:23:25.0041 0x0d54  AppID - ok
18:23:25.0073 0x0d54  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:23:25.0073 0x0d54  AppIDSvc - ok
18:23:25.0104 0x0d54  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
18:23:25.0104 0x0d54  Appinfo - ok
18:23:25.0119 0x0d54  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
18:23:25.0119 0x0d54  arc - ok
18:23:25.0151 0x0d54  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:23:25.0151 0x0d54  arcsas - ok
18:23:25.0291 0x0d54  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:23:25.0322 0x0d54  aspnet_state - ok
18:23:25.0353 0x0d54  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:23:25.0353 0x0d54  AsyncMac - ok
18:23:25.0400 0x0d54  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:23:25.0400 0x0d54  atapi - ok
18:23:25.0478 0x0d54  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:23:25.0494 0x0d54  AudioEndpointBuilder - ok
18:23:25.0525 0x0d54  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:23:25.0541 0x0d54  AudioSrv - ok
18:23:25.0587 0x0d54  [ A52FCAD8FA2E25EB3E1D63883188B728, 882CA36E9EA1502D379EE367AB146251FAC1D8E8748C77961331607F2520E290 ] AX88772         C:\Windows\system32\DRIVERS\ax88772.sys
18:23:25.0587 0x0d54  AX88772 - ok
18:23:25.0619 0x0d54  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:23:25.0634 0x0d54  AxInstSV - ok
18:23:25.0665 0x0d54  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:23:25.0697 0x0d54  b06bdrv - ok
18:23:25.0728 0x0d54  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:23:25.0728 0x0d54  b57nd60a - ok
18:23:25.0743 0x0d54  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:23:25.0759 0x0d54  BDESVC - ok
18:23:25.0775 0x0d54  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:23:25.0775 0x0d54  Beep - ok
18:23:25.0821 0x0d54  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
18:23:25.0837 0x0d54  BFE - ok
18:23:25.0915 0x0d54  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
18:23:25.0931 0x0d54  BITS - ok
18:23:25.0946 0x0d54  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:23:25.0946 0x0d54  blbdrive - ok
18:23:25.0993 0x0d54  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:23:26.0009 0x0d54  bowser - ok
18:23:26.0024 0x0d54  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:23:26.0040 0x0d54  BrFiltLo - ok
18:23:26.0055 0x0d54  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:23:26.0055 0x0d54  BrFiltUp - ok
18:23:26.0087 0x0d54  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
18:23:26.0102 0x0d54  Browser - ok
18:23:26.0133 0x0d54  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:23:26.0149 0x0d54  Brserid - ok
18:23:26.0149 0x0d54  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:23:26.0149 0x0d54  BrSerWdm - ok
18:23:26.0165 0x0d54  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:23:26.0165 0x0d54  BrUsbMdm - ok
18:23:26.0165 0x0d54  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:23:26.0165 0x0d54  BrUsbSer - ok
18:23:26.0211 0x0d54  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
18:23:26.0211 0x0d54  BthEnum - ok
18:23:26.0227 0x0d54  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:23:26.0243 0x0d54  BTHMODEM - ok
18:23:26.0289 0x0d54  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:23:26.0289 0x0d54  BthPan - ok
18:23:26.0367 0x0d54  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
18:23:26.0383 0x0d54  BTHPORT - ok
18:23:26.0399 0x0d54  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:23:26.0399 0x0d54  bthserv - ok
18:23:26.0414 0x0d54  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
18:23:26.0414 0x0d54  BTHUSB - ok
18:23:26.0430 0x0d54  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:23:26.0430 0x0d54  cdfs - ok
18:23:26.0461 0x0d54  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:23:26.0461 0x0d54  cdrom - ok
18:23:26.0477 0x0d54  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:23:26.0492 0x0d54  CertPropSvc - ok
18:23:26.0508 0x0d54  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:23:26.0508 0x0d54  circlass - ok
18:23:26.0539 0x0d54  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
18:23:26.0539 0x0d54  CLFS - ok
18:23:26.0601 0x0d54  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:23:26.0601 0x0d54  clr_optimization_v2.0.50727_32 - ok
18:23:26.0679 0x0d54  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:23:26.0679 0x0d54  clr_optimization_v2.0.50727_64 - ok
18:23:26.0789 0x0d54  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:23:26.0851 0x0d54  clr_optimization_v4.0.30319_32 - ok
18:23:26.0882 0x0d54  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:23:26.0913 0x0d54  clr_optimization_v4.0.30319_64 - ok
18:23:26.0945 0x0d54  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:23:26.0945 0x0d54  CmBatt - ok
18:23:26.0976 0x0d54  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:23:26.0976 0x0d54  cmdide - ok
18:23:27.0054 0x0d54  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
18:23:27.0069 0x0d54  CNG - ok
18:23:27.0085 0x0d54  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:23:27.0085 0x0d54  Compbatt - ok
18:23:27.0116 0x0d54  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:23:27.0116 0x0d54  CompositeBus - ok
18:23:27.0147 0x0d54  COMSysApp - ok
18:23:27.0194 0x0d54  [ 78AF1C499BF02F9814DF959A04A4F9C9, 9D569A57551C7ACE032C3ECC7BEB8C7606D6BAF58AC1660B4E9FBE907F47E274 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
18:23:27.0225 0x0d54  cphs - ok
18:23:27.0241 0x0d54  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:23:27.0241 0x0d54  crcdisk - ok
18:23:27.0288 0x0d54  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:23:27.0288 0x0d54  CryptSvc - ok
18:23:27.0366 0x0d54  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:23:27.0381 0x0d54  DcomLaunch - ok
18:23:27.0428 0x0d54  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:23:27.0444 0x0d54  defragsvc - ok
18:23:27.0444 0x0d54  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:23:27.0459 0x0d54  DfsC - ok
18:23:27.0506 0x0d54  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:23:27.0522 0x0d54  Dhcp - ok
18:23:27.0537 0x0d54  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:23:27.0537 0x0d54  discache - ok
18:23:27.0553 0x0d54  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
18:23:27.0553 0x0d54  Disk - ok
18:23:27.0600 0x0d54  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:23:27.0600 0x0d54  Dnscache - ok
18:23:27.0662 0x0d54  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:23:27.0662 0x0d54  dot3svc - ok
18:23:27.0709 0x0d54  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:23:27.0725 0x0d54  DPS - ok
18:23:27.0771 0x0d54  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:23:27.0771 0x0d54  drmkaud - ok
18:23:27.0865 0x0d54  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:23:27.0896 0x0d54  DXGKrnl - ok
18:23:27.0912 0x0d54  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:23:27.0927 0x0d54  EapHost - ok
18:23:28.0068 0x0d54  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:23:28.0177 0x0d54  ebdrv - ok
18:23:28.0208 0x0d54  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
18:23:28.0208 0x0d54  EFS - ok
18:23:28.0302 0x0d54  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:23:28.0349 0x0d54  ehRecvr - ok
18:23:28.0364 0x0d54  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:23:28.0364 0x0d54  ehSched - ok
18:23:28.0395 0x0d54  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:23:28.0427 0x0d54  elxstor - ok
18:23:28.0442 0x0d54  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:23:28.0442 0x0d54  ErrDev - ok
18:23:28.0473 0x0d54  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:23:28.0489 0x0d54  EventSystem - ok
18:23:28.0505 0x0d54  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:23:28.0520 0x0d54  exfat - ok
18:23:28.0536 0x0d54  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:23:28.0536 0x0d54  fastfat - ok
18:23:28.0583 0x0d54  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
18:23:28.0598 0x0d54  Fax - ok
18:23:28.0614 0x0d54  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
18:23:28.0614 0x0d54  fdc - ok
18:23:28.0645 0x0d54  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:23:28.0645 0x0d54  fdPHost - ok
18:23:28.0645 0x0d54  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:23:28.0645 0x0d54  FDResPub - ok
18:23:28.0661 0x0d54  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:23:28.0661 0x0d54  FileInfo - ok
18:23:28.0676 0x0d54  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:23:28.0676 0x0d54  Filetrace - ok
18:23:28.0692 0x0d54  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:23:28.0692 0x0d54  flpydisk - ok
18:23:28.0707 0x0d54  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:23:28.0723 0x0d54  FltMgr - ok
18:23:28.0817 0x0d54  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
18:23:28.0848 0x0d54  FontCache - ok
18:23:28.0895 0x0d54  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:23:28.0895 0x0d54  FontCache3.0.0.0 - ok
18:23:28.0910 0x0d54  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:23:28.0910 0x0d54  FsDepends - ok
18:23:28.0957 0x0d54  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:23:28.0957 0x0d54  Fs_Rec - ok
18:23:29.0004 0x0d54  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:23:29.0035 0x0d54  fvevol - ok
18:23:29.0066 0x0d54  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:23:29.0066 0x0d54  gagp30kx - ok
18:23:29.0113 0x0d54  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:23:29.0144 0x0d54  gpsvc - ok
18:23:29.0253 0x0d54  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:23:29.0253 0x0d54  gupdate - ok
18:23:29.0269 0x0d54  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:23:29.0269 0x0d54  gupdatem - ok
18:23:29.0300 0x0d54  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:23:29.0300 0x0d54  hcw85cir - ok
18:23:29.0378 0x0d54  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:23:29.0394 0x0d54  HdAudAddService - ok
18:23:29.0409 0x0d54  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:23:29.0409 0x0d54  HDAudBus - ok
18:23:29.0441 0x0d54  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:23:29.0441 0x0d54  HidBatt - ok
18:23:29.0456 0x0d54  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:23:29.0456 0x0d54  HidBth - ok
18:23:29.0472 0x0d54  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:23:29.0472 0x0d54  HidIr - ok
18:23:29.0487 0x0d54  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
18:23:29.0487 0x0d54  hidserv - ok
18:23:29.0534 0x0d54  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:23:29.0534 0x0d54  HidUsb - ok
18:23:29.0565 0x0d54  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:23:29.0581 0x0d54  hkmsvc - ok
18:23:29.0597 0x0d54  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:23:29.0612 0x0d54  HomeGroupListener - ok
18:23:29.0659 0x0d54  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:23:29.0675 0x0d54  HomeGroupProvider - ok
18:23:29.0706 0x0d54  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:23:29.0706 0x0d54  HpSAMD - ok
18:23:29.0753 0x0d54  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:23:29.0768 0x0d54  HTTP - ok
18:23:29.0784 0x0d54  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:23:29.0784 0x0d54  hwpolicy - ok
18:23:29.0815 0x0d54  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:23:29.0815 0x0d54  i8042prt - ok
18:23:29.0877 0x0d54  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:23:29.0909 0x0d54  iaStorV - ok
18:23:29.0987 0x0d54  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:23:30.0018 0x0d54  idsvc - ok
18:23:30.0049 0x0d54  IEEtwCollectorService - ok
18:23:30.0267 0x0d54  [ A1CF07D24EDCDC6870535471654D957C, FA0CD2ABA2C15E9FC4A1DEE58F365EC10D9597D521556DC2648B50CE0537926D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:23:30.0392 0x0d54  igfx - ok
18:23:30.0408 0x0d54  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:23:30.0408 0x0d54  iirsp - ok
18:23:30.0470 0x0d54  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:23:30.0486 0x0d54  IKEEXT - ok
18:23:30.0642 0x0d54  [ 8FED6428FDE53D7F4C105095F22524BE, 58DE45CB61643B25ABA73BD77553021FDD9AA904749582B10CDC662534CD77E7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:23:30.0704 0x0d54  IntcAzAudAddService - ok
18:23:30.0735 0x0d54  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:23:30.0735 0x0d54  intelide - ok
18:23:30.0767 0x0d54  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:23:30.0767 0x0d54  intelppm - ok
18:23:30.0798 0x0d54  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:23:30.0798 0x0d54  IPBusEnum - ok
18:23:30.0813 0x0d54  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:23:30.0829 0x0d54  IpFilterDriver - ok
18:23:30.0860 0x0d54  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:23:30.0891 0x0d54  iphlpsvc - ok
18:23:30.0907 0x0d54  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:23:30.0907 0x0d54  IPMIDRV - ok
18:23:30.0923 0x0d54  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:23:30.0923 0x0d54  IPNAT - ok
18:23:30.0954 0x0d54  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:23:30.0954 0x0d54  IRENUM - ok
18:23:30.0969 0x0d54  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:23:30.0969 0x0d54  isapnp - ok
18:23:31.0016 0x0d54  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:23:31.0032 0x0d54  iScsiPrt - ok
18:23:31.0063 0x0d54  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:23:31.0063 0x0d54  kbdclass - ok
18:23:31.0079 0x0d54  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:23:31.0079 0x0d54  kbdhid - ok
18:23:31.0094 0x0d54  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
18:23:31.0094 0x0d54  KeyIso - ok
18:23:31.0141 0x0d54  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:23:31.0141 0x0d54  KSecDD - ok
18:23:31.0172 0x0d54  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:23:31.0188 0x0d54  KSecPkg - ok
18:23:31.0188 0x0d54  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:23:31.0203 0x0d54  ksthunk - ok
18:23:31.0250 0x0d54  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:23:31.0328 0x0d54  KtmRm - ok
18:23:31.0391 0x0d54  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:23:31.0406 0x0d54  LanmanServer - ok
18:23:31.0453 0x0d54  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:23:31.0453 0x0d54  LanmanWorkstation - ok
18:23:31.0484 0x0d54  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:23:31.0484 0x0d54  lltdio - ok
18:23:31.0515 0x0d54  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:23:31.0547 0x0d54  lltdsvc - ok
18:23:31.0562 0x0d54  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:23:31.0562 0x0d54  lmhosts - ok
18:23:31.0593 0x0d54  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:23:31.0593 0x0d54  LSI_FC - ok
18:23:31.0609 0x0d54  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:23:31.0625 0x0d54  LSI_SAS - ok
18:23:31.0656 0x0d54  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:23:31.0656 0x0d54  LSI_SAS2 - ok
18:23:31.0671 0x0d54  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:23:31.0671 0x0d54  LSI_SCSI - ok
18:23:31.0703 0x0d54  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:23:31.0703 0x0d54  luafv - ok
18:23:31.0734 0x0d54  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:23:31.0749 0x0d54  Mcx2Svc - ok
18:23:31.0765 0x0d54  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:23:31.0765 0x0d54  megasas - ok
18:23:31.0812 0x0d54  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:23:31.0843 0x0d54  MegaSR - ok
18:23:31.0890 0x0d54  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
18:23:31.0890 0x0d54  MEIx64 - ok
18:23:31.0921 0x0d54  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:23:31.0937 0x0d54  MMCSS - ok
18:23:31.0952 0x0d54  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:23:31.0952 0x0d54  Modem - ok
18:23:31.0999 0x0d54  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:23:31.0999 0x0d54  monitor - ok
18:23:32.0015 0x0d54  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:23:32.0015 0x0d54  mouclass - ok
18:23:32.0046 0x0d54  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:23:32.0046 0x0d54  mouhid - ok
18:23:32.0077 0x0d54  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:23:32.0077 0x0d54  mountmgr - ok
18:23:32.0155 0x0d54  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:23:32.0171 0x0d54  MozillaMaintenance - ok
18:23:32.0202 0x0d54  [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
18:23:32.0217 0x0d54  MpFilter - ok
18:23:32.0249 0x0d54  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:23:32.0249 0x0d54  mpio - ok
18:23:32.0280 0x0d54  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:23:32.0280 0x0d54  mpsdrv - ok
18:23:32.0327 0x0d54  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:23:32.0342 0x0d54  MpsSvc - ok
18:23:32.0389 0x0d54  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:23:32.0405 0x0d54  MRxDAV - ok
18:23:32.0451 0x0d54  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:23:32.0451 0x0d54  mrxsmb - ok
18:23:32.0514 0x0d54  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:23:32.0529 0x0d54  mrxsmb10 - ok
18:23:32.0545 0x0d54  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:23:32.0545 0x0d54  mrxsmb20 - ok
18:23:32.0576 0x0d54  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:23:32.0576 0x0d54  msahci - ok
18:23:32.0607 0x0d54  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:23:32.0623 0x0d54  msdsm - ok
18:23:32.0639 0x0d54  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:23:32.0654 0x0d54  MSDTC - ok
18:23:32.0685 0x0d54  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:23:32.0685 0x0d54  Msfs - ok
18:23:32.0701 0x0d54  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:23:32.0701 0x0d54  mshidkmdf - ok
18:23:32.0717 0x0d54  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:23:32.0732 0x0d54  msisadrv - ok
18:23:32.0779 0x0d54  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:23:32.0795 0x0d54  MSiSCSI - ok
18:23:32.0810 0x0d54  msiserver - ok
18:23:32.0826 0x0d54  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:23:32.0826 0x0d54  MSKSSRV - ok
18:23:32.0935 0x0d54  [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:23:32.0935 0x0d54  MsMpSvc - ok
18:23:32.0966 0x0d54  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:23:32.0966 0x0d54  MSPCLOCK - ok
18:23:32.0997 0x0d54  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:23:32.0997 0x0d54  MSPQM - ok
18:23:33.0029 0x0d54  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:23:33.0044 0x0d54  MsRPC - ok
18:23:33.0060 0x0d54  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:23:33.0060 0x0d54  mssmbios - ok
18:23:33.0075 0x0d54  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:23:33.0075 0x0d54  MSTEE - ok
18:23:33.0075 0x0d54  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:23:33.0075 0x0d54  MTConfig - ok
18:23:33.0091 0x0d54  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:23:33.0091 0x0d54  Mup - ok
18:23:33.0153 0x0d54  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:23:33.0185 0x0d54  napagent - ok
18:23:33.0247 0x0d54  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:23:33.0263 0x0d54  NativeWifiP - ok
18:23:33.0325 0x0d54  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:23:33.0356 0x0d54  NDIS - ok
18:23:33.0372 0x0d54  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:23:33.0387 0x0d54  NdisCap - ok
18:23:33.0403 0x0d54  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:23:33.0403 0x0d54  NdisTapi - ok
18:23:33.0434 0x0d54  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:23:33.0434 0x0d54  Ndisuio - ok
18:23:33.0465 0x0d54  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:23:33.0465 0x0d54  NdisWan - ok
18:23:33.0481 0x0d54  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:23:33.0497 0x0d54  NDProxy - ok
18:23:33.0497 0x0d54  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:23:33.0497 0x0d54  NetBIOS - ok
18:23:33.0528 0x0d54  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:23:33.0528 0x0d54  NetBT - ok
18:23:33.0543 0x0d54  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
18:23:33.0543 0x0d54  Netlogon - ok
18:23:33.0590 0x0d54  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:23:33.0590 0x0d54  Netman - ok
18:23:33.0637 0x0d54  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:23:33.0668 0x0d54  NetMsmqActivator - ok
18:23:33.0668 0x0d54  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:23:33.0668 0x0d54  NetPipeActivator - ok
18:23:33.0699 0x0d54  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:23:33.0715 0x0d54  netprofm - ok
18:23:33.0731 0x0d54  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:23:33.0731 0x0d54  NetTcpActivator - ok
18:23:33.0746 0x0d54  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:23:33.0746 0x0d54  NetTcpPortSharing - ok
18:23:34.0074 0x0d54  [ 5D262402B0634C998F8CBCEAD7DD8676, 535C869C4522B012A7FB600382D46D6E5F242C18F28590FD26A918648B19EDFD ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
18:23:34.0261 0x0d54  NETwNs64 - ok
18:23:34.0308 0x0d54  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:23:34.0308 0x0d54  nfrd960 - ok
18:23:34.0339 0x0d54  [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:23:34.0355 0x0d54  NisDrv - ok
18:23:34.0401 0x0d54  [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
18:23:34.0433 0x0d54  NisSrv - ok
18:23:34.0479 0x0d54  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:23:34.0495 0x0d54  NlaSvc - ok
18:23:34.0511 0x0d54  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:23:34.0511 0x0d54  Npfs - ok
18:23:34.0526 0x0d54  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:23:34.0542 0x0d54  nsi - ok
18:23:34.0557 0x0d54  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:23:34.0557 0x0d54  nsiproxy - ok
18:23:34.0667 0x0d54  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:23:34.0729 0x0d54  Ntfs - ok
18:23:34.0729 0x0d54  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:23:34.0729 0x0d54  Null - ok
18:23:34.0791 0x0d54  [ D584ABB6A308933A5F72B46C9E5A783F, 31922A27B3A9A64A9F71B7591FCAC6E0ACD15E36B9BFC4B4D75DE473E0F5CF6B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
18:23:34.0791 0x0d54  nusb3hub - ok
18:23:34.0807 0x0d54  [ 345B9C04E2036DA4346E3249A5BDFD06, 2FCA4661757EC8E33F6D1E8066165C0E0A0D32649318412A79A915B83496236A ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:23:34.0823 0x0d54  nusb3xhc - ok
18:23:34.0869 0x0d54  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:23:34.0869 0x0d54  nvraid - ok
18:23:34.0885 0x0d54  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:23:34.0901 0x0d54  nvstor - ok
18:23:34.0932 0x0d54  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:23:34.0932 0x0d54  nv_agp - ok
18:23:34.0947 0x0d54  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:23:34.0947 0x0d54  ohci1394 - ok
18:23:35.0025 0x0d54  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:23:35.0041 0x0d54  ose - ok
18:23:35.0291 0x0d54  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:23:35.0478 0x0d54  osppsvc - ok
18:23:35.0509 0x0d54  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:23:35.0509 0x0d54  p2pimsvc - ok
18:23:35.0540 0x0d54  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:23:35.0571 0x0d54  p2psvc - ok
18:23:35.0587 0x0d54  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
18:23:35.0587 0x0d54  Parport - ok
18:23:35.0618 0x0d54  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:23:35.0618 0x0d54  partmgr - ok
18:23:35.0634 0x0d54  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:23:35.0649 0x0d54  PcaSvc - ok
18:23:35.0665 0x0d54  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:23:35.0665 0x0d54  pci - ok
18:23:35.0712 0x0d54  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:23:35.0712 0x0d54  pciide - ok
18:23:35.0743 0x0d54  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:23:35.0759 0x0d54  pcmcia - ok
18:23:35.0774 0x0d54  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:23:35.0790 0x0d54  pcw - ok
18:23:35.0805 0x0d54  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:23:35.0837 0x0d54  PEAUTH - ok
18:23:35.0915 0x0d54  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:23:35.0930 0x0d54  PerfHost - ok
18:23:36.0008 0x0d54  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:23:36.0055 0x0d54  pla - ok
18:23:36.0117 0x0d54  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:23:36.0133 0x0d54  PlugPlay - ok
18:23:36.0133 0x0d54  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:23:36.0149 0x0d54  PNRPAutoReg - ok
18:23:36.0149 0x0d54  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:23:36.0164 0x0d54  PNRPsvc - ok
18:23:36.0195 0x0d54  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:23:36.0227 0x0d54  PolicyAgent - ok
18:23:36.0289 0x0d54  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:23:36.0305 0x0d54  Power - ok
18:23:36.0351 0x0d54  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:23:36.0367 0x0d54  PptpMiniport - ok
18:23:36.0383 0x0d54  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
18:23:36.0383 0x0d54  Processor - ok
18:23:36.0445 0x0d54  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:23:36.0461 0x0d54  ProfSvc - ok
18:23:36.0461 0x0d54  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:23:36.0461 0x0d54  ProtectedStorage - ok
18:23:36.0476 0x0d54  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:23:36.0492 0x0d54  Psched - ok
18:23:36.0570 0x0d54  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:23:36.0632 0x0d54  ql2300 - ok
18:23:36.0648 0x0d54  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:23:36.0648 0x0d54  ql40xx - ok
18:23:36.0663 0x0d54  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:23:36.0679 0x0d54  QWAVE - ok
18:23:36.0679 0x0d54  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:23:36.0695 0x0d54  QWAVEdrv - ok
18:23:36.0695 0x0d54  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:23:36.0695 0x0d54  RasAcd - ok
18:23:36.0726 0x0d54  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:23:36.0726 0x0d54  RasAgileVpn - ok
18:23:36.0741 0x0d54  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:23:36.0741 0x0d54  RasAuto - ok
18:23:36.0757 0x0d54  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:23:36.0757 0x0d54  Rasl2tp - ok
18:23:36.0773 0x0d54  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
18:23:36.0788 0x0d54  RasMan - ok
18:23:36.0804 0x0d54  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:23:36.0804 0x0d54  RasPppoe - ok
18:23:36.0819 0x0d54  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:23:36.0819 0x0d54  RasSstp - ok
18:23:36.0835 0x0d54  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:23:36.0851 0x0d54  rdbss - ok
18:23:36.0866 0x0d54  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:23:36.0866 0x0d54  rdpbus - ok
18:23:36.0882 0x0d54  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:23:36.0882 0x0d54  RDPCDD - ok
18:23:36.0897 0x0d54  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:23:36.0897 0x0d54  RDPENCDD - ok
18:23:36.0897 0x0d54  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:23:36.0897 0x0d54  RDPREFMP - ok
18:23:36.0929 0x0d54  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:23:36.0944 0x0d54  RDPWD - ok
18:23:36.0960 0x0d54  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:23:36.0975 0x0d54  rdyboost - ok
18:23:37.0007 0x0d54  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:23:37.0022 0x0d54  RemoteAccess - ok
18:23:37.0038 0x0d54  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:23:37.0038 0x0d54  RemoteRegistry - ok
18:23:37.0085 0x0d54  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:23:37.0100 0x0d54  RFCOMM - ok
18:23:37.0116 0x0d54  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:23:37.0116 0x0d54  RpcEptMapper - ok
18:23:37.0131 0x0d54  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:23:37.0131 0x0d54  RpcLocator - ok
18:23:37.0163 0x0d54  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
18:23:37.0194 0x0d54  RpcSs - ok
18:23:37.0194 0x0d54  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:23:37.0194 0x0d54  rspndr - ok
18:23:37.0272 0x0d54  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:23:37.0303 0x0d54  RTL8167 - ok
18:23:37.0319 0x0d54  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
18:23:37.0319 0x0d54  SamSs - ok
18:23:37.0334 0x0d54  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:23:37.0334 0x0d54  sbp2port - ok
18:23:37.0365 0x0d54  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:23:37.0365 0x0d54  SCardSvr - ok
18:23:37.0381 0x0d54  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:23:37.0381 0x0d54  scfilter - ok
18:23:37.0428 0x0d54  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
18:23:37.0443 0x0d54  Schedule - ok
18:23:37.0490 0x0d54  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:23:37.0490 0x0d54  SCPolicySvc - ok
18:23:37.0506 0x0d54  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:23:37.0521 0x0d54  SDRSVC - ok
18:23:37.0537 0x0d54  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:23:37.0537 0x0d54  secdrv - ok
18:23:37.0537 0x0d54  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
18:23:37.0537 0x0d54  seclogon - ok
18:23:37.0553 0x0d54  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
18:23:37.0553 0x0d54  SENS - ok
18:23:37.0584 0x0d54  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:23:37.0584 0x0d54  SensrSvc - ok
18:23:37.0599 0x0d54  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:23:37.0599 0x0d54  Serenum - ok
18:23:37.0631 0x0d54  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
18:23:37.0631 0x0d54  Serial - ok
18:23:37.0662 0x0d54  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:23:37.0662 0x0d54  sermouse - ok
18:23:37.0693 0x0d54  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:23:37.0693 0x0d54  SessionEnv - ok
18:23:37.0709 0x0d54  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:23:37.0709 0x0d54  sffdisk - ok
18:23:37.0724 0x0d54  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:23:37.0724 0x0d54  sffp_mmc - ok
18:23:37.0740 0x0d54  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:23:37.0740 0x0d54  sffp_sd - ok
18:23:37.0755 0x0d54  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:23:37.0755 0x0d54  sfloppy - ok
18:23:37.0802 0x0d54  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:23:37.0818 0x0d54  SharedAccess - ok
18:23:37.0865 0x0d54  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:23:37.0865 0x0d54  ShellHWDetection - ok
18:23:37.0880 0x0d54  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:23:37.0880 0x0d54  SiSRaid2 - ok
18:23:37.0896 0x0d54  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:23:37.0896 0x0d54  SiSRaid4 - ok
18:23:37.0927 0x0d54  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:23:37.0927 0x0d54  Smb - ok
18:23:37.0974 0x0d54  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:23:37.0974 0x0d54  SNMPTRAP - ok
18:23:37.0989 0x0d54  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:23:37.0989 0x0d54  spldr - ok
18:23:38.0052 0x0d54  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
18:23:38.0083 0x0d54  Spooler - ok
18:23:38.0255 0x0d54  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:23:38.0333 0x0d54  sppsvc - ok
18:23:38.0348 0x0d54  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:23:38.0348 0x0d54  sppuinotify - ok
18:23:38.0411 0x0d54  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:23:38.0426 0x0d54  srv - ok
18:23:38.0442 0x0d54  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:23:38.0457 0x0d54  srv2 - ok
18:23:38.0489 0x0d54  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:23:38.0504 0x0d54  srvnet - ok
18:23:38.0520 0x0d54  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:23:38.0520 0x0d54  SSDPSRV - ok
18:23:38.0535 0x0d54  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:23:38.0535 0x0d54  SstpSvc - ok
18:23:38.0567 0x0d54  [ 92E7F6666633D2DD91D527503DAA7BE0, E97C7FFCAF2C7A83B270B6C797A91C2731FEA26874FE1E59B4CB55D5D98744BB ] stdcfltn        C:\Windows\system32\DRIVERS\stdcfltn.sys
18:23:38.0582 0x0d54  stdcfltn - ok
18:23:38.0582 0x0d54  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:23:38.0582 0x0d54  stexstor - ok
18:23:38.0645 0x0d54  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\drivers\serscan.sys
18:23:38.0645 0x0d54  StillCam - ok
18:23:38.0723 0x0d54  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:23:38.0754 0x0d54  stisvc - ok
18:23:38.0769 0x0d54  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:23:38.0769 0x0d54  swenum - ok
18:23:38.0785 0x0d54  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:23:38.0816 0x0d54  swprv - ok
18:23:38.0925 0x0d54  [ AAD83760A0887975D8F524B4D2C86060, 99D03A522BBF84B0A7D5B7E99D0DA12AA57E55362BEDD0445D1C11231DB69277 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:23:38.0957 0x0d54  SynTP - ok
18:23:39.0019 0x0d54  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
18:23:39.0066 0x0d54  SysMain - ok
18:23:39.0081 0x0d54  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:23:39.0081 0x0d54  TabletInputService - ok
18:23:39.0097 0x0d54  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:23:39.0113 0x0d54  TapiSrv - ok
18:23:39.0128 0x0d54  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:23:39.0128 0x0d54  TBS - ok
18:23:39.0206 0x0d54  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:23:39.0284 0x0d54  Tcpip - ok
18:23:39.0362 0x0d54  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:23:39.0393 0x0d54  TCPIP6 - ok
18:23:39.0440 0x0d54  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:23:39.0440 0x0d54  tcpipreg - ok
18:23:39.0471 0x0d54  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:23:39.0487 0x0d54  TDPIPE - ok
18:23:39.0518 0x0d54  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:23:39.0518 0x0d54  TDTCP - ok
18:23:39.0565 0x0d54  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:23:39.0565 0x0d54  tdx - ok
18:23:39.0581 0x0d54  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:23:39.0581 0x0d54  TermDD - ok
18:23:39.0643 0x0d54  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
18:23:39.0674 0x0d54  TermService - ok
18:23:39.0690 0x0d54  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
18:23:39.0690 0x0d54  Themes - ok
18:23:39.0721 0x0d54  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:23:39.0737 0x0d54  THREADORDER - ok
18:23:39.0752 0x0d54  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:23:39.0768 0x0d54  TrkWks - ok
18:23:39.0815 0x0d54  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:23:39.0830 0x0d54  TrustedInstaller - ok
18:23:39.0861 0x0d54  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:23:39.0861 0x0d54  tssecsrv - ok
18:23:39.0893 0x0d54  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:23:39.0893 0x0d54  TsUsbFlt - ok
18:23:39.0908 0x0d54  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:23:39.0908 0x0d54  TsUsbGD - ok
18:23:39.0939 0x0d54  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:23:39.0939 0x0d54  tunnel - ok
18:23:39.0971 0x0d54  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:23:39.0971 0x0d54  uagp35 - ok
18:23:40.0002 0x0d54  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:23:40.0017 0x0d54  udfs - ok
18:23:40.0049 0x0d54  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:23:40.0049 0x0d54  UI0Detect - ok
18:23:40.0080 0x0d54  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:23:40.0080 0x0d54  uliagpkx - ok
18:23:40.0111 0x0d54  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:23:40.0111 0x0d54  umbus - ok
18:23:40.0127 0x0d54  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:23:40.0127 0x0d54  UmPass - ok
18:23:40.0173 0x0d54  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:23:40.0189 0x0d54  upnphost - ok
18:23:40.0236 0x0d54  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:23:40.0236 0x0d54  usbccgp - ok
18:23:40.0283 0x0d54  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:23:40.0283 0x0d54  usbcir - ok
18:23:40.0314 0x0d54  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:23:40.0314 0x0d54  usbehci - ok
18:23:40.0361 0x0d54  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:23:40.0376 0x0d54  usbhub - ok
18:23:40.0392 0x0d54  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:23:40.0392 0x0d54  usbohci - ok
18:23:40.0407 0x0d54  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
18:23:40.0407 0x0d54  usbprint - ok
18:23:40.0439 0x0d54  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:23:40.0439 0x0d54  USBSTOR - ok
18:23:40.0439 0x0d54  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:23:40.0454 0x0d54  usbuhci - ok
18:23:40.0470 0x0d54  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:23:40.0485 0x0d54  usbvideo - ok
18:23:40.0485 0x0d54  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:23:40.0485 0x0d54  UxSms - ok
18:23:40.0501 0x0d54  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
18:23:40.0501 0x0d54  VaultSvc - ok
18:23:40.0517 0x0d54  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:23:40.0517 0x0d54  vdrvroot - ok
18:23:40.0548 0x0d54  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:23:40.0563 0x0d54  vds - ok
18:23:40.0579 0x0d54  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:23:40.0579 0x0d54  vga - ok
18:23:40.0595 0x0d54  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:23:40.0595 0x0d54  VgaSave - ok
18:23:40.0610 0x0d54  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:23:40.0626 0x0d54  vhdmp - ok
18:23:40.0657 0x0d54  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:23:40.0657 0x0d54  viaide - ok
18:23:40.0688 0x0d54  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:23:40.0704 0x0d54  volmgr - ok
18:23:40.0735 0x0d54  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:23:40.0751 0x0d54  volmgrx - ok
18:23:40.0782 0x0d54  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:23:40.0797 0x0d54  volsnap - ok
18:23:40.0813 0x0d54  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:23:40.0829 0x0d54  vsmraid - ok
18:23:40.0891 0x0d54  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:23:40.0953 0x0d54  VSS - ok
18:23:40.0953 0x0d54  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:23:40.0953 0x0d54  vwifibus - ok
18:23:40.0969 0x0d54  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:23:40.0969 0x0d54  vwififlt - ok
18:23:40.0985 0x0d54  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:23:41.0000 0x0d54  W32Time - ok
18:23:41.0016 0x0d54  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:23:41.0016 0x0d54  WacomPen - ok
18:23:41.0047 0x0d54  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:23:41.0047 0x0d54  WANARP - ok
18:23:41.0063 0x0d54  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:23:41.0063 0x0d54  Wanarpv6 - ok
18:23:41.0141 0x0d54  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:23:41.0187 0x0d54  WatAdminSvc - ok
18:23:41.0250 0x0d54  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:23:41.0297 0x0d54  wbengine - ok
18:23:41.0312 0x0d54  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:23:41.0312 0x0d54  WbioSrvc - ok
18:23:41.0343 0x0d54  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:23:41.0359 0x0d54  wcncsvc - ok
18:23:41.0375 0x0d54  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:23:41.0375 0x0d54  WcsPlugInService - ok
18:23:41.0390 0x0d54  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
18:23:41.0390 0x0d54  Wd - ok
18:23:41.0453 0x0d54  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:23:41.0484 0x0d54  Wdf01000 - ok
18:23:41.0515 0x0d54  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:23:41.0515 0x0d54  WdiServiceHost - ok
18:23:41.0531 0x0d54  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:23:41.0531 0x0d54  WdiSystemHost - ok
18:23:41.0577 0x0d54  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
18:23:41.0593 0x0d54  WebClient - ok
18:23:41.0609 0x0d54  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:23:41.0609 0x0d54  Wecsvc - ok
18:23:41.0655 0x0d54  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:23:41.0655 0x0d54  wercplsupport - ok
18:23:41.0671 0x0d54  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:23:41.0671 0x0d54  WerSvc - ok
18:23:41.0687 0x0d54  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:23:41.0687 0x0d54  WfpLwf - ok
18:23:41.0702 0x0d54  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:23:41.0702 0x0d54  WIMMount - ok
18:23:41.0718 0x0d54  WinDefend - ok
18:23:41.0749 0x0d54  WinHttpAutoProxySvc - ok
18:23:41.0827 0x0d54  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:23:41.0843 0x0d54  Winmgmt - ok
18:23:41.0967 0x0d54  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
18:23:42.0030 0x0d54  WinRM - ok
18:23:42.0092 0x0d54  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
18:23:42.0092 0x0d54  WinUSB - ok
18:23:42.0139 0x0d54  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:23:42.0170 0x0d54  Wlansvc - ok
18:23:42.0186 0x0d54  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:23:42.0186 0x0d54  WmiAcpi - ok
18:23:42.0233 0x0d54  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:23:42.0233 0x0d54  wmiApSrv - ok
18:23:42.0248 0x0d54  WMPNetworkSvc - ok
18:23:42.0248 0x0d54  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:23:42.0264 0x0d54  WPCSvc - ok
18:23:42.0264 0x0d54  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:23:42.0279 0x0d54  WPDBusEnum - ok
18:23:42.0279 0x0d54  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:23:42.0279 0x0d54  ws2ifsl - ok
18:23:42.0295 0x0d54  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
18:23:42.0311 0x0d54  wscsvc - ok
18:23:42.0311 0x0d54  WSearch - ok
18:23:42.0435 0x0d54  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:23:42.0498 0x0d54  wuauserv - ok
18:23:42.0529 0x0d54  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:23:42.0529 0x0d54  WudfPf - ok
18:23:42.0560 0x0d54  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:23:42.0560 0x0d54  WUDFRd - ok
18:23:42.0591 0x0d54  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:23:42.0607 0x0d54  wudfsvc - ok
18:23:42.0638 0x0d54  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:23:42.0654 0x0d54  WwanSvc - ok
18:23:42.0669 0x0d54  ================ Scan global ===============================
18:23:42.0701 0x0d54  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:23:42.0747 0x0d54  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:23:42.0779 0x0d54  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:23:42.0825 0x0d54  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:23:42.0872 0x0d54  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
18:23:42.0888 0x0d54  [ Global ] - ok
18:23:42.0888 0x0d54  ================ Scan MBR ==================================
18:23:42.0903 0x0d54  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:23:43.0200 0x0d54  \Device\Harddisk0\DR0 - ok
18:23:43.0200 0x0d54  ================ Scan VBR ==================================
18:23:43.0200 0x0d54  [ C665871DC5D977097B52035B9A13B08A ] \Device\Harddisk0\DR0\Partition1
18:23:43.0200 0x0d54  \Device\Harddisk0\DR0\Partition1 - ok
18:23:43.0215 0x0d54  [ 2FE620EE38F17DE1407099C8821691CD ] \Device\Harddisk0\DR0\Partition2
18:23:43.0215 0x0d54  \Device\Harddisk0\DR0\Partition2 - ok
18:23:43.0215 0x0d54  ================ Scan active images ========================
18:23:43.0215 0x0d54  [ 3E588B60EC061686BA05D33574A344C6, 19D2D863F95CCC4493A2328B6BEB04248B6A80F957532E58C1D1D868C19FDCCB ] C:\Windows\System32\drivers\crashdmp.sys
18:23:43.0215 0x0d54  C:\Windows\System32\drivers\crashdmp.sys - ok
18:23:43.0231 0x0d54  [ 839B5FE3D48E9F35B22C21A3D5103F6C, A9CEA695E43092B72B0E988063E00A7C0BCE90095344E9A2F380218482BCE77F ] C:\Windows\System32\drivers\Dumpata.sys
18:23:43.0231 0x0d54  C:\Windows\System32\drivers\Dumpata.sys - ok
18:23:43.0231 0x0d54  [ 814DB88F2641691575A455CF25354098, 79C50F0CD72612733217A0316BEFEA0B6D819C3159D9452EAB89AC26A18A0F89 ] C:\Windows\System32\drivers\dumpfve.sys
18:23:43.0231 0x0d54  C:\Windows\System32\drivers\dumpfve.sys - ok
18:23:43.0247 0x0d54  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] C:\Windows\System32\drivers\msahci.sys
18:23:43.0247 0x0d54  C:\Windows\System32\drivers\msahci.sys - ok
18:23:43.0247 0x0d54  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] C:\Windows\System32\drivers\cdrom.sys
18:23:43.0247 0x0d54  C:\Windows\System32\drivers\cdrom.sys - ok
18:23:43.0247 0x0d54  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] C:\Windows\System32\drivers\beep.sys
18:23:43.0247 0x0d54  C:\Windows\System32\drivers\beep.sys - ok
18:23:43.0247 0x0d54  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] C:\Windows\System32\drivers\null.sys
18:23:43.0247 0x0d54  C:\Windows\System32\drivers\null.sys - ok
18:23:43.0262 0x0d54  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] C:\Windows\System32\drivers\RDPCDD.sys
18:23:43.0262 0x0d54  C:\Windows\System32\drivers\RDPCDD.sys - ok
18:23:43.0262 0x0d54  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] C:\Windows\System32\drivers\vga.sys
18:23:43.0262 0x0d54  C:\Windows\System32\drivers\vga.sys - ok
18:23:43.0262 0x0d54  [ E7353D59C9842BC7299FAEB7E7E09340, C37ED1025E07BAC2F535DCFED6C6C509515D95722EADE5AF94F1FC5D8B1DC783 ] C:\Windows\System32\drivers\videoprt.sys
18:23:43.0262 0x0d54  C:\Windows\System32\drivers\videoprt.sys - ok
18:23:43.0262 0x0d54  [ FC438D1430B28618E2D0C7C332A710AD, 873957B202E454E2C8F625E5799F278CAC16EC5EEAEE2C33E2FE5D1FF0408CB2 ] C:\Windows\System32\drivers\watchdog.sys
18:23:43.0262 0x0d54  C:\Windows\System32\drivers\watchdog.sys - ok
18:23:43.0262 0x0d54  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] C:\Windows\System32\drivers\msfs.sys
18:23:43.0262 0x0d54  C:\Windows\System32\drivers\msfs.sys - ok
18:23:43.0278 0x0d54  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] C:\Windows\System32\drivers\npfs.sys
18:23:43.0278 0x0d54  C:\Windows\System32\drivers\npfs.sys - ok
18:23:43.0278 0x0d54  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] C:\Windows\System32\drivers\RDPENCDD.sys
18:23:43.0278 0x0d54  C:\Windows\System32\drivers\RDPENCDD.sys - ok
18:23:43.0278 0x0d54  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] C:\Windows\System32\drivers\RDPREFMP.sys
18:23:43.0278 0x0d54  C:\Windows\System32\drivers\RDPREFMP.sys - ok
18:23:43.0278 0x0d54  [ 6F020A220388ECA0AB6062DC27BD16B6, 48655230E482DEB7B4B50EF05818EBB29CA61E780AEFCD9D31B02DE4DF9D9540 ] C:\Windows\System32\drivers\tdi.sys
18:23:43.0278 0x0d54  C:\Windows\System32\drivers\tdi.sys - ok
18:23:43.0293 0x0d54  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] C:\Windows\System32\drivers\tdx.sys
18:23:43.0293 0x0d54  C:\Windows\System32\drivers\tdx.sys - ok
18:23:43.0293 0x0d54  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] C:\Windows\System32\drivers\afd.sys
18:23:43.0293 0x0d54  C:\Windows\System32\drivers\afd.sys - ok
18:23:43.0293 0x0d54  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] C:\Windows\System32\drivers\netbt.sys
18:23:43.0293 0x0d54  C:\Windows\System32\drivers\netbt.sys - ok
18:23:43.0293 0x0d54  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] C:\Windows\System32\drivers\pacer.sys
18:23:43.0293 0x0d54  C:\Windows\System32\drivers\pacer.sys - ok
18:23:43.0293 0x0d54  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] C:\Windows\System32\drivers\vwififlt.sys
18:23:43.0293 0x0d54  C:\Windows\System32\drivers\vwififlt.sys - ok
18:23:43.0309 0x0d54  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] C:\Windows\System32\drivers\wfplwf.sys
18:23:43.0309 0x0d54  C:\Windows\System32\drivers\wfplwf.sys - ok
18:23:43.0309 0x0d54  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] C:\Windows\System32\drivers\netbios.sys
18:23:43.0309 0x0d54  C:\Windows\System32\drivers\netbios.sys - ok
18:23:43.0309 0x0d54  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] C:\Windows\System32\drivers\termdd.sys
18:23:43.0309 0x0d54  C:\Windows\System32\drivers\termdd.sys - ok
18:23:43.0309 0x0d54  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] C:\Windows\System32\drivers\wanarp.sys
18:23:43.0309 0x0d54  C:\Windows\System32\drivers\wanarp.sys - ok
18:23:43.0325 0x0d54  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] C:\Windows\System32\drivers\rdbss.sys
18:23:43.0325 0x0d54  C:\Windows\System32\drivers\rdbss.sys - ok
18:23:43.0325 0x0d54  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] C:\Windows\System32\drivers\nsiproxy.sys
18:23:43.0325 0x0d54  C:\Windows\System32\drivers\nsiproxy.sys - ok
18:23:43.0325 0x0d54  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] C:\Windows\System32\drivers\mssmbios.sys
18:23:43.0325 0x0d54  C:\Windows\System32\drivers\mssmbios.sys - ok
18:23:43.0325 0x0d54  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] C:\Windows\System32\drivers\dfsc.sys
18:23:43.0325 0x0d54  C:\Windows\System32\drivers\dfsc.sys - ok
18:23:43.0325 0x0d54  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] C:\Windows\System32\drivers\discache.sys
18:23:43.0325 0x0d54  C:\Windows\System32\drivers\discache.sys - ok
18:23:43.0340 0x0d54  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] C:\Windows\System32\drivers\blbdrive.sys
18:23:43.0340 0x0d54  C:\Windows\System32\drivers\blbdrive.sys - ok
18:23:43.0340 0x0d54  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] C:\Windows\System32\drivers\tunnel.sys
18:23:43.0340 0x0d54  C:\Windows\System32\drivers\tunnel.sys - ok
18:23:43.0340 0x0d54  [ CAAAC014C5C56A69F710B5F1B836DE22, DA98EF2EBF9A7F180344A88CC2C74F69101E17BBAB58B1C46176FD6EE7AA2E6A ] C:\Windows\System32\ntdll.dll
18:23:43.0340 0x0d54  C:\Windows\System32\ntdll.dll - ok
18:23:43.0340 0x0d54  [ F0970A4BC8395659C22BF53D0FADF16F, 23BE3066D89A5ACBF8130899640D377476E78B6C3D19E2D13C32238464A83E21 ] C:\Windows\System32\smss.exe
18:23:43.0340 0x0d54  C:\Windows\System32\smss.exe - ok
18:23:43.0356 0x0d54  [ 3B536A8BEC3B4F23FFDFD78B11A2AB93, 7BC847CE6C2D29C334F0D1600BBBDE3933FF45F6BEE5186F442E6270A3F9EC4E ] C:\Windows\System32\autochk.exe
18:23:43.0356 0x0d54  C:\Windows\System32\autochk.exe - ok
18:23:43.0356 0x0d54  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] C:\Windows\System32\drivers\wmiacpi.sys
18:23:43.0356 0x0d54  C:\Windows\System32\drivers\wmiacpi.sys - ok
18:23:43.0356 0x0d54  [ A1CF07D24EDCDC6870535471654D957C, FA0CD2ABA2C15E9FC4A1DEE58F365EC10D9597D521556DC2648B50CE0537926D ] C:\Windows\System32\drivers\igdkmd64.sys
18:23:43.0356 0x0d54  C:\Windows\System32\drivers\igdkmd64.sys - ok
18:23:43.0356 0x0d54  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] C:\Windows\System32\drivers\dxgkrnl.sys
18:23:43.0356 0x0d54  C:\Windows\System32\drivers\dxgkrnl.sys - ok
18:23:43.0356 0x0d54  [ 1F04CFB79DD5FB7694468CE3FB3DCC31, A40C0BF6D1EC6C4281611A830EA7B22FEF523A3E197E5A8F59332D64E90376B6 ] C:\Windows\System32\drivers\dxgmms1.sys
18:23:43.0356 0x0d54  C:\Windows\System32\drivers\dxgmms1.sys - ok
18:23:43.0371 0x0d54  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] C:\Windows\System32\drivers\HECIx64.sys
18:23:43.0371 0x0d54  C:\Windows\System32\drivers\HECIx64.sys - ok
18:23:43.0371 0x0d54  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] C:\Windows\System32\drivers\hdaudbus.sys
18:23:43.0371 0x0d54  C:\Windows\System32\drivers\hdaudbus.sys - ok
18:23:43.0371 0x0d54  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] C:\Windows\System32\drivers\usbehci.sys
18:23:43.0371 0x0d54  C:\Windows\System32\drivers\usbehci.sys - ok
18:23:43.0371 0x0d54  [ 12FEB33791920678F8433701C822BCFD, 7D1AD944CF0532D5AF951ACCE064EA9288F068964603674854CD7658D2B96039 ] C:\Windows\System32\drivers\usbport.sys
18:23:43.0371 0x0d54  C:\Windows\System32\drivers\usbport.sys - ok
18:23:43.0387 0x0d54  [ B938AF16A521C913791C6F7AFF032757, 3D0B64F23C3C932E31936874E513D74BA668401516E482E029D690E78184C498 ] C:\Windows\System32\oleaut32.dll
18:23:43.0387 0x0d54  C:\Windows\System32\oleaut32.dll - ok
18:23:43.0387 0x0d54  [ 5D262402B0634C998F8CBCEAD7DD8676, 535C869C4522B012A7FB600382D46D6E5F242C18F28590FD26A918648B19EDFD ] C:\Windows\System32\drivers\NETwNs64.sys
18:23:43.0387 0x0d54  C:\Windows\System32\drivers\NETwNs64.sys - ok
18:23:43.0387 0x0d54  [ 28C0B5024F5C5A438E78B188CFC81B7F, AB81FB63F2908CE316B45609077ACBD85F4B2AAD1606B1E9030F06DB82EDDFAD ] C:\Windows\System32\normaliz.dll
18:23:43.0387 0x0d54  C:\Windows\System32\normaliz.dll - ok
18:23:43.0387 0x0d54  [ 25983DE69B57142039AC8D95E71CD9C9, A677DA7EBCBCB6073D27E8A38809F51E971E83ED379BC599AAAD6EF4216348DA ] C:\Windows\System32\clbcatq.dll
18:23:43.0387 0x0d54  C:\Windows\System32\clbcatq.dll - ok
18:23:43.0387 0x0d54  [ 044FE45FFD6AD40E3BBBE60B7F41BABE, A1688A5E6E0F7037C850699462C2655006A7D873C97F9AB406C59D81749B6F09 ] C:\Windows\System32\nsi.dll
18:23:43.0387 0x0d54  C:\Windows\System32\nsi.dll - ok
18:23:43.0403 0x0d54  [ F947D57534E01E3CA597BCF2AD8AE65B, 498A87443CE3344F82B19D4903F128337B5B3DA49D3C208F796394DA6B3A8946 ] C:\Windows\System32\rpcrt4.dll
18:23:43.0403 0x0d54  C:\Windows\System32\rpcrt4.dll - ok
18:23:43.0403 0x0d54  [ 345B9C04E2036DA4346E3249A5BDFD06, 2FCA4661757EC8E33F6D1E8066165C0E0A0D32649318412A79A915B83496236A ] C:\Windows\System32\drivers\nusb3xhc.sys
18:23:43.0403 0x0d54  C:\Windows\System32\drivers\nusb3xhc.sys - ok
18:23:43.0403 0x0d54  [ FFA06EF43987ED0DD42AD59B260C0C78, 260518D5E077E55E0F2099037DBEFA93016FD4D4655456DDB3147AF9CBE7BF6B ] C:\Windows\System32\drivers\usbd.sys
18:23:43.0403 0x0d54  C:\Windows\System32\drivers\usbd.sys - ok
18:23:43.0403 0x0d54  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] C:\Windows\System32\drivers\vwifibus.sys
18:23:43.0403 0x0d54  C:\Windows\System32\drivers\vwifibus.sys - ok
18:23:43.0418 0x0d54  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] C:\Windows\System32\drivers\Rt64win7.sys
18:23:43.0418 0x0d54  C:\Windows\System32\drivers\Rt64win7.sys - ok
18:23:43.0418 0x0d54  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] C:\Windows\System32\drivers\i8042prt.sys
18:23:43.0418 0x0d54  C:\Windows\System32\drivers\i8042prt.sys - ok
18:23:43.0418 0x0d54  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] C:\Windows\System32\drivers\kbdclass.sys
18:23:43.0418 0x0d54  C:\Windows\System32\drivers\kbdclass.sys - ok
18:23:43.0418 0x0d54  [ AAD83760A0887975D8F524B4D2C86060, 99D03A522BBF84B0A7D5B7E99D0DA12AA57E55362BEDD0445D1C11231DB69277 ] C:\Windows\System32\drivers\SynTP.sys
18:23:43.0418 0x0d54  C:\Windows\System32\drivers\SynTP.sys - ok
18:23:43.0418 0x0d54  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] C:\Windows\System32\drivers\mouclass.sys
18:23:43.0418 0x0d54  C:\Windows\System32\drivers\mouclass.sys - ok
18:23:43.0434 0x0d54  [ AEDB94A49236F5FF060C90E09E70281F, 111ADF5A4B19A31A86DD9D62F06C065B983A11E3286BA973D0080FBB38D2E514 ] C:\Windows\System32\drivers\Accelern.sys
18:23:43.0434 0x0d54  C:\Windows\System32\drivers\Accelern.sys - ok
18:23:43.0434 0x0d54  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] C:\Windows\System32\drivers\CmBatt.sys
18:23:43.0434 0x0d54  C:\Windows\System32\drivers\CmBatt.sys - ok
18:23:43.0434 0x0d54  [ D87E1E59C73C1F98D5DED5B3850C40F5, 536419BFF9F877D4314B5D0C045D9A6E729489C389863FADF07E382050BC84FD ] C:\Windows\System32\psapi.dll
18:23:43.0434 0x0d54  C:\Windows\System32\psapi.dll - ok
18:23:43.0434 0x0d54  [ FE70103391A64039A921DBFFF9C7AB1B, F7D219D75037BC98F6C69143B00AB6000A31F8B5E211E0AF514F4F4B681522A0 ] C:\Windows\System32\user32.dll
18:23:43.0434 0x0d54  C:\Windows\System32\user32.dll - ok
18:23:43.0449 0x0d54  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] C:\Windows\System32\drivers\CompositeBus.sys
18:23:43.0449 0x0d54  C:\Windows\System32\drivers\CompositeBus.sys - ok
18:23:43.0449 0x0d54  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] C:\Windows\System32\drivers\intelppm.sys
18:23:43.0449 0x0d54  C:\Windows\System32\drivers\intelppm.sys - ok
18:23:43.0449 0x0d54  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] C:\Windows\System32\drivers\agilevpn.sys
18:23:43.0449 0x0d54  C:\Windows\System32\drivers\agilevpn.sys - ok
18:23:43.0449 0x0d54  [ 796B47A4B82EF1C39F13435B88834C48, AFC3E89476BAAD8A71663F0DB8D15E00FF9D131F1306A2F69D728E3AD1184602 ] C:\Windows\System32\lpk.dll
18:23:43.0449 0x0d54  C:\Windows\System32\lpk.dll - ok
18:23:43.0449 0x0d54  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] C:\Windows\System32\drivers\ndistapi.sys
18:23:43.0449 0x0d54  C:\Windows\System32\drivers\ndistapi.sys - ok
18:23:43.0465 0x0d54  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] C:\Windows\System32\drivers\ndiswan.sys
18:23:43.0465 0x0d54  C:\Windows\System32\drivers\ndiswan.sys - ok
18:23:43.0465 0x0d54  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] C:\Windows\System32\drivers\rasl2tp.sys
18:23:43.0465 0x0d54  C:\Windows\System32\drivers\rasl2tp.sys - ok
18:23:43.0465 0x0d54  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] C:\Windows\System32\drivers\raspppoe.sys
18:23:43.0465 0x0d54  C:\Windows\System32\drivers\raspppoe.sys - ok
18:23:43.0465 0x0d54  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] C:\Windows\System32\drivers\raspptp.sys
18:23:43.0465 0x0d54  C:\Windows\System32\drivers\raspptp.sys - ok
18:23:43.0465 0x0d54  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] C:\Windows\System32\drivers\rassstp.sys
18:23:43.0465 0x0d54  C:\Windows\System32\drivers\rassstp.sys - ok
18:23:43.0481 0x0d54  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] C:\Windows\System32\drivers\serscan.sys
18:23:43.0481 0x0d54  C:\Windows\System32\drivers\serscan.sys - ok
18:23:43.0481 0x0d54  [ 24FBF5CC5C04150073C315A7C83521EE, 581BD5F15B5E57B3BAA762E421FFD859FDA46DDB8515C2A7AAFF208D784E906C ] C:\Windows\System32\drivers\ks.sys
18:23:43.0481 0x0d54  C:\Windows\System32\drivers\ks.sys - ok
18:23:43.0481 0x0d54  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] C:\Windows\System32\drivers\ksthunk.sys
18:23:43.0481 0x0d54  C:\Windows\System32\drivers\ksthunk.sys - ok
18:23:43.0481 0x0d54  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] C:\Windows\System32\drivers\swenum.sys
18:23:43.0481 0x0d54  C:\Windows\System32\drivers\swenum.sys - ok
18:23:43.0496 0x0d54  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] C:\Windows\System32\drivers\umbus.sys
18:23:43.0496 0x0d54  C:\Windows\System32\drivers\umbus.sys - ok
18:23:43.0496 0x0d54  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] C:\Windows\System32\drivers\usbhub.sys
18:23:43.0496 0x0d54  C:\Windows\System32\drivers\usbhub.sys - ok
18:23:43.0496 0x0d54  [ AA2C08CE85653B1A0D2E4AB407FA176C, 83DFD0C119B20AEDB07114C9D1CF9CE2DFA938D0F1070256B0591A9E2C3997FA ] C:\Windows\System32\imm32.dll
18:23:43.0496 0x0d54  C:\Windows\System32\imm32.dll - ok
18:23:43.0496 0x0d54  [ C431EAF5CAA1C82CAC2534A2EAB348A3, ADDF850128DC675E67FABA9A3D0D27E684F01F733962CA22927BB94503549E44 ] C:\Windows\System32\msctf.dll
18:23:43.0496 0x0d54  C:\Windows\System32\msctf.dll - ok
18:23:43.0496 0x0d54  [ F7CE0C81C545364020ED8203CF0A633E, 24B47A7492B7048096AF87E26786E8108455ADBD1A374B6A0466DE008505B8A9 ] C:\Windows\System32\difxapi.dll
18:23:43.0496 0x0d54  C:\Windows\System32\difxapi.dll - ok
18:23:43.0512 0x0d54  [ C391FC68282A000CDF953F8B6B55D2EF, 1CB0DAB84545D9FDEA5A7865A1E7132CEAC91DECF8B100285B63098D7B09E584 ] C:\Windows\System32\msvcrt.dll
18:23:43.0512 0x0d54  C:\Windows\System32\msvcrt.dll - ok
18:23:43.0512 0x0d54  [ D2A513EE880D71BDE7F0257F38B9D019, 7BDBFEA312061C0498E4C09EF5E4B3AAA23309E7448028F67EAA6F8F7188E871 ] C:\Windows\System32\kernel32.dll
18:23:43.0512 0x0d54  C:\Windows\System32\kernel32.dll - ok
18:23:43.0512 0x0d54  [ E7A2061ADF0F4D430FECDA1E8D6B7BA6, D2D2D1E80C937DB6C887347E8BF496A8A7D5E2F6A3BF85C993B0F6978F418595 ] C:\Windows\System32\urlmon.dll
18:23:43.0512 0x0d54  C:\Windows\System32\urlmon.dll - ok
18:23:43.0512 0x0d54  [ 5D8E6C95156ED1F79A63D1EADE6F9ED5, 12130837D7F89A2C7E9D25747A8E5B9001E0A38D545178B49B450C23AE62664A ] C:\Windows\System32\setupapi.dll
18:23:43.0512 0x0d54  C:\Windows\System32\setupapi.dll - ok
18:23:43.0527 0x0d54  [ EAF32CB8C1F810E4715B4DFBE785C7FF, DB6AD07FDED42433E669508AB73FAFF6DAFF04575D6F1D016FE3EB6ECEC4DD5D ] C:\Windows\System32\shlwapi.dll
18:23:43.0527 0x0d54  C:\Windows\System32\shlwapi.dll - ok
18:23:43.0527 0x0d54  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] C:\Windows\System32\drivers\ndproxy.sys
18:23:43.0527 0x0d54  C:\Windows\System32\drivers\ndproxy.sys - ok
18:23:43.0527 0x0d54  [ 860528C9E50AB84935843B23A80E665E, 1BBC4FC384A2C9B2E30DC8D84C435A6A8E1993F074CDBF0A6A3AC774A3E62AD4 ] C:\Windows\System32\gdi32.dll
18:23:43.0527 0x0d54  C:\Windows\System32\gdi32.dll - ok
18:23:43.0527 0x0d54  [ 4E4FFB09D895AA000DD56D1404F69A7E, D999E04BB35780088480EAB322176570591A21E311D204BDCAB010A63B34D24C ] C:\Windows\System32\Wldap32.dll
18:23:43.0527 0x0d54  C:\Windows\System32\Wldap32.dll - ok
18:23:43.0527 0x0d54  [ 63A580C88CFAF72A92550940054569EF, A66C89123D1833446ACC31D5CF536B0D0EC24D2F805C022A637596CF98429D9F ] C:\Windows\System32\advapi32.dll
18:23:43.0527 0x0d54  C:\Windows\System32\advapi32.dll - ok
18:23:43.0543 0x0d54  [ 9835E63E09F824D22B689D2BB789BAB9, 5BCFFAFB894D69FBCDDB91E64D30A356F4BD57098E8B4C51B98AFAF6581BDB63 ] C:\Windows\System32\comdlg32.dll
18:23:43.0543 0x0d54  C:\Windows\System32\comdlg32.dll - ok
18:23:43.0543 0x0d54  [ B4F29F65AD3114051F01E9403346047F, 7EB58545211C51E95B3F45C47C1F7CCE05B707D168E7C20F46D36E19EE3D8DFC ] C:\Windows\System32\imagehlp.dll
18:23:43.0543 0x0d54  C:\Windows\System32\imagehlp.dll - ok
18:23:43.0543 0x0d54  [ AE57F6C7AB3ED244B5F14151C4EA0057, 60BAF0909C60B2387E2972EBBC77140E9E982549F0746EE26AF4EFB4E9FD77A4 ] C:\Windows\System32\shell32.dll
18:23:43.0543 0x0d54  C:\Windows\System32\shell32.dll - ok
18:23:43.0543 0x0d54  [ E0D3CD5841E5C7BE7B94BA946AF1E498, 4EAE1B226255623DA41A047633994D6902F6D4CA5757BF5D85E227378336227F ] C:\Windows\System32\drivers\drmk.sys
18:23:43.0543 0x0d54  C:\Windows\System32\drivers\drmk.sys - ok
18:23:43.0559 0x0d54  [ 1E0B4CBBA91C6B041A14ECC2186F7E24, 63039A317F906454A0652704DA2D646658A148B9B55BFB5D2F4B27997F357DF9 ] C:\Windows\System32\drivers\portcls.sys
18:23:43.0559 0x0d54  C:\Windows\System32\drivers\portcls.sys - ok
18:23:43.0559 0x0d54  [ 8FED6428FDE53D7F4C105095F22524BE, 58DE45CB61643B25ABA73BD77553021FDD9AA904749582B10CDC662534CD77E7 ] C:\Windows\System32\drivers\RTKVHD64.sys
18:23:43.0559 0x0d54  C:\Windows\System32\drivers\RTKVHD64.sys - ok
18:23:43.0559 0x0d54  [ 4BBFA57F594F7E8A8EDC8F377184C3F0, 9F3AC5DEA5A6250C3DBB97AF79C81C0A48429486521F807355A1D7D3D861B75F ] C:\Windows\System32\ws2_32.dll
18:23:43.0559 0x0d54  C:\Windows\System32\ws2_32.dll - ok
18:23:43.0559 0x0d54  [ 83404DCBCE4925B6A5A77C5170F46D86, D669614D0B4461DB244AD99FBE1BA92CEB9B4ED5EC8E987E23764E77D9AC7074 ] C:\Windows\System32\sechost.dll
18:23:43.0559 0x0d54  C:\Windows\System32\sechost.dll - ok
18:23:43.0559 0x0d54  [ 982B871A25B5078093FAD82D0AB0E3FC, 01AB245B8E72E0A0A213911650737A8EEA284F09FFB8F9AB7EBEB70248D10149 ] C:\Windows\System32\iertutil.dll
18:23:43.0559 0x0d54  C:\Windows\System32\iertutil.dll - ok
18:23:43.0574 0x0d54  [ 088CF6AFCD5CDD44E40C0ACDE3C1A5E0, AC6AFCAE3A58AAABC972B3D6A1ED383A59910C689F38D9D4A059A0A535BA1039 ] C:\Windows\System32\usp10.dll
18:23:43.0574 0x0d54  C:\Windows\System32\usp10.dll - ok
18:23:43.0574 0x0d54  [ 4AF089160FE082E5EA5C4AA72782DCA2, E455BD9B35BF034E98D68FF98A68BE5ECE9A96D05152B7CABEFDDE77A35E9BFE ] C:\Windows\System32\wininet.dll
18:23:43.0574 0x0d54  C:\Windows\System32\wininet.dll - ok
18:23:43.0574 0x0d54  [ 6C60B5ACA7442EFB794082CDACFC001C, FC1D9124856A70FF232EF3057D66BEE803295847624CE23B4D0217F23AF52C75 ] C:\Windows\System32\ole32.dll
18:23:43.0574 0x0d54  C:\Windows\System32\ole32.dll - ok
18:23:43.0574 0x0d54  [ F49E92B50CED5C9F1725D3C0329FD933, 6155FA4D8242F07FC578FF746890C2EE19FC3D6A20ED8AE4C6F021DB2DAC184F ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
18:23:43.0574 0x0d54  C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
18:23:43.0590 0x0d54  [ 64A4AB126E24FD3F58EBE64852773DB5, ED425BBC91EB8BEF54C363036A770C551C97EF324F1AE31049CA750D0E2D6776 ] C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
18:23:43.0590 0x0d54  C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
18:23:43.0590 0x0d54  [ 0E6FBF19D9DFBB77316C23DF91F8A101, 680F88E1BC55EA3342AACE6F2E3511BF877AC8F03276D028FEE84EEFE8B5611A ] C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
18:23:43.0590 0x0d54  C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
18:23:43.0590 0x0d54  [ 2477A28081BDAEE622CF045ACF8EE124, 00A09CAF9129E84FEEA98FA03CE9012C9F961B64FEE15C4F268822C0F82ACC3C ] C:\Windows\System32\cfgmgr32.dll
18:23:43.0590 0x0d54  C:\Windows\System32\cfgmgr32.dll - ok
18:23:43.0590 0x0d54  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] C:\Windows\System32\drivers\HdAudio.sys
18:23:43.0590 0x0d54  C:\Windows\System32\drivers\HdAudio.sys - ok
18:23:43.0590 0x0d54  [ 9094039A00485F71C4DE64BF51F64C46, 4ACFEF4C747ADF806A4FDEDDFD9CC48168DFB05075306C77D3F3927749DD7484 ] C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
18:23:43.0590 0x0d54  C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll - ok
18:23:43.0605 0x0d54  [ 06FEC9E8117103BB1141A560E98077DA, C5E61B11DDBBBBBA3D9488970524F0975EA5FBDF16E2FA31F579F8BFA48353B1 ] C:\Windows\System32\devobj.dll
18:23:43.0605 0x0d54  C:\Windows\System32\devobj.dll - ok
18:23:43.0605 0x0d54  [ D584ABB6A308933A5F72B46C9E5A783F, 31922A27B3A9A64A9F71B7591FCAC6E0ACD15E36B9BFC4B4D75DE473E0F5CF6B ] C:\Windows\System32\drivers\nusb3hub.sys
18:23:43.0605 0x0d54  C:\Windows\System32\drivers\nusb3hub.sys - ok
18:23:43.0605 0x0d54  [ 851BB346CD59D9B3BC8854384C7DD5C3, 0CA1BCBDA6CB8CAC1186B3BE13C3937EDF46264FDFFCEBDF94C7EB10DE957DC6 ] C:\Windows\System32\KernelBase.dll
18:23:43.0605 0x0d54  C:\Windows\System32\KernelBase.dll - ok
18:23:43.0605 0x0d54  [ AFC3DB5C6EB8CA8017DDB81D6C0AD02A, 445C2857398252756FD25BB94DAFCCEFF573DE55F1F8BF9094C191F409FE6437 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
18:23:43.0605 0x0d54  C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
18:23:43.0621 0x0d54  [ 9028D1621C43DF8DFBD1C76860412A11, A1D48D9B33180BDE50D2FA9BB07E9520B7B7788C39B3AABB4A06AE4B1AACA755 ] C:\Windows\System32\comctl32.dll
18:23:43.0621 0x0d54  C:\Windows\System32\comctl32.dll - ok
18:23:43.0621 0x0d54  [ 959041D7014C97133D859B45BCA0FC58, 282D34828DA7404470949483CB9789A8B4861D188093F0FBD07138A37F60B94B ] C:\Windows\System32\wintrust.dll
18:23:43.0621 0x0d54  C:\Windows\System32\wintrust.dll - ok
18:23:43.0621 0x0d54  [ 7A17485DC7D8A7AC81321A42CD034519, 88D8705FA901793FC8C1CFD0175E49A6502BF0FC94A066BA573D2FD13AA5F04A ] C:\Windows\System32\userenv.dll
18:23:43.0621 0x0d54  C:\Windows\System32\userenv.dll - ok
18:23:43.0637 0x0d54  [ 780F6ECC4F55D76C9730E6B6C9B31913, 1AEA642AFA210A672A92AAA49CFDE52D9E48ED41248F7644FAADE760E8A0E72E ] C:\Windows\System32\crypt32.dll
18:23:43.0637 0x0d54  C:\Windows\System32\crypt32.dll - ok
18:23:43.0637 0x0d54  [ 72723D3E4781BADC62C3180C137E7B23, 0BDA5292928578C5DA79C761E15B8A892B9D4A3DA26D3635E714797C653CF492 ] C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
18:23:43.0637 0x0d54  C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll - ok
18:23:43.0637 0x0d54  [ 884415BD4269C02EAF8E2613BF85500D, EFE771709EC942694FD206AC8D0A48ED7DCD35036F074268E4AECD68AC982CEA ] C:\Windows\System32\msasn1.dll
18:23:43.0637 0x0d54  C:\Windows\System32\msasn1.dll - ok
18:23:43.0637 0x0d54  [ 2C942733A5983DD4502219FF37C7EBC7, 34B20B6B0D7274E4B5B783F1D2345BC3DD9888964D5C2C65712F041A00CF5B45 ] C:\Windows\System32\profapi.dll
18:23:43.0637 0x0d54  C:\Windows\System32\profapi.dll - ok
18:23:43.0637 0x0d54  [ 9C278785347BCC991F8EA2999D90F58D, EA680C3642A6ABF627415AEE019956FAC702DC6A8F4B4D0FC8A4FB21EADD3896 ] C:\Windows\SysWOW64\normaliz.dll
18:23:43.0637 0x0d54  C:\Windows\SysWOW64\normaliz.dll - ok
18:23:43.0652 0x0d54  [ BF24D6F2ED97FE830BFD52B246F98E67, 6BBF4C4221A245462EF653798F6B416EEB12594AD1CB4E8BC8908A8CB2F53384 ] C:\Windows\System32\drivers\dxapi.sys
18:23:43.0652 0x0d54  C:\Windows\System32\drivers\dxapi.sys - ok
18:23:43.0652 0x0d54  [ 93C055B6AAD76360A60CB7E59A491531, 721C33C7D8E3EE58EF2665E9CDDA3B648E8DAF6A0C413EB2F1039CC91600AA7A ] C:\Windows\System32\win32k.sys
18:23:43.0652 0x0d54  C:\Windows\System32\win32k.sys - ok
18:23:43.0652 0x0d54  [ 216BABD555BC550952320EEA89C25DDF, 1BBB92415280032CD18F361382A69D0D91266AAD56FC88A99C804B0053743D72 ] C:\Windows\System32\csrsrv.dll
18:23:43.0652 0x0d54  C:\Windows\System32\csrsrv.dll - ok
18:23:43.0652 0x0d54  [ 60C2862B4BF0FD9F582EF344C2B1EC72, CB1C6018FC5C15483AC5BB96E5C2E2E115BB0C0E1314837D77201BAB37E8C03A ] C:\Windows\System32\csrss.exe
18:23:43.0652 0x0d54  C:\Windows\System32\csrss.exe - ok
18:23:43.0668 0x0d54  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\System32\basesrv.dll
18:23:43.0668 0x0d54  C:\Windows\System32\basesrv.dll - ok
18:23:43.0668 0x0d54  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\System32\winsrv.dll
18:23:43.0668 0x0d54  C:\Windows\System32\winsrv.dll - ok
18:23:43.0668 0x0d54  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] C:\Windows\System32\drivers\monitor.sys
18:23:43.0668 0x0d54  C:\Windows\System32\drivers\monitor.sys - ok
18:23:43.0668 0x0d54  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] C:\Windows\System32\drivers\USBSTOR.SYS
18:23:43.0668 0x0d54  C:\Windows\System32\drivers\USBSTOR.SYS - ok
18:23:43.0683 0x0d54  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] C:\Windows\System32\drivers\winusb.sys
18:23:43.0683 0x0d54  C:\Windows\System32\drivers\winusb.sys - ok
18:23:43.0683 0x0d54  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] C:\Windows\System32\drivers\bthport.sys
18:23:43.0683 0x0d54  C:\Windows\System32\drivers\bthport.sys - ok
18:23:43.0683 0x0d54  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] C:\Windows\System32\drivers\BTHUSB.SYS
18:23:43.0683 0x0d54  C:\Windows\System32\drivers\BTHUSB.SYS - ok
18:23:43.0683 0x0d54  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\System32\sxssrv.dll
18:23:43.0683 0x0d54  C:\Windows\System32\sxssrv.dll - ok
18:23:43.0699 0x0d54  [ F29FE765E1448EF371CFE05BFAC74ADB, F251581222D78543272FD4B14A6A59F4B0E0CC44A5FCBCF56DE4CA5783F78A75 ] C:\Windows\System32\tsddd.dll
18:23:43.0699 0x0d54  C:\Windows\System32\tsddd.dll - ok
18:23:43.0699 0x0d54  [ 94355C28C1970635A31B3FE52EB7CEBA, C4E98F07170CEC69CACDD5CEDB8927E48A2A299CB1B8CDA87526E768AF6174F0 ] C:\Windows\System32\wininit.exe
18:23:43.0699 0x0d54  C:\Windows\System32\wininit.exe - ok
18:23:43.0699 0x0d54  [ C2A8CB1275ECB85D246A9ECC02A728E3, 3603FADCA0060BD201148F9D59E4E2627F024609A6463AB525B5D1AD17BDCD10 ] C:\Windows\System32\RpcRtRemote.dll
18:23:43.0699 0x0d54  C:\Windows\System32\RpcRtRemote.dll - ok
18:23:43.0699 0x0d54  [ 78523A26F5604C0568FE9D1CE86E36F4, 534A7228BF69719106F581616A32EAEF0B770DDB36DCE94F84E7D52FDB1382B5 ] C:\Windows\System32\KBDUS.DLL
18:23:43.0699 0x0d54  C:\Windows\System32\KBDUS.DLL - ok
18:23:43.0699 0x0d54  [ 943F527DF79E6B400104341AA7023C75, 53C7B9426181D3D172E6B1A07E6DF8A0CB8FCA27D3A03CE5F544D3209B5F4651 ] C:\Windows\System32\cdd.dll
18:23:43.0699 0x0d54  C:\Windows\System32\cdd.dll - ok
18:23:43.0715 0x0d54  [ 9CEAD32E79A62150FE9F8557E58E008B, AFE4C1725EE94D7DE0749AE1495A4E5CC33C369F29B2A589DA66FFE27FF9777E ] C:\Windows\System32\sxs.dll
18:23:43.0715 0x0d54  C:\Windows\System32\sxs.dll - ok
18:23:43.0715 0x0d54  [ B26B1801356760841C3BC69F9F91537F, 83B9DF333E36C09E81D44E12AE5BE14650126FDA0CF4A0EA853BF40C5780EF81 ] C:\Windows\System32\WlS0WndH.dll
18:23:43.0715 0x0d54  C:\Windows\System32\WlS0WndH.dll - ok
18:23:43.0715 0x0d54  [ 784FA3DF338E2E8F5F0389D6FAC428AF, 9C8AA0CFDEB9E38AAF8EB08626070E0F0364F4F8A793CFE3532EC6C007980C34 ] C:\Windows\System32\cryptbase.dll
18:23:43.0715 0x0d54  C:\Windows\System32\cryptbase.dll - ok
18:23:43.0715 0x0d54  [ 90499F3163A9F815CF196A205EA3CD5D, 29B4ED3795CEC1177EB367132914CE21C194CDEC5DB9DC923FD928C85E94D821 ] C:\Windows\System32\apphelp.dll
18:23:43.0715 0x0d54  C:\Windows\System32\apphelp.dll - ok
18:23:43.0730 0x0d54  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] C:\Windows\System32\drivers\usbccgp.sys
18:23:43.0730 0x0d54  C:\Windows\System32\drivers\usbccgp.sys - ok
18:23:43.0730 0x0d54  [ C4C1B73FC2FF151BA08E1EAFDE2A2FAF, 0194263A4C3F9D1674BAF348FF3B3E4FA14BF8B018FBB51C16A2DE8095642565 ] C:\Windows\System32\lsasrv.dll
18:23:43.0730 0x0d54  C:\Windows\System32\lsasrv.dll - ok
18:23:43.0730 0x0d54  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] C:\Windows\System32\lsass.exe
18:23:43.0730 0x0d54  C:\Windows\System32\lsass.exe - ok
18:23:43.0730 0x0d54  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\System32\services.exe
18:23:43.0730 0x0d54  C:\Windows\System32\services.exe - ok
18:23:43.0730 0x0d54  [ 8098627D0AA1706D69C5AF3F74332ABB, 9582F6162A8405DC568FFBEA08A9090FE92FE2C9DB640077BD7F23AC4FABF700 ] C:\Windows\System32\sspisrv.dll
18:23:43.0730 0x0d54  C:\Windows\System32\sspisrv.dll - ok
18:23:43.0746 0x0d54  [ C072064F95579C0D6D86AF5B3DC53192, CF4A088DF97F4D4963BEAB9CBDBF69FEA2D4773159054A0AF8B8DFFDF83E18DA ] C:\Windows\System32\sspicli.dll
18:23:43.0746 0x0d54  C:\Windows\System32\sspicli.dll - ok
18:23:43.0746 0x0d54  [ A744BA6E04C8AA4592818178DBF89521, 9E7C85D842DF16F9B8FED7B06AF309B5ECCBFD465F5552347D4C3F1FEFDC6F7A ] C:\Windows\System32\samsrv.dll
18:23:43.0746 0x0d54  C:\Windows\System32\samsrv.dll - ok
18:23:43.0746 0x0d54  [ E914A50A151DFFE63D3935226DB5E2C1, 7DCCE4060344E1C771679F1C20378A0BEB3C1F06DB684072F07B98921A62A299 ] C:\Windows\System32\scext.dll
18:23:43.0746 0x0d54  C:\Windows\System32\scext.dll - ok
18:23:43.0746 0x0d54  [ 9662EE182644511439F1C53745DC1C88, D205B2C163E78AB42A5D67D7664EF6B75EA0374FF0924467D624F9DB0611F0AD ] C:\Windows\System32\lsm.exe
18:23:43.0746 0x0d54  C:\Windows\System32\lsm.exe - ok
18:23:43.0746 0x0d54  [ 39312B37C5FE5138F99680A49ACD3AEA, B9566B4117FBBECF77A0D3F49E9DF302088B9D483F817720B22E4F9C5754264A ] C:\Windows\System32\secur32.dll
18:23:43.0746 0x0d54  C:\Windows\System32\secur32.dll - ok
18:23:43.0761 0x0d54  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] C:\Windows\System32\drivers\usbvideo.sys
18:23:43.0761 0x0d54  C:\Windows\System32\drivers\usbvideo.sys - ok
18:23:43.0761 0x0d54  [ 68083118797CAF30FB2EA3E71494D67E, 5F1BCDFCB00A20CD60CBC70A2FD97405EF0F7173DD0E404BBA7B06D39DB37364 ] C:\Windows\System32\sysntfy.dll
18:23:43.0761 0x0d54  C:\Windows\System32\sysntfy.dll - ok
18:23:43.0761 0x0d54  [ DEE7267C5D232A3B816866872CE199E6, A1994FD37667C52E7CBF873514C190DA61A3D1349786D187BFAE0006F61799AE ] C:\Windows\System32\wmsgapi.dll
18:23:43.0761 0x0d54  C:\Windows\System32\wmsgapi.dll - ok
18:23:43.0761 0x0d54  [ BBCDF350817BA86416C0F06B6981BE8D, D064438F97852B9BD6015C8B19377C61C671E0969E09506B8359FE7B1F373A61 ] C:\Windows\System32\scesrv.dll
18:23:43.0761 0x0d54  C:\Windows\System32\scesrv.dll - ok
18:23:43.0777 0x0d54  [ 3A061472B38233BAFF9CFEFF2E49C46B, DF29B14C8D22A8A16AA336A09A6152E2C7FCA6CAF4E76F0C5DCB55BEF9D00515 ] C:\Windows\System32\cryptdll.dll
18:23:43.0777 0x0d54  C:\Windows\System32\cryptdll.dll - ok
18:23:43.0777 0x0d54  [ 3A9C9BAF610B0DD4967086040B3B62A9, E8E9A0F42B1EE7806EDCEED08AA024D037215D06CA317E3678BD5364AD513D23 ] C:\Windows\System32\srvcli.dll
18:23:43.0777 0x0d54  C:\Windows\System32\srvcli.dll - ok
18:23:43.0777 0x0d54  [ 3C073B0C596A0AF84933E7406766B040, 4698BBA678F553E15AD4B07AD7FB236281F872DEFEE97BFD637114476C8F97B3 ] C:\Windows\System32\wevtapi.dll
18:23:43.0777 0x0d54  C:\Windows\System32\wevtapi.dll - ok
18:23:43.0777 0x0d54  [ 86FE1B1F8FD42CD0DB641AB1CDB13093, 8C4BB4415105CE82FFFE658879EAE9D259A24C0F6DFC7D25507352DC99241BE2 ] C:\Windows\System32\cngaudit.dll
18:23:43.0777 0x0d54  C:\Windows\System32\cngaudit.dll - ok
18:23:43.0777 0x0d54  [ 7FBEBD2229EA5FD48D41B199EC2D541C, A465975D445A8D50CAF3EF29BD33354B320D11173C127BE30D5EBBFF7008CDCE ] C:\Windows\System32\authz.dll
18:23:43.0777 0x0d54  C:\Windows\System32\authz.dll - ok
18:23:43.0793 0x0d54  [ 109CC0DF72CC07A6CB59D2995255A1DA, 973863F6BAEDD8C0CF50662E9889041EBCEF40C7EAC31A81E6CE2AF2040B6173 ] C:\Windows\System32\ncrypt.dll
18:23:43.0793 0x0d54  C:\Windows\System32\ncrypt.dll - ok
18:23:43.0793 0x0d54  [ B9A95365E52F421A20E1501935FADDA5, DDB4CB575139233EFAF2C59B7E9B04AF36BBCCC63190181F3B2A7E6BFC86E77E ] C:\Windows\System32\bcrypt.dll
18:23:43.0793 0x0d54  C:\Windows\System32\bcrypt.dll - ok
18:23:43.0793 0x0d54  [ 8A8CB073A4B9F9D97CFA8CA9C1C851CE, 85A2C6378F65973F1825A7F4D2B0370C8C7F80675F3B594D49423B20E0805F5D ] C:\Windows\System32\kerberos.dll
18:23:43.0793 0x0d54  C:\Windows\System32\kerberos.dll - ok
18:23:43.0793 0x0d54  [ 02B64609F865A39365FF88580DF11738, 2F676B93898E1B6131AF6227BB7AB731EB9C29477F9BD4C2C60F0FC1E35CD968 ] C:\Windows\System32\msprivs.dll
18:23:43.0793 0x0d54  C:\Windows\System32\msprivs.dll - ok
18:23:43.0793 0x0d54  [ 50532FCD7ECF02DD169CE5C485F02534, 8EE5D9D0EA53DC72BCC300692E521ACADD56AB09BFA3E78149D8B5A90648512C ] C:\Windows\System32\negoexts.dll
18:23:43.0793 0x0d54  C:\Windows\System32\negoexts.dll - ok
18:23:43.0808 0x0d54  [ C6505DE3561537BA1004D638C2F93F2F, 3E4FDF374B1A9E43A8F61FD2D79E0515390ECABFDAF72C4BD44A7B6429039AF6 ] C:\Windows\System32\netjoin.dll
18:23:43.0808 0x0d54  C:\Windows\System32\netjoin.dll - ok
18:23:43.0808 0x0d54  [ D0C2FBB6D97416B0166478FC7AE2B212, 7EAB6C37F0A845E645CA44CC060AC6C56E386C7EF7A64716C6786C9602AD8C9D ] C:\Windows\System32\cryptsp.dll
18:23:43.0808 0x0d54  C:\Windows\System32\cryptsp.dll - ok
18:23:43.0808 0x0d54  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] C:\Windows\System32\drivers\bthenum.sys
18:23:43.0808 0x0d54  C:\Windows\System32\drivers\bthenum.sys - ok
18:23:43.0808 0x0d54  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] C:\Windows\System32\drivers\bthpan.sys
18:23:43.0808 0x0d54  C:\Windows\System32\drivers\bthpan.sys - ok
18:23:43.0824 0x0d54  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] C:\Windows\System32\drivers\rfcomm.sys
18:23:43.0824 0x0d54  C:\Windows\System32\drivers\rfcomm.sys - ok
18:23:43.0824 0x0d54  [ 9A9F9F1A77D6A80EE28B57664F00013E, 0D441638E086EF1342FCDC43E826BF9E9CC6B2E8AE100D89BFC70163F987DE91 ] C:\Windows\System32\mswsock.dll
18:23:43.0824 0x0d54  C:\Windows\System32\mswsock.dll - ok
18:23:43.0824 0x0d54  [ 47C48C705F4F1EFC99B50B43AE4301FE, 286625CFD9B6CDE8050F8CDF9F3C1C58CD4B575082C88B8D0630CBA2D58D480D ] C:\Windows\System32\msv1_0.dll
18:23:43.0824 0x0d54  C:\Windows\System32\msv1_0.dll - ok
18:23:43.0824 0x0d54  [ EC7CBFF96B05ECF3D366355B3C64ADCF, F69ED45EBEDCA9CF000AC03281F0EC2C351F98513FBA90E63394E4E561D6C7A2 ] C:\Windows\System32\wship6.dll
18:23:43.0824 0x0d54  C:\Windows\System32\wship6.dll - ok
18:23:43.0824 0x0d54  [ 8CEBD9D0A0A879CDE9F36F4383B7CAEA, 7AA73B8E7D4D700C164D0410DCF84EA1CCCB0F7DD513E47A2EF0DAE5F16CAE45 ] C:\Windows\System32\winlogon.exe
18:23:43.0824 0x0d54  C:\Windows\System32\winlogon.exe - ok
18:23:43.0839 0x0d54  [ AA339DD8BB128EF66660DFBBB59043D3, 76D9F849AFDDA38E04549EB67B4163478776F1B6EF46434168278F84FEB8FC5C ] C:\Windows\System32\netlogon.dll
18:23:43.0839 0x0d54  C:\Windows\System32\netlogon.dll - ok
18:23:43.0839 0x0d54  [ 492D07D79E7024CA310867B526D9636D, F2FE647AB85C6C3C1AA3DF4BCE6E4D42B9676C9D837E11388C235AE8DB20044F ] C:\Windows\System32\dnsapi.dll
18:23:43.0839 0x0d54  C:\Windows\System32\dnsapi.dll - ok
18:23:43.0839 0x0d54  [ 8FFE297B8449386E7B6851458B6E474E, E149B37E11091D69D926242517E5655596594A6F01FEF06EB65D6BA5B354E326 ] C:\Windows\System32\logoncli.dll
18:23:43.0839 0x0d54  C:\Windows\System32\logoncli.dll - ok
18:23:43.0839 0x0d54  [ A71B81AC2C14ABA013CCF1225D9E3E36, A78F6A9D0952999553DC390C3E69B4B1AE41A2874B4B1CC077C248545B64A57D ] C:\Windows\System32\schannel.dll
18:23:43.0839 0x0d54  C:\Windows\System32\schannel.dll - ok
18:23:43.0855 0x0d54  [ 55F0CF40479A1FC89CFA578909A540F2, 376303A5CE17D52675D408D1F8AF12A18CBE82F0BD3433C29CC90EFA8268A512 ] C:\Windows\System32\wdigest.dll
18:23:43.0855 0x0d54  C:\Windows\System32\wdigest.dll - ok
18:23:43.0855 0x0d54  [ 5D8874A8C11DDDDE29E12DE0E2013493, 3E9A57137BF622AF83E3E4D58971E2C0200559CCA7545D16CF263AA03EE9C7D2 ] C:\Windows\System32\rsaenh.dll
18:23:43.0855 0x0d54  C:\Windows\System32\rsaenh.dll - ok
18:23:43.0855 0x0d54  [ 1306E6A1BF4D506CD687DF9F947270F2, 3ED566F618D90BCCB3C76BA976911536FFC5631F7A6A91BF322628F8AAE498B4 ] C:\Windows\System32\pku2u.dll
18:23:43.0855 0x0d54  C:\Windows\System32\pku2u.dll - ok
18:23:43.0855 0x0d54  [ DF30FC54FFF79BC744B22A4850A3CF92, 23BCBB950FA77AC5E74D5678DB53BE3CE1211BF77F6BE6D3B772D542EC5EF9CE ] C:\Windows\System32\TSpkg.dll
18:23:43.0855 0x0d54  C:\Windows\System32\TSpkg.dll - ok
18:23:43.0855 0x0d54  [ C23B6D9D16FD86F446BE607CA18389D9, 331FA37B5A059FE85C5D1368A42293A7BAE2581F3F1F15B48364644136066C14 ] C:\Windows\System32\winsta.dll
18:23:43.0855 0x0d54  C:\Windows\System32\winsta.dll - ok
18:23:43.0871 0x0d54  [ D6C7780A364C6BBACFA796BAB9F1B374, 3B5ED1A030BFD0BB73D4FFCD67A6A0B8501EF70293F223EFAA12F430ADF270F9 ] C:\Windows\System32\bcryptprimitives.dll
18:23:43.0871 0x0d54  C:\Windows\System32\bcryptprimitives.dll - ok
18:23:43.0871 0x0d54  [ 336BA030AB7B05300CB0B5C6AFB27176, DC5C445D603EA4AD19D9F39656889E2C64726202C8C784EA0202D80B1FC7FB57 ] C:\Windows\System32\credssp.dll
18:23:43.0871 0x0d54  C:\Windows\System32\credssp.dll - ok
18:23:43.0871 0x0d54  [ 90BDEFC5DF334E5100EAA781D798DE1A, F48B650D811B6D57D2252E326C0C9CC74534BE9D510E7D3403F91D1C5C36281E ] C:\Windows\System32\efslsaext.dll
18:23:43.0871 0x0d54  C:\Windows\System32\efslsaext.dll - ok
18:23:43.0871 0x0d54  [ 7CC7DF5B654DA579613F811D8C637E29, 70EAC059C1ED814810C75DBB9F4D188428CB942FFD8869D692158D384EB6BB35 ] C:\Windows\System32\ubpm.dll
18:23:43.0871 0x0d54  C:\Windows\System32\ubpm.dll - ok
18:23:43.0871 0x0d54  [ ED78427259134C63ED69804D2132B86C, F6F51B8B35881ABCA5580ED111AAC80E466E6474ABAE31EC8BE46C23EDCA77B2 ] C:\Windows\System32\scecli.dll
18:23:43.0871 0x0d54  C:\Windows\System32\scecli.dll - ok
18:23:43.0886 0x0d54  [ C78655BC80301D76ED4FEF1C1EA40A7D, 93B2ED4004ED5F7F3039DD7ECBD22C7E4E24B6373B4D9EF8D6E45A179B13A5E8 ] C:\Windows\System32\svchost.exe
18:23:43.0886 0x0d54  C:\Windows\System32\svchost.exe - ok
18:23:43.0886 0x0d54  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] C:\Windows\System32\umpnpmgr.dll
18:23:43.0886 0x0d54  C:\Windows\System32\umpnpmgr.dll - ok
18:23:43.0886 0x0d54  [ E6EB44ABAAF1F330119F854856C53EBE, 77279972FFBFA984578DD4F17EB615F5D2D93590AF3A9FEFEFDB9128206C9887 ] C:\Windows\System32\SPInf.dll
18:23:43.0886 0x0d54  C:\Windows\System32\SPInf.dll - ok
18:23:43.0886 0x0d54  [ CD1B5AD07E5F7FEF30E055DCC9E96180, 63C58551F32B0B09377F64A6AE1FA81AF93B8A707A57A8C18722086906AD3046 ] C:\Windows\System32\devrtl.dll
18:23:43.0886 0x0d54  C:\Windows\System32\devrtl.dll - ok
18:23:43.0886 0x0d54  [ 9C9307C95671AC962F3D6EB3A4A89BAE, D1433791C9B8BCEEAD8937EC18D33E89E4E2012B5975228A8500FD141BC30078 ] C:\Windows\System32\gpapi.dll
18:23:43.0902 0x0d54  C:\Windows\System32\gpapi.dll - ok
18:23:43.0902 0x0d54  [ F6C011B46FAEEF33536B2E80F48B5CBE, BDD149D3D6F9F6C8F6F34C311219BE5618CEEFBC7D35E37473A47F1D5D015067 ] C:\Windows\System32\pcwum.dll
18:23:43.0902 0x0d54  C:\Windows\System32\pcwum.dll - ok
18:23:43.0902 0x0d54  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] C:\Windows\System32\umpo.dll
18:23:43.0902 0x0d54  C:\Windows\System32\umpo.dll - ok
18:23:43.0902 0x0d54  [ 716175021BDA290504CE434273F666BC, FA18CA2D8A5F4335E051E2933147D3C1E7308F7D446E2AEB6596CDEF6E2AFC88 ] C:\Windows\System32\powrprof.dll
18:23:43.0902 0x0d54  C:\Windows\System32\powrprof.dll - ok
18:23:43.0902 0x0d54  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] C:\Windows\System32\drivers\luafv.sys
18:23:43.0902 0x0d54  C:\Windows\System32\drivers\luafv.sys - ok
18:23:43.0917 0x0d54  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] C:\Windows\System32\rpcss.dll
18:23:43.0917 0x0d54  C:\Windows\System32\rpcss.dll - ok
18:23:43.0917 0x0d54  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] C:\Windows\System32\RpcEpMap.dll
18:23:43.0917 0x0d54  C:\Windows\System32\RpcEpMap.dll - ok
18:23:43.0917 0x0d54  [ 31559F3244C6BC00A52030CAA83B6B91, B2025742B5F0025ACE9821D5722DE3F997EEEAB21D2F381C9E307882DF422579 ] C:\Windows\System32\WSHTCPIP.DLL
18:23:43.0917 0x0d54  C:\Windows\System32\WSHTCPIP.DLL - ok
18:23:43.0917 0x0d54  [ 16E964ABF6D1E0F0CC7822FCA9BA754D, 0E461387ACFD641DA22EE542A3C68AF5F7D3A7F967D974E3B198143D461ABE39 ] C:\Windows\System32\wshqos.dll
18:23:43.0917 0x0d54  C:\Windows\System32\wshqos.dll - ok
18:23:43.0917 0x0d54  [ 9AD9E06F8656F296D91FAE8EE5B95A27, 53384747D5864D699BCC4F48E0A5E656430EDAA65DCDAB4B11EA68FC7106459E ] C:\Windows\System32\FirewallAPI.dll
18:23:43.0917 0x0d54  C:\Windows\System32\FirewallAPI.dll - ok
18:23:43.0933 0x0d54  [ 94E026870A55AAEAFF7853C1754091E9, B2F5D5629D12BDFA98DBED3898368F37D9009C7531B6909C7285A2C11C9A0F93 ] C:\Windows\System32\version.dll
18:23:43.0933 0x0d54  C:\Windows\System32\version.dll - ok
18:23:43.0933 0x0d54  [ 19A47185AE12414F918A074048CB9EBC, DFEA9E3F74CDF4216E08C3C72A04F8217B0025E6026E9098645F6C2659906015 ] C:\Program Files\Microsoft Security Client\MpSvc.dll
18:23:43.0933 0x0d54  C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
18:23:43.0933 0x0d54  [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:23:43.0933 0x0d54  C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
18:23:43.0933 0x0d54  [ 685D87C61FEA48ADDAE4C5352B30E27D, 7CDEB3D277EAECBCE436C06BA9813ECE2223ABEFF8B61D53D5272339B57851D4 ] C:\Program Files\Microsoft Security Client\MpClient.dll
18:23:43.0933 0x0d54  C:\Program Files\Microsoft Security Client\MpClient.dll - ok
18:23:43.0949 0x0d54  [ BD3674BE7FC9D8D3732C83E8499576ED, E6716A5895D629263A4D21959F48840429AB6F4B55A5FA2663EE5E86C9CA2BF1 ] C:\Windows\System32\wtsapi32.dll
18:23:43.0949 0x0d54  C:\Windows\System32\wtsapi32.dll - ok
18:23:43.0949 0x0d54  [ 1F4492FE41767CDB8B89D17655847CDD, 184547FAC0C3D7148FAA3F601929A7089DE393BD19929A137DAD743331DD3F77 ] C:\Windows\System32\ntmarta.dll
18:23:43.0949 0x0d54  C:\Windows\System32\ntmarta.dll - ok
18:23:43.0949 0x0d54  [ 715F03B4C7223349768013EA95D9E5B7, 09AB0535A54C2E2962F0FD06988D99060F8CECA39B07AC00A63204C773B95893 ] C:\Windows\System32\LogonUI.exe
18:23:43.0949 0x0d54  C:\Windows\System32\LogonUI.exe - ok
18:23:43.0949 0x0d54  [ 5DFFC12BF7DB53BDB401804A3C3A475E, DEACB4BFF904AD77389A8326BFCF12A490E1A7A10B68049D253552F1FC630FA3 ] C:\Windows\System32\authui.dll
18:23:43.0949 0x0d54  C:\Windows\System32\authui.dll - ok
18:23:43.0949 0x0d54  [ E6737687B7587339D1A6473117159F40, 9F2FAA2A729F98C8633C147ABD333B8EECB5A37A45E5D5ED469140222CB189D6 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
18:23:43.0949 0x0d54  C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
18:23:43.0964 0x0d54  [ 79B27F0DB10D1FF517F02F792830E538, 703025147FFBA95B865993F0AA7A1EFD769535FEDEFD305005ADFCCFAFDB61BC ] C:\Program Files\Microsoft Security Client\MpCommu.dll
18:23:43.0964 0x0d54  C:\Program Files\Microsoft Security Client\MpCommu.dll - ok
18:23:43.0964 0x0d54  [ 6011714C8C5C55CBFFAD24D61E879FBD, 75D615082A1C71C6ED3ABB49EDAF660EE538D112CF79B9C8AF0A583D1CE1BBB0 ] C:\Windows\System32\wevtsvc.dll
18:23:43.0964 0x0d54  C:\Windows\System32\wevtsvc.dll - ok
18:23:43.0964 0x0d54  [ 58F4493BF748A3A89689997B7BD00E95, EC5DEEC73E357C7C87B001275C4E635011A9CF39419F2B86E2C2B8D7E388C551 ] C:\Windows\System32\winhttp.dll
18:23:43.0964 0x0d54  C:\Windows\System32\winhttp.dll - ok
18:23:43.0964 0x0d54  [ 603EBD34E216C5654A2D774EAC98D278, ACE0171BB780DB2C1B1A8BF6FA8CF51C529D7E09141FA504C7199AF764FD9A36 ] C:\Windows\System32\webio.dll
18:23:43.0964 0x0d54  C:\Windows\System32\webio.dll - ok
18:23:43.0964 0x0d54  [ 1AAA3704C352767FA96FBCB2F44420FA, C492CA0D7CCEE0D0A69CC9632C67EEABD08A77FB1E1522DFA3F7303E09983FE0 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
18:23:43.0980 0x0d54  C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
18:23:43.0980 0x0d54  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] C:\Windows\System32\audiosrv.dll
18:23:43.0980 0x0d54  C:\Windows\System32\audiosrv.dll - ok
18:23:43.0980 0x0d54  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] C:\Windows\System32\FntCache.dll
18:23:43.0980 0x0d54  C:\Windows\System32\FntCache.dll - ok
18:23:43.0980 0x0d54  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] C:\Windows\System32\mmcss.dll
18:23:43.0980 0x0d54  C:\Windows\System32\mmcss.dll - ok
18:23:43.0980 0x0d54  [ 78A1E65207484B7F8D3217507745F47C, 35F413ADB9D157F3666DD15DD58104D629CD9143198A1AB914B73A4A3C9903DD ] C:\Windows\System32\avrt.dll
18:23:43.0980 0x0d54  C:\Windows\System32\avrt.dll - ok
18:23:43.0995 0x0d54  [ 227E2C382A1E02F8D4965E664D3BBE43, 1CFF20A8BF87ACE4FA4935EBEED72BFB1A1FE902A754899E2F50798D67DF5642 ] C:\Windows\System32\MMDevAPI.dll
18:23:43.0995 0x0d54  C:\Windows\System32\MMDevAPI.dll - ok
18:23:43.0995 0x0d54  [ F06BB4E336EA57511FDBAFAFCC47DE62, BE43EC62548E9FF89A9495A1722E22DBB76EEC3764F86E64057B636F27D15765 ] C:\Windows\System32\propsys.dll
18:23:43.0995 0x0d54  C:\Windows\System32\propsys.dll - ok
18:23:43.0995 0x0d54  [ B3BFBD758506ECB50C5804AAA76318F9, 34E079A6AB2D41D1E0B3887B6AE31C43941061B7176FFF2801C3F465C2C89578 ] C:\Windows\System32\cryptui.dll
18:23:43.0995 0x0d54  C:\Windows\System32\cryptui.dll - ok
18:23:43.0995 0x0d54  [ 7FA8FDC2C2A27817FD0F624E78D3B50C, 7B63F6AA2CD6D4D07EA3C595B868B1A0749BB11620027A2BD9B935E3055481E4 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
18:23:43.0995 0x0d54  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
18:23:43.0995 0x0d54  [ 5DD8C3863757690D38BA3A487559CA5A, 062AF2721E1847FD000E1D8AD71A1F0EF4B830506E4680D3BF79FFE4BB3C0ACA ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
18:23:43.0995 0x0d54  C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
18:23:44.0011 0x0d54  [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] C:\Windows\System32\drivers\MpFilter.sys
18:23:44.0011 0x0d54  C:\Windows\System32\drivers\MpFilter.sys - ok
18:23:44.0011 0x0d54  [ F3D202F53A222D5F6944D459B73CF967, E9F1D48EB333D32331BCFD0348FE07BEE7D5352292E6020571DA395F596AFFE7 ] C:\Windows\System32\fltLib.dll
18:23:44.0011 0x0d54  C:\Windows\System32\fltLib.dll - ok
18:23:44.0011 0x0d54  [ 5B3EBFC3DA142324B388DDCC4465E1FF, 5D58642305311F9BC9B779C9598BFC4E7433B3EA58404BF1FF9466838A2328C7 ] C:\Windows\System32\samlib.dll
18:23:44.0011 0x0d54  C:\Windows\System32\samlib.dll - ok
18:23:44.0011 0x0d54  [ 4E9C2DB10F7E6AE91BF761139D4B745B, 8F63F78294F5585D599A114AF449DCC447CCB239D0F0B490BFE6B34A2146E730 ] C:\Windows\System32\shacct.dll
18:23:44.0011 0x0d54  C:\Windows\System32\shacct.dll - ok
18:23:44.0027 0x0d54  [ D29E998E8277666982B4F0303BF4E7AF, 4F19AB5DC173E278EBE45832F6CEAA40E2DF6A2EDDC81B2828122442FE5D376C ] C:\Windows\System32\uxtheme.dll
18:23:44.0027 0x0d54  C:\Windows\System32\uxtheme.dll - ok
18:23:44.0027 0x0d54  [ A9A87481B1A6589898C1DAB37C03E4AB, 803DB46E9FEE4E45B63A13A8CE3E589D7498532B8A7D8C3424E210E6A9AAC61F ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\GdiPlus.dll
18:23:44.0027 0x0d54  C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\GdiPlus.dll - ok
18:23:44.0027 0x0d54  [ 3CB6A7286422C72C34DAB54A5DFF1A34, 98D21EFFF511E407336A226420701E82554DA01FA05661303836B6860D63749D ] C:\Windows\System32\dui70.dll
18:23:44.0027 0x0d54  C:\Windows\System32\dui70.dll - ok
18:23:44.0027 0x0d54  [ 8CCDE014A4CDF84564E03ACE064CA753, DD663029B2EB7B12FDB00FCE403D8326141E540E3B9CE84CD5871473D3E2E2CF ] C:\Windows\System32\duser.dll
18:23:44.0027 0x0d54  C:\Windows\System32\duser.dll - ok
18:23:44.0027 0x0d54  [ D7F1EF374A90709B31591823B002F918, 05FD2837C9B03D14BB2A969C1AD77CAEF047D93DC5D0F6C2ACBF0888E8F7B359 ] C:\Windows\System32\SndVolSSO.dll
18:23:44.0027 0x0d54  C:\Windows\System32\SndVolSSO.dll - ok
18:23:44.0042 0x0d54  [ 896F15A6434D93EDB42519D5E18E6B50, 9263F0CEC58D45EBE3FB9C3061FB9392C55A7933B84B4592E6EE13CFC86D5A50 ] C:\Windows\System32\hid.dll
18:23:44.0042 0x0d54  C:\Windows\System32\hid.dll - ok
18:23:44.0042 0x0d54  [ DA1B7075260F3872585BFCDD668C648B, 3E10EF6E1A5C341B478322CB78A0AB7BFC70AD8023779B8B4542A7CB4CA756AB ] C:\Windows\System32\dwmapi.dll
18:23:44.0042 0x0d54  C:\Windows\System32\dwmapi.dll - ok
18:23:44.0042 0x0d54  [ 6F8B48F3D343E4B186AB6A9E302B7E16, 54DB52FC56509E61DF68BD251B3286E6CBE1A91D9BC4D950940A61FE2DA04DF8 ] C:\Windows\System32\xmllite.dll
18:23:44.0042 0x0d54  C:\Windows\System32\xmllite.dll - ok
18:23:44.0042 0x0d54  [ A9A0BFD706B3A24C403EEFEB0790D011, 5936CE9774B36BC3D05578D05EE9A80C27CE11E0D807930B47815126C78F42BB ] C:\Windows\System32\WindowsCodecs.dll
18:23:44.0042 0x0d54  C:\Windows\System32\WindowsCodecs.dll - ok
18:23:44.0058 0x0d54  [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D, 19959D18601712901F03B83150D15E34EBCAB355BB4692C9A28511A72F57FC66 ] C:\Windows\System32\winbrand.dll
18:23:44.0058 0x0d54  C:\Windows\System32\winbrand.dll - ok
18:23:44.0058 0x0d54  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] C:\Windows\System32\wlansvc.dll
18:23:44.0058 0x0d54  C:\Windows\System32\wlansvc.dll - ok
18:23:44.0058 0x0d54  [ 58F87BF5659C8EBC61EB439C916F2F9A, FA242E44E7657D07C4D2A2C3808D860AFB53CDF81AFF5B1CE7F88A13BF02CE0A ] C:\Windows\System32\adtschema.dll
18:23:44.0058 0x0d54  C:\Windows\System32\adtschema.dll - ok
18:23:44.0058 0x0d54  [ 50544D04AD845C43130B70212EC05CCD, B2E6B558DE7D273512226685FF53ED17C9B4BF81B739FBCA5D3FC82DF8D2BCF7 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
18:23:44.0058 0x0d54  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
18:23:44.0058 0x0d54  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] C:\Windows\System32\netprofm.dll
18:23:44.0058 0x0d54  C:\Windows\System32\netprofm.dll - ok
18:23:44.0073 0x0d54  [ B1DF2D87DC8BF6072699AC8301B37796, D5A6FD1EDB627324DFA1A0555F1777A3313EF29DDE29982C3CE59DAF1ED0D105 ] C:\Windows\System32\WUDFPlatform.dll
18:23:44.0073 0x0d54  C:\Windows\System32\WUDFPlatform.dll - ok
18:23:44.0073 0x0d54  [ D5CCA1453B98A5801E6D5FF0FF89DC6C, 85F2C2480AAC31B6092187B431A562D79D4CFB1324F925C85055ABAB2483264B ] C:\Windows\System32\audiodg.exe
18:23:44.0073 0x0d54  C:\Windows\System32\audiodg.exe - ok
18:23:44.0073 0x0d54  [ 49BEBD78216688B48976981587AE9293, 0AFF7318D86B222F566FBCEEACEB8B3E4A4C9D9C5418AEC1B494540AB1D71588 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
18:23:44.0073 0x0d54  C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
18:23:44.0073 0x0d54  [ 934CFB51F412768B04440A3AF9A043F9, 7FBC94D796B9D574D6D3E24C76556F03EA422B14060332266E9A48E90F8CAE92 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C2BD75A-E536-40DA-BC98-5DE1F875D017}\mpengine.dll
18:23:44.0073 0x0d54  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C2BD75A-E536-40DA-BC98-5DE1F875D017}\mpengine.dll - ok
18:23:44.0089 0x0d54  [ FEE3F5EC45435907C0C37DD5A94A8EF5, C71555679611733A1D20BE42543E9AD8764824E0F00F02476E5C7D208DC78434 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C2BD75A-E536-40DA-BC98-5DE1F875D017}\mpasbase.vdm
18:23:44.0089 0x0d54  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C2BD75A-E536-40DA-BC98-5DE1F875D017}\mpasbase.vdm - ok
18:23:44.0089 0x0d54  [ C2762A57DF0EE85E63CE4893C5215313, DDE22212D78353633CEDE27D7210469DE674563991105563CF64CCCE2D0743BD ] C:\Windows\System32\VaultCredProvider.dll
18:23:44.0089 0x0d54  C:\Windows\System32\VaultCredProvider.dll - ok
18:23:44.0089 0x0d54  [ 8563BA40DF4F1E93A61B70E2C8B60CF8, E5CAA520CBE61FAF3EAA784A51ED30E0CB2FD78EFD8AE1D5C6B0FE43A1009F39 ] C:\Windows\System32\SmartcardCredentialProvider.dll
18:23:44.0089 0x0d54  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
18:23:44.0089 0x0d54  [ BF352E73615F5461AA6884472435A544, 4B059E79325C5F08CD6FBBE6352E17ADB64B9608CC9EDB36A2DF4D148060C309 ] C:\Windows\System32\BioCredProv.dll
18:23:44.0089 0x0d54  C:\Windows\System32\BioCredProv.dll - ok
18:23:44.0089 0x0d54  [ 796B8123A7859AFD3A4AE10514DBAEB5, E76F69FAFEC3D66263ED95F3FA9EE309BDDACB287E30583A147DC97F6EEB8844 ] C:\Windows\System32\winbio.dll
18:23:44.0089 0x0d54  C:\Windows\System32\winbio.dll - ok
18:23:44.0105 0x0d54  [ 4403D5ECE7D8323CAF1207D1AA38FA01, BD0B34DCF658D3CB91C1B55E9E730C5F7C571AFC2BFA09270C377B72B6830D48 ] C:\Windows\System32\credui.dll
18:23:44.0105 0x0d54  C:\Windows\System32\credui.dll - ok
18:23:44.0105 0x0d54  [ EEEA40F0EDB0A6E5359E539E15D0BC77, BFCBF777239C29C6AC4BC5B59591308571647B7C7FDB5571903F7403DD241E8E ] C:\Windows\System32\netapi32.dll
18:23:44.0105 0x0d54  C:\Windows\System32\netapi32.dll - ok
18:23:44.0105 0x0d54  [ 44B9C66177651F3F53C87B665D58D17A, 3FC426115FF87570889DB28D71970B82B525D2A4B9A00EDD273BF083B77A05CE ] C:\Windows\System32\vaultcli.dll
18:23:44.0105 0x0d54  C:\Windows\System32\vaultcli.dll - ok
18:23:44.0105 0x0d54  [ 6CECA4C6A489C9B2E6073AFDAAE3F607, 127506D1DB38275614CBEB047C133718EF9D03266BA9C98BE55EC7847CFC9C3D ] C:\Windows\System32\netutils.dll
18:23:44.0105 0x0d54  C:\Windows\System32\netutils.dll - ok
18:23:44.0120 0x0d54  [ 3C91392D448F6E5D525A85B7550D8BA9, 6FD0DC73DBE7519E2C643554C2A7F8FBE4F9A678C4241BB54B3C6E65D2ABCF3A ] C:\Windows\System32\wkscli.dll
18:23:44.0120 0x0d54  C:\Windows\System32\wkscli.dll - ok
18:23:44.0120 0x0d54  [ 972C3301DB3DA91AE06A95F6B4160B1B, 678B533A06C306295FE97DC26CE9BAFFC8EAF1FB7405ACB040719099717744D5 ] C:\Windows\System32\certCredProvider.dll
18:23:44.0120 0x0d54  C:\Windows\System32\certCredProvider.dll - ok
18:23:44.0120 0x0d54  [ FC51229C7D4AFA0D6F186133728B95AB, 37E58C8E1C8437D1981725A5DCDACA7316CEFBB570370CEFC8D122F523B96AC0 ] C:\Windows\System32\samcli.dll
18:23:44.0120 0x0d54  C:\Windows\System32\samcli.dll - ok
18:23:44.0120 0x0d54  [ 87FA0C48C3B2E9FEE518818FE26B15B5, DA4042DE9897397AEDCEFF9F69746726237305DDE64464309B6DCC45E05E42F4 ] C:\Windows\System32\rasplap.dll
18:23:44.0120 0x0d54  C:\Windows\System32\rasplap.dll - ok
18:23:44.0120 0x0d54  [ 019CD868461B646E09BDF04474C19341, 01837EFACB02E52BC6E90C90C4CB01B11D56E449A37EA4FC2695507FF85EA9FE ] C:\Windows\System32\rasapi32.dll
18:23:44.0120 0x0d54  C:\Windows\System32\rasapi32.dll - ok
18:23:44.0136 0x0d54  [ B28DEEC597C8DEB70C744C7CF9210E3E, E777F192D822990CA6301B3FEA2AEA213FA7901438EB3328914ADF02B6C39DB9 ] C:\Windows\System32\rasman.dll
18:23:44.0136 0x0d54  C:\Windows\System32\rasman.dll - ok
18:23:44.0136 0x0d54  [ B53C4B69B695EDA1B7E41D35CA4244E2, 3D98E9B263CADA576E4057E059AFC867F6E3F1001F3B73C8BCF9066763A45D9D ] C:\Windows\System32\rtutils.dll
18:23:44.0136 0x0d54  C:\Windows\System32\rtutils.dll - ok
18:23:44.0136 0x0d54  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] C:\Windows\System32\gpsvc.dll
18:23:44.0136 0x0d54  C:\Windows\System32\gpsvc.dll - ok
18:23:44.0136 0x0d54  [ EDA18988F319B58FDE852E0A72F9A9B9, C3E7028B1DCAB2B31089456BA6D6E1FFFC66D9361A1FB43932B0C0DFE3870540 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C2BD75A-E536-40DA-BC98-5DE1F875D017}\mpasdlta.vdm
18:23:44.0136 0x0d54  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C2BD75A-E536-40DA-BC98-5DE1F875D017}\mpasdlta.vdm - ok
18:23:44.0151 0x0d54  [ 46BB91A169B9B31FF44EB04C48EC1D41, 8115B533D3A5BE07633FA54FA8847E3DEC00C5BEB193CF2FBE88428D23E2B3D6 ] C:\Windows\System32\nlaapi.dll
18:23:44.0151 0x0d54  C:\Windows\System32\nlaapi.dll - ok
18:23:44.0151 0x0d54  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] C:\Windows\System32\profsvc.dll
18:23:44.0151 0x0d54  C:\Windows\System32\profsvc.dll - ok
18:23:44.0151 0x0d54  [ 58775492FFD419248B08325E583C527F, DBB013971F5894F25C222C2D4D50A29DB6DF3C413792EE9CCC1A9E6D85469093 ] C:\Windows\System32\atl.dll
18:23:44.0151 0x0d54  C:\Windows\System32\atl.dll - ok
18:23:44.0151 0x0d54  [ 00000000000000000000000000000000, 0000000000000000000000000000000000000000000000000000000000000000 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C2BD75A-E536-40DA-BC98-5DE1F875D017}\mpavbase.vdm
18:23:44.0151 0x0d54  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C2BD75A-E536-40DA-BC98-5DE1F875D017}\mpavbase.vdm - ok
18:23:44.0151 0x0d54  [ 1555028FE11649B60D133C7EBECA5C79, 41078E565A352DE08D9C3DF711E2458099C7E1E34007CCFD53BFC53FDF84DBFE ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C2BD75A-E536-40DA-BC98-5DE1F875D017}\mpavdlta.vdm
18:23:44.0151 0x0d54  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C2BD75A-E536-40DA-BC98-5DE1F875D017}\mpavdlta.vdm - ok
18:23:44.0167 0x0d54  [ A77BE7CB3222B4FB0AC6C71D1C2698D4, 73566223914BF670DF6B5931FA213E546713531B10391ED65B5256BBD7ABDE7F ] C:\Windows\System32\dsrole.dll
18:23:44.0167 0x0d54  C:\Windows\System32\dsrole.dll - ok
18:23:44.0167 0x0d54  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] C:\Windows\System32\es.dll
18:23:44.0167 0x0d54  C:\Windows\System32\es.dll - ok
18:23:44.0167 0x0d54  [ BE097F5BB10F9079FCEB2DC4E7E20F02, 90A88986C8C5F30FB153EC803FEDA6572B2C2630A6C9578FCC017800692694D5 ] C:\Windows\System32\slc.dll
18:23:44.0167 0x0d54  C:\Windows\System32\slc.dll - ok
18:23:44.0167 0x0d54  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] C:\Windows\System32\themeservice.dll
18:23:44.0167 0x0d54  C:\Windows\System32\themeservice.dll - ok
18:23:44.0183 0x0d54  [ 1A47D52E303B7543E4E6026595B95422, C577CD3837546A7CED5D2E8E97FA2EDACA133B4A8595770EF96CAE519BFE280F ] C:\Windows\System32\comres.dll
18:23:44.0183 0x0d54  C:\Windows\System32\comres.dll - ok
18:23:44.0183 0x0d54  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] C:\Windows\System32\Sens.dll
18:23:44.0183 0x0d54  C:\Windows\System32\Sens.dll - ok
18:23:44.0183 0x0d54  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] C:\Windows\System32\drivers\lltdio.sys
18:23:44.0183 0x0d54  C:\Windows\System32\drivers\lltdio.sys - ok
18:23:44.0183 0x0d54  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] C:\Windows\System32\drivers\nwifi.sys
18:23:44.0183 0x0d54  C:\Windows\System32\drivers\nwifi.sys - ok
18:23:44.0183 0x0d54  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] C:\Windows\System32\uxsms.dll
18:23:44.0183 0x0d54  C:\Windows\System32\uxsms.dll - ok
18:23:44.0198 0x0d54  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] C:\Windows\System32\drivers\ndisuio.sys
18:23:44.0198 0x0d54  C:\Windows\System32\drivers\ndisuio.sys - ok
18:23:44.0198 0x0d54  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] C:\Windows\System32\drivers\rspndr.sys
18:23:44.0198 0x0d54  C:\Windows\System32\drivers\rspndr.sys - ok
18:23:44.0198 0x0d54  [ 2B81776DA02017A37FE26C662827470E, A656353C50EE08422145D00DB9CFD9F6D3E664753B3C454B171E2A56A8AA94DC ] C:\Windows\System32\IPHLPAPI.DLL
18:23:44.0198 0x0d54  C:\Windows\System32\IPHLPAPI.DLL - ok
18:23:44.0198 0x0d54  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] C:\Windows\System32\lmhsvc.dll
18:23:44.0198 0x0d54  C:\Windows\System32\lmhsvc.dll - ok
18:23:44.0198 0x0d54  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] C:\Windows\System32\nsisvc.dll
18:23:44.0198 0x0d54  C:\Windows\System32\nsisvc.dll - ok
18:23:44.0214 0x0d54  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] C:\Windows\System32\dhcpcore.dll
18:23:44.0214 0x0d54  C:\Windows\System32\dhcpcore.dll - ok
18:23:44.0214 0x0d54  [ B73A6E4B319AFFE64582AC5C1801BB3F, 274EEA0743DC659180E691654CBB17136E9E9D83B07E302B47EA5B103EA57710 ] C:\Windows\System32\nrpsrv.dll
18:23:44.0214 0x0d54  C:\Windows\System32\nrpsrv.dll - ok
18:23:44.0214 0x0d54  [ 4C9210E8F4E052F6A4EB87716DA0C24C, 460F7990BDADB7D58D6DC95B094D30A2EFDC4CEED444B18A2F36E8D9076FB8B9 ] C:\Windows\System32\winnsi.dll
18:23:44.0214 0x0d54  C:\Windows\System32\winnsi.dll - ok
18:23:44.0214 0x0d54  [ 3CC16A849E6092E43909F48EF0E60306, 610B576654A69415E4F2FEDB6BA384C77715944E4F89BD2821B311968CA8D810 ] C:\Windows\System32\dhcpcore6.dll
18:23:44.0214 0x0d54  C:\Windows\System32\dhcpcore6.dll - ok
18:23:44.0214 0x0d54  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] C:\Windows\System32\dnsrslvr.dll
18:23:44.0214 0x0d54  C:\Windows\System32\dnsrslvr.dll - ok
18:23:44.0229 0x0d54  [ 87356377F31DA5F20A833811CD59499C, 4FEC1FD3AC4E4E34DCBC0109B248952604F438C84B1604EB9E2359FA721E23C4 ] C:\Windows\System32\eapphost.dll
18:23:44.0229 0x0d54  C:\Windows\System32\eapphost.dll - ok
18:23:44.0229 0x0d54  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] C:\Windows\System32\eapsvc.dll
18:23:44.0229 0x0d54  C:\Windows\System32\eapsvc.dll - ok
18:23:44.0229 0x0d54  [ D07EB640618F96490DB88C3CE58DB608, 0C553971259632031E6856A94EEB937D571627FC7CF061CCFC040F4BF0CFF259 ] C:\Windows\System32\FWPUCLNT.DLL
18:23:44.0229 0x0d54  C:\Windows\System32\FWPUCLNT.DLL - ok
18:23:44.0229 0x0d54  [ F9EC845C5EECF20E9A67F9F805F2EF1F, C3DBA8CF93DBF50954B1BF6D7EF3F6F5DD1A56DC62B7EB2749C54D9B65D9BB43 ] C:\Windows\System32\keyiso.dll
18:23:44.0229 0x0d54  C:\Windows\System32\keyiso.dll - ok
18:23:44.0245 0x0d54  [ 885D0942E0F28DB90919BE3129ECF279, 5A10D90EE656ECE3DCA174D6F924641509819FC20CB6EF46B5E1723E52DE85BE ] C:\Windows\System32\dnsext.dll
18:23:44.0245 0x0d54  C:\Windows\System32\dnsext.dll - ok
18:23:44.0245 0x0d54  [ 9FCA3A84338ADEF2AFF67CDA46EF8539, 087DF72096852AE98C56990EE6E68835BE95E7E49ECDDE8B54DAC11C9E07FE94 ] C:\Windows\System32\umb.dll
18:23:44.0245 0x0d54  C:\Windows\System32\umb.dll - ok
18:23:44.0245 0x0d54  [ F568F7C08458D69E4FCD8675BBB107E4, A5FA25ECF248999A68CCECFBB508BFA1ADD18A23E20A9A9081A87C41CAAA36C0 ] C:\Windows\System32\dhcpcsvc.dll
18:23:44.0245 0x0d54  C:\Windows\System32\dhcpcsvc.dll - ok
18:23:44.0245 0x0d54  [ 3C06D5A929B798D0B13F6481242A0FD2, CE6127A31AB09E21A912CA16E4BDF663E9D05C254CCF9090A8B5A9A2E055EFF3 ] C:\Windows\System32\dhcpcsvc6.dll
18:23:44.0245 0x0d54  C:\Windows\System32\dhcpcsvc6.dll - ok
18:23:44.0245 0x0d54  [ D478A4CF07FB8ADF72FB16B88E8030B8, C595E1A3B8D7D1DD4604AA5183805B01AA419FD09A3DD587C6F55150235DF06D ] C:\Windows\System32\mshtml.dll
18:23:44.0245 0x0d54  C:\Windows\System32\mshtml.dll - ok
18:23:44.0261 0x0d54  [ EF2AE43BCD46ABB13FC3E5B2B1935C73, 81FC06F306F620845D7DD8D06E706309E70BC89B589C81F3478302A3F5F73431 ] C:\Windows\System32\winmm.dll
18:23:44.0261 0x0d54  C:\Windows\System32\winmm.dll - ok
18:23:44.0261 0x0d54  [ 1473768973453DE50DC738C2955FC4DD, 14BC5DA2442CB726ACC1F277DDBECCF5D61E3A0A3E083A55A0BB610191E35220 ] C:\Windows\System32\wdmaud.drv
18:23:44.0261 0x0d54  C:\Windows\System32\wdmaud.drv - ok
18:23:44.0261 0x0d54  [ FAFCB80D42A65964B6F4945283B8C10F, 78CDA4F8C484D5540732554D5129EE88444510340F4C14DBA86AD9C23BB18E72 ] C:\Windows\System32\AudioSes.dll
18:23:44.0261 0x0d54  C:\Windows\System32\AudioSes.dll - ok
18:23:44.0261 0x0d54  [ 8560FFFC8EB3A806DCD4F82252CFC8C6, CC27BC092369A89D6147B16568FEDEB68B584D5738CD686C31F7FAE22ED17B3B ] C:\Windows\System32\ksuser.dll
18:23:44.0261 0x0d54  C:\Windows\System32\ksuser.dll - ok
18:23:44.0261 0x0d54  [ 10AC5CE9F78DC281A1BBD9B8CC587B8A, 72288C0A88916D3C3828DBD948DBDB0928F26106319F8E60102D6C9004514D60 ] C:\Windows\System32\msacm32.dll
18:23:44.0261 0x0d54  C:\Windows\System32\msacm32.dll - ok
18:23:44.0276 0x0d54  [ 1B7C3A37362C7B2890168C5FC61C8D9B, 03727930E5BB5F9D91BAB901FC9A2E3B795D68E2AEE6A2CC3477F356C45A9C54 ] C:\Windows\System32\msacm32.drv
18:23:44.0276 0x0d54  C:\Windows\System32\msacm32.drv - ok
18:23:44.0276 0x0d54  [ CA2A0750ED830678997695FF61B04C30, E84860CD97AA3C4565ABB2D5D406A5C42B1AD2D8BA1B8CF81FE564D91F15F976 ] C:\Windows\System32\midimap.dll
18:23:44.0276 0x0d54  C:\Windows\System32\midimap.dll - ok
18:23:44.0276 0x0d54  [ A2C9E45F4069A002E985D1563D16813B, 0204BF076483F256F0E041E9A87F50F8795D8B1755978CA64DCBBF2E071C8956 ] C:\Windows\System32\AudioEng.dll
18:23:44.0276 0x0d54  C:\Windows\System32\AudioEng.dll - ok
18:23:44.0276 0x0d54  [ 9383B21A4B77C130940262DDC5F3F49B, 39BD91E0A2F56909B3EEBEA4966D497DF9A1623EC0F15D508638D5539FE1C88D ] C:\Windows\System32\AUDIOKSE.dll
18:23:44.0276 0x0d54  C:\Windows\System32\AUDIOKSE.dll - ok
18:23:44.0292 0x0d54  [ 7E6CA0FBCFDD2B6E2D99EDD8B673A192, DDD4E0FC3D22B638B8CE9B1E2C167C478B865EB492E1282CB9D5C8D8F7B50EFA ] C:\Windows\System32\MBWrp64.dll
18:23:44.0292 0x0d54  C:\Windows\System32\MBWrp64.dll - ok
18:23:44.0292 0x0d54  [ 2C074F8E6027B1091E957A57C03AC620, 415459BC431A575B6BC0BB4D35569E6A8B45F6FFC82F75D1475401C5C88FE725 ] C:\Windows\System32\MBAPO64.dll
18:23:44.0292 0x0d54  C:\Windows\System32\MBAPO64.dll - ok
18:23:44.0292 0x0d54  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] C:\Windows\System32\MPSSVC.dll
18:23:44.0292 0x0d54  C:\Windows\System32\MPSSVC.dll - ok
18:23:44.0292 0x0d54  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] C:\Windows\System32\drivers\fltMgr.sys
18:23:44.0292 0x0d54  C:\Windows\System32\drivers\fltMgr.sys - ok
18:23:44.0292 0x0d54  [ A3DB3C17EE6CAE65D53602B4E80BCCBC, D802A7C6161F937DC42A6E45FE1BB2C8272819F92C294C180EBCDF8FF72CBFDC ] C:\Windows\System32\PSHED.DLL
18:23:44.0292 0x0d54  C:\Windows\System32\PSHED.DLL - ok
18:23:44.0307 0x0d54  [ B0945E538CF906BBDDC5A11C8EE868CC, 5F3459F6512918835F7C9400905EC7C1FAEAA7114E0D28C522040C359E3B93F7 ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
18:23:44.0307 0x0d54  C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
18:23:44.0307 0x0d54  [ 17B2B3271157BC6B5E0FE946E403E9CC, F3759714014428C80307B89E44D879EFB2D683B9E1A2723EB8C0268DF8052291 ] C:\Windows\System32\RtkAPO64.dll
18:23:44.0307 0x0d54  C:\Windows\System32\RtkAPO64.dll - ok
18:23:44.0307 0x0d54  [ 9BC8610C32C96A2983A65DC21CAFA921, 2A4195F663C9D55939E3D8FEAA208090FDB0B8801A60164A7325B53104797CBC ] C:\Windows\System32\UXInit.dll
18:23:44.0307 0x0d54  C:\Windows\System32\UXInit.dll - ok
18:23:44.0307 0x0d54  [ CF636C92B762B26F0B39B38E92380A09, F7B8B0EA4536CE3BA33EE1BD0783F6AAD8C0EF69714E874D4A30B720A04C7A18 ] C:\Windows\System32\oleacc.dll
18:23:44.0307 0x0d54  C:\Windows\System32\oleacc.dll - ok
18:23:44.0323 0x0d54  [ 019BDD35DE269CB98B22DE8923C2AA3B, 68B216D5331B128CF1BCB3A3F82FD85B119FFDBCB796C907461CDD6248995817 ] C:\Windows\System32\UIAutomationCore.dll
18:23:44.0323 0x0d54  C:\Windows\System32\UIAutomationCore.dll - ok
18:23:44.0323 0x0d54  [ 5AA945234E9D4CCE4F715276B9AA712C, 65165BD131056816F009D987FC78AC86FFE0C3C38A27E73F873586B7FF4D59CF ] C:\Windows\System32\imageres.dll
18:23:44.0323 0x0d54  C:\Windows\System32\imageres.dll - ok
18:23:44.0323 0x0d54  [ A648C4A06DE367065B24056D067B4460, 2412487D65A833DDD9AB17D039515CC08DA22D006259EC4B03E42475FAFFD2AD ] C:\Windows\System32\wlanmsm.dll
18:23:44.0323 0x0d54  C:\Windows\System32\wlanmsm.dll - ok
18:23:44.0323 0x0d54  [ 06A1386B6E3A0CBC368665C1840906F4, C10BCA5092A0B3F9435CE4D65C7449528C89F5C5243B410878D2EBF516DA2FB2 ] C:\Windows\System32\wlansec.dll
18:23:44.0323 0x0d54  C:\Windows\System32\wlansec.dll - ok
18:23:44.0323 0x0d54  [ 73FCB7919DEE80EE556F2E498594EBAE, D0F7A0AD3BC33263E9C2CF9787DD326436F9E0C9F5031D769F8A43C64C08A762 ] C:\Windows\System32\onex.dll
18:23:44.0323 0x0d54  C:\Windows\System32\onex.dll - ok
18:23:44.0339 0x0d54  [ 0D753307D274F3688BD21C377B616700, 5DD08E77A11F2561FB96BA212FDDFE21D4394C69C34C3EB88F7F5CD068EE55BF ] C:\Windows\System32\eappcfg.dll
18:23:44.0339 0x0d54  C:\Windows\System32\eappcfg.dll - ok
18:23:44.0339 0x0d54  [ 65522E77A1360DBC8D199DA3BF5EFFE4, E9D748070FA478A3D37F15049F998D340885C0DC5FCE03BFCE5D521C9EBA7350 ] C:\Windows\System32\eappprxy.dll
18:23:44.0339 0x0d54  C:\Windows\System32\eappprxy.dll - ok
18:23:44.0339 0x0d54  [ 730BF204A595D5B6D7DC57A247CC741C, 264C6901F4A49B738BBD04BCA1783DEE892885BADE9085B0AEA40BAE7CC0A218 ] C:\Windows\System32\wlgpclnt.dll
18:23:44.0339 0x0d54  C:\Windows\System32\wlgpclnt.dll - ok
18:23:44.0339 0x0d54  [ 97E43F324BE1503CB2FFB058534688DA, 50C781DF38D0D38C9A5420AB1FFF8672DC13FD1ED8E9F5432B4BA3077A7435D5 ] C:\Windows\System32\l2gpstore.dll
18:23:44.0339 0x0d54  C:\Windows\System32\l2gpstore.dll - ok
18:23:44.0339 0x0d54  [ 7D5645EE0EA77D539828433D9B95F5EB, EEF81E9B2205FC456DB6095AD0AEAB38BB131D3BCD090EA6CD91D5568ACAFB7F ] C:\Windows\System32\WinSCard.dll
18:23:44.0339 0x0d54  C:\Windows\System32\WinSCard.dll - ok
18:23:44.0354 0x0d54  [ 7F1B4C6FF3B85F9ADF74055187B8A22C, CC95DA5662638AACBE9643DCB236464C2C2095A8D5CDC8A747045870BE9D0E7D ] C:\Windows\System32\wlanutil.dll
18:23:44.0354 0x0d54  C:\Windows\System32\wlanutil.dll - ok
18:23:44.0354 0x0d54  [ 0E3A7EC2B9590EA7767BBB1823630DEA, 6858B7050465DB8505CF9E932868B123B925376C05363EA5A9198B2AE15CF728 ] C:\Windows\System32\msxml6.dll
18:23:44.0354 0x0d54  C:\Windows\System32\msxml6.dll - ok
18:23:44.0354 0x0d54  [ 6F3C559B82F2912354BE5B098744CC8C, EB64E5C02C81588921A65194E1256E80699A1317E7D9A57395CD38C2639C8B08 ] C:\Windows\System32\WMALFXGFXDSP.dll
18:23:44.0354 0x0d54  C:\Windows\System32\WMALFXGFXDSP.dll - ok
18:23:44.0354 0x0d54  [ 54B5DCD55B223BC5DF50B82E1E9E86B1, 025294DD69A421FE4EACAA463F8CB797610D8F3A7A3C61656AE83D0CEE07A9BF ] C:\Windows\System32\mfplat.dll
18:23:44.0354 0x0d54  C:\Windows\System32\mfplat.dll - ok
18:23:44.0370 0x0d54  [ CCE3B423254296E4E1C3C52AB504108F, 045EE134F1A1A6C00628F964DDB882A6E3893017025ECA291B01C2870579EDA9 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
18:23:44.0370 0x0d54  C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
18:23:44.0370 0x0d54  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] C:\Windows\System32\shsvcs.dll
18:23:44.0370 0x0d54  C:\Windows\System32\shsvcs.dll - ok
18:23:44.0370 0x0d54  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] C:\Windows\System32\schedsvc.dll
18:23:44.0370 0x0d54  C:\Windows\System32\schedsvc.dll - ok
18:23:44.0370 0x0d54  [ BC414631876B2F28B8DAB08E849C12C5, 5973654AA3E90E6B699B0A43F645B893D95BAA803129B6967D746C8239AB26E3 ] C:\Windows\System32\ktmw32.dll
18:23:44.0370 0x0d54  C:\Windows\System32\ktmw32.dll - ok
18:23:44.0385 0x0d54  [ E5E14422E4B31C8814B1CAF6359343DC, 0A977F1C654C74D486CD9AFB97B881AA01B0B05A2E7E4A5E9B786D9EDFA4FF70 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo64.dll
18:23:44.0385 0x0d54  C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo64.dll - ok
18:23:44.0385 0x0d54  [ 945E54F23C72D37B8CD1987AF0DB63BF, C2B217C94DBCA0A31ED834B9D492B53B25B235DDD02B1D1200E76609D32772EA ] C:\Windows\System32\fveapi.dll
18:23:44.0385 0x0d54  C:\Windows\System32\fveapi.dll - ok
18:23:44.0385 0x0d54  [ 694865362F0965779F92BCFE97712323, 825EB75E37AFE9B738869FB5D95020D4F44AD419C2F6C5A658F82A5242FDEF6C ] C:\Windows\System32\tbs.dll
18:23:44.0385 0x0d54  C:\Windows\System32\tbs.dll - ok
18:23:44.0385 0x0d54  [ 558C42D165DB5799B4072DC0A9C27C0B, 2385E16ACF07252D5567EC091C1B39D39BB8199F60854D5A91EDC948C57B3A3F ] C:\Windows\System32\msdmo.dll
18:23:44.0385 0x0d54  C:\Windows\System32\msdmo.dll - ok
18:23:44.0385 0x0d54  [ 37B4A79FC1D6D4EC9A6A96B6AF429F74, 1EE1C7FCBF151EF6B377F4DCED3C80A6EDAB2ABE30B60EEBC14025001140A155 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll
18:23:44.0385 0x0d54  C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll - ok
18:23:44.0401 0x0d54  [ 7DC49F1BC3C92F5947A7C9D08CDFF2CF, F60F98AC08951455483F15C0B2FE8C9360CB68533613DBF2273A523DF3DA9060 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcshp64.dll
18:23:44.0401 0x0d54  C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcshp64.dll - ok
18:23:44.0401 0x0d54  [ 3135670C8C7550494FAA0FEBFD91B7CF, 34477FCFC469D81D8EDE74F4703B5F3B197A1A16D9D632D60DC722100B7385E9 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcsii64.dll
18:23:44.0401 0x0d54  C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcsii64.dll - ok
18:23:44.0401 0x0d54  [ CAFE418A0E63414E7C67E5023920F010, 15F213A517B0BD21CEC03089B0387E840ECABE4A5F2F8A7C4796D6DA852A34F3 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slgeq64.dll
18:23:44.0401 0x0d54  C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slgeq64.dll - ok
18:23:44.0401 0x0d54  [ FDA0B45125B159773079A02FA08C2152, A1C658DB1F824C4D9465F365F0197D3DF14C093EFE2613A2ADDD148B139E2C84 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slh36064.dll
18:23:44.0401 0x0d54  C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slh36064.dll - ok
18:23:44.0417 0x0d54  [ BB5376517B09E58FCB3FAEA373F94082, B6524E001435614AAA16A756B20FFD697DCF16E518A664B965A0A40598ECFEF0 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slhlim64.dll
18:23:44.0417 0x0d54  C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slhlim64.dll - ok
18:23:44.0417 0x0d54  [ D80A2EE2AB314ADB537E19618E64EDFA, C20047C92AA05E7F5858CADA18876162172744C4CDB2F884FAAFC4CA4C29ED1F ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slInit64.dll
18:23:44.0417 0x0d54  C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slInit64.dll - ok
18:23:44.0417 0x0d54  [ A3FDB8D1B49DA02F2E68E3A7993D5E06, D79C67EABFCE49DF4A007E7C4026D48DC55BAC71635B8B319C0ED6292D06EE8C ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slmaxv64.dll
18:23:44.0417 0x0d54  C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slmaxv64.dll - ok
18:23:44.0417 0x0d54  [ 1A42C919F6B8FE872E4EA235E30A38AB, F9A5EA97C3409080FD04A0368DA45D1BCB2548FDE0189CC654A455C9BF785B33 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sltshd64.dll
18:23:44.0417 0x0d54  C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sltshd64.dll - ok
18:23:44.0432 0x0d54  [ 58CF2D5B8DC5878C41E44B43C5150FFE, 5E4E24609A3792FA562A1D71D848710EBCB7540F6415CA7F903BCBEDB2635C15 ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slvipp64.dll
18:23:44.0432 0x0d54  C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slvipp64.dll - ok
18:23:44.0432 0x0d54  [ 8EE4456876E2DAF3BA2CDAFE0A0DABD8, B2A602CCA1585467687E1226FA65E62DDE304250E5433ABF63DD85BDDAA54C6E ] C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slviq64.dll
18:23:44.0432 0x0d54  C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slviq64.dll - ok
18:23:44.0432 0x0d54  [ 891ECFD08E2C538B7948CBC45106D697, 628D0D618FF3A70E9FBE3B2C7206C9365ED2297784A5F10FFA05BD2C56657013 ] C:\Windows\System32\fvecerts.dll
18:23:44.0432 0x0d54  C:\Windows\System32\fvecerts.dll - ok
18:23:44.0432 0x0d54  [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7, 4BC5A1279885EEFBEB27333AF719622A5FCDD9606697692C1978E434CE264D80 ] C:\Windows\System32\taskcomp.dll
18:23:44.0432 0x0d54  C:\Windows\System32\taskcomp.dll - ok
18:23:44.0448 0x0d54  [ 8269210DAF3B12BC8300631B28A2A442, EABEB792C2EA8D4A1A7B13281CF557C194D5667AE0BA2A2D5664908D8269113D ] C:\Windows\System32\wiarpc.dll
18:23:44.0448 0x0d54  C:\Windows\System32\wiarpc.dll - ok
18:23:44.0448 0x0d54  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] C:\Windows\System32\drivers\http.sys
18:23:44.0448 0x0d54  C:\Windows\System32\drivers\http.sys - ok
18:23:44.0448 0x0d54  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] C:\Windows\System32\spoolsv.exe
18:23:44.0448 0x0d54  C:\Windows\System32\spoolsv.exe - ok
18:23:44.0448 0x0d54  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] C:\Windows\System32\BFE.DLL
18:23:44.0448 0x0d54  C:\Windows\System32\BFE.DLL - ok
18:23:44.0448 0x0d54  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] C:\Windows\System32\drivers\bowser.sys
18:23:44.0448 0x0d54  C:\Windows\System32\drivers\bowser.sys - ok
18:23:44.0463 0x0d54  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] C:\Windows\System32\drivers\mpsdrv.sys
18:23:44.0463 0x0d54  C:\Windows\System32\drivers\mpsdrv.sys - ok
18:23:44.0463 0x0d54  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] C:\Windows\System32\drivers\mrxsmb.sys
18:23:44.0463 0x0d54  C:\Windows\System32\drivers\mrxsmb.sys - ok
18:23:44.0463 0x0d54  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] C:\Windows\System32\drivers\mrxsmb10.sys
18:23:44.0463 0x0d54  C:\Windows\System32\drivers\mrxsmb10.sys - ok
18:23:44.0463 0x0d54  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] C:\Windows\System32\drivers\mrxsmb20.sys
18:23:44.0463 0x0d54  C:\Windows\System32\drivers\mrxsmb20.sys - ok
18:23:44.0479 0x0d54  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] C:\Windows\System32\wkssvc.dll
18:23:44.0479 0x0d54  C:\Windows\System32\wkssvc.dll - ok
18:23:44.0479 0x0d54  [ C67F8A962B2534224D5908D16D2AD3CE, CAC1821F5E867285638AEE7AE33CE574BCCF16277AC5AD805650B48F7759B4B4 ] C:\Windows\System32\wfapigp.dll
18:23:44.0479 0x0d54  C:\Windows\System32\wfapigp.dll - ok
18:23:44.0479 0x0d54  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] C:\Windows\System32\cryptsvc.dll
18:23:44.0479 0x0d54  C:\Windows\System32\cryptsvc.dll - ok
18:23:44.0479 0x0d54  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] C:\Windows\System32\dps.dll
18:23:44.0479 0x0d54  C:\Windows\System32\dps.dll - ok
18:23:44.0479 0x0d54  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] C:\Windows\System32\IKEEXT.DLL
18:23:44.0479 0x0d54  C:\Windows\System32\IKEEXT.DLL - ok
18:23:44.0495 0x0d54  [ A6B726DCA228F7878E38368A1BDC68BE, 30E8300B09B876E3D4B2A9215C9CC070EADF915E1268F425B6F8E0596A0D3539 ] C:\Windows\System32\cryptnet.dll
18:23:44.0495 0x0d54  C:\Windows\System32\cryptnet.dll - ok
18:23:44.0495 0x0d54  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] C:\Windows\System32\nlasvc.dll
18:23:44.0495 0x0d54  C:\Windows\System32\nlasvc.dll - ok
18:23:44.0495 0x0d54  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] C:\Windows\System32\pcasvc.dll
18:23:44.0495 0x0d54  C:\Windows\System32\pcasvc.dll - ok
18:23:44.0495 0x0d54  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] C:\Windows\System32\drivers\PEAuth.sys
18:23:44.0495 0x0d54  C:\Windows\System32\drivers\PEAuth.sys - ok
18:23:44.0495 0x0d54  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] C:\Windows\System32\drivers\secdrv.sys
18:23:44.0495 0x0d54  C:\Windows\System32\drivers\secdrv.sys - ok
18:23:44.0510 0x0d54  [ BAAFAF9CEAEC0B73C2A3550A01F6CECB, 018CB95A43CEA2063EA24691C71D51EF60D522C21502ABA8AD93876363D4B857 ] C:\Windows\System32\taskschd.dll
18:23:44.0510 0x0d54  C:\Windows\System32\taskschd.dll - ok
18:23:44.0510 0x0d54  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] C:\Windows\System32\drivers\srvnet.sys
18:23:44.0510 0x0d54  C:\Windows\System32\drivers\srvnet.sys - ok
18:23:44.0510 0x0d54  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] C:\Windows\System32\drivers\tcpipreg.sys
18:23:44.0510 0x0d54  C:\Windows\System32\drivers\tcpipreg.sys - ok
18:23:44.0510 0x0d54  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] C:\Windows\System32\wiaservc.dll
18:23:44.0510 0x0d54  C:\Windows\System32\wiaservc.dll - ok
18:23:44.0526 0x0d54  [ 1834B31C749B86DAC233BBBA1C03BC48, 27FCA9196842C0BB53CCAD895870A0EB10D2F8ED67E5486A4437067BD4BC4448 ] C:\Windows\System32\mscms.dll
18:23:44.0526 0x0d54  C:\Windows\System32\mscms.dll - ok
18:23:44.0526 0x0d54  [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5, BDA403E6CACC249C467671FB1FAF7B77FB019326BC18F9F6CF377104520E2654 ] C:\Windows\System32\wiatrace.dll
18:23:44.0526 0x0d54  C:\Windows\System32\wiatrace.dll - ok
18:23:44.0526 0x0d54  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] C:\Windows\System32\snmptrap.exe
18:23:44.0526 0x0d54  C:\Windows\System32\snmptrap.exe - ok
18:23:44.0526 0x0d54  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] C:\Windows\System32\drivers\srv2.sys
18:23:44.0526 0x0d54  C:\Windows\System32\drivers\srv2.sys - ok
18:23:44.0526 0x0d54  [ 4004299B7AF4CBFF6540F1798899A11F, 5DD3AE149B7228A769F2FE95355795AC98ACD8CDFB78954A423A357F717203C3 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
18:23:44.0526 0x0d54  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll - ok
18:23:44.0541 0x0d54  [ F0356290BA3940F31AFF5566501495F7, 4F3C94D38B4648A6C16C1DE07FBA788B88D853E1541CD0642B40117B43F46F76 ] C:\Windows\System32\aepic.dll
18:23:44.0541 0x0d54  C:\Windows\System32\aepic.dll - ok
18:23:44.0541 0x0d54  [ 895C9AB0A855547445C4181195230757, 89BDA385D8CCB75C3D7B1BDFA567AC441A931F4E499C0835FEE9D010343FABB6 ] C:\Windows\System32\sfc_os.dll
18:23:44.0541 0x0d54  C:\Windows\System32\sfc_os.dll - ok
18:23:44.0541 0x0d54  [ D4FAC263861BAE06971C7F7D0A8EBF15, D494DEF0024288B9CC56EC6B500FF5828144BE9B8E7033340509EC5E68F8DED0 ] C:\Windows\System32\ncsi.dll
18:23:44.0541 0x0d54  C:\Windows\System32\ncsi.dll - ok
18:23:44.0541 0x0d54  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] C:\Windows\System32\drivers\srv.sys
18:23:44.0541 0x0d54  C:\Windows\System32\drivers\srv.sys - ok
18:23:44.0557 0x0d54  [ 0E2F58F6E698EDCB9E58FAD0CBCD0567, 426FB40A065FEF61980C803EF72D0D326C623340C3AE99CA8AFFDEFB81E8D49D ] C:\Windows\System32\vssapi.dll
18:23:44.0557 0x0d54  C:\Windows\System32\vssapi.dll - ok
18:23:44.0557 0x0d54  [ 287923557447D7E4BDD7E65B1F0F5428, 14D85A0F036F28D77AA9723C3D7E8C4DA9BDFF8A1AD9BEA6FE5756DBF5D00F08 ] C:\Windows\System32\vsstrace.dll
18:23:44.0557 0x0d54  C:\Windows\System32\vsstrace.dll - ok
18:23:44.0557 0x0d54  [ 2BBF3FDB70B8965DFA0258CBAB41ECCE, 4EFA41765E46E90C6CBDB0DC1E0CD375D7AB3307C477171EBAA6A16AC32E5211 ] C:\Windows\System32\ssdpapi.dll
18:23:44.0557 0x0d54  C:\Windows\System32\ssdpapi.dll - ok
18:23:44.0557 0x0d54  [ C6DCD1D11ED6827F05C00773C3E7053C, EA23BE261C9C04F44215D254D7A80FD0AEE84C6F192D0FEE49A7CF74ED3CB1A6 ] C:\Windows\System32\sfc.dll
18:23:44.0557 0x0d54  C:\Windows\System32\sfc.dll - ok
18:23:44.0557 0x0d54  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] C:\Windows\System32\trkwks.dll
18:23:44.0557 0x0d54  C:\Windows\System32\trkwks.dll - ok
18:23:44.0573 0x0d54  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] C:\Windows\System32\sysmain.dll
18:23:44.0573 0x0d54  C:\Windows\System32\sysmain.dll - ok
18:23:44.0573 0x0d54  [ 03706015DB44368375AEBE6339490E66, 02EB28B5156E320C1EBABC03D37E94EB770A721B99E1DD276F8DC2A50D76C381 ] C:\Windows\System32\netcfgx.dll
18:23:44.0573 0x0d54  C:\Windows\System32\netcfgx.dll - ok
18:23:44.0573 0x0d54  [ 4C1244FEF74C60A4B1B151C76609CBE2, 3E500204A9232D5B332BE16C281A32B957D03BBA836851BE7754F030872FAC83 ] C:\Windows\System32\wsdchngr.dll
18:23:44.0573 0x0d54  C:\Windows\System32\wsdchngr.dll - ok
18:23:44.0573 0x0d54  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] C:\Windows\System32\sstpsvc.dll
18:23:44.0573 0x0d54  C:\Windows\System32\sstpsvc.dll - ok
18:23:44.0588 0x0d54  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] C:\Windows\System32\provsvc.dll
18:23:44.0588 0x0d54  C:\Windows\System32\provsvc.dll - ok
18:23:44.0588 0x0d54  [ 218A400108F280428FA22282D3268BBC, 7712687ABAEF6616E90AE5A321044C102E79EC23F4A1EAFB4278C93724873CB3 ] C:\Windows\System32\wscapi.dll
18:23:44.0588 0x0d54  C:\Windows\System32\wscapi.dll - ok
18:23:44.0588 0x0d54  [ F5CEF064C7E6D95DA86B9D064A56A969, F118CD4364690F37A07AE458E043E8CFBA98F332DC9E7228C83409CF26F6EF6D ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
18:23:44.0588 0x0d54  C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
18:23:44.0588 0x0d54  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] C:\Windows\System32\wbem\WMIsvc.dll
18:23:44.0588 0x0d54  C:\Windows\System32\wbem\WMIsvc.dll - ok
18:23:44.0588 0x0d54  [ 7DB5AA22A8A8E5C2D335F44853C1F6DE, A734A20357026C42950394682A52CBC3AF956D09F1949E1B4E95467E999BC428 ] C:\Windows\System32\wbemcomn.dll
18:23:44.0588 0x0d54  C:\Windows\System32\wbemcomn.dll - ok
18:23:44.0604 0x0d54  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] C:\Windows\System32\srvsvc.dll
18:23:44.0604 0x0d54  C:\Windows\System32\srvsvc.dll - ok
18:23:44.0604 0x0d54  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] C:\Windows\System32\browser.dll
18:23:44.0604 0x0d54  C:\Windows\System32\browser.dll - ok
18:23:44.0604 0x0d54  [ CFEFA40DDE34659BE5211966EAD86437, AC0A3AD8AA47012C40785013E2273FC571F416BC9C9FFDA418FE72B3123C1FB0 ] C:\Windows\System32\netmsg.dll
18:23:44.0604 0x0d54  C:\Windows\System32\netmsg.dll - ok
18:23:44.0604 0x0d54  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] C:\Windows\System32\iphlpsvc.dll
18:23:44.0604 0x0d54  C:\Windows\System32\iphlpsvc.dll - ok
18:23:44.0619 0x0d54  [ A3F5E8EC1316C3E2562B82694A251C9E, F3DC6AA6A9D3B5BBC730668FC52C1D4BB5D515D404578BDDD3D4869A7ED58822 ] C:\Windows\System32\wbem\fastprox.dll
18:23:44.0619 0x0d54  C:\Windows\System32\wbem\fastprox.dll - ok
18:23:44.0619 0x0d54  [ 0C52762C606BCF6A377D5E4688191A6B, C58C9A73AD07E3B93AB186D0D47C5F1CB7197771DBEE40646C3B801645BB388F ] C:\Windows\System32\wbem\WmiDcPrv.dll
18:23:44.0619 0x0d54  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
18:23:44.0619 0x0d54  [ EE26D130808D16C0E417BBBED0451B34, 4886DCE4FAEF146A40BABD492A8000A2022FEA542A6135A9BAFD4CD09297B4E5 ] C:\Windows\System32\ntdsapi.dll
18:23:44.0619 0x0d54  C:\Windows\System32\ntdsapi.dll - ok
18:23:44.0619 0x0d54  [ 666A60F6F5E719856FF6254E0966EFF7, 58C072E7E215991E19C1CA062C476081982F7B9F039714539AE7FEB4981C200F ] C:\Windows\System32\wbem\wbemprox.dll
18:23:44.0619 0x0d54  C:\Windows\System32\wbem\wbemprox.dll - ok
18:23:44.0635 0x0d54  [ B5055B51BAA0FD0A736A88653DA3C1C0, A3BD057C7E8C926930BA7E9D11427D26FB37267026A0B72AB4021101EE424F74 ] C:\Windows\System32\fundisc.dll
18:23:44.0635 0x0d54  C:\Windows\System32\fundisc.dll - ok
18:23:44.0635 0x0d54  [ 27B9E163740A226B65E4B9E186117911, 17411C6A6C1E699BC4B0C04D782FD9AA09CF577DBA41E743F7588904D489CB9F ] C:\Windows\System32\sqmapi.dll
18:23:44.0635 0x0d54  C:\Windows\System32\sqmapi.dll - ok
18:23:44.0635 0x0d54  [ 4581716B4BF76ACFD8E167EB0B26D82A, 39D822527114EEED68044CCE4D542767F53978D9E0A7F72638F1CA9A016DE13B ] C:\Windows\System32\fdPnp.dll
18:23:44.0635 0x0d54  C:\Windows\System32\fdPnp.dll - ok
18:23:44.0635 0x0d54  [ 7B38D7916A7CD058C16A0A6CA5077901, 3F6DD990E2DA5D3BD6D65A72CBFB0FE79EB30B118A8AD71B6C9BB5581A622DCE ] C:\Windows\System32\wdscore.dll
18:23:44.0635 0x0d54  C:\Windows\System32\wdscore.dll - ok
18:23:44.0635 0x0d54  [ 81749E073AC5857B044A686B406E5244, 3884EE705CA34235B29942FEDA8FEA654A21139B8C2A1D5E009C7D07D6E6ADF1 ] C:\Windows\System32\clusapi.dll
18:23:44.0635 0x0d54  C:\Windows\System32\clusapi.dll - ok
18:23:44.0651 0x0d54  [ FF9350513A0D2A871734B299C12525C7, CA0A9EEB30BE301F4B4AA43BCB69BAB187D5E196C114490AAFDC90A8DB3B23E1 ] C:\Windows\System32\HPWia2_OJ8600.dll
18:23:44.0651 0x0d54  C:\Windows\System32\HPWia2_OJ8600.dll - ok
18:23:44.0651 0x0d54  [ FF80CAD87555E8E4D2CFD7B9058343F8, 07653773FBEC1996408B8507B08E0E1E812830063F932F897F4B39EE63DDCDC4 ] C:\Windows\System32\sscore.dll
18:23:44.0651 0x0d54  C:\Windows\System32\sscore.dll - ok
18:23:44.0651 0x0d54  [ 4A4D6B5CEBBD8F11A3A555F275DAEBF8, 3E66CE6AE9B487191B3A2CA1FB325558414C6F24517F10660095191AE4AEF39D ] C:\Windows\System32\HPScanTRDrv_OJ8600.dll
18:23:44.0651 0x0d54  C:\Windows\System32\HPScanTRDrv_OJ8600.dll - ok
18:23:44.0666 0x0d54  [ 0255C22D99602534F15CBB8D9B6F152F, 43CD89D6CA56E0B633142F7C86DA9E072EE0723B5EBC4CE8CCBCA58C396ECF54 ] C:\Windows\System32\wbem\WinMgmtR.dll
18:23:44.0666 0x0d54  C:\Windows\System32\wbem\WinMgmtR.dll - ok
18:23:44.0666 0x0d54  [ 344FCC9850C3A8A3B4D3C65151AF8E4C, C38853454E153B1AB4AEAE1AAFB7CB4B2E6234208CF24C09F3B2AFE25E271C5C ] C:\Windows\System32\resutils.dll
18:23:44.0666 0x0d54  C:\Windows\System32\resutils.dll - ok
18:23:44.0666 0x0d54  [ 77B5035BC6EDF4D1B6265391AECEE4C0, FE69B715F04446BD42AF1B672E6AC54E954CFE0C847BFD2056CB11CF017B1844 ] C:\Windows\System32\vpnikeapi.dll
18:23:44.0666 0x0d54  C:\Windows\System32\vpnikeapi.dll - ok
18:23:44.0666 0x0d54  [ 3B367397320C26DBA890B260F80D1B1B, 50BBE71B4380B5E86E197AF86F5C08266DD6B12344BA4ABDEA604B8C774C4147 ] C:\Windows\System32\hnetcfg.dll
18:23:44.0666 0x0d54  C:\Windows\System32\hnetcfg.dll - ok
18:23:44.0666 0x0d54  [ 5EB55F661DEBF156E126160BCD4D89F8, 948D1F627AA55D55FB3B558BA61B8366C5481A6041820631F24408F75EA5D2CC ] C:\Windows\System32\wbem\wbemcore.dll
18:23:44.0666 0x0d54  C:\Windows\System32\wbem\wbemcore.dll - ok
18:23:44.0682 0x0d54  [ 087D8668C71634A3A3761135ABF16EEE, B7348A63299CFF4FFBF375E645A4850AE0F108D48D13AB25434CFAE7CF3D61FD ] C:\Windows\System32\wbem\esscli.dll
18:23:44.0682 0x0d54  C:\Windows\System32\wbem\esscli.dll - ok
18:23:44.0682 0x0d54  [ 210FCACAF902B2CD47CF9FD17D846146, 3F77AC721E084864C5966FF5337A90185F62203DC19C685328675500D629CB87 ] C:\Windows\System32\aeevts.dll
18:23:44.0682 0x0d54  C:\Windows\System32\aeevts.dll - ok
18:23:44.0682 0x0d54  [ 0015ACFBBDD164A8A730009908868CA7, E1FF243AD2CF959FAB81EFE701592414991C03416FF296ADC93906E76B707C4D ] C:\Windows\System32\winspool.drv
18:23:44.0682 0x0d54  C:\Windows\System32\winspool.drv - ok
18:23:44.0682 0x0d54  [ 718B6F51AB7F6FE2988A36868F9AD3AB, 76141B4E94C2766E2C34CEF523092948771A7893212EFADBE88D2171B85FF012 ] C:\Windows\System32\wbem\wbemsvc.dll
18:23:44.0682 0x0d54  C:\Windows\System32\wbem\wbemsvc.dll - ok
18:23:44.0697 0x0d54  [ 0143DB80DACFB7C2B5B7009ED9063353, 252885CF7C1BAB89B86908373546E5F5D674BEF7AACBDDCF321AD877CB9150A9 ] C:\Windows\System32\wbem\wmiutils.dll
18:23:44.0697 0x0d54  C:\Windows\System32\wbem\wmiutils.dll - ok
18:23:44.0697 0x0d54  [ 0AB34456654C283DAA13B8D2BA21439B, 4B70FC5195DE39564E951C8542020BA3D4257E3D4488F69825F67A6099CB7549 ] C:\Windows\System32\wbem\repdrvfs.dll
18:23:44.0697 0x0d54  C:\Windows\System32\wbem\repdrvfs.dll - ok
18:23:44.0697 0x0d54  [ 88351B29B622B30962D2FEB6CA8D860B, A16CAD7D94C1C9807083BB36E9B4C3C14E6482C4CA2BDFACBCC86E737DDCE42E ] C:\Windows\System32\rasadhlp.dll
18:23:44.0697 0x0d54  C:\Windows\System32\rasadhlp.dll - ok
18:23:44.0713 0x0d54  [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] C:\Windows\System32\drivers\NisDrvWFP.sys
18:23:44.0713 0x0d54  C:\Windows\System32\drivers\NisDrvWFP.sys - ok
18:23:44.0713 0x0d54  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] C:\Windows\System32\wdi.dll
18:23:44.0713 0x0d54  C:\Windows\System32\wdi.dll - ok
18:23:44.0713 0x0d54  [ F7073C962C4FB7C415565DDE109DE49F, 781E7088DCEFBC34A808C3E7DA41A56112B3F23ABE9F54B5EF4D5CD9CD016B1D ] C:\Windows\System32\npmproxy.dll
18:23:44.0713 0x0d54  C:\Windows\System32\npmproxy.dll - ok
18:23:44.0713 0x0d54  [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
18:23:44.0713 0x0d54  C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
18:23:44.0713 0x0d54  [ 4ED32C3115AC5207F63B2DDB9EF21A6A, 235FB629D206E592BBB13E4452DA4B2590E635D1A2AA5FCE235A54D1E9984269 ] C:\Program Files\Microsoft Security Client\NisLog.dll
18:23:44.0713 0x0d54  C:\Program Files\Microsoft Security Client\NisLog.dll - ok
18:23:44.0729 0x0d54  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] C:\Windows\System32\bthserv.dll
18:23:44.0729 0x0d54  C:\Windows\System32\bthserv.dll - ok
18:23:44.0729 0x0d54  [ 4449D23E8F197862F1B16F1E6C89C36C, 93AF52BF8E870C0381F027D3BB8F6829E449242074472F1593EB8172D7EB6559 ] C:\Windows\System32\diagperf.dll
18:23:44.0729 0x0d54  C:\Windows\System32\diagperf.dll - ok
18:23:44.0729 0x0d54  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] C:\Windows\System32\wpdbusenum.dll
18:23:44.0729 0x0d54  C:\Windows\System32\wpdbusenum.dll - ok
18:23:44.0729 0x0d54  [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8, C0B22B8C402EEEAF68F5380BC265C15418934D2F702F0A43674EC93853E26040 ] C:\Windows\System32\shfolder.dll
18:23:44.0729 0x0d54  C:\Windows\System32\shfolder.dll - ok
18:23:44.0744 0x0d54  [ E1B22739C933BE33F53DB58C5393ADD3, 26EE0DD091D2E00DECC774DC1EEDFFDE69AF74B0C769CCBE091AFC32C66E4207 ] C:\Windows\System32\Apphlpdm.dll
18:23:44.0744 0x0d54  C:\Windows\System32\Apphlpdm.dll - ok
18:23:44.0744 0x0d54  [ 1075AB2C077B415760C0E948856B5126, D67804B4A038FC06BD84CBF9C047DD4C13073622027F825371DB98867EF4E9B9 ] C:\Windows\System32\wer.dll
18:23:44.0744 0x0d54  C:\Windows\System32\wer.dll - ok
18:23:44.0744 0x0d54  [ E64D9EC8018C55873B40FDEE9DBEF5B3, 2DB11E7C631A9887CB75AFEAD2C79EC65F82C51F5F073CEFC8CDDF664EFF29C1 ] C:\Windows\System32\PortableDeviceApi.dll
18:23:44.0744 0x0d54  C:\Windows\System32\PortableDeviceApi.dll - ok
18:23:44.0744 0x0d54  [ 9719E3D834F5C8C43F56A93DFA497023, 4D78D4BD4835C0A237821967156C19DF4B90384A6BCB1F48CEAF35D003A0099A ] C:\Windows\System32\pnpts.dll
18:23:44.0744 0x0d54  C:\Windows\System32\pnpts.dll - ok
18:23:44.0760 0x0d54  [ AFA79C343F9D1555F7E5D5FA70BB2A14, 440EF3ADC1F5C7A5ED3E872C8D8DFA61B039454C3CA67F8A51CA8BDCFDC4BA4A ] C:\Windows\System32\PortableDeviceConnectApi.dll
18:23:44.0760 0x0d54  C:\Windows\System32\PortableDeviceConnectApi.dll - ok
18:23:44.0760 0x0d54  [ E811F8510B133E70CF6E509FB809824F, 82541F2B15748250462B67B6C77530D4F7C45A1482237EC49B28F9FA5A414108 ] C:\Windows\System32\wdiasqmmodule.dll
18:23:44.0760 0x0d54  C:\Windows\System32\wdiasqmmodule.dll - ok
18:23:44.0760 0x0d54  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] C:\Windows\System32\drivers\WUDFRd.sys
18:23:44.0760 0x0d54  C:\Windows\System32\drivers\WUDFRd.sys - ok
18:23:44.0760 0x0d54  [ DDD0357A92FA843EFF8915ED17253D6C, 0C78B1D41F0A7821186ADF653504F2BFF067CB512CB0E932047C301378BBADB6 ] C:\Windows\System32\wbem\WmiPrvSD.dll
18:23:44.0760 0x0d54  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
18:23:44.0760 0x0d54  [ D41FEBD098234F02485A4EA98D4730A4, 462DC8168C444F35B43BA3B8F7D77734665D84F1C6D25CAD7391C0145961628F ] C:\Windows\System32\ncobjapi.dll
18:23:44.0760 0x0d54  C:\Windows\System32\ncobjapi.dll - ok
18:23:44.0775 0x0d54  [ 6F40D6FB05E0C1E5402812B426971AF0, E41F138F0F2DB057F8DBB1587237C6FA8A2059B3D64EC894D1DC492A18DBBDED ] C:\Windows\System32\wbem\wbemess.dll
18:23:44.0775 0x0d54  C:\Windows\System32\wbem\wbemess.dll - ok
18:23:44.0775 0x0d54  [ BF4AC709BE5BF64F331F5D67773A0C82, 96E5A2A12D386B8A7976FEC76FD350E6A3EEBDF5763F4BBF4AB18880E9F269E0 ] C:\Windows\System32\perftrack.dll
18:23:44.0775 0x0d54  C:\Windows\System32\perftrack.dll - ok
18:23:44.0775 0x0d54  [ 98611CC3037E05CD86808ABB89614802, 572CD3FAF1F637FB3860B67B8396DADCDF1BBFE4BC633676C259D7FBB645D514 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C14B5A9C-1D02-441F-AAF3-03F02BE2AB92}\gapaengine.dll
18:23:44.0775 0x0d54  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C14B5A9C-1D02-441F-AAF3-03F02BE2AB92}\gapaengine.dll - ok
18:23:44.0775 0x0d54  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] C:\Windows\System32\drivers\WUDFPf.sys
18:23:44.0775 0x0d54  C:\Windows\System32\drivers\WUDFPf.sys - ok
18:23:44.0791 0x0d54  [ 58A0CDABEA255616827B1C22C9994466, 4FE1140AA8D3995579DE8CDF4ECAD1978804D05351EABB4079A63B303EF1B451 ] C:\Windows\System32\NapiNSP.dll
18:23:44.0791 0x0d54  C:\Windows\System32\NapiNSP.dll - ok
18:23:44.0791 0x0d54  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] C:\Windows\System32\WUDFSvc.dll
18:23:44.0791 0x0d54  C:\Windows\System32\WUDFSvc.dll - ok
18:23:44.0791 0x0d54  [ 74D89A9A82D8024B20FABC9DB41EC0CC, 74BAA86A4D34E37599AE0C9016F953A40DBC7DF0404C7EDDF7450B7C84950BB5 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C14B5A9C-1D02-441F-AAF3-03F02BE2AB92}\nisfull.vdm
18:23:44.0791 0x0d54  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C14B5A9C-1D02-441F-AAF3-03F02BE2AB92}\nisfull.vdm - ok
18:23:44.0791 0x0d54  [ 613C8CE10A5FDE582BA5FA64C4D56AAA, 30507B6BA79E1A271B07BBA58B4FF463678BE0960266A1D5E88031E932D768B6 ] C:\Windows\System32\pnrpnsp.dll
18:23:44.0791 0x0d54  C:\Windows\System32\pnrpnsp.dll - ok
18:23:44.0791 0x0d54  [ 2E2072EB48238FCA8FBB7A9F5FABAC45, AC70B9FC24847EEC2E18008F2894DCDAC19A9C90D5D88729326E493CA524F5C3 ] C:\Windows\System32\winrnr.dll
18:23:44.0791 0x0d54  C:\Windows\System32\winrnr.dll - ok
18:23:44.0807 0x0d54  [ 748849C42DEA24C723048E24BCA1BD55, 517DDE70E7CB8E94C6E8B9B05CCD4BC6490A8837FD8BB874C9E1186D8EF07659 ] C:\Windows\System32\wshbth.dll
18:23:44.0807 0x0d54  C:\Windows\System32\wshbth.dll - ok
18:23:44.0807 0x0d54  [ 8ABFE00F213F2571498F1B8FD7939A98, B557EC9EFD33612BAFE01FFD304B50EFB8C3C19763470560DA950B5AB4A9AC9C ] C:\Windows\System32\WUDFHost.exe
18:23:44.0807 0x0d54  C:\Windows\System32\WUDFHost.exe - ok
18:23:44.0807 0x0d54  [ 92E0508D924512F63FFEEFE498CBD11F, 1158011E4A1298DEC79133B40888AA87B06F5B64BA2AB461B58C22F5F9211D0C ] C:\Windows\System32\p2pcollab.dll
18:23:44.0807 0x0d54  C:\Windows\System32\p2pcollab.dll - ok
18:23:44.0807 0x0d54  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] C:\Windows\System32\QAGENTRT.DLL
18:23:44.0807 0x0d54  C:\Windows\System32\QAGENTRT.DLL - ok
18:23:44.0822 0x0d54  [ 25AE683DCB4AE7E6F1B193A0CB9DB35F, 9DC4BE1A51A3E94DB05369222CFCBA2125DA519EAAC46823EAECD738974463EF ] C:\Windows\System32\WUDFx.dll
18:23:44.0822 0x0d54  C:\Windows\System32\WUDFx.dll - ok
18:23:44.0822 0x0d54  [ 506A83A3BEEE9FCA09F0170DE9FC7D1B, 2DFBD792B68F3EBEF0843183CAE5D52B6FA04163808AFACF6C0D738455898C36 ] C:\Windows\System32\fveui.dll
18:23:44.0822 0x0d54  C:\Windows\System32\fveui.dll - ok
18:23:44.0822 0x0d54  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] C:\Windows\System32\wuaueng.dll
18:23:44.0822 0x0d54  C:\Windows\System32\wuaueng.dll - ok
18:23:44.0822 0x0d54  [ 91D6F0AB79AA36FFB932157865206F35, 5C20EA92737A4409DF4601D6D256DBC7A8D0AE4C31A32F20054E873473B27781 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
18:23:44.0822 0x0d54  C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
18:23:44.0822 0x0d54  [ 9864D52F15AD32094A636C6B5281D9E7, 2DBECE721AA11509F6D5005C5FB965EB0DF28729D0B6C524BB35603C1243BA42 ] C:\Windows\System32\WMVCORE.DLL
18:23:44.0822 0x0d54  C:\Windows\System32\WMVCORE.DLL - ok
18:23:44.0838 0x0d54  [ AACC48FE239F0DF126DA2F28930A5B83, D55E7D9AA79B1875E9074CFFBBCD484024902566B49806A8639B5C04847DFF89 ] C:\Windows\System32\WMASF.DLL
18:23:44.0838 0x0d54  C:\Windows\System32\WMASF.DLL - ok
18:23:44.0838 0x0d54  [ 389CA818132C1D7DCF0C791E8D9035DE, 5E54799F92CC604FABEF2F97AFD97F9CAD70D01BCDBC41FAC408D60821927C12 ] C:\Windows\System32\PortableDeviceClassExtension.dll
18:23:44.0838 0x0d54  C:\Windows\System32\PortableDeviceClassExtension.dll - ok
18:23:44.0838 0x0d54  [ 4F3CD1C59EA71401E155C432BCECE180, 6D4118A627CAE509E43D0CC0062EECAA0990C955BB15AE24834460551B2F51A2 ] C:\Windows\System32\PortableDeviceTypes.dll
18:23:44.0838 0x0d54  C:\Windows\System32\PortableDeviceTypes.dll - ok
18:23:44.0838 0x0d54  [ 662BA98309818AF2C17D4E48BF4021C4, 57B3FFAECE3DF5E22B6764A95D2B8523AA02CCCB4BD0779025C11D02EEBF4B1E ] C:\Program Files\Windows Defender\MpClient.dll
18:23:44.0838 0x0d54  C:\Program Files\Windows Defender\MpClient.dll - ok
18:23:44.0853 0x0d54  [ E629F1A051C82795DDFFD3E8D4855811, 6E4DFFEAB2795C98EA6DCAF10EA6D97413D0F8CA0C04869CB20B74FF4D6FE679 ] C:\Windows\System32\dimsjob.dll
18:23:44.0853 0x0d54  C:\Windows\System32\dimsjob.dll - ok
18:23:44.0853 0x0d54  [ 639774C9ACD063F028F6084ABF5593AD, 9DFD80610CBBC9188F6C6BC85C87016B0AE42254FC289C2B578E85282BDD9C23 ] C:\Windows\System32\taskhost.exe
18:23:44.0853 0x0d54  C:\Windows\System32\taskhost.exe - ok
18:23:44.0853 0x0d54  [ 94DFBB481BF51158B216E23C5C1C9D6E, 0199086A70B9B63E48A7A15C8AE5442E9C6BC0173BD80A104DE1BE6A6C25F202 ] C:\Windows\System32\certcli.dll
18:23:44.0853 0x0d54  C:\Windows\System32\certcli.dll - ok
18:23:44.0853 0x0d54  [ 35CB97CBC3EDC463418ED4997AAB29B6, EE60EABE2D87CEDD68FB8985B6C5D70930015FB2B8DB9FDCB4044587BC6ECA4C ] C:\Windows\System32\pautoenr.dll
18:23:44.0853 0x0d54  C:\Windows\System32\pautoenr.dll - ok
18:23:44.0853 0x0d54  [ 263B26106606A010CF877472B535E4BB, 43ECE89E428D2BB34244894BEBA1B946B0767649D15B1C715223E4E471A9E504 ] C:\Windows\System32\CertEnroll.dll
18:23:44.0869 0x0d54  C:\Windows\System32\CertEnroll.dll - ok
18:23:44.0869 0x0d54  [ A8EDB86FC2A4D6D1285E4C70384AC35A, 61B8955CE0A2AA9D0719920B30216717B349B6FBE11C697C31CFA84F859CC1AE ] C:\Windows\System32\dllhost.exe
18:23:44.0869 0x0d54  C:\Windows\System32\dllhost.exe - ok
18:23:44.0869 0x0d54  [ 9028D1621C43DF8DFBD1C76860412A11, A1D48D9B33180BDE50D2FA9BB07E9520B7B7788C39B3AABB4A06AE4B1AACA755 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
18:23:44.0869 0x0d54  C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll - ok
18:23:44.0869 0x0d54  [ A0A2C1D812C231C9BFE119FDC68E341B, F94446594EE17505956A715DFB28B51D09F00A7A65E56950661B889A57DE8FA8 ] C:\Windows\System32\IDStore.dll
18:23:44.0869 0x0d54  C:\Windows\System32\IDStore.dll - ok
18:23:44.0885 0x0d54  [ AC59DAA91FBE31C4A26BDE97F00E27E1, EB251697AAEA7B7FF4DF06BC930E9EA0FB38868E2110B0033DB61B033752F035 ] C:\Windows\System32\KBDHE.DLL
18:23:44.0885 0x0d54  C:\Windows\System32\KBDHE.DLL - ok
18:23:44.0885 0x0d54  [ 65EA57712340C09B1B0C427B4848AE05, 5FDCF73191BFF9DBB03886755FFCF0BC15849F0E216884A5A8B9BB375FA7C1A5 ] C:\Windows\System32\taskeng.exe
18:23:44.0885 0x0d54  C:\Windows\System32\taskeng.exe - ok
18:23:44.0885 0x0d54  [ 6CEF7856A3EFAC59470F6208F0F585CE, 0F7A80DB821FDE6580E9481B6DA44844F717DDB4983B0E3D562BE43726153951 ] C:\Windows\System32\mpr.dll
18:23:44.0885 0x0d54  C:\Windows\System32\mpr.dll - ok
18:23:44.0885 0x0d54  [ 94EEAC26F57811BD1AEFC164412F7FCE, 7390BCD7709D48DE75D7D6E06AA7356D1C58EE63F3CC2E07ABCD2E2FF6CC81CF ] C:\Windows\System32\PlaySndSrv.dll
18:23:44.0885 0x0d54  C:\Windows\System32\PlaySndSrv.dll - ok
18:23:44.0900 0x0d54  [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051, 8EFD0A6DE6F4E335D342782190008FB5AC84A6ADE49170B310DEC9AC48E623E8 ] C:\Windows\System32\localspl.dll
18:23:44.0900 0x0d54  C:\Windows\System32\localspl.dll - ok
18:23:44.0900 0x0d54  [ BAFE84E637BF7388C96EF48D4D3FDD53, 11C194D9ADCE90027272C627D7FBF3BA5025FF0F7B26A8333F764E11E1382CF9 ] C:\Windows\System32\userinit.exe
18:23:44.0900 0x0d54  C:\Windows\System32\userinit.exe - ok
18:23:44.0900 0x0d54  [ F162D5F5E845B9DC352DD1BAD8CEF1BC, 8A7B7528DB30AB123B060D8E41954D95913C07BB40CDAE32E97F9EDB0BAF79C7 ] C:\Windows\System32\dwm.exe
18:23:44.0900 0x0d54  C:\Windows\System32\dwm.exe - ok
18:23:44.0900 0x0d54  [ 3285481F5C12305CA104A6C493CA5A0B, ADB39B15D26A954B0F347C7BAFCC76DE5E3CF3CF05736E8987E0832AA7F8563C ] C:\Windows\System32\spoolss.dll
18:23:44.0900 0x0d54  C:\Windows\System32\spoolss.dll - ok
18:23:44.0916 0x0d54  [ FCFCD1101C5DA23B4B95F93D02B2C169, 040A086875B6C5475490A2F8B0CF4FF20DDB4FEDFE5FCABBA49692AA05F40527 ] C:\Windows\System32\dwmredir.dll
18:23:44.0916 0x0d54  C:\Windows\System32\dwmredir.dll - ok
18:23:44.0916 0x0d54  [ 4BA77A5EF71C14C764B0ED4701683E3E, 066A064CDBE09BF8BE1DF5B259F30FF6C124A1C3D637800D3E19E8E25EDB950E ] C:\Windows\System32\dwmcore.dll
18:23:44.0916 0x0d54  C:\Windows\System32\dwmcore.dll - ok
18:23:44.0916 0x0d54  [ F205F8B7235380D0428A9722940362AE, 3C0EF4A8CC5B594252091365DE9E7671D1B9AB7BBE49B45D929F87BF9321CE22 ] C:\Windows\System32\hpinksts5912LM.dll
18:23:44.0916 0x0d54  C:\Windows\System32\hpinksts5912LM.dll - ok
18:23:44.0916 0x0d54  [ C5AC93CF3BA30D367FB49148A2B673B9, 07B556039BBA841BC9F28979C3AD5D238B55391F921C9C805F3AFC9EFB437766 ] C:\Windows\System32\PrintIsolationProxy.dll
18:23:44.0916 0x0d54  C:\Windows\System32\PrintIsolationProxy.dll - ok
18:23:44.0931 0x0d54  [ 9BB99503D6A4DD62569EDE9E5E2672A5, 6F4EA5BC50B1F929735246485263078BEF1B3BEB33F78CB1F483F13AA226C27E ] C:\Windows\System32\HotStartUserAgent.dll
18:23:44.0931 0x0d54  C:\Windows\System32\HotStartUserAgent.dll - ok
18:23:44.0931 0x0d54  [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA, 8A6ACEFAB95E5275CBFBE6CCB5A6C3A6A471260B279B9063E86B9C7765E18656 ] C:\Windows\System32\MsCtfMonitor.dll
18:23:44.0931 0x0d54  C:\Windows\System32\MsCtfMonitor.dll - ok
18:23:44.0931 0x0d54  [ F09A9A1AD21FE618C4C8B0A0D830C886, 29831DDAB2AB105358FBC067CDF96428220B6743CD6019F6FE74BAC7AF325E7E ] C:\Windows\System32\msutb.dll
18:23:44.0931 0x0d54  C:\Windows\System32\msutb.dll - ok
18:23:44.0931 0x0d54  [ 522B0466ED967A0762E9AF5B37D8F40A, B14C62D059BC7CF430E1B0F6E18E31EFD1959EFB3025A2B0EBB11751F38DD6D4 ] C:\Windows\System32\esent.dll
18:23:44.0931 0x0d54  C:\Windows\System32\esent.dll - ok
18:23:44.0947 0x0d54  [ 3D7C1DFE052288F40AC9ABFB2A824B92, 0F8E9DDC6A47B183265CAC7EE63166D35DC27BBE4722300CF1ADA62E9ED277E2 ] C:\Windows\System32\HPDiscoPM5912.dll
18:23:44.0947 0x0d54  C:\Windows\System32\HPDiscoPM5912.dll - ok
18:23:44.0947 0x0d54  [ 805A52C5AE26C28E88FDD9BCCFE6F312, 4FF28D3658C31722B7DD036DED9D544B14841C0E0B94D31A8EC5AB92128DA020 ] C:\Windows\System32\TSChannel.dll
18:23:44.0947 0x0d54  C:\Windows\System32\TSChannel.dll - ok
18:23:44.0947 0x0d54  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:23:44.0947 0x0d54  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
18:23:44.0947 0x0d54  [ 9AE80F6A66B30E3ED8CDF858CF28B11B, A93E470DC54E3C74C10979D49CABB9A34893F9E847F88491F935DB44EEC3541A ] C:\Windows\System32\d3d10_1.dll
18:23:44.0947 0x0d54  C:\Windows\System32\d3d10_1.dll - ok
18:23:44.0947 0x0d54  [ A2B0924D50F4435FD389499047CE553A, 8D16D5CAAD71AAAAA1479F8477D2928B66581C79932A49A21EDF93DB2803AB9C ] C:\Windows\SysWOW64\ntdll.dll
18:23:44.0947 0x0d54  C:\Windows\SysWOW64\ntdll.dll - ok
18:23:44.0963 0x0d54  [ 63F72417CA38D8FC8F53709649B589E3, 39AE8AFFCFB8A9E345FC4C6F11926F25552C464380F88CDECD299FD27AF7866B ] C:\Windows\System32\d3d10_1core.dll
18:23:44.0963 0x0d54  C:\Windows\System32\d3d10_1core.dll - ok
18:23:44.0963 0x0d54  [ FFF9D00CF16397C64317F213484F94BD, 94D0584E14BDB27F61F59A7BCEA529A1594261BE0CE74502C13E8865843BA414 ] C:\Windows\System32\wsnmp32.dll
18:23:44.0963 0x0d54  C:\Windows\System32\wsnmp32.dll - ok
18:23:44.0963 0x0d54  [ 8DFB5752FCE145A6B295093C0A8BE131, F38029C8B36EFD46B1F6CCA0089FF4EFB0AB246497E38EDFF6A67FAC804D4A97 ] C:\Windows\System32\dxgi.dll
18:23:44.0963 0x0d54  C:\Windows\System32\dxgi.dll - ok
18:23:44.0963 0x0d54  [ 2A107B611C91CD256466C58C0D776E9D, 58EA4F6E0FE7EFB8D3024AE71EE16848C2A00BA5224C8054C80134F99D9A72AB ] C:\Windows\System32\wow64.dll
18:23:44.0963 0x0d54  C:\Windows\System32\wow64.dll - ok
18:23:44.0978 0x0d54  [ 7434E01FBCA3CB86539C39412A31D5E1, E40D5AEBB3A5D8F53C76E3FBF0C07B9C0227914C869F57622EA44A212383EE6D ] C:\Windows\System32\wow64win.dll
18:23:44.0978 0x0d54  C:\Windows\System32\wow64win.dll - ok
18:23:44.0978 0x0d54  [ 4C92EB7535CAA1681A77D928FBF9771F, 7D02B2357CA02393CA711C3C499AAD86B792EEFFDC67F2CE52F7F7BB8A28DE79 ] C:\Windows\System32\d3d11.dll
18:23:44.0978 0x0d54  C:\Windows\System32\d3d11.dll - ok
18:23:44.0978 0x0d54  [ 19E41CCCEE697CC9465396B370929792, A9FC4C33C71C3677FE57779380E55FDE2AC0B0C70A9DBCBA0D0B6FA92C709A7F ] C:\Windows\System32\FXSMON.dll
18:23:44.0978 0x0d54  C:\Windows\System32\FXSMON.dll - ok
18:23:44.0978 0x0d54  [ 32A3C8600AF124CBAAD845F13CFAE3CB, F36FE9E57D5C509FEECE890F9F8717F9CC6F762E32AE0B7DB7E0153370CE0B9D ] C:\Windows\System32\tcpmon.dll
18:23:44.0978 0x0d54  C:\Windows\System32\tcpmon.dll - ok
18:23:44.0978 0x0d54  [ 0F090A77E664CB0F70AB8D3B230B760C, A08EA0409B3BF88AB12792F721FA3A692BBE640DF2A06641E142843A7044EC5E ] C:\Windows\System32\wow64cpu.dll
18:23:44.0978 0x0d54  C:\Windows\System32\wow64cpu.dll - ok
18:23:44.0994 0x0d54  [ 93518C6EDE0B61BCBD02BDB02BD05FEE, 3637F5E5F15093AFB501EE910368CF900B422AC22669391FFA4198BBAE6F8FCB ] C:\Windows\System32\snmpapi.dll
18:23:44.0994 0x0d54  C:\Windows\System32\snmpapi.dll - ok
18:23:44.0994 0x0d54  [ DF72A9936D0C3F517083119648814B09, 6BA4DCAC2F55A393A266ED0B2AF92B38141654D1666E3E143D85BBAF21663E1E ] C:\Windows\System32\usbmon.dll
18:23:44.0994 0x0d54  C:\Windows\System32\usbmon.dll - ok
18:23:44.0994 0x0d54  [ A1D7E3ADCDB07DDB6F423862DCB1A52B, 6191C33D2AE090F6F055D6AE211096CE8F003EC5518A5333EE1E376052176BAB ] C:\Windows\System32\WSDMon.dll
18:23:44.0994 0x0d54  C:\Windows\System32\WSDMon.dll - ok
18:23:44.0994 0x0d54  [ 76161B9D78A275F8F28DD67436013110, E4AE9648BDED9035D39DF20C3A6F453F67D49D7899038B21D88FFD4EFFCC4C08 ] C:\Windows\SysWOW64\kernel32.dll
18:23:44.0994 0x0d54  C:\Windows\SysWOW64\kernel32.dll - ok
18:23:45.0009 0x0d54  [ 332FEAB1435662FC6C672E25BEB37BE3, 6BED1A3A956A859EF4420FEB2466C040800EAF01EF53214EF9DAB53AEFF1CFF0 ] C:\Windows\explorer.exe
18:23:45.0009 0x0d54  C:\Windows\explorer.exe - ok
18:23:45.0009 0x0d54  [ F1B205F932F62F94506A5F332C895DAF, F02F01F20F655DD919C71AE814E4C3DD43330AAD1425FC5B1497F1613917CCDE ] C:\Windows\System32\WSDApi.dll
18:23:45.0009 0x0d54  C:\Windows\System32\WSDApi.dll - ok
18:23:45.0009 0x0d54  [ 461B713DE7F353C6447B744F1A049930, 3551C57128DAFA009C9DB3EE0D798D94B269D1605F74897566D7E79E5FDD437B ] C:\Windows\SysWOW64\KernelBase.dll
18:23:45.0009 0x0d54  C:\Windows\SysWOW64\KernelBase.dll - ok
18:23:45.0009 0x0d54  [ C55516D98DD5D8F0153C2A9B4227DA86, DBC62B776CF06D0873A4C7CFCDF5B6F5C6E6C41917C326C090BCE58DC66EE09C ] C:\Windows\System32\webservices.dll
18:23:45.0009 0x0d54  C:\Windows\System32\webservices.dll - ok
18:23:45.0025 0x0d54  [ D67472125471784DE7147946EDA25FEB, F41960118F412B6CA5E80AE5E8DB9AECDD043A7DB34388FF57C6F9C5A0056F91 ] C:\Windows\SysWOW64\advapi32.dll
18:23:45.0025 0x0d54  C:\Windows\SysWOW64\advapi32.dll - ok
18:23:45.0025 0x0d54  [ EFA67664E181EAF2DEA190EE71C0C9AB, 47033F6E61E7FFF69951F34011AA8E7957A606C5BE385D82E21FDDA3CB9153C8 ] C:\Windows\System32\igd10umd64.dll
18:23:45.0025 0x0d54  C:\Windows\System32\igd10umd64.dll - ok
18:23:45.0025 0x0d54  [ 9DC80A8AAAAAC397BDAB3C67165A824E, 051636BFDFF7AB0E4191354E846BD0DACCA1A01FCC13C1AFED91D8DBFE17127A ] C:\Windows\SysWOW64\msvcrt.dll
18:23:45.0025 0x0d54  C:\Windows\SysWOW64\msvcrt.dll - ok
18:23:45.0025 0x0d54  [ 1D626FE2E13C1CE49CA0136CFF214E93, 4F02DD92045CF244979FFD074B2BDE6925A909227A474C60DCABE4384D916218 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
18:23:45.0025 0x0d54  C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
18:23:45.0041 0x0d54  [ 67CF11E00D026A5C0C88EA5F84D501E5, 5081A87466116232CF07F58229967B6C0CD3738B64A56EFC6BB3EBDA62E378F6 ] C:\Windows\System32\win32spl.dll
18:23:45.0041 0x0d54  C:\Windows\System32\win32spl.dll - ok
18:23:45.0041 0x0d54  [ EED05D42D91835064703E2318552ED25, E9EE1E2253445B207B76F5D3073C612ED979A982522C1515E0FE8FA9641AE568 ] C:\Windows\System32\ExplorerFrame.dll
18:23:45.0041 0x0d54  C:\Windows\System32\ExplorerFrame.dll - ok
18:23:45.0041 0x0d54  [ D8BED6BA298DBAAF6F3D746739FCD333, 83A40845EC448943F4737B730F95860983919677D84922E44EED4BECDFA71A31 ] C:\Windows\SysWOW64\rpcrt4.dll
18:23:45.0041 0x0d54  C:\Windows\SysWOW64\rpcrt4.dll - ok
18:23:45.0041 0x0d54  [ CFC97F07904067A1E5FAE195D534DA3A, EB4D2D127312EB09E2ACCA3276779E80F90FAF77322684BABF72B8EC6E1F906C ] C:\Windows\SysWOW64\sechost.dll
18:23:45.0041 0x0d54  C:\Windows\SysWOW64\sechost.dll - ok
18:23:45.0056 0x0d54  [ 507D5567A0A4EE86C4B0CE2CE1777025, 408770B00CED498BF7782054F17A5CB361CF65429B0C816403D70E416E0EEF23 ] C:\Windows\System32\inetpp.dll
18:23:45.0056 0x0d54  C:\Windows\System32\inetpp.dll - ok
18:23:45.0056 0x0d54  [ F08F6FCD09F9BE94C37ACC1B344685FF, DE48D766258B46EFEAB16579421C4BD97ACC6883F782D00E9857F4A0CE7E8A34 ] C:\Windows\SysWOW64\cryptbase.dll
18:23:45.0056 0x0d54  C:\Windows\SysWOW64\cryptbase.dll - ok
18:23:45.0056 0x0d54  [ 13E5B1CD503A4B21E9F0A2D55A00198B, F90F428A21CE553EBD7DBDEE695E8A68C5556D96B7CFC9020C6B057FE436772C ] C:\Windows\SysWOW64\sspicli.dll
18:23:45.0056 0x0d54  C:\Windows\SysWOW64\sspicli.dll - ok
18:23:45.0056 0x0d54  [ 1BF0CB861A48FEB1638228760750F3CB, 37C781A8C546EAD8B4D28BD7D730B9AC78EB799599AD69DAD9054B6F9F1DD6BD ] C:\Windows\System32\cscapi.dll
18:23:45.0056 0x0d54  C:\Windows\System32\cscapi.dll - ok
18:23:45.0072 0x0d54  [ 8CC3C111D653E96F3EA1590891491D71, 1D326D7D116D76876EE2B14A5BFB7B4328E21DB9B5AAAB9CB67F8EFB93924230 ] C:\Windows\SysWOW64\shlwapi.dll
18:23:45.0072 0x0d54  C:\Windows\SysWOW64\shlwapi.dll - ok
18:23:45.0072 0x0d54  [ 980305AC3AF53C1964A11190451ABB32, D0FE0845F9FB51B1F556E3A1D327F30603033A1FAFC17DFA3D5047B93C7D4D82 ] C:\Windows\SysWOW64\gdi32.dll
18:23:45.0072 0x0d54  C:\Windows\SysWOW64\gdi32.dll - ok
18:23:45.0072 0x0d54  [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3, 01EB95FA3943CF3C6B1A21E473A5C3CB9FCBCE46913B15C96CAC14E4F04075B4 ] C:\Windows\SysWOW64\user32.dll
18:23:45.0072 0x0d54  C:\Windows\SysWOW64\user32.dll - ok
18:23:45.0072 0x0d54  [ CC23295DA8F7B5C53F93804D2F5D30EB, B290D96C40FBA934DE6CFF82D9BBA6780922CC5012C61599BD5006DAEDC82DDB ] C:\Windows\SysWOW64\lpk.dll
18:23:45.0072 0x0d54  C:\Windows\SysWOW64\lpk.dll - ok
18:23:45.0072 0x0d54  [ A5F833506BF6A1B5D693E1499DEE2444, 045874B7D37F49216E37D551076FF440E29DB5196564E714207DF753DF7FDDEE ] C:\Windows\SysWOW64\usp10.dll
18:23:45.0072 0x0d54  C:\Windows\SysWOW64\usp10.dll - ok
18:23:45.0087 0x0d54  [ 024352FEEC9042260BB4CFB4D79A206B, 60CB39086E10C5B66EBC15E4DF219620B344B4358D2918AB6BB3448A0AC8BE36 ] C:\Windows\System32\EhStorShell.dll
18:23:45.0087 0x0d54  C:\Windows\System32\EhStorShell.dll - ok
18:23:45.0087 0x0d54  [ 037A719DAD50603202C978CD802623E4, BD4C222913D32D7CF5FE0201FEBE7BD67FC39DF47A7A672C2D6C228A6E13B5DE ] C:\Windows\System32\ntshrui.dll
18:23:45.0087 0x0d54  C:\Windows\System32\ntshrui.dll - ok
18:23:45.0087 0x0d54  [ 1D63F4366288B8A7595397E27010FD44, 99EA4DDD88D9C4A4CC9B238F533CB4D2C062D46239173997E8594D8A75811A01 ] C:\Windows\System32\IconCodecService.dll
18:23:45.0087 0x0d54  C:\Windows\System32\IconCodecService.dll - ok
18:23:45.0087 0x0d54  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] C:\Windows\System32\appinfo.dll
18:23:45.0087 0x0d54  C:\Windows\System32\appinfo.dll - ok
18:23:45.0103 0x0d54  [ A6F09E5669D9A19035F6D942CAA15882, 68C8AF0CC1923E3A7245392F2480EE665D265DF300A609D2540BF7C6D9C1A1BE ] C:\Windows\SysWOW64\imm32.dll
18:23:45.0103 0x0d54  C:\Windows\SysWOW64\imm32.dll - ok
18:23:45.0103 0x0d54  [ C9618BC9B2B0FD7C1138D8774795A79B, 0AC170669C2626519FA7A745C56BFBA6B83B8537488F5B9EB7BA72448E5E7A43 ] C:\Windows\SysWOW64\msctf.dll
18:23:45.0103 0x0d54  C:\Windows\SysWOW64\msctf.dll - ok
18:23:45.0103 0x0d54  [ 386BF6FD9FC562B1A5558C49E1C3A6FB, 6ED5A61C911845027D0A67B2473603D87E79DB88F0C0C699CBB2D1639C1DFDA5 ] C:\Windows\SysWOW64\shell32.dll
18:23:45.0103 0x0d54  C:\Windows\SysWOW64\shell32.dll - ok
18:23:45.0103 0x0d54  [ 46863C4CC5B68EB09EA2D5EEF0F1193A, 9B5593E1F484AC8F96F89A5995FB1FE9C51CB2F0F545607F6850751191150CFE ] C:\Windows\System32\radardt.dll
18:23:45.0103 0x0d54  C:\Windows\System32\radardt.dll - ok
18:23:45.0119 0x0d54  [ 928CF7268086631F54C3D8E17238C6DD, F058FAFB04E7EBD5CADE9B48195B7AA7C3508F332A89F5E6E5F3F071E8CADD4A ] C:\Windows\SysWOW64\ole32.dll
18:23:45.0119 0x0d54  C:\Windows\SysWOW64\ole32.dll - ok
18:23:45.0119 0x0d54  [ 025E7DBDB98866ED3CB2D4DDA70B364D, 78962F23F066E362AF1A4B98FA7D5E30AF30C561307438503031D30C944B6A6E ] C:\Windows\System32\runonce.exe
18:23:45.0119 0x0d54  C:\Windows\System32\runonce.exe - ok
18:23:45.0119 0x0d54  [ 0562DF97934FC271893BD916A0262E6D, D0274F22D919ECAB50281BFAA16AB530B54DDC8EBA3B34350640858623663B8A ] C:\Program Files (x86)\Google\Update\1.3.25.11\goopdate.dll
18:23:45.0119 0x0d54  C:\Program Files (x86)\Google\Update\1.3.25.11\goopdate.dll - ok
18:23:45.0119 0x0d54  [ D44741F65A1D71F65814A12CF6E2400A, C6721F830675ADC7E7FDE2B5E822E56F6A063146F5066F1E25EBFE86F0A87136 ] C:\Windows\SysWOW64\runonce.exe
18:23:45.0119 0x0d54  C:\Windows\SysWOW64\runonce.exe - ok
18:23:45.0134 0x0d54  [ 352B3DC62A0D259A82A052238425C872, 393B24E0D6007C74AEE2FB2EE2C18623D37DF64E279B6767952DCFEE0EACBB10 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
18:23:45.0134 0x0d54  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
18:23:45.0134 0x0d54  [ A90DC9ABD65DB1A8902F361103029952, 26798758976CE53251AC342B966BE0363AE1794BD965C452F5DEBC33E18969F0 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
18:23:45.0134 0x0d54  C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
18:23:45.0134 0x0d54  [ 2FCA0D2C59A855C54BAFA22AA329DF0F, ED9D26F539065D62FCCEDEEC8E509B30F4D15F8DA586C1F657ACEFE9DABAACD0 ] C:\Windows\SysWOW64\netapi32.dll
18:23:45.0134 0x0d54  C:\Windows\SysWOW64\netapi32.dll - ok
18:23:45.0134 0x0d54  [ 20B3934DB73EABA2B49B7177873CB81F, 492EAC5C51472B43DE11825358AEC4B9E3A081DACFD7513C696D6FE40F302EE5 ] C:\Windows\SysWOW64\netutils.dll
18:23:45.0134 0x0d54  C:\Windows\SysWOW64\netutils.dll - ok
18:23:45.0150 0x0d54  [ 6377051C63D5552A311935C67E9FDFDC, 3FB82988AAB66813567E8DB951D4EE87F156201070F005FDBF52EF998A323E65 ] C:\Windows\SysWOW64\nsi.dll
18:23:45.0150 0x0d54  C:\Windows\SysWOW64\nsi.dll - ok
18:23:45.0150 0x0d54  [ 5CCDCD40E732D54E0F7451AC66AC1C87, 66F4DA105BD72E41250CD59E2B3CD931B47AC9FDB6C784B9E33C5EE1AC29841F ] C:\Windows\SysWOW64\srvcli.dll
18:23:45.0150 0x0d54  C:\Windows\SysWOW64\srvcli.dll - ok
18:23:45.0150 0x0d54  [ CFF35B879D1618D42C86644C717BA947, 1837275202628D3320867A3BF8CFDA15491730C4B74215F7C0D7E140BF01AC3C ] C:\Windows\SysWOW64\winnsi.dll
18:23:45.0150 0x0d54  C:\Windows\SysWOW64\winnsi.dll - ok
18:23:45.0150 0x0d54  [ E5A4A1326A02F8E7B59E6C3270CE7202, DCB76016F9AC47E631540874DA208A089F9D529DA9628705A2869B954526BFE0 ] C:\Windows\SysWOW64\wkscli.dll
18:23:45.0150 0x0d54  C:\Windows\SysWOW64\wkscli.dll - ok
18:23:45.0150 0x0d54  [ CC09E0C9A2D89C6E71D093DC8BD121B7, 5F92457E27D817541EBA92FED984D2E6C1E35AD4E4E4CAE0F0778B795C260FAA ] C:\Windows\SysWOW64\crypt32.dll
18:23:45.0150 0x0d54  C:\Windows\SysWOW64\crypt32.dll - ok
18:23:45.0165 0x0d54  [ 43964FA89CCF97BA6BE34D69455AC65F, 10E3B89A5470E1BB6F73382135DD2352F5073C1EE8485D7476CFB5122D4AAA2F ] C:\Windows\SysWOW64\uxtheme.dll
18:23:45.0165 0x0d54  C:\Windows\SysWOW64\uxtheme.dll - ok
18:23:45.0165 0x0d54  [ EDA54D2E17C0271D2CDA946ABE344110, 736432F2DB8DF42CAE9284AC279EF240E1F13C6ABED60112DCD7CBB70DB5D715 ] C:\Windows\SysWOW64\oleaut32.dll
18:23:45.0165 0x0d54  C:\Windows\SysWOW64\oleaut32.dll - ok
18:23:45.0165 0x0d54  [ 938F39B50BAFE13D6F58C7790682C010, 902000EE51EFEABAF6A4B30F880AA37083D2232C6FC622CA513C4A823390FEDA ] C:\Windows\SysWOW64\msasn1.dll
18:23:45.0165 0x0d54  C:\Windows\SysWOW64\msasn1.dll - ok
18:23:45.0165 0x0d54  [ CB55B9AAB060C803BE4AD229AA0FEC28, 58CF3D7BC275E4460766A5FC1B5D871C1F8995071AB81BB04BFB7BF98E0C9866 ] C:\Windows\SysWOW64\msi.dll
18:23:45.0165 0x0d54  C:\Windows\SysWOW64\msi.dll - ok
18:23:45.0165 0x0d54  [ 10FB16B50AFFDA6D44588F3C445DC273, 6CDA17DA9B44D11E69F7C6682FA633EA75731623BB21B429A0FE2086ED4495A7 ] C:\Windows\SysWOW64\setupapi.dll
18:23:45.0165 0x0d54  C:\Windows\SysWOW64\setupapi.dll - ok
18:23:45.0181 0x0d54  [ F436E847FA799ECD75AD8C313673F450, 3C8BF3F0C08C7FA8DE5CD9C60AD9D00B742E84EB1FEBEEBA0F7159844BAAA471 ] C:\Windows\SysWOW64\cfgmgr32.dll
18:23:45.0181 0x0d54  C:\Windows\SysWOW64\cfgmgr32.dll - ok
18:23:45.0181 0x0d54  [ FF5688D309347F2720911D8796912834, 3B0D73C50D40A6F42629B7750F99F656BF5C1C50237D5F98B6C0F2CE5E2DA359 ] C:\Windows\SysWOW64\clbcatq.dll
18:23:45.0181 0x0d54  C:\Windows\SysWOW64\clbcatq.dll - ok
18:23:45.0181 0x0d54  [ 2EEFF4502F5E13B1BED4A04CCAD64C08, 209FF1B6D46D1AC99518FCF54F2F726143B2DBF2C5FDA90212FBEF7526F7CBF5 ] C:\Windows\SysWOW64\devobj.dll
18:23:45.0181 0x0d54  C:\Windows\SysWOW64\devobj.dll - ok
18:23:45.0181 0x0d54  [ 18AB2E5A40064ED5F7791AC5946A90F3, B7536CE56702C23B1CEC3E1B6C78866E0A76808B85A92AF3733D9ED9429E004C ] C:\Windows\SysWOW64\msimg32.dll
18:23:45.0181 0x0d54  C:\Windows\SysWOW64\msimg32.dll - ok
18:23:45.0197 0x0d54  [ 5E4E0E43E0A5BF9F089696DFA7A3D677, B9D0F2A484095D12CC64862BCF577CE6A32F12C22D0C7567337FF248ED1B1504 ] C:\Windows\SysWOW64\wininet.dll
18:23:45.0197 0x0d54  C:\Windows\SysWOW64\wininet.dll - ok
18:23:45.0197 0x0d54  [ 12C45E3CB6D65F73209549E2D02ECA7A, 9DFD9C58B90257C34D52B7156C1D2566BE32EE7BD4699DDE164A5F190EC4D44A ] C:\Windows\SysWOW64\propsys.dll
18:23:45.0197 0x0d54  C:\Windows\SysWOW64\propsys.dll - ok
18:23:45.0197 0x0d54  [ 3FD15B4611D9BDA3F8013548C0ECAECA, B47A8D9985D9B71EB870816A0AB2B6403D394CCBDF7DE5378D5721D58D68D28D ] C:\Windows\SysWOW64\ntmarta.dll
18:23:45.0197 0x0d54  C:\Windows\SysWOW64\ntmarta.dll - ok
18:23:45.0197 0x0d54  [ 2E33DFD10F28F86C3FC40EE123CC3904, 57C65671A04EFCA437A69E8E97B2FCA17897EE4608C7DB69F77D44FBD3490B50 ] C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
18:23:45.0197 0x0d54  C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
18:23:45.0197 0x0d54  [ 6951562DC4625EEFC6EACD52AD165866, 44A0B3EA0232D613A5B4115492DF2A7CEF25B35300E6A3E3E50C9544C5D1049E ] C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
18:23:45.0197 0x0d54  C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
18:23:45.0212 0x0d54  [ 589CBC4989F750E1DA35625AB481CF43, B93E1B8C3775F9C995FD5451C685A06DEFD24AE1DF0DD99D19D5E4B9AC0010F9 ] C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
18:23:45.0212 0x0d54  C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll - ok
18:23:45.0212 0x0d54  [ 3BE0D923AA45A4DBE091C2D84F0B4FE7, 603EEC55D6F646150FC3F0F2C939CFE434C02FC7A7AB23B1FEC8B5C77E4C8381 ] C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
18:23:45.0212 0x0d54  C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll - ok
18:23:45.0212 0x0d54  [ 01777AB557997E98691E322225314E57, D22FC24CEC1516058E99091B6F580DF52A94FA06BC153EE5CF8329AC1B54D6FA ] C:\Windows\SysWOW64\iertutil.dll
18:23:45.0212 0x0d54  C:\Windows\SysWOW64\iertutil.dll - ok
18:23:45.0212 0x0d54  [ 702254574E7E52052DE39408457B7149, 645CA9E88DA21C63710A04A0F54421018DF415A3D612112C71A255C49325C082 ] C:\Windows\SysWOW64\version.dll
18:23:45.0212 0x0d54  C:\Windows\SysWOW64\version.dll - ok
18:23:45.0228 0x0d54  [ A8BB45F9ECAD993461E0FEF8E2A99152, ACB756EA54E71F124D928829666B5B439785593877FF7C0C76ADCF954F4E6C94 ] C:\Windows\SysWOW64\Wldap32.dll
18:23:45.0228 0x0d54  C:\Windows\SysWOW64\Wldap32.dll - ok
18:23:45.0228 0x0d54  [ 6A13B4F3B3F575F1E24B877B9359AABA, 676AD5F8F709D4A9DCE9938D82DEEE329C9A385A6969C169B3DF37AA75F1E4C7 ] C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
18:23:45.0228 0x0d54  C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
18:23:45.0228 0x0d54  [ D15618A0FF8DBC2C5BF3726BACC75A0B, ADD81EA1D208907D67802F0E96EC0327BA89021F870BA22B9C7E3A19013A6AE7 ] C:\Windows\SysWOW64\userenv.dll
18:23:45.0228 0x0d54  C:\Windows\SysWOW64\userenv.dll - ok
18:23:45.0228 0x0d54  [ C733D233B623B7FFCE5031E4B756EE26, 33CC8B140B0E4A9B702E3468BE2646AEE4273F20C6EA5BAC6C3D8FC8EDEF0881 ] C:\Windows\SysWOW64\profapi.dll
18:23:45.0228 0x0d54  C:\Windows\SysWOW64\profapi.dll - ok
18:23:45.0228 0x0d54  [ 68EAAEDF0365168B804E8728368FA946, 1FA25087E8B247B099B729F780DBF24F77FD34F58186A1C94329261CF3D18B8E ] C:\Windows\SysWOW64\wintrust.dll
18:23:45.0228 0x0d54  C:\Windows\SysWOW64\wintrust.dll - ok
18:23:45.0243 0x0d54  [ 465BEA35F7ED4A4A57686DEA7EA10F47, 7F1B3CA09AB045F805DA5765BE7DD270F5DDACE3073017F7386FF1E2FA82D6FB ] C:\Windows\SysWOW64\cscapi.dll
18:23:45.0243 0x0d54  C:\Windows\SysWOW64\cscapi.dll - ok
18:23:45.0243 0x0d54  [ F34F6DC38A21FCDBB50CDD1EE97B1EA3, 1F5CC5AB99B2D548FD110A2B426E0822A0AF8C38E952215B4E76DDC2AB1223E0 ] C:\Windows\SysWOW64\urlmon.dll
18:23:45.0243 0x0d54  C:\Windows\SysWOW64\urlmon.dll - ok
18:23:45.0243 0x0d54  [ 53223B673A3FA2F9A4D1C31C8D3F6CD8, B07A12E3ECD5E418A3F99F00C56E7F482F68CADE330E7C079DCCDFFAD2E21299 ] C:\Windows\SysWOW64\dbghelp.dll
18:23:45.0243 0x0d54  C:\Windows\SysWOW64\dbghelp.dll - ok
18:23:45.0243 0x0d54  [ 49ACA548B2423F1C67898E6AC719A9A6, 23D84137EAB9AFDD31CBB6776B6B25AD135A120AF7F7885EB5BBF9E0A2CCC4C1 ] C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
18:23:45.0243 0x0d54  C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
18:23:45.0259 0x0d54  [ 1C60E09CA1C3A045BC4D367F67C915B7, DF1ED88CB57DA1AB1A4245AE0D5B42AFA3396EBF67B99411FFFB0DD06DE1AEAF ] C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
18:23:45.0259 0x0d54  C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
18:23:45.0259 0x0d54  [ 863F793D15B4026B1A5FDECA873D4D84, AF7ABD95BB5467551562F129F03C7AC9D52A021F7E547609F40A80E66932C942 ] C:\Windows\SysWOW64\apphelp.dll
18:23:45.0259 0x0d54  C:\Windows\SysWOW64\apphelp.dll - ok
18:23:45.0259 0x0d54  [ 9216ABFD53F5EC1F35C3554AD1A175DE, 1A2CA1228D8A662176FFCA6F9959E2FE26768D4718677BD420D1CD24295A656B ] C:\Windows\SysWOW64\secur32.dll
18:23:45.0259 0x0d54  C:\Windows\SysWOW64\secur32.dll - ok
18:23:45.0259 0x0d54  [ CB8C1CC4F46FBAC78150754D77460C73, 2A8F6A2FFA85E1F068C539BDF100C8B4B02B2D1379FFC2607AA474890D8E7C0A ] C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
18:23:45.0259 0x0d54  C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe - ok
18:23:45.0259 0x0d54  [ AD7B9C14083B52BC532FBA5948342B98, 17F746D82695FA9B35493B41859D39D786D32B23A9D2E00F4011DEC7A02402AE ] C:\Windows\SysWOW64\cmd.exe
18:23:45.0259 0x0d54  C:\Windows\SysWOW64\cmd.exe - ok
18:23:45.0275 0x0d54  [ 7161E8E31B7FD3B1CE083C2CA5FD5F44, 9DDF242C7B5D373064D1C5284C435E60214E90CE8E3A23F02FD6875C101F7C50 ] C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
18:23:45.0275 0x0d54  C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe - ok
18:23:45.0275 0x0d54  [ C5A99A4C0DC9F0F5A95BA0C83D30A549, F99CCCE303F0FC07D82D3BBA223E8CCE41FB7FA8FB5C2A9214C161826537C7C9 ] C:\Windows\SysWOW64\mstask.dll
18:23:45.0275 0x0d54  C:\Windows\SysWOW64\mstask.dll - ok
18:23:45.0275 0x0d54  [ A7A8CA53D9C9FD90C07AB0EB38E5316B, B98722E76601A98F038F40703C4B8BD21B5EC3B65DC1B07B7C367C06448F8A0E ] C:\Windows\System32\dbghelp.dll
18:23:45.0275 0x0d54  C:\Windows\System32\dbghelp.dll - ok
18:23:45.0275 0x0d54  [ 1DBE538457324C9B02DF46105A180675, 644C42C21C87D590BBC4A91FC7425CBD24563A6943BA29BD77549009ED5982ED ] C:\Program Files (x86)\Google\Update\1.3.25.11\goopdateres_en.dll
18:23:45.0275 0x0d54  C:\Program Files (x86)\Google\Update\1.3.25.11\goopdateres_en.dll - ok
18:23:45.0290 0x0d54  [ BF95EA5809E3BBF55370F7CB309FEBD0, 62ADBA6E1A7DDDEFA971580161F30896DFFC27EB4EB82E3CC72062D57DA66500 ] C:\Windows\System32\conhost.exe
18:23:45.0290 0x0d54  C:\Windows\System32\conhost.exe - ok
18:23:45.0290 0x0d54  [ 326C7F76A29897A892AA7726E91C1C67, 64305346B06EC14976130B0B80F14B4D5AB63E5B2A6A7B872EC9CE2BF8FADCD2 ] C:\Windows\SysWOW64\winbrand.dll
18:23:45.0290 0x0d54  C:\Windows\SysWOW64\winbrand.dll - ok
18:23:45.0290 0x0d54  [ B59E370277EDB6643083B62297175628, 5577BC03EFAFD3984F8D3E1BBDA32BC95CA0CC4B4A2A4BA8098E649CFB891396 ] C:\Windows\SysWOW64\ieframe.dll
18:23:45.0290 0x0d54  C:\Windows\SysWOW64\ieframe.dll - ok
18:23:45.0290 0x0d54  [ 60F4AEFA103D421EA4A40E31409B4756, 037A8605CA504A4FF43E9D4DE9017CEA1E26D3556C975872C747E24D8B0835EF ] C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
18:23:45.0290 0x0d54  C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
18:23:45.0306 0x0d54  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] C:\Windows\System32\aelupsvc.dll
18:23:45.0306 0x0d54  C:\Windows\System32\aelupsvc.dll - ok
18:23:45.0306 0x0d54  [ 2C4A87CA8C00E98EFDCFA2E8EC9A3503, DA59CE662E98E56D89E2894D2AC8B9F324C16DA23C860640EDC2C82E0AD06097 ] C:\Windows\SysWOW64\shdocvw.dll
18:23:45.0306 0x0d54  C:\Windows\SysWOW64\shdocvw.dll - ok
18:23:45.0306 0x0d54  [ A1EA582E8B94AE00C14FFACCE4D19E60, 8105AEE7DD563120EC90C500B14A540033599097D2C6635772D18D5981768443 ] C:\Users\Peter Chang\AppData\Local\Temp\{E5363C6E-2116-4EA0-92EC-9B292351AC67}.exe
18:23:45.0306 0x0d54  C:\Users\Peter Chang\AppData\Local\Temp\{E5363C6E-2116-4EA0-92EC-9B292351AC67}.exe - ok
18:23:45.0306 0x0d54  [ 7321F18D1F820612ED0E9F2D4B578A7E, 612BD7DE1DFBD100BD6ACB37A38565D88C39842D990D296B9B8E1FB75C3A94E7 ] C:\Windows\SysWOW64\cryptsp.dll
18:23:45.0306 0x0d54  C:\Windows\SysWOW64\cryptsp.dll - ok
18:23:45.0321 0x0d54  [ ED8EC63F7522DF4852147C84EC62C36A, 75633011CD28DCBD4834211A9D415F17DE15BFCD80FB9FF6CE25CBBD4E9899AF ] C:\Windows\SysWOW64\rsaenh.dll
18:23:45.0321 0x0d54  C:\Windows\SysWOW64\rsaenh.dll - ok
18:23:45.0321 0x0d54  [ E7B9D5FF20FFDD4AAE2EF1D1B8C27A37, 689D126B1B42140D5049015E3E324268E6542D4BC6CC14E31D8B89A25B94BAA5 ] C:\Windows\SysWOW64\imagehlp.dll
18:23:45.0321 0x0d54  C:\Windows\SysWOW64\imagehlp.dll - ok
18:23:45.0321 0x0d54  [ 8FE6AB488ECDC60930CE973A7051B0D4, 38A5CD589EB9CD4CF5656673588AED014D6E99731B97719ABE4BA712F3AF94FC ] C:\Windows\SysWOW64\ncrypt.dll
18:23:45.0321 0x0d54  C:\Windows\SysWOW64\ncrypt.dll - ok
18:23:45.0321 0x0d54  [ CE71B9119A258EDD0A05B37D7B0F92E3, D9310C5BBFE089B8C81E259C462EC1E6D7A7A87FA59FC1F174ED5C58D409AE7A ] C:\Windows\SysWOW64\bcrypt.dll
18:23:45.0321 0x0d54  C:\Windows\SysWOW64\bcrypt.dll - ok
18:23:45.0321 0x0d54  [ E8449FE262D7406BCB2AC2A45C53EC5F, 6C118C9FB26404D1943824CF3990F36E12986547FFACB7CC0DF975A913065D78 ] C:\Windows\SysWOW64\bcryptprimitives.dll
18:23:45.0321 0x0d54  C:\Windows\SysWOW64\bcryptprimitives.dll - ok
18:23:45.0337 0x0d54  [ 1097F3035BAF46CED8B332B3564C5108, C69781683CA963A1335780DABBBC60E2C3CEF0888738D3425D358D12E8D0AF58 ] C:\Windows\SysWOW64\gpapi.dll
18:23:45.0337 0x0d54  C:\Windows\SysWOW64\gpapi.dll - ok
18:23:45.0337 0x0d54  [ 7B851A8018B1EA00A69707A390004884, DAE654713EF1DC66C8C2D27752B659081794063A7D522D1F680AA9A6E7FBA9FD ] C:\Windows\SysWOW64\cryptnet.dll
18:23:45.0337 0x0d54  C:\Windows\SysWOW64\cryptnet.dll - ok
18:23:45.0337 0x0d54  [ 6F8E3B7B70E1BBA871212940C1FBDF60, 3F9D4EE64E4210340C6FEE0DE81BFE3C613DDBE608EC09D63817D24CE24BFC5E ] C:\Windows\SysWOW64\SensApi.dll
18:23:45.0337 0x0d54  C:\Windows\SysWOW64\SensApi.dll - ok
18:23:45.0337 0x0d54  [ CA9F7888B524D8100B977C81F44C3234, 57F3353F89724147D8AC8B69B12C1303DF26978309776F5F8CCF074526A915D3 ] C:\Windows\SysWOW64\winhttp.dll
18:23:45.0337 0x0d54  C:\Windows\SysWOW64\winhttp.dll - ok
18:23:45.0353 0x0d54  [ FB19FC5951A88F3C523E35C2C98D23C0, FF0DB8BF0C68DA0D09272E8181D2B5409C8850BB2F31AEA3AC4CD14C5A420A59 ] C:\Windows\SysWOW64\webio.dll
18:23:45.0353 0x0d54  C:\Windows\SysWOW64\webio.dll - ok
18:23:45.0353 0x0d54  [ 7FF15A4F092CD4A96055BA69F903E3E9, 1B594E6D057C632ABB3A8CF838157369024BD6B9F515CA8E774B22FE71A11627 ] C:\Windows\SysWOW64\ws2_32.dll
18:23:45.0353 0x0d54  C:\Windows\SysWOW64\ws2_32.dll - ok
18:23:45.0353 0x0d54  [ 8205E55DFB11809E5F2AAD1C48840535, 018AA06F93815D2B97F41FA010457C9A8B1FD5BC0B0691F87EB764BD5EBDB6A9 ] C:\Windows\SysWOW64\credssp.dll
18:23:45.0353 0x0d54  C:\Windows\SysWOW64\credssp.dll - ok
18:23:45.0353 0x0d54  [ E94C583CDE2348950155F2AF2876F34D, D00C7E0D665E467B712C68A446CC5BE14FDA743A2301878B3CEB72CDD0A8B8E7 ] C:\Windows\SysWOW64\mswsock.dll
18:23:45.0353 0x0d54  C:\Windows\SysWOW64\mswsock.dll - ok
18:23:45.0353 0x0d54  [ 73E8667A19FEEDD856DF2695E9E511D4, 68D66C36D1F293D10ADCC6A33C870F989A29743537592CF172F02E794BEAFD1C ] C:\Windows\SysWOW64\wship6.dll
18:23:45.0353 0x0d54  C:\Windows\SysWOW64\wship6.dll - ok
18:23:45.0368 0x0d54  [ EE5C8E27C37B79CB54A2FCEEED2DC262, 0A5E200FD65A491756B951A4A0ED39B88B7B313E97C2BBF3C91AC4C290772BB7 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
18:23:45.0368 0x0d54  C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
18:23:45.0368 0x0d54  [ 9A85ABCE0FDD1AF8E79E731EB0B679F3, 2A610BEB16610FE2F2E9A50477A62A05481E8A5843A814955A0EDFF45D0304B3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
18:23:45.0368 0x0d54  C:\Windows\SysWOW64\dhcpcsvc.dll - ok
18:23:45.0368 0x0d54  [ 81F6C1AE23B1C493D9E996C3103915D7, E22408B4D2EDE2F89E686A4FDCD4057BE27B86D050E9CB489F0FFB39C72AEC1D ] C:\Windows\SysWOW64\dhcpcsvc6.dll
18:23:45.0368 0x0d54  C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
18:23:45.0368 0x0d54  [ B40420876B9288E0A1C8CCA8A84E5DC9, 0D3C73B45BC708D7B1E26DFB6D4F64031A998548FEA0FB5CE198ED716F7DC9A0 ] C:\Windows\SysWOW64\dnsapi.dll
18:23:45.0368 0x0d54  C:\Windows\SysWOW64\dnsapi.dll - ok
18:23:45.0384 0x0d54  [ ED6EE83D61EBC683C2CD8E899EA6FEBE, F82592908D038C44D9F2E5C5B7BC663A2D370FC565F40420E1138A9E55F0E7EB ] C:\Windows\SysWOW64\rasadhlp.dll
18:23:45.0384 0x0d54  C:\Windows\SysWOW64\rasadhlp.dll - ok
18:23:45.0384 0x0d54  [ F0D0E883EBBDC7615DC9EDEA0FFB2817, 58F1395445018CB16ED4D3710443FB5B0E087043F6A69F7B10D72D0455958954 ] C:\Windows\SysWOW64\FWPUCLNT.DLL
18:23:45.0384 0x0d54  C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
18:23:45.0384 0x0d54  [ 39C5F32747B3414D1BB216FDB1DEFC58, 6FAE64CB9748304090113903A5AE9E7154BE16BA2EEA7AB3EF04AB9D79B81380 ] C:\Windows\SysWOW64\dwmapi.dll
18:23:45.0384 0x0d54  C:\Windows\SysWOW64\dwmapi.dll - ok
18:23:45.0384 0x0d54  [ E1456E7396022EBE4E5434188D1AC8B0, 67BD897F8BD15D621E2464ECDE2205C4366C6380D04CE74549A1A3EF70B1D35A ] C:\Windows\SysWOW64\WindowsCodecs.dll
18:23:45.0384 0x0d54  C:\Windows\SysWOW64\WindowsCodecs.dll - ok
18:23:45.0384 0x0d54  [ 846D0E4DB261CFAF363902E41498E961, D7E5591B7604FD583AF7FDA19E30928B24A6145318A3944E7D207F0CCEEB30D0 ] C:\Windows\SysWOW64\EhStorShell.dll
18:23:45.0384 0x0d54  C:\Windows\SysWOW64\EhStorShell.dll - ok
18:23:45.0399 0x0d54  [ 03F3B770DFBED6131653CEDA8CA780F0, 77373919DCA647F09851E7E460AE78FBD89F21516B961F84AC4446304E51E09C ] C:\Windows\SysWOW64\ntshrui.dll
18:23:45.0399 0x0d54  C:\Windows\SysWOW64\ntshrui.dll - ok
18:23:45.0399 0x0d54  [ 827CB0D6C3F8057EA037FF271F8E9795, 82760DBDDD38D2A31CAAF51D065DF4E7E1D0F0C22733A0AF653776EBF7B79470 ] C:\Windows\SysWOW64\imageres.dll
18:23:45.0399 0x0d54  C:\Windows\SysWOW64\imageres.dll - ok
18:23:45.0399 0x0d54  [ 8B74CEC6980D4816B0037AE9A27E538F, 8721EDB4C51BF6020002FA5DDB1987C68590F9F433A2F18D9756B2DAC7542CB6 ] C:\Windows\SysWOW64\slc.dll
18:23:45.0399 0x0d54  C:\Windows\SysWOW64\slc.dll - ok
18:23:45.0399 0x0d54  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] C:\Windows\System32\drivers\fastfat.sys
18:23:45.0399 0x0d54  C:\Windows\System32\drivers\fastfat.sys - ok
18:23:45.0415 0x0d54  [ 0DB2758CF1BAFE22E0970FDA0785B74C, 325DEABB182FCA8DCB426AD0095B3524C8F77F2A9204E703391F631B2C4A1157 ] C:\Windows\System32\wuapi.dll
18:23:45.0415 0x0d54  C:\Windows\System32\wuapi.dll - ok
18:23:45.0415 0x0d54  [ FA43D418BC945D27D0625B697B8442B5, 035DE0FEA440D2E3AD255EE84B388DDA538E778877033FDB54B8A61BB0AADE56 ] C:\Windows\System32\cabinet.dll
18:23:45.0415 0x0d54  C:\Windows\System32\cabinet.dll - ok
18:23:45.0415 0x0d54  [ 7EC6617005F76714C7E16605E7A8AB06, 5940168249A9C1791CBD71C8F22FC618E8932808E1478986D89A386A5DA458AC ] C:\Windows\System32\wups.dll
18:23:45.0415 0x0d54  C:\Windows\System32\wups.dll - ok
18:23:45.0415 0x0d54  [ 220159496484D34009DE71CA1A68E0D4, 94BD3DEB4E84F95D80BE5775E5A612EFF181ECB212FB668674C67AD19194DE69 ] C:\Windows\System32\wbem\NCProv.dll
18:23:45.0415 0x0d54  C:\Windows\System32\wbem\NCProv.dll - ok
18:23:45.0415 0x0d54  [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9, E18D66455D00A6D2A2D7CC0833C233FE8A6DD910B59D6B5B5F82EF91450858DF ] C:\Windows\SysWOW64\sfc.dll
18:23:45.0415 0x0d54  C:\Windows\SysWOW64\sfc.dll - ok
18:23:45.0431 0x0d54  [ 84799328D87B3091A3BDD251E1AD31F9, F85521215924388830DBB13580688DB70B46AF4C7D82D549D09086438F8D237B ] C:\Windows\SysWOW64\sfc_os.dll
18:23:45.0431 0x0d54  C:\Windows\SysWOW64\sfc_os.dll - ok
18:23:45.0431 0x0d54  [ 162D247E995EAEBF3EF4289069E1111C, 19E858E9902E2D570FFD24AE2CB4165273F5BAB1FF7B04758B11AB5CD41FD752 ] C:\Windows\SysWOW64\devrtl.dll
18:23:45.0431 0x0d54  C:\Windows\SysWOW64\devrtl.dll - ok
18:23:45.0431 0x0d54  [ B9A8CBCFCD3EC9D2EA4740AF347BF108, 97FA304E3880BC863D999F441AE47CB8ADF00D2DEC2A52ACD8FBD02CC096786A ] C:\Windows\SysWOW64\mpr.dll
18:23:45.0431 0x0d54  C:\Windows\SysWOW64\mpr.dll - ok
18:23:45.0431 0x0d54  [ FB10715E4099AF9FA389C71873245226, 6A4CB43880B822A0C4714D6E52EB3EB2CE1E69C3AA9CA65EAAD6B131AE43F274 ] C:\Windows\System32\timedate.cpl
18:23:45.0431 0x0d54  C:\Windows\System32\timedate.cpl - ok
18:23:45.0446 0x0d54  [ E6F0F82788E8BD0F7A616350EFA0761C, 13091DCB3E3F4F52C3FF210E93AAF1DCE142CFC09F671AEAC5B922393B23E67B ] C:\Windows\System32\actxprxy.dll
18:23:45.0446 0x0d54  C:\Windows\System32\actxprxy.dll - ok
18:23:45.0446 0x0d54  [ 23B001185B7C3CB1F4BDEB143E6B45B7, AB3A5AB346F6353B43B06FBE20B7785DA988975E2C8B73A6588F107FFAAACC47 ] C:\Windows\System32\shdocvw.dll
18:23:45.0446 0x0d54  C:\Windows\System32\shdocvw.dll - ok
18:23:45.0446 0x0d54  [ A0A65D306A5490D2EB8E7DE66898ECFD, CE5DA408F4EDD5E81CE0925867F03C9A35172CF1571FE4C4C052E45AB69822BB ] C:\Windows\System32\linkinfo.dll
18:23:45.0446 0x0d54  C:\Windows\System32\linkinfo.dll - ok
18:23:45.0446 0x0d54  [ 69754747274B76E7FAF287239333D7E6, A0BAEC1E56E4B1A17C0D41B317526AF5BB11E7E488C7016067A6229346A23B16 ] C:\Windows\System32\msiltcfg.dll
18:23:45.0446 0x0d54  C:\Windows\System32\msiltcfg.dll - ok
18:23:45.0446 0x0d54  [ 2720C94ADCC1727A66365CCB1CE456C4, 7A6978A117406E39CEE7ED051F02DE04E76EC51AA65B3F4774712C1C317F410C ] C:\Windows\System32\msi.dll
18:23:45.0446 0x0d54  C:\Windows\System32\msi.dll - ok
18:23:45.0462 0x0d54  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] C:\Windows\System32\qmgr.dll
18:23:45.0462 0x0d54  C:\Windows\System32\qmgr.dll - ok
18:23:45.0462 0x0d54  [ 29409ED7400CA5BCCC30C0EE5147A60D, FCC41E4308A1648CE810105AACED08295C53E25178D6C40C9DF61E9397C579D6 ] C:\Windows\System32\bitsperf.dll
18:23:45.0462 0x0d54  C:\Windows\System32\bitsperf.dll - ok
18:23:45.0462 0x0d54  [ D9431DCF90B0253773F51FDEFE7FD42F, E53C40CC0EC603CF67305F0AA81389124CF6E709A22DABF13563CBAD15897422 ] C:\Windows\System32\bitsigd.dll
18:23:45.0462 0x0d54  C:\Windows\System32\bitsigd.dll - ok
18:23:45.0462 0x0d54  [ 96DB78C9C50CEED9DA5050EFFEE272A2, 51CF3E1F96555A4E4B5BC0DE2598CE5A0199F495644A91C2105F25A5A4CF10E3 ] C:\Windows\System32\upnp.dll
18:23:45.0462 0x0d54  C:\Windows\System32\upnp.dll - ok
18:23:45.0477 0x0d54  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:23:45.0477 0x0d54  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
18:23:45.0477 0x0d54  [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86, E15ED4FEFC3010C213694331DDFDC03767682325C898D773AB243E2DC8B08461 ] C:\Windows\System32\msftedit.dll
18:23:45.0477 0x0d54  C:\Windows\System32\msftedit.dll - ok
18:23:45.0477 0x0d54  [ 2BCBA6052374959A30BD7948444DBB79, 46224A2B729026FEEBC3C6A09E69919D477097848DB2CA0C2F5B166CDF379660 ] C:\Windows\System32\gameux.dll
18:23:45.0477 0x0d54  C:\Windows\System32\gameux.dll - ok
18:23:45.0477 0x0d54  [ 0DCA5F8AF83975061D9D8340DC471B5C, 71C8549419F46ABB4826B1847BF325374FA5C237CE14DB8B1DD8BB6FDABF6138 ] C:\Windows\SysWOW64\msvcr110_clr0400.dll
18:23:45.0477 0x0d54  C:\Windows\SysWOW64\msvcr110_clr0400.dll - ok
18:23:45.0477 0x0d54  [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{81AE85EC-59D0-4F1A-8217-9D54C989970B}.tmp
18:23:45.0477 0x0d54  C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{81AE85EC-59D0-4F1A-8217-9D54C989970B}.tmp - ok
18:23:45.0493 0x0d54  [ D83947A58613E9091B4C9CC0F1546A8D, C71DF6E18E2099FC462717B8658D39C607A62C7E7A1E5CD0E258C17434535AD0 ] C:\Windows\SysWOW64\mscoree.dll
18:23:45.0493 0x0d54  C:\Windows\SysWOW64\mscoree.dll - ok
18:23:45.0493 0x0d54  [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{A0DA287A-65EF-4FAA-BEFF-947030D813C8}.tmp
18:23:45.0493 0x0d54  C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{A0DA287A-65EF-4FAA-BEFF-947030D813C8}.tmp - ok
18:23:45.0493 0x0d54  [ 2EBD0C5B090125AECF017C57344C45AB, 4FF8F2460115C60AD164EE0DC2079E1601B8AA21A1BA8033B7B731FAF85411B6 ] C:\Windows\System32\msls31.dll
18:23:45.0493 0x0d54  C:\Windows\System32\msls31.dll - ok
18:23:45.0493 0x0d54  [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{3BB48762-326F-4368-97E1-38FF62F9AA58}.tmp
18:23:45.0493 0x0d54  C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{3BB48762-326F-4368-97E1-38FF62F9AA58}.tmp - ok
18:23:45.0509 0x0d54  [ 80041798F2F049259241393A2017DB02, 59B8913A129EC26FB111C2C614C0C7440D521F65BAF32E57CA48E34337C0DDEE ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
18:23:45.0509 0x0d54  C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
18:23:45.0509 0x0d54  [ 4C2C4640BF23AAFCF90519E0F34436CE, 8ACCDA77C2DC5BE2DAED05134310122AFECC872A8D118612E55DD229BFE4D844 ] C:\Windows\System32\DeviceCenter.dll
18:23:45.0509 0x0d54  C:\Windows\System32\DeviceCenter.dll - ok
18:23:45.0509 0x0d54  [ 483BAA4246B80BDE1EA562C618BBA4A1, 0340A483F2F00A329ADC625940E5B2E951E1AA362CB088477EFC92D245207CEA ] C:\Windows\System32\igfxtray.exe
18:23:45.0509 0x0d54  C:\Windows\System32\igfxtray.exe - ok
18:23:45.0509 0x0d54  [ F1288E4CE82EE9F3A00E164BDFA54130, 8E9AAE9E8010B0EE1F051F32E2D512DBBA8C597DDCD5DA9E4406A08E62F5D4A8 ] C:\Windows\System32\hccutils.dll
18:23:45.0509 0x0d54  C:\Windows\System32\hccutils.dll - ok
18:23:45.0524 0x0d54  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] C:\Windows\System32\ssdpsrv.dll
18:23:45.0524 0x0d54  C:\Windows\System32\ssdpsrv.dll - ok
18:23:45.0524 0x0d54  [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{2B57827F-0CAC-40C7-A2CE-807E33A0BAB8}.tmp
18:23:45.0524 0x0d54  C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{2B57827F-0CAC-40C7-A2CE-807E33A0BAB8}.tmp - ok
18:23:45.0524 0x0d54  [ 40CAEC9DBC892ED1915704CC54CB382E, 38976A5EF1461027FF8F07397793A9BEFD0B3B47EB1B86F0F3FB88818E5917C9 ] C:\Windows\System32\hkcmd.exe
18:23:45.0524 0x0d54  C:\Windows\System32\hkcmd.exe - ok
18:23:45.0524 0x0d54  [ C88B01661694F2013F8DF1BD66B8B39E, 5BB40F448A85EE00FC090D61BFAB2D15874946E355F92B4FA40482153F0EB83E ] C:\Windows\System32\igfxpers.exe
18:23:45.0524 0x0d54  C:\Windows\System32\igfxpers.exe - ok
18:23:45.0524 0x0d54  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:23:45.0524 0x0d54  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok
18:23:45.0540 0x0d54  [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{8001D567-4060-4A85-A848-99D3EAA68826}.tmp
18:23:45.0540 0x0d54  C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{8001D567-4060-4A85-A848-99D3EAA68826}.tmp - ok
18:23:45.0540 0x0d54  [ FF3FC4BE04D01830799605B6F7B55DB0, C9E6D256CDF0B05598A4EBE6202D6B5E40B5C562E40C81D6F4F71DEFC9349FC2 ] C:\Windows\System32\igfxsrvc.exe
18:23:45.0540 0x0d54  C:\Windows\System32\igfxsrvc.exe - ok
18:23:45.0540 0x0d54  [ 556D271F4243B273EDA353512BF3608A, E516F23BADD7F40A6E8D10C7F1411F3E36489B627E2A2690E7B221C6998B2AE0 ] C:\Windows\System32\ieframe.dll
18:23:45.0540 0x0d54  C:\Windows\System32\ieframe.dll - ok
18:23:45.0540 0x0d54  [ A3C74AB32273776E077E6C98BAC97E44, 818D501D60052A0DE499AA967BEDF1153490665BCFBE52AF5002BD3C65ADF74C ] C:\Windows\System32\igfxdev.dll
18:23:45.0540 0x0d54  C:\Windows\System32\igfxdev.dll - ok
18:23:45.0540 0x0d54  [ 4BC67DC2BB58DC6E2A6BCB9B4450B0B8, A38C00B9F818CBE270D64EC48BD2E4831275AA8B95C67C31C9BB4D4623F06A74 ] C:\Windows\System32\igfxsrvc.dll
18:23:45.0540 0x0d54  C:\Windows\System32\igfxsrvc.dll - ok
18:23:45.0555 0x0d54  [ EAF8AE414501EFE47BAF02E673EEE350, 093D77022BCB1AF5D09ADF50BEBFB5319D51641EEB4C6CC3F6C8D38D2859D944 ] C:\Windows\System32\igfxrenu.lrc
18:23:45.0555 0x0d54  C:\Windows\System32\igfxrenu.lrc - ok
18:23:45.0555 0x0d54  [ 81FB155132AE12BA18119D5B36A85476, B135C87752B20C98CD5D4B9BE47316F785EC41FD5E391D8609F06EDA29B05BBF ] C:\Windows\System32\msvcr110_clr0400.dll
18:23:45.0555 0x0d54  C:\Windows\System32\msvcr110_clr0400.dll - ok
18:23:45.0555 0x0d54  [ 105CFE016CCB20175BEACEC146F175AB, BA21F40CDBF159EE4EACCBFB2A7D20EB9E1C2758883AF089A8E53EE478002E83 ] C:\Windows\System32\IccLibDll_x64.dll
18:23:45.0555 0x0d54  C:\Windows\System32\IccLibDll_x64.dll - ok
18:23:45.0555 0x0d54  [ A08C010D859F8EB42BDD7E1D55B8CA27, F86EAFBF7AA41D8425156C07398EDC3BD42F1690BD3E15D27AEF2EDA86549F15 ] C:\Windows\System32\mscoree.dll
18:23:45.0555 0x0d54  C:\Windows\System32\mscoree.dll - ok
18:23:45.0571 0x0d54  [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{BE58D8BE-20D7-4BFF-98C3-9C594ED80884}.tmp
18:23:45.0571 0x0d54  C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{BE58D8BE-20D7-4BFF-98C3-9C594ED80884}.tmp - ok
18:23:45.0571 0x0d54  [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{1A2640BB-7B9E-4D28-B93A-7A5667BFCC55}.tmp
18:23:45.0571 0x0d54  C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{1A2640BB-7B9E-4D28-B93A-7A5667BFCC55}.tmp - ok
18:23:45.0571 0x0d54  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] C:\Windows\System32\sppsvc.exe
18:23:45.0571 0x0d54  C:\Windows\System32\sppsvc.exe - ok
18:23:45.0571 0x0d54  [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{4E1C0DB0-D3B9-42E6-9E3D-4A8372E605F2}.tmp
18:23:45.0571 0x0d54  C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{4E1C0DB0-D3B9-42E6-9E3D-4A8372E605F2}.tmp - ok
18:23:45.0587 0x0d54  [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{8ABEC9CA-A1A7-492A-A224-697A7F4963BB}.tmp
18:23:45.0587 0x0d54  C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{8ABEC9CA-A1A7-492A-A224-697A7F4963BB}.tmp - ok
18:23:45.0587 0x0d54  [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{676ED447-22EC-4B1E-8F47-F840536966DC}.tmp
18:23:45.0587 0x0d54  C:\Users\PETERC~1\AppData\Local\Temp\{65383959-4AB9-4362-9ED2-E5C5F925D88D}\{676ED447-22EC-4B1E-8F47-F840536966DC}.tmp - ok
18:23:45.0587 0x0d54  [ 9108540E866F75C7AF2B91DD921A8091, 7208C8E05E818781D7F2703B86848FC90651E0D8BE10362863250F2283CEC511 ] C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
18:23:45.0587 0x0d54  C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
18:23:45.0587 0x0d54  [ FB4045578F5180BDB1963AB352B78548, 8E645A63436EE6CDDB78E6064AEB04ECE39208F760A3EF13A3F49FDF41505E21 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
18:23:45.0587 0x0d54  C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
18:23:45.0587 0x0d54  [ FFF95479C7AB1550F0750A5D01744211, FF67F892AABCE1C2B695FF4C0816339566F5745C1498D48FAC050E5196C1CE09 ] C:\Windows\System32\drivers\spsys.sys
18:23:45.0587 0x0d54  C:\Windows\System32\drivers\spsys.sys - ok
18:23:45.0602 0x0d54  [ DD599A4E9F018EDD646A3060B99092CB, 75C9FF2958DF0FC77C88FA66C48DC1AE40B6955F94EB1EFE6869886569EBE344 ] C:\Windows\System32\igfxress.dll
18:23:45.0602 0x0d54  C:\Windows\System32\igfxress.dll - ok
18:23:45.0602 0x0d54  [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] C:\Program Files\Microsoft Security Client\msseces.exe
18:23:45.0602 0x0d54  C:\Program Files\Microsoft Security Client\msseces.exe - ok
18:23:45.0602 0x0d54  [ C92E4F20CC3F4EE5EDEC349508FA219A, 94390E3171666F8733BF52C440EB7518F7375E3FE2C4F27E1173D36331F49A0D ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
18:23:45.0602 0x0d54  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
18:23:45.0602 0x0d54  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] C:\Windows\System32\wscsvc.dll
18:23:45.0602 0x0d54  C:\Windows\System32\wscsvc.dll - ok
18:23:45.0618 0x0d54  [ 29A1AA60BEB49F0D270817F138618647, 0581DEB23E721938F96D8DD3BCAF2E83E0B35E7A36821CE9C216CFF1B578A849 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
18:23:45.0618 0x0d54  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe - ok
18:23:45.0618 0x0d54  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
18:23:45.0618 0x0d54  C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe - ok
18:23:45.0618 0x0d54  [ E0B340996A41C9A75DFA3B99BBA9C500, D029AD8ABBD2267B1E44DF5172B93C3F832B4C21F930F5512C24E800F5CE4F8B ] C:\Windows\System32\SearchIndexer.exe
18:23:45.0618 0x0d54  C:\Windows\System32\SearchIndexer.exe - ok
18:23:45.0618 0x0d54  [ 364ECFF4ABD9D575F4F7CF7EB7928EF3, BA2E0A2AC40AE75A6ED2284B9066AB447C4F328000146B4C72BC1CA922827065 ] C:\Windows\System32\msxml3.dll
18:23:45.0618 0x0d54  C:\Windows\System32\msxml3.dll - ok
18:23:45.0633 0x0d54  [ 589DF683A6C81424A6CECE52ABF98A50, 8CE0D07B2FC1F1BF8C07434FAFCDC63FDD3B75007C3B2EED130DB69D2D16E90A ] C:\Windows\System32\tquery.dll
18:23:45.0633 0x0d54  C:\Windows\System32\tquery.dll - ok
18:23:45.0633 0x0d54  [ 24F4B480F335A6C724AF352253C5D98B, 011413B236CAD7B78CE0A0EEC3E3085D48C7576A3205D025BA6EBFDF590538E4 ] C:\Windows\System32\thumbcache.dll
18:23:45.0633 0x0d54  C:\Windows\System32\thumbcache.dll - ok
18:23:45.0633 0x0d54  [ B4DE8371D7A13BC7F120B63552B94F9A, 8AB088F4EC48A4135CBE5ED23E7AE64A258E1D33D224D1EAA18A9C5E02E0AC73 ] C:\Windows\System32\SynCOM.dll
18:23:45.0633 0x0d54  C:\Windows\System32\SynCOM.dll - ok
18:23:45.0633 0x0d54  [ 66F2DC94056E4434606840206F9349A1, CE89A782340D0CBA343AB40D660D0344971A5AA3E900A00B58B673C8FBBEAA4F ] C:\Windows\System32\SynTPAPI.dll
18:23:45.0633 0x0d54  C:\Windows\System32\SynTPAPI.dll - ok
18:23:45.0633 0x0d54  [ 297F164DF80D84D8B300CB7BB46F6BAE, 6EC9D640F1F5E59BDC702976E19312CD94B3A78D151E0B88447D4BFFFA869639 ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
18:23:45.0633 0x0d54  C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
18:23:45.0649 0x0d54  [ 585FED4CDB8034B8B58AEB8008255817, 13D1055929D79598C04A4AB66EF3DBAADD265F9D1C3F43E84531238D2526A1AE ] C:\Windows\System32\opengl32.dll
18:23:45.0649 0x0d54  C:\Windows\System32\opengl32.dll - ok
18:23:45.0649 0x0d54  [ 4FB1BBDF3E82A2F56D8D16FB9DB8D28F, B07C8ED970BD3C751D9455D4C8B915DBA57ED9170EA32E5D64F7DA764EA42A23 ] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationUI.dll
18:23:45.0649 0x0d54  C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationUI.dll - ok
18:23:45.0649 0x0d54  [ 542F171BF7CDFF1A4A383AABC9459232, 3EAFE7BBD11F9453EDDC8E292B7FC12380FE71B4B0CB8033ADB4116512CE295C ] C:\Program Files\Synaptics\SynTP\DellTpad.exe
18:23:45.0649 0x0d54  C:\Program Files\Synaptics\SynTP\DellTpad.exe - ok
18:23:45.0649 0x0d54  [ D2CA039A9D99E8FB40FCAA7813E77519, AE04FBB7501A99DA437B4ACA6F5A46D7D0446D780FF00EA410181C07E632CBC1 ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
18:23:45.0649 0x0d54  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
18:23:45.0665 0x0d54  [ 7568CC720ACE4D03B84AF97817E745EF, 7155144CB0B260B969C398A36BC277C97BEADB5DB137D19A4F7E5AF61C3E24D4 ] C:\Windows\System32\mssrch.dll
18:23:45.0665 0x0d54  C:\Windows\System32\mssrch.dll - ok
18:23:45.0665 0x0d54  [ F2967C0A97C0EA67D79D7F557213950D, 65516C83DCB3F952CD4454636B61CC2F153AF6BEEBC352463791D92F7F500F52 ] C:\Windows\System32\glu32.dll
18:23:45.0665 0x0d54  C:\Windows\System32\glu32.dll - ok
18:23:45.0665 0x0d54  [ 8943465BEFA91044227D42E84ECB8280, 76D19CE3EB7E6C6573F250543CDC10B3601604535BFB756805AE246FA55AC265 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
18:23:45.0665 0x0d54  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe - ok
18:23:45.0665 0x0d54  [ A6C09924C6730DE8DEED9890A12AA691, 46EACBC27D15FD43431812D6CA770982178C07246AF3A1C2E0D40D745A1D5758 ] C:\Windows\System32\ddraw.dll
18:23:45.0665 0x0d54  C:\Windows\System32\ddraw.dll - ok
18:23:45.0665 0x0d54  [ 3121A79D13A61562BE9CC902CD46B542, 00A5833A48338A4A9A5530844924AF4F1FAB618DA46D7EBBC6E2165C32ED376C ] C:\Windows\System32\msidle.dll
18:23:45.0665 0x0d54  C:\Windows\System32\msidle.dll - ok
18:23:45.0680 0x0d54  [ A5ED9421B8D09ED4F57CDA386307713E, EC2EE043E94A53302A9721220AA42D29BE72AF3448B7AA01F7EB911ECF7DC6AE ] C:\Windows\System32\dciman32.dll
18:23:45.0680 0x0d54  C:\Windows\System32\dciman32.dll - ok
18:23:45.0680 0x0d54  [ E424B3EF666B184CEE0B6871AAA8C9F6, D182D9B3A813C75F88CA16A9C236AB6167DF5861D155B5DC016B90918C4BD579 ] C:\Windows\System32\msimg32.dll
18:23:45.0680 0x0d54  C:\Windows\System32\msimg32.dll - ok
18:23:45.0680 0x0d54  [ 263E9A047D17CD50BAA9D3C02910D18D, F526648358AD121001D2776E0ACC333EC4AC168CA07B40A3D3C06C5CE6A361C3 ] C:\Windows\System32\oledlg.dll
18:23:45.0680 0x0d54  C:\Windows\System32\oledlg.dll - ok
18:23:45.0696 0x0d54  [ 3CB07566302BCEEB898DE270A0BEC175, B234D1044D8702A0929BB48F729EB5078B44AA7CD574B6482633B51289E70200 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
18:23:45.0696 0x0d54  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
18:23:45.0696 0x0d54  [ 9110FFAD124283F37D38771BB60556AF, BB495FDF86B7C3DD7878C496090A624CE8FE68F61166C91A4C99EF1140F0AD23 ] C:\Windows\System32\dsound.dll
18:23:45.0696 0x0d54  C:\Windows\System32\dsound.dll - ok
18:23:45.0696 0x0d54  [ F6F22291024906E43D135A4B1705FEAC, C1B66012799D247033E8AB8386B51BC86A4E2255E6D0B163AC000B215C51B42A ] C:\Windows\System32\sppwinob.dll
18:23:45.0696 0x0d54  C:\Windows\System32\sppwinob.dll - ok
18:23:45.0711 0x0d54  [ 3181F76ED237CC3D50D10CEA05AF8B60, 0CF8343A4B227B77B74642E4DE2CA4F712CCA4C2DD7AF1C624ED2221F134B296 ] C:\Windows\System32\riched32.dll
18:23:45.0711 0x0d54  C:\Windows\System32\riched32.dll - ok
18:23:45.0711 0x0d54  [ 850BD2D2D9CB5894935C3B6333CAD6FD, AB1EE5FD5E2F1CC927C3EA92E71C91ACA566E69622D47AE780DA391B7C30DDD6 ] C:\Windows\System32\riched20.dll
18:23:45.0711 0x0d54  C:\Windows\System32\riched20.dll - ok
18:23:45.0711 0x0d54  [ A543AC1F7138376D778D630A35FCBC4C, 2D824C66A97FC8C39DAFA397CC47495B712D175EEF393486946DA8936BDD466A ] C:\Windows\SysWOW64\psapi.dll
18:23:45.0711 0x0d54  C:\Windows\SysWOW64\psapi.dll - ok
18:23:45.0711 0x0d54  [ 93812FDC01AA864195816CD814445F95, E5CB2576DA2905177AFD342DBE63E17CF626F93F430DEBC55155C18C60166BEE ] C:\Program Files\Microsoft Security Client\SqmApi.dll
18:23:45.0711 0x0d54  C:\Program Files\Microsoft Security Client\SqmApi.dll - ok
18:23:45.0727 0x0d54  [ D1DE1EAFDE97BE41CF6585027FF3E732, 76F17D4DF440D6734DC8157092D94EB18C2A73A0A49BEEA289E7B3EDE30E86A2 ] C:\Windows\SysWOW64\comdlg32.dll
18:23:45.0727 0x0d54  C:\Windows\SysWOW64\comdlg32.dll - ok
18:23:45.0727 0x0d54  [ 3EBC17EA45A4E9F505A644302AFB4BD1, 2BF4CE55868DB3C0F68D0A61F8422885ACA7491E73A39329D4BCEE4E28FC804C ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll
18:23:45.0727 0x0d54  C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.dll - ok
18:23:45.0727 0x0d54  [ B837D1528CE2E3CB79F09496BC08DDC6, ACD54CE61CFE94F23DC283537AD8FFBEB3D6041BD30317B60BA7A10FCB240A27 ] C:\Windows\System32\SensApi.dll
18:23:45.0727 0x0d54  C:\Windows\System32\SensApi.dll - ok
18:23:45.0727 0x0d54  [ 405F4D32D2185F1F1BD753D8EEAFFB3A, CAC42C3E09C43BE96592B670D70821386014DB22D8239A9CFB9E33E54FB5C3D5 ] C:\Windows\System32\networkexplorer.dll
18:23:45.0727 0x0d54  C:\Windows\System32\networkexplorer.dll - ok
18:23:45.0743 0x0d54  [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8, B1A9B2EF000917214C0198958CBD239D1D91B1720EC40DF041262A34D302AD74 ] C:\Windows\SysWOW64\winspool.drv
18:23:45.0743 0x0d54  C:\Windows\SysWOW64\winspool.drv - ok
18:23:45.0743 0x0d54  [ 0805289E121F3E3C458C970B08314EB2, D9B448A04C09F525F599D0369CF9A197F471AABDA0A97201760C46D2EB8F3CDE ] C:\Windows\System32\RtkCfg64.dll
18:23:45.0743 0x0d54  C:\Windows\System32\RtkCfg64.dll - ok
18:23:45.0743 0x0d54  [ 102CF6879887BBE846A00C459E6D4ABC, A4C51C79CF95D5C79DCEFB02946A09A987FEAF83CE2EE1BA7677EBA90869AC80 ] C:\Windows\SysWOW64\riched20.dll
18:23:45.0743 0x0d54  C:\Windows\SysWOW64\riched20.dll - ok
18:23:45.0743 0x0d54  [ B84E2D174DC84916A536572BB8F691A8, 94E3D68F102439D3A585D2D796F3F3FC27CB41C640058DDC14AF99A723B2CD99 ] C:\Windows\System32\wscisvif.dll
18:23:45.0743 0x0d54  C:\Windows\System32\wscisvif.dll - ok
18:23:45.0758 0x0d54  [ 12DBA51A6D1126E88F78D79AE0F7600F, 41091C910171C21473C9E7C3AEE76276061984A676B09015DC6AD6B943EB8DF8 ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
18:23:45.0758 0x0d54  C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe - ok
18:23:45.0758 0x0d54  [ 6C1E3C43B35268C17833244C8ED96430, 9C571AA762E71177B6FF486D1DB500E3530E13CAFD87316AD2C64F5A55EB4A93 ] C:\Windows\System32\wscproxystub.dll
18:23:45.0758 0x0d54  C:\Windows\System32\wscproxystub.dll - ok
18:23:45.0758 0x0d54  [ 3043374E292DED8C59D1C6570578F2F0, A9B88ED6D56490B4D7F0533CCA14970D017D92C243925BA73570F4C68E2B3DC6 ] C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
18:23:45.0758 0x0d54  C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe - ok
18:23:45.0758 0x0d54  [ E2A17BCC08D92F42E08AF6BA2F93ABA7, 5FC9D47BF4B1094BECC0C0DDCD5CD4318DD3E4495D982F8785331616D5B82599 ] C:\Windows\SysWOW64\ExplorerFrame.dll
18:23:45.0758 0x0d54  C:\Windows\SysWOW64\ExplorerFrame.dll - ok
18:23:45.0774 0x0d54  [ 6E1F8165C365D35C8E3C045AF0CDD481, B861360D0A014265A0BEB4CC2FE31EA05AE95120E8B07820C13A044D64C00E2B ] C:\Windows\SysWOW64\duser.dll
18:23:45.0774 0x0d54  C:\Windows\SysWOW64\duser.dll - ok
18:23:45.0774 0x0d54  [ EE06B85BC69F18826302348A2AD089E0, 417205797CC9F6C986A863A61179784D9ADCAF1961EF8A4D9042D73C5A86509A ] C:\Windows\SysWOW64\dui70.dll
18:23:45.0774 0x0d54  C:\Windows\SysWOW64\dui70.dll - ok
18:23:45.0774 0x0d54  [ 58B8702C20DE211D1FCB248D2FDD71D1, B2F6E3BA6FB5250F0E70555B39D34F19ADA760BDDA7E1A44113B97C3A1FD3F8B ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
18:23:45.0774 0x0d54  C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
18:23:45.0774 0x0d54  [ E3C817F7FE44CC870ECDBCBC3EA36132, D769FAFA2B3232DE9FA7153212BA287F68E745257F1C00FAFB511E7A02DE7ADF ] C:\Windows\SysWOW64\msvcp100.dll
18:23:45.0774 0x0d54  C:\Windows\SysWOW64\msvcp100.dll - ok
18:23:45.0789 0x0d54  [ BF38660A9125935658CFA3E53FDC7D65, 60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA ] C:\Windows\SysWOW64\msvcr100.dll
18:23:45.0789 0x0d54  C:\Windows\SysWOW64\msvcr100.dll - ok
18:23:45.0789 0x0d54  [ B0F8CCA08DBC392442E27377B98DD0CD, D76D5897EFE57BD3897F3ACD44A85003BD412E9C0CAF1C78D18137C32327A399 ] C:\Windows\System32\consent.exe
18:23:45.0789 0x0d54  C:\Windows\System32\consent.exe - ok
18:23:45.0789 0x0d54  [ 9D251702F2A9B2121C8085CB8F53F2DA, F46EDD3F197A760120AA11E14ABD2E9868A71F79480205A50564CDE642932651 ] C:\Program Files\Internet Explorer\sqmapi.dll
18:23:45.0789 0x0d54  C:\Program Files\Internet Explorer\sqmapi.dll - ok
18:23:45.0789 0x0d54  [ 2B373B5F7E36B5ED5DA176D4400EF091, A7E220CC3661429D786693B277A7F39D5D9E24284B1D9E55DB6295AF7D97D104 ] C:\Windows\System32\sppobjs.dll
18:23:45.0789 0x0d54  C:\Windows\System32\sppobjs.dll - ok
18:23:45.0789 0x0d54  [ 5997D769CDB108390DCFAEBF442BF816, 0E25CA984C0EEB629184423FAA9BC6D4356DF9A93F281E06DC83B4AC638AEC4A ] C:\Windows\SysWOW64\RpcRtRemote.dll
18:23:45.0789 0x0d54  C:\Windows\SysWOW64\RpcRtRemote.dll - ok
18:23:45.0805 0x0d54  [ AC5DF873913B00E554D8F553459BC431, 86FC6E15BD67AEB714E44C088EDA1C17BAC25A1EC67A518A05878D594F293394 ] C:\Windows\System32\qmgrprxy.dll
18:23:45.0805 0x0d54  C:\Windows\System32\qmgrprxy.dll - ok
18:23:45.0805 0x0d54  [ 85B45B4B285B159ACDB355FC8C1E8925, EBB4A5472306A284D3A845347E2A79B13EFCCBA86705E1D49DE8AC44D8D06112 ] C:\Windows\SysWOW64\qmgrprxy.dll
18:23:45.0805 0x0d54  C:\Windows\SysWOW64\qmgrprxy.dll - ok
18:23:45.0805 0x0d54  [ C3761661C17C2248A9379A8FB89E3DE1, CE3477FA2B4058EB80739E0161FE957545F13CF86D313F6422732901D35F75F2 ] C:\Windows\System32\stobject.dll
18:23:45.0805 0x0d54  C:\Windows\System32\stobject.dll - ok
18:23:45.0805 0x0d54  [ F832EEEA97CDDA1AF577E721F652A0D1, EBBB7CA199BA4DF231123922BD310D43DE0104C6185B70FE0281B938D5336F2E ] C:\Windows\System32\batmeter.dll
18:23:45.0805 0x0d54  C:\Windows\System32\batmeter.dll - ok
18:23:45.0821 0x0d54  [ F11A57E91FDAECFB41A5CB21EB1EBC8E, 904DA963F2274ADF521660E3131DAC781E59C6FAEB393E57802A3B5638C09283 ] C:\Windows\System32\dssenh.dll
18:23:45.0821 0x0d54  C:\Windows\System32\dssenh.dll - ok
18:23:45.0821 0x0d54  [ 8494E126F0B10180F3293AF861CE1F7A, 538B1F30423DB2398E611BC46C80150C090698E633BABF7362F7060DBF0C3064 ] C:\Windows\System32\mlang.dll
18:23:45.0821 0x0d54  C:\Windows\System32\mlang.dll - ok
18:23:45.0821 0x0d54  [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122, E7EA375A3BDE8FC764CB09524344370B9EE25F98AD6C83E6F37A569EB8D277D6 ] C:\Windows\System32\prnfldr.dll
18:23:45.0821 0x0d54  C:\Windows\System32\prnfldr.dll - ok
18:23:45.0821 0x0d54  [ 42A9CB6906D9A8BEDC83B57163E62924, E18522D3137653140757829EFBFCE624A5BAA5842E2BBA10B9E5AB6C84BE49E1 ] C:\Windows\System32\DXP.dll
18:23:45.0821 0x0d54  C:\Windows\System32\DXP.dll - ok
18:23:45.0821 0x0d54  [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891, 0A82A475301202791A7C10F978F952EAB7DB146A702D4EA67E24E2C98BC19638 ] C:\Windows\System32\Syncreg.dll
18:23:45.0821 0x0d54  C:\Windows\System32\Syncreg.dll - ok
18:23:45.0836 0x0d54  [ C9FB9038B15036CA28CF0B4BE2BED9BD, 0F56384E798B3F725FFEFC6E31A980DA31F620DB847F601273EF19E8CE74A226 ] C:\Windows\System32\en-US\tquery.dll.mui
18:23:45.0836 0x0d54  C:\Windows\System32\en-US\tquery.dll.mui - ok
18:23:45.0836 0x0d54  [ C836175870E00ACC546066632E15BD10, 4347F3319C26DA1C38F395C74DBD67AF886149C8F29EDE765DD96C8480A3054A ] C:\Windows\ehome\ehSSO.dll
18:23:45.0836 0x0d54  C:\Windows\ehome\ehSSO.dll - ok
18:23:45.0836 0x0d54  [ A42F2C1EB3B66C54FB3C7B79D30C1A6D, A63836DB3B01835DC1311526A95198D6EBCCB1DC9DDAFBC38EC36C128CDB98B9 ] C:\Windows\System32\netshell.dll
18:23:45.0836 0x0d54  C:\Windows\System32\netshell.dll - ok
18:23:45.0836 0x0d54  [ E7368F0A8D19445EAF5C5D0DBB8B8DAB, CF9082360E32A7C3E13A67AC2C6192F4A76870D43DA9FF2936993A637F712761 ] C:\Windows\System32\AltTab.dll
18:23:45.0836 0x0d54  C:\Windows\System32\AltTab.dll - ok
18:23:45.0852 0x0d54  [ C8FDF0FA9E97E2FAAF3F814716AAA881, DD24A1CAB44D943B0E1A795A347AD25D9305FC7F012A2566A6A14BD47221831F ] C:\Windows\System32\WPDShServiceObj.dll
18:23:45.0852 0x0d54  C:\Windows\System32\WPDShServiceObj.dll - ok
18:23:45.0852 0x0d54  [ ACE1BB07E0377E37A2C514CD2EC119B1, A9AFA4774DFA875496764D6E541A6333A3ACD3C5D2BBEF753C2D80BA83B4AC15 ] C:\Windows\System32\mssprxy.dll
18:23:45.0852 0x0d54  C:\Windows\System32\mssprxy.dll - ok
18:23:45.0852 0x0d54  [ 10F815BE90A66AAFC6C713D1BD626064, 01139FC04BC53594296F6A0E16B8D20B940F64BC8119FE7705C03C4947958F39 ] C:\Windows\System32\pnidui.dll
18:23:45.0852 0x0d54  C:\Windows\System32\pnidui.dll - ok
18:23:45.0852 0x0d54  [ B9F0A4020AA98B7A20287BF7FE99A1FD, 21138F161EEEA46198890C7A2D073F2C82829E15676131BDAD9F237EDC7477CD ] C:\Windows\System32\QUTIL.DLL
18:23:45.0852 0x0d54  C:\Windows\System32\QUTIL.DLL - ok
18:23:45.0852 0x0d54  [ 8569E35D00F45972E506502EEE622BA4, 01FE851C03DB88C8373099C279F995A559D962B08932E193032FA3EAD522FB01 ] C:\Windows\System32\srchadmin.dll
18:23:45.0852 0x0d54  C:\Windows\System32\srchadmin.dll - ok
18:23:45.0867 0x0d54  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] C:\Windows\System32\netman.dll
18:23:45.0867 0x0d54  C:\Windows\System32\netman.dll - ok
18:23:45.0867 0x0d54  [ D2155709E336C3BC15729EB87FEC6064, 682A84C0F2D892E7A6CEE4E5937B4799E352AAE3B71E7037F2A343373467443C ] C:\Windows\System32\rasdlg.dll
18:23:45.0867 0x0d54  C:\Windows\System32\rasdlg.dll - ok
18:23:45.0867 0x0d54  [ 2DF29664ED261F0FC448E58F338F0671, 4EFE79C383D0AF126FC4EE668D822563F8F037B1E61D73747A35FE11AAFDB8CE ] C:\Windows\System32\mprapi.dll
18:23:45.0867 0x0d54  C:\Windows\System32\mprapi.dll - ok
18:23:45.0867 0x0d54  [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2, E8ACB693B1A78FAEF292111BE3F9B10BA95C76833C06C931A08EAAAE39A21334 ] C:\Windows\System32\dot3api.dll
18:23:45.0867 0x0d54  C:\Windows\System32\dot3api.dll - ok
18:23:45.0883 0x0d54  [ E4FCA0F99A41E460C84016DEFD31E6EF, 8EB14AF2025EADC7C86280E8417D8F286E8271B4F88B31696E33DFD72B3A0EF2 ] C:\Windows\System32\wlanhlp.dll
18:23:45.0883 0x0d54  C:\Windows\System32\wlanhlp.dll - ok
18:23:45.0883 0x0d54  [ 357BE883C5236BFC7341CB9E82308908, 4DDB697FD9B7C516CF99D73C8799EA35BB97E2431216CD7C1045F17B06109FBF ] C:\Windows\System32\wlanapi.dll
18:23:45.0883 0x0d54  C:\Windows\System32\wlanapi.dll - ok
18:23:45.0883 0x0d54  [ 5DA219F57A9076FB6FBD3C9C3713A672, 274FE616625B336D81841FDC752C8053D4CD6926565B899760D298D145CBA1A3 ] C:\Windows\System32\WWanAPI.dll
18:23:45.0883 0x0d54  C:\Windows\System32\WWanAPI.dll - ok
18:23:45.0883 0x0d54  [ 62C7AACC746C9723468A8F2169ED3E85, 40E901F3EAFE52DF11D6BC4EF0E79F666EBDACE0B3C090CAD2358076E893EA47 ] C:\Windows\System32\wwapi.dll
18:23:45.0883 0x0d54  C:\Windows\System32\wwapi.dll - ok
18:23:45.0883 0x0d54  [ 6B851E682A36453E1B1EE297FFB6E2AB, A641D3FD9463C4788B45B8B5584EA4489C1F63A71B4B595AE85FF3482CD5EDA6 ] C:\Windows\System32\QAGENT.DLL
18:23:45.0883 0x0d54  C:\Windows\System32\QAGENT.DLL - ok
18:23:45.0899 0x0d54  [ F7A256EC899C72B4ECDD2C02CB592EFD, 9C1AA9322E83CABB94AEA4375EAEB0C44700E1F33B8BE98649BA1DF4DDFAD326 ] C:\Windows\System32\bthprops.cpl
18:23:45.0899 0x0d54  C:\Windows\System32\bthprops.cpl - ok
18:23:45.0899 0x0d54  [ 92DBF0A4C9239169010FC6E07859C82E, 00FB2CF4420F0FFEF519AFE732A708CF249640121E2A891CAA164313ABD7F804 ] C:\Windows\System32\ActionCenter.dll
18:23:45.0899 0x0d54  C:\Windows\System32\ActionCenter.dll - ok
18:23:45.0899 0x0d54  [ F00AE7B953ABEF1B53FBBA187DFC8238, 6FFA160FB6821A725A7D81E1BECE1DE89E3E022B33E56A7468E2E0B4C8B2AE31 ] C:\Windows\System32\webcheck.dll
18:23:45.0899 0x0d54  C:\Windows\System32\webcheck.dll - ok
18:23:45.0899 0x0d54  [ 101797BA603D227946B4B5109867EB19, EBF2B48D1A4FE148F455EA32023ABC0D479215D48C7CE76E765F199CD3C80AF8 ] C:\Windows\System32\SyncCenter.dll
18:23:45.0899 0x0d54  C:\Windows\System32\SyncCenter.dll - ok
18:23:45.0914 0x0d54  [ 8130391F82D52D36C0441F714136957F, 1FD4FEE7CAF63E450F27729E07EA2A2F09288629FD872DBB6E8710B16D8DBD5D ] C:\Windows\System32\imapi2.dll
18:23:45.0914 0x0d54  C:\Windows\System32\imapi2.dll - ok
18:23:45.0914 0x0d54  [ 617F6EC0AC677C685479C1D0D1E76C6F, 77B22C0817558CE70EF7D3BBE04A275FFA35ED2E4AFB17DBDF353DF9932DC693 ] C:\Windows\System32\mspatcha.dll
18:23:45.0914 0x0d54  C:\Windows\System32\mspatcha.dll - ok
18:23:45.0914 0x0d54  [ 6A5C1A8AC0B572679361026D0E900420, B5E693B48B462E97738A3D4E58B60846159649EB15F4D11074B4BC107CC88562 ] C:\Windows\System32\hgcpl.dll
18:23:45.0914 0x0d54  C:\Windows\System32\hgcpl.dll - ok
18:23:45.0914 0x0d54  [ E76F105AD039B9E4DA9ECE839298C4A2, 76C7056F23E90524CE4947FDE560C6D825186520DA5E9965A2116C24011AB762 ] C:\Windows\System32\wups2.dll
18:23:45.0914 0x0d54  C:\Windows\System32\wups2.dll - ok
18:23:45.0914 0x0d54  [ C746F3BF98E92FB137B5BD2B8B5925BD, 67A8990F3D491D149E65C90042909259793C65E671DC953FDA1F7590FAC23D9E ] C:\Windows\System32\FXSST.dll
18:23:45.0914 0x0d54  C:\Windows\System32\FXSST.dll - ok
18:23:45.0930 0x0d54  [ 650CAEA856943E29F25A25D31E004B18, DCA63D2AF4C6F14B27EA006F200E58A5C13AC940A51947A40F668908A446CC4E ] C:\Windows\System32\FXSAPI.dll
18:23:45.0930 0x0d54  C:\Windows\System32\FXSAPI.dll - ok
18:23:45.0930 0x0d54  [ C8E8B8239FCF17BEA10E751BE5854631, CB869195E78AB613CEF50AE3B247F0E4E42F233A7AAF5B2BFC5ADEA2C45C5F8D ] C:\Windows\System32\FXSRESM.dll
18:23:45.0930 0x0d54  C:\Windows\System32\FXSRESM.dll - ok
18:23:45.0930 0x0d54  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] C:\Windows\System32\FXSSVC.exe
18:23:45.0930 0x0d54  C:\Windows\System32\FXSSVC.exe - ok
18:23:45.0930 0x0d54  [ C5413BC4F10CEB4C3070BBF04D324117, 83908C79D22458BC05FAB5ABF1DDF74177B1E5C612E893C62C19C284D2C86F60 ] C:\Windows\SysWOW64\msisip.dll
18:23:45.0930 0x0d54  C:\Windows\SysWOW64\msisip.dll - ok
18:23:45.0945 0x0d54  [ EBCC2CEFDA0CE9F8DBFD7F4E380AF081, FE1C2E020F33644D4C6EE14F268AAEC482C1643F1DDAD7409900A721D7E30A77 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
18:23:45.0945 0x0d54  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe - ok
18:23:45.0945 0x0d54  [ FE48346938C1CDDDF4E4097DB9B99764, AC01FE84504B863DFA19D38BE854F518521072AB697DF51C888545CFBC839F4F ] C:\Windows\SysWOW64\nlaapi.dll
18:23:45.0945 0x0d54  C:\Windows\SysWOW64\nlaapi.dll - ok
18:23:45.0945 0x0d54  [ 0B7E85364CB878E2AD531DB7B601A9E5, F5AD3018427F1CD68450EE5CB55AA9572546322580E0FB1E7888702A291C2380 ] C:\Windows\SysWOW64\NapiNSP.dll
18:23:45.0945 0x0d54  C:\Windows\SysWOW64\NapiNSP.dll - ok
18:23:45.0945 0x0d54  [ 5CF640EDDB1E40A5AB1BB743BCDEC610, 0313AA3F713C9F5B84DBB0B4DE78A96B173E9F7B4CF61C10FDC7DAE952DB04E5 ] C:\Windows\SysWOW64\pnrpnsp.dll
18:23:45.0945 0x0d54  C:\Windows\SysWOW64\pnrpnsp.dll - ok
18:23:45.0945 0x0d54  [ 5DF5D8CFD9B9573FA3B2C89D9061A240, 990EA273B640DF2D7E800C0CFF18550259C605A4951CD82CD9F1E7B6FF0C9533 ] C:\Windows\SysWOW64\winrnr.dll
18:23:45.0945 0x0d54  C:\Windows\SysWOW64\winrnr.dll - ok
18:23:45.0961 0x0d54  [ AC122407B29378FF9646F03404AC7C54, 01F03A11C4419665557C3CB7E712B8AD59B13703115CB10C9F39FBE82D177BE6 ] C:\Windows\SysWOW64\wshbth.dll
18:23:45.0961 0x0d54  C:\Windows\SysWOW64\wshbth.dll - ok
18:23:45.0961 0x0d54  ================ Scan generic autorun ======================
18:23:46.0055 0x0d54  [ 483BAA4246B80BDE1EA562C618BBA4A1, 0340A483F2F00A329ADC625940E5B2E951E1AA362CB088477EFC92D245207CEA ] C:\Windows\system32\igfxtray.exe
18:23:46.0070 0x0d54  IgfxTray - ok
18:23:46.0117 0x0d54  [ 40CAEC9DBC892ED1915704CC54CB382E, 38976A5EF1461027FF8F07397793A9BEFD0B3B47EB1B86F0F3FB88818E5917C9 ] C:\Windows\system32\hkcmd.exe
18:23:46.0133 0x0d54  HotKeysCmds - ok
18:23:46.0195 0x0d54  [ C88B01661694F2013F8DF1BD66B8B39E, 5BB40F448A85EE00FC090D61BFAB2D15874946E355F92B4FA40482153F0EB83E ] C:\Windows\system32\igfxpers.exe
18:23:46.0195 0x0d54  Persistence - ok
18:23:46.0335 0x0d54  [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] c:\Program Files\Microsoft Security Client\msseces.exe
18:23:46.0367 0x0d54  MSC - ok
18:23:46.0367 0x0d54  SynTPEnh - ok
18:23:46.0647 0x0d54  [ 29A1AA60BEB49F0D270817F138618647, 0581DEB23E721938F96D8DD3BCAF2E83E0B35E7A36821CE9C216CFF1B578A849 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
18:23:46.0788 0x0d54  RTHDVCPL - ok
18:23:46.0866 0x0d54  [ 8943465BEFA91044227D42E84ECB8280, 76D19CE3EB7E6C6573F250543CDC10B3601604535BFB756805AE246FA55AC265 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
18:23:46.0881 0x0d54  NUSB3MON - ok
18:23:46.0975 0x0d54  [ 3CB07566302BCEEB898DE270A0BEC175, B234D1044D8702A0929BB48F729EB5078B44AA7CD574B6482633B51289E70200 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
18:23:47.0006 0x0d54  Adobe ARM - ok
18:23:47.0100 0x0d54  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:23:47.0147 0x0d54  Sidebar - ok
18:23:47.0178 0x0d54  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:23:47.0193 0x0d54  mctadmin - ok
18:23:47.0225 0x0d54  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:23:47.0256 0x0d54  Sidebar - ok
18:23:47.0256 0x0d54  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:23:47.0256 0x0d54  mctadmin - ok
18:23:47.0427 0x0d54  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
18:23:47.0490 0x0d54  HP Officejet Pro 8600 (NET) - ok
18:23:47.0490 0x0d54  Waiting for KSN requests completion. In queue: 17
18:23:48.0504 0x0d54  Waiting for KSN requests completion. In queue: 17
18:23:49.0518 0x0d54  Waiting for KSN requests completion. In queue: 17
18:23:50.0735 0x0d54  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
18:23:50.0781 0x0d54  Win FW state via NFP2: enabled
18:23:53.0699 0x0d54  ============================================================
18:23:53.0699 0x0d54  Scan finished
18:23:53.0699 0x0d54  ============================================================
18:23:53.0714 0x0d4c  Detected object count: 0
18:23:53.0714 0x0d4c  Actual detected object count: 0
18:26:17.0278 0x0bf4  Deinitialize success
 

Attached Thumbnails

  • Untitled.jpg
  • Untitled2.jpg

Edited by redleader74, 19 January 2015 - 08:36 PM.

  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Great, thank you. How's your machine? A final few scans and we'll be done.

 

 

 

Step#1 - Security Check
 
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

 

Step#2 - Malwarebytes Scan


  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • RootKitCheckBox.JPG
     
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • If anything is detected, there will be an Apply Actions button. Please click this.
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

 

 

Step#3 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post

 

1. Security Check log

2. Malwarebytes log
3. Contents of the ESET log file

 


  • 0

#15
redleader74

redleader74

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 195 posts

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 16.0.0.257  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5)
 Google Chrome (39.0.2171.95)
 Google Chrome (39.0.2171.99)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/19/2015
Scan Time: 7:35:03 PM
Logfile: malware.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.20.02
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Peter Chang

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328278
Time Elapsed: 9 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.CytiWeb.A, HKU\S-1-5-21-3782137376-2487312525-798218974-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{AA2FAC44-D24D-4FED-9E32-397D138365F1}, Quarantined, [2f2239bec3c60630dbf4e009df239868],
PUP.Optional.CytiWeb.A, HKU\S-1-5-21-3782137376-2487312525-798218974-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AA2FAC44-D24D-4FED-9E32-397D138365F1}, Quarantined, [2f2239bec3c60630dbf4e009df239868],
PUP.Optional.CytiWeb.A, HKLM\SOFTWARE\WOW6432NODE\Cyti Web, Quarantined, [91c001f69aefa591477c0274e41f629e],
PUP.Optional.Zoomify.A, HKLM\SOFTWARE\WOW6432NODE\zoompic_29, Quarantined, [99b8be39345516209b95e68d897aa65a],
PUP.Optional.CytiWeb.A, HKU\S-1-5-21-3782137376-2487312525-798218974-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Cyti Web, Quarantined, [90c1d42345440333299b591d3cc710f0],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{921265c3-88e5-40e1-8d74-df5314572900}Gw64.sys.vir    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\CytiWebbho.dll    a variant of Win32/BrowseFox.O potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\CytiWebUninstall.exe    Win32/BrowseFox.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\lbkfoppadempcpkcbollgbafoopndkee.crx    Win32/BrowseFox.Q potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\updateCytiWeb.exe    a variant of MSIL/BrowseFox.H potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\689b5bed4e9b4b8ba673.dll    a variant of Win32/BrowseFox.N potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\689b5bed4e9b4b8ba67364.dll    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\921265c388e540e18d74.dll    a variant of Win32/BrowseFox.N potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\921265c388e540e18d7464.dll    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\a69949478316401e82e4.dll    a variant of Win32/BrowseFox.N potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\a69949478316401e82e464.dll    a variant of Win64/BrowseFox.CI potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\CytiWeb.BOAS.exe    a variant of Win32/BrowseFox.R potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\CytiWeb.BOASHelper.exe    a variant of Win32/BrowseFox.R potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\CytiWeb.BOASPRT.exe    a variant of Win32/BrowseFox.R potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter.exe    Win32/BrowseFox.AB potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\CytiWeb.BrowserAdapter64.exe    Win64/BrowseFox.CM potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\CytiWeb.expext.exe    a variant of Win32/BrowseFox.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\CytiWeb.expextdll.dll    a variant of Win64/BrowseFox.CJ potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\CytiWeb.PurBrowse64.exe    a variant of Win64/BrowseFox.CL potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\utilCytiWeb.exe    a variant of MSIL/BrowseFox.H potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}.dll    a variant of Win32/BrowseFox.M potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}64.dll    a variant of Win64/BrowseFox.CH potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\{921265c3-88e5-40e1-8d74-df5314572900}.dll    a variant of Win32/BrowseFox.M potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\{921265c3-88e5-40e1-8d74-df5314572900}64.dll    a variant of Win64/BrowseFox.CH potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\{a6994947-8316-401e-82e4-23da215413fb}.dll    a variant of Win32/BrowseFox.M potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\{a6994947-8316-401e-82e4-23da215413fb}64.dll    a variant of Win64/BrowseFox.CH potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.BOAS.dll    a variant of MSIL/BrowseFox.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.BroStats.dll    a variant of MSIL/BrowseFox.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.BrowserAdapter.dll    a variant of MSIL/BrowseFox.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.ExpExt.dll    a variant of MSIL/BrowseFox.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.FFUpdate.dll    a variant of MSIL/BrowseFox.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.GCUpdate.dll    a variant of MSIL/BrowseFox.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.IEUpdate.dll    a variant of MSIL/BrowseFox.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cyti Web\bin\plugins\CytiWeb.PurBrowseG.dll    a variant of MSIL/BrowseFox.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\MyPC Backup\BackupStackUI.dll    a variant of MSIL/MyPCBackup.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\MyPC Backup\Configuration Updater.exe    a variant of MSIL/RunElevated.A potentially unsafe application
C:\FRST\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe    MSIL/MyPCBackup.E potentially unwanted application
C:\FRST\Quarantine\C\Users\Peter Chang\AppData\Local\nsg6B6B.tmp.xBAD    Win32/VOPackage.BC potentially unwanted application
C:\FRST\Quarantine\C\Users\Peter Chang\AppData\Roaming\VOPackage\VOPackage.exe    Win32/VOPackage.AZ potentially unwanted application
C:\FRST\Quarantine\C\Users\Peter Chang\AppData\Roaming\VOPackage\VOsrv.exe    a variant of Win32/VOPackage.BI potentially unwanted application
C:\FRST\Quarantine\C\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (1).exe.xBAD    a variant of Win32/OutBrowse.BS potentially unwanted application
C:\FRST\Quarantine\C\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (2).exe.xBAD    a variant of Win32/OutBrowse.BS potentially unwanted application
C:\FRST\Quarantine\C\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (3).exe.xBAD    a variant of Win32/OutBrowse.BS potentially unwanted application
C:\FRST\Quarantine\C\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe (4).exe.xBAD    a variant of Win32/OutBrowse.BS potentially unwanted application
C:\FRST\Quarantine\C\Users\Peter Chang\Downloads\java_runtime_enviroment_setup.exe.exe.xBAD    a variant of Win32/OutBrowse.BS potentially unwanted application
C:\FRST\Quarantine\C\Windows\system32\drivers\{689b5bed-4e9b-4b8b-a673-3c39fb4d2820}Gw64.sys.xBAD    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\FRST\Quarantine\C\Windows\system32\drivers\{a6994947-8316-401e-82e4-23da215413fb}Gw64.sys.xBAD    a variant of Win64/BrowseFox.CG potentially unwanted application
C:\Users\Peter Chang\Downloads\Setup.exe    a variant of Win32/Bundlore.Q potentially unwanted application
C:\Users\Peter Chang\Downloads\tuppsetup_cpx_cpx(1).exe    Win32/Systweak.K potentially unwanted application
C:\Users\Peter Chang\Downloads\tuppsetup_cpx_cpx(2).exe    Win32/Systweak.K potentially unwanted application
C:\Users\Peter Chang\Downloads\tuppsetup_cpx_cpx.exe    Win32/Systweak.K potentially unwanted application
C:\Windows.old\Documents and Settings\Peter Loi Chang\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\6dad0650-5234572a    multiple threats
C:\Windows.old\Documents and Settings\Peter Loi Chang\Downloads\asc-setup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Windows.old\Program Files (x86)\24x7Help\App24x7Hook64.dll    Win64/24x7Help.A potentially unwanted application
C:\Windows.old\Users\Peter Loi Chang\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\6dad0650-5234572a    multiple threats
C:\Windows.old\Users\Peter Loi Chang\Downloads\asc-setup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP