Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Chrome_Elf Dll Is Missing Error


  • Please log in to reply

#61
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Hello again,

 

RogueKiller Program found 9, here is the RKreport.

 

RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...ad/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : R [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/03/2017 14:45:56 (Duration : 00:39:30)

¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected] iexplore.exe(3756) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Found

¤¤¤ Registry : 8 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer.msn.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer.msn.com/ -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{05AE7197-A154-45B4-B9DA-DC3D53E3893D}C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe|Name=Java™ Platform SE binary|Desc=Java™ Platform SE binary|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{2071F468-3D0F-44CC-BADF-EECD3EC751A4}C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe|Name=Java™ Platform SE binary|Desc=Java™ Platform SE binary|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{05AE7197-A154-45B4-B9DA-DC3D53E3893D}C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe|Name=Java™ Platform SE binary|Desc=Java™ Platform SE binary|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{2071F468-3D0F-44CC-BADF-EECD3EC751A4}C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe|Name=Java™ Platform SE binary|Desc=Java™ Platform SE binary|Defer=User| [x] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPLX-00MBPT0 +++++
--- User ---
[MBR] cf6f0df4458de1c8e39e4156429fb4a4
[BSP] 4e3f2ceccea4a33a8e416812d4c48c73 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD5000BPVT-00HXZT3 +++++
--- User ---
[MBR] ed0c710a9518f24dfe8b7a2b9fac019a
[BSP] 618423c20f68ce2b8bec6dcfb3f7386b : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 


  • 0

Advertisements


#62
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

May have found something.

 

You can leave these two:

 

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer.msn.com/ -> Found 
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer.msn.com/ -> Found 

 

but have Rogue Killer remove the rest.

 

Then reboot and run Rogue Killer again and see if any of them came back.


  • 0

#63
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Hello,

 

I've removed all except for two items, as you've instructed me to --> just did a reboot and is currently scanning my laptop again, may take some time.


  • 0

#64
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

OK.  If it comes back then:

 

Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 

  • 0

#65
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Indeed, it came back, take a look at this screenshot - https://gyazo.com/90...e94c045ad311409

 

Small Update --> the scan is completed, and these two detected infected exe is deleted, excluding for these two other thing belonging to IE.

 

and here is the copied text from command prompt -- >

 

Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       360 N/A                                         
csrss.exe                      460 N/A                                         
wininit.exe                    528 N/A                                         
csrss.exe                      552 N/A                                         
services.exe                   584 N/A                                         
lsass.exe                      608 KeyIso, SamSs, VaultSvc                     
lsm.exe                        616 N/A                                         
winlogon.exe                   672 N/A                                         
svchost.exe                    756 DcomLaunch, PlugPlay, Power                 
svchost.exe                    840 RpcEptMapper, RpcSs                         
atiesrxx.exe                   956 AMD External Events Utility                 
svchost.exe                    988 AudioSrv, Dhcp, eventlog,                   
                                   HomeGroupProvider, lmhosts, wscsvc          
svchost.exe                   1020 AudioEndpointBuilder, hidserv,              
                                   HomeGroupListener, Netman, PcaSvc, SysMain,
                                   TrkWks, UxSms, WdiSystemHost, Wlansvc,      
                                   wudfsvc                                     
svchost.exe                    372 EventSystem, fdPHost, FontCache, netprofm,  
                                   nsi, WdiServiceHost, WinHttpAutoProxySvc    
svchost.exe                    536 AeLookupSvc, Appinfo, BITS, EapHost,        
                                   IKEEXT, iphlpsvc, LanmanServer, MMCSS,      
                                   ProfSvc, Schedule, SENS, ShellHWDetection,  
                                   Themes, Winmgmt, wuauserv                   
audiodg.exe                    920 N/A                                         
svchost.exe                   1052 gpsvc                                       
EgisTicketService.exe         1140 EgisTec Ticket Service                      
atieclxx.exe                  1160 N/A                                         
EgisService.exe               1352 EgisTec Service                             
svchost.exe                   1408 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
spoolsv.exe                   1556 Spooler                                     
svchost.exe                   1584 BFE, DPS, MpsSvc                            
svchost.exe                   1680 DiagTrack                                   
svchost.exe                   1736 FDResPub, SSDPSRV, upnphost                 
PresentationFontCache.exe     1764 FontCache3.0.0.0                            
sftvsa.exe                    2112 sftvsa                                      
svchost.exe                   2220 stisvc                                      
UpdaterService.exe            2344 Updater Service                             
MBAMService.exe               2380 MBAMService                                 
sftlist.exe                   2468 sftlist                                     
CVHSVC.EXE                    2812 cvhsvc                                      
GoogleUpdate.exe              3984 N/A                                         
svchost.exe                   4024 WinDefend                                   
GoogleCrashHandler.exe        4040 N/A                                         
GoogleCrashHandler64.exe      4060 N/A                                         
wmpnetwk.exe                  2080 WMPNetworkSvc                               
SearchIndexer.exe             1100 WSearch                                     
taskhost.exe                  3264 N/A                                         
dwm.exe                       1724 N/A                                         
explorer.exe                  3832 N/A                                         
mbamtray.exe                  4056 N/A                                         
iexplore.exe                  1564 N/A                                         
svchost.exe                   3968 p2pimsvc, p2psvc, PNRPsvc                   
wuauclt.exe                    340 N/A                                         
firefox.exe                   2920 N/A                                         
firefox.exe                    716 N/A                                         
RogueKiller64.exe             5028 N/A                                         
notepad.exe                   3972 N/A                                         
cmd.exe                       4716 N/A                                         
conhost.exe                   4232 N/A                                         
tasklist.exe                  4016 N/A                                         
WmiPrvSE.exe                  3856 N/A                   


Edited by InfinityFalse, 03 March 2017 - 05:38 PM.

  • 0

#66
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

Let's try it again with these two lines

TASKLIST /M  > \junk.txt
notepad \junk.txt

  • 0

#67
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

It looks like it's appearing "access is denied", look at this screenshot --> https://gyazo.com/58...c25da84f337ccd4

 

other than that, I got a txt ->

 

Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       360 N/A                                         
csrss.exe                      460 N/A                                         
wininit.exe                    528 N/A                                         
csrss.exe                      552 N/A                                         
services.exe                   584 N/A                                         
lsass.exe                      608 KeyIso, SamSs, VaultSvc                     
lsm.exe                        616 N/A                                         
winlogon.exe                   672 N/A                                         
svchost.exe                    756 DcomLaunch, PlugPlay, Power                 
svchost.exe                    840 RpcEptMapper, RpcSs                         
atiesrxx.exe                   956 AMD External Events Utility                 
svchost.exe                    988 AudioSrv, Dhcp, eventlog,                   
                                   HomeGroupProvider, lmhosts, wscsvc          
svchost.exe                   1020 AudioEndpointBuilder, hidserv,              
                                   HomeGroupListener, Netman, PcaSvc, SysMain,
                                   TrkWks, UxSms, WdiSystemHost, Wlansvc,      
                                   wudfsvc                                     
svchost.exe                    372 EventSystem, fdPHost, FontCache, netprofm,  
                                   nsi, WdiServiceHost, WinHttpAutoProxySvc    
svchost.exe                    536 AeLookupSvc, Appinfo, BITS, EapHost,        
                                   IKEEXT, iphlpsvc, LanmanServer, MMCSS,      
                                   ProfSvc, Schedule, SENS, ShellHWDetection,  
                                   Themes, Winmgmt, wuauserv                   
audiodg.exe                    920 N/A                                         
svchost.exe                   1052 gpsvc                                       
EgisTicketService.exe         1140 EgisTec Ticket Service                      
atieclxx.exe                  1160 N/A                                         
EgisService.exe               1352 EgisTec Service                             
svchost.exe                   1408 CryptSvc, Dnscache, LanmanWorkstation,      
                                   NlaSvc                                      
spoolsv.exe                   1556 Spooler                                     
svchost.exe                   1584 BFE, DPS, MpsSvc                            
svchost.exe                   1680 DiagTrack                                   
svchost.exe                   1736 FDResPub, SSDPSRV, upnphost                 
PresentationFontCache.exe     1764 FontCache3.0.0.0                            
sftvsa.exe                    2112 sftvsa                                      
svchost.exe                   2220 stisvc                                      
UpdaterService.exe            2344 Updater Service                             
MBAMService.exe               2380 MBAMService                                 
sftlist.exe                   2468 sftlist                                     
CVHSVC.EXE                    2812 cvhsvc                                      
GoogleUpdate.exe              3984 N/A                                         
svchost.exe                   4024 WinDefend                                   
GoogleCrashHandler.exe        4040 N/A                                         
GoogleCrashHandler64.exe      4060 N/A                                         
wmpnetwk.exe                  2080 WMPNetworkSvc                               
SearchIndexer.exe             1100 WSearch                                     
taskhost.exe                  3264 N/A                                         
dwm.exe                       1724 N/A                                         
explorer.exe                  3832 N/A                                         
mbamtray.exe                  4056 N/A                                         
iexplore.exe                  1564 N/A                                         
svchost.exe                   3968 p2pimsvc, p2psvc, PNRPsvc                   
wuauclt.exe                    340 N/A                                         
firefox.exe                   2920 N/A                                         
firefox.exe                    716 N/A                                         
RogueKiller64.exe             5028 N/A                                         
notepad.exe                   3972 N/A                                         
cmd.exe                       4716 N/A                                         
conhost.exe                   4232 N/A                                         
tasklist.exe                  4016 N/A                                         
WmiPrvSE.exe                  3856 N/A             


  • 0

#68
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

Nope.  It's the old junk.txt file.  You can only run tasklist from an elevated command prompt.

 

Copy the next two lines:
 
TASKLIST /M  > \junk.txt
notepad \junk.txt
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad 

  • 0

#69
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

I hope I got this right --> here it is.

 

Image Name                     PID Modules                                     
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       360 ntdll.dll                                   
csrss.exe                      460 ntdll.dll, CSRSRV.dll, basesrv.DLL,         
                                   winsrv.DLL, USER32.dll, GDI32.dll,          
                                   kernel32.dll, KERNELBASE.dll, LPK.dll,      
                                   USP10.dll, msvcrt.dll, sxssrv.DLL, sxs.dll,
                                   RPCRT4.dll, CRYPTBASE.dll                   
wininit.exe                    528 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, RPCRT4.dll, sechost.dll,        
                                   profapi.dll, IMM32.DLL, MSCTF.dll,          
                                   RpcRtRemote.dll, apphelp.dll,               
                                   CRYPTBASE.dll, WS2_32.dll, NSI.dll,         
                                   mswsock.dll, wshtcpip.dll, wship6.dll,      
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   ADVAPI32.dll                                
csrss.exe                      552 ntdll.dll, CSRSRV.dll, basesrv.DLL,         
                                   winsrv.DLL, USER32.dll, GDI32.dll,          
                                   kernel32.dll, KERNELBASE.dll, LPK.dll,      
                                   USP10.dll, msvcrt.dll, sxssrv.DLL, sxs.dll,
                                   RPCRT4.dll, CRYPTBASE.dll, ADVAPI32.dll,    
                                   sechost.dll                                 
services.exe                   584 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, RPCRT4.dll, SspiCli.dll,        
                                   profapi.dll, sechost.dll, CRYPTBASE.dll,    
                                   scext.dll, USER32.dll, GDI32.dll, LPK.dll,  
                                   USP10.dll, Secur32.dll, SCESRV.dll,         
                                   srvcli.dll, IMM32.DLL, MSCTF.dll,           
                                   RpcRtRemote.dll, credssp.dll, AUTHZ.dll,    
                                   UBPM.dll, ADVAPI32.dll, apphelp.dll,        
                                   WTSAPI32.dll, WINSTA.dll, WS2_32.dll,       
                                   NSI.dll, mswsock.dll, wshtcpip.dll,         
                                   wship6.dll                                  
lsass.exe                      608 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, RPCRT4.dll, SspiSrv.dll,        
                                   lsasrv.dll, sechost.dll, SspiCli.dll,       
                                   ADVAPI32.dll, USER32.dll, GDI32.dll,        
                                   LPK.dll, USP10.dll, SAMSRV.dll,             
                                   cryptdll.dll, MSASN1.dll, wevtapi.dll,      
                                   IMM32.DLL, MSCTF.dll, cngaudit.dll,         
                                   AUTHZ.dll, ncrypt.dll, bcrypt.dll,          
                                   msprivs.DLL, netjoin.dll, negoexts.DLL,     
                                   Secur32.dll, cryptbase.dll, kerberos.DLL,   
                                   CRYPTSP.dll, WS2_32.dll, NSI.dll,           
                                   mswsock.dll, wship6.dll, msv1_0.DLL,        
                                   netlogon.DLL, DNSAPI.dll, logoncli.dll,     
                                   schannel.DLL, CRYPT32.dll, wdigest.DLL,     
                                   rsaenh.dll, tspkg.DLL, pku2u.DLL,           
                                   bcryptprimitives.dll, RpcRtRemote.dll,      
                                   efslsaext.dll, scecli.DLL,                  
                                   EgisPwdFilter.DLL, EgisUtility.dll,         
                                   SHELL32.dll, SHLWAPI.dll, NETAPI32.dll,     
                                   netutils.dll, srvcli.dll, wkscli.dll,       
                                   USERENV.dll, profapi.dll, CryptoAPI.dll,    
                                   LIBEAY32.dll, WSOCK32.dll, WTSAPI32.dll,    
                                   ole32.dll, OLEAUT32.dll, MSVCP90.dll,       
                                   MSVCR90.dll, WINSTA.dll, credssp.dll,       
                                   keyiso.dll, wshtcpip.dll, dssenh.dll,       
                                   GPAPI.dll, vaultsvc.dll, ktmw32.dll,        
                                   CFGMGR32.dll, IPHLPAPI.DLL, WINNSI.DLL,     
                                   cryptnet.dll, WLDAP32.dll                   
lsm.exe                        616 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   SYSNTFY.dll, WMsgAPI.dll, CRYPTBASE.dll,    
                                   pcwum.dll, RpcRtRemote.dll, secur32.dll,    
                                   SSPICLI.DLL, credssp.dll, ADVAPI32.dll      
winlogon.exe                   672 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, WINSTA.dll, RPCRT4.dll,         
                                   IMM32.DLL, MSCTF.dll, ADVAPI32.dll,         
                                   sechost.dll, profapi.dll, RpcRtRemote.dll,  
                                   apphelp.dll, UXINIT.dll, UxTheme.dll,       
                                   CRYPTSP.dll, rsaenh.dll, CRYPTBASE.dll,     
                                   WindowsCodecs.dll, ole32.dll, wkscli.dll,   
                                   netjoin.dll, netutils.dll, SspiCli.dll,     
                                   slc.dll, MPR.dll                            
svchost.exe                    756 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   umpnpmgr.dll, SPINF.dll, USER32.dll,        
                                   GDI32.dll, LPK.dll, USP10.dll, DEVRTL.dll,  
                                   IMM32.DLL, MSCTF.dll, RpcRtRemote.dll,      
                                   USERENV.dll, profapi.dll, GPAPI.dll,        
                                   CRYPTBASE.dll, umpo.dll, WINSTA.dll,        
                                   SETUPAPI.dll, CFGMGR32.dll, ADVAPI32.dll,   
                                   OLEAUT32.dll, ole32.dll, DEVOBJ.dll,        
                                   pcwum.DLL, rpcss.dll, SspiCli.dll,          
                                   credssp.dll, CLBCatQ.DLL, ntmarta.dll,      
                                   WLDAP32.dll, wmidcprv.dll, FastProx.dll,    
                                   wbemcomn.dll, WS2_32.dll, NSI.dll,          
                                   NTDSAPI.dll, wbemprox.dll, CRYPTSP.dll,     
                                   rsaenh.dll, wbemsvc.dll, wmiutils.dll,      
                                   WINTRUST.dll, CRYPT32.dll, MSASN1.dll,      
                                   apphelp.dll, WTSAPI32.dll                   
svchost.exe                    840 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   rpcepmap.dll, RpcRtRemote.dll, secur32.dll,
                                   SSPICLI.DLL, credssp.dll, CRYPTBASE.dll,    
                                   rpcss.dll, ADVAPI32.dll, CRYPTSP.dll,       
                                   rsaenh.dll, WS2_32.dll, NSI.dll,            
                                   mswsock.dll, user32.dll, GDI32.dll,         
                                   LPK.dll, USP10.dll, IMM32.DLL, MSCTF.dll,   
                                   wshtcpip.dll, wship6.dll, FirewallAPI.dll,  
                                   VERSION.dll, CLBCatQ.DLL, ole32.dll,        
                                   OLEAUT32.dll, fwpuclnt.dll                  
atiesrxx.exe                   956 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, ADVAPI32.dll, sechost.dll,      
                                   RPCRT4.dll, WTSAPI32.dll, PSAPI.DLL,        
                                   USERENV.dll, profapi.dll, POWRPROF.dll,     
                                   SETUPAPI.dll, CFGMGR32.dll, OLEAUT32.dll,   
                                   ole32.dll, DEVOBJ.dll, dwmapi.dll,          
                                   IMM32.DLL, MSCTF.dll, WINTRUST.dll,         
                                   CRYPT32.dll, MSASN1.dll, WINSTA.dll,        
                                   apphelp.dll                                 
svchost.exe                    988 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, wevtsvc.dll,   
                                   RpcRtRemote.dll, secur32.dll, SSPICLI.DLL,  
                                   credssp.dll, WS2_32.dll, NSI.dll,           
                                   mswsock.dll, wshtcpip.dll, wship6.dll,      
                                   GPAPI.dll, audiosrv.dll, POWRPROF.dll,      
                                   SETUPAPI.dll, CFGMGR32.dll, OLEAUT32.dll,   
                                   DEVOBJ.dll, MMDevAPI.DLL, PROPSYS.dll,      
                                   AVRT.dll, CLBCatQ.DLL, WINSTA.dll,          
                                   SHLWAPI.dll, CRYPTSP.dll, rsaenh.dll,       
                                   audioses.dll, lmhsvc.dll, IPHLPAPI.DLL,     
                                   WINNSI.DLL, nrpsrv.DLL, dhcpcore.dll,       
                                   DNSAPI.dll, firewallapi.dll, VERSION.dll,   
                                   dhcpcore6.dll, dhcpcsvc.DLL, dhcpcsvc6.DLL,
                                   wscsvc.dll, dbghelp.dll, wbemprox.dll,      
                                   wbemcomn.dll, wbemsvc.dll, fastprox.dll,    
                                   NTDSAPI.dll, CRYPT32.dll, MSASN1.dll,       
                                   WINTRUST.DLL, imagehlp.dll, ncrypt.dll,     
                                   bcrypt.dll, bcryptprimitives.dll,           
                                   wuapi.dll, Cabinet.dll, profapi.dll,        
                                   USERENV.dll, wkscli.dll, netutils.dll,      
                                   provsvc.dll, npmproxy.dll, actxprxy.dll,    
                                   FunDisc.dll, ATL.DLL, msxml6.dll,           
                                   fdproxy.dll, P2P.dll, P2PCOLLAB.dll,        
                                   SHELL32.dll, ieproxy.dll,                   
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   pnrpnsp.dll, rasadhlp.dll                   
svchost.exe                   1020 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, audiosrv.dll,  
                                   POWRPROF.dll, SETUPAPI.dll, CFGMGR32.dll,   
                                   OLEAUT32.dll, DEVOBJ.dll, MMDevAPI.DLL,     
                                   PROPSYS.dll, AVRT.dll, CLBCatQ.DLL,         
                                   SHLWAPI.dll, uxsms.dll, WTSAPI32.dll,       
                                   WINSTA.dll, wlansvc.dll, CRYPT32.dll,       
                                   MSASN1.dll, bcrypt.dll, dsrole.dll,         
                                   SHELL32.dll, WLANMSM.DLL, WLANSEC.dll,      
                                   WS2_32.dll, NSI.dll, OneX.DLL,              
                                   eappprxy.dll, AUTHZ.dll, dhcpcsvc.DLL,      
                                   IPHLPAPI.DLL, WINNSI.DLL, eappcfg.dll,      
                                   wlgpclnt.dll, l2gpstore.dll, wlanutil.dll,  
                                   SYSNTFY.dll, WinSCard.dll, msxml6.dll,      
                                   CRYPTSP.dll, rsaenh.dll, RpcRtRemote.dll,   
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   kerberos.DLL, cryptdll.dll, WINTRUST.dll,   
                                   profapi.dll, netcfgx.dll, devrtl.DLL,       
                                   pcasvc.dll, apphelp.dll, AEPIC.dll,         
                                   sfc.dll, sfc_os.DLL, VERSION.dll,           
                                   wevtapi.dll, sysmain.dll, trkwks.dll,       
                                   ntmarta.dll, WLDAP32.dll, wudfsvc.dll,      
                                   WUDFPlatform.dll, hidserv.dll, HID.DLL,     
                                   USERENV.dll, GPAPI.dll,                     
                                   PortableDeviceApi.dll,                      
                                   portabledeviceconnectapi.dll,               
                                   bcryptprimitives.dll, netman.dll,           
                                   netshell.dll, nlaapi.dll, RASDLG.dll,       
                                   MPRAPI.dll, RASAPI32.dll, rasman.dll,       
                                   rtutils.dll, hnetcfg.dll, ATL.DLL, slc.dll,
                                   wbemprox.dll, wbemcomn.dll, wbemsvc.dll,    
                                   fastprox.dll, NTDSAPI.dll, listsvc.dll,     
                                   FirewallAPI.dll, actxprxy.dll,              
                                   IdListen.dll, XmlLite.dll, NETAPI32.dll,    
                                   netutils.dll, srvcli.dll, wkscli.dll,       
                                   SAMCLI.DLL, ncrypt.dll, hgprint.dll,        
                                   WINSPOOL.DRV                                
svchost.exe                    372 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, fntcache.dll,  
                                   es.dll, OLEAUT32.dll, CRYPTSP.dll,          
                                   rsaenh.dll, RpcRtRemote.dll, CLBCatQ.DLL,   
                                   nsisvc.dll, NSI.dll, SXS.DLL, netprofm.dll,
                                   nlaapi.dll, wdi.dll, npmproxy.dll,          
                                   WS2_32.dll, IPHLPAPI.DLL, WINNSI.DLL,       
                                   GPAPI.dll, perftrack.dll, wer.dll,          
                                   dwmapi.dll, Secur32.dll, SSPICLI.DLL,       
                                   AEPIC.dll, SHLWAPI.dll, winhttp.dll,        
                                   webio.dll, credssp.dll, DNSAPI.dll,         
                                   napinsp.dll, pnrpnsp.dll, wshbth.dll,       
                                   mswsock.dll, winrnr.dll, wshtcpip.dll,      
                                   wship6.dll, rasadhlp.dll, fwpuclnt.dll,     
                                   dhcpcsvc.DLL, dhcpcsvc6.DLL,                
                                   powertracker.dll, DEVOBJ.dll, CFGMGR32.dll,
                                   fdphost.dll, fdwsd.dll, ATL.DLL,            
                                   bcrypt.dll, CRYPT32.dll, MSASN1.dll,        
                                   MLANG.dll, wsdapi.dll, webservices.dll,     
                                   FirewallAPI.dll, VERSION.dll, fdssdp.dll,   
                                   SSDPAPI.dll, fdproxy.dll,                   
                                   bcryptprimitives.dll, XmlLite.dll,          
                                   FunDisc.dll, msxml6.dll, propsys.dll,       
                                   ieproxy.dll,                                
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll    
svchost.exe                    536 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, profsvc.dll,   
                                   OLEAUT32.dll, SYSNTFY.dll, USERENV.dll,     
                                   profapi.dll, SHLWAPI.dll, ATL.DLL,          
                                   themeservice.dll, RpcRtRemote.dll,          
                                   WINSTA.dll, CLBCatQ.DLL, CRYPTSP.dll,       
                                   rsaenh.dll, GPAPI.dll, sens.dll,            
                                   WS2_32.dll, NSI.dll, UxTheme.dll,           
                                   eapsvc.dll, eapphost.dll, CRYPT32.dll,      
                                   MSASN1.dll, umb.dll, shsvcs.dll, slc.dll,   
                                   CFGMGR32.dll, schedsvc.dll, pcwum.dll,      
                                   SHELL32.dll, NETAPI32.dll, netutils.dll,    
                                   srvcli.dll, wkscli.dll, SspiCli.dll,        
                                   wevtapi.dll, AUTHZ.dll, UBPM.dll,           
                                   ktmw32.dll, XmlLite.dll, SETUPAPI.dll,      
                                   DEVOBJ.dll, secur32.dll, credssp.dll,       
                                   WINTRUST.dll, taskcomp.dll, VERSION.dll,    
                                   ntmarta.dll, WLDAP32.dll, mswsock.dll,      
                                   wshtcpip.dll, wship6.dll, netjoin.dll,      
                                   WTSAPI32.dll, FVEAPI.dll, tbs.dll,          
                                   bcrypt.dll, FVECERTS.dll, LOGONCLI.DLL,     
                                   bcryptprimitives.dll, wiarpc.dll,           
                                   comctl32.dll, PROPSYS.dll, ikeext.dll,      
                                   fwpuclnt.dll, ncrypt.dll, IPHLPAPI.DLL,     
                                   WINNSI.DLL, dhcpcsvc.DLL, dhcpcsvc6.DLL,    
                                   wmisvc.dll, wbemcomn.dll, iphlpsvc.dll,     
                                   FirewallAPI.dll, rtutils.dll, sqmapi.dll,   
                                   WDSCORE.dll, devrtl.DLL, VSSAPI.DLL,        
                                   VssTrace.DLL, samcli.dll, SAMLIB.dll,       
                                   netprofm.dll, nlaapi.dll, wbemcore.dll,     
                                   esscli.dll, FastProx.dll, NTDSAPI.dll,      
                                   wbemsvc.dll, wmiutils.dll, repdrvfs.dll,    
                                   wmiprvsd.dll, NCObjAPI.DLL, wbemess.dll,    
                                   srvsvc.dll, dsrole.dll, browser.dll,        
                                   SSCORE.DLL, CLUSAPI.DLL, cryptdll.dll,      
                                   RESUTILS.DLL, DNSAPI.dll, rasadhlp.dll,     
                                   npmproxy.dll, SXS.DLL, ncprov.dll,          
                                   qmgr.dll, bitsperf.dll, bitsigd.dll,        
                                   upnp.dll, WINHTTP.dll, webio.dll,           
                                   SSDPAPI.dll, msxml3.dll,                    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   wuaueng.dll, ESENT.dll, WINSPOOL.DRV,       
                                   Cabinet.dll, mspatcha.dll, psapi.dll,       
                                   WMsgAPI.dll, wer.dll, SPPC.DLL,             
                                   RasApi32.dll, rasman.dll, apphelp.dll,      
                                   wups2.dll, appinfo.dll, mmcss.dll,          
                                   AVRT.dll, aelupsvc.dll                      
svchost.exe                   1052 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, gpsvc.dll,     
                                   GPAPI.dll, WLDAP32.dll, Secur32.dll,        
                                   SSPICLI.DLL, NSI.dll, wevtapi.dll,          
                                   NETAPI32.dll, netutils.dll, srvcli.dll,     
                                   wkscli.dll, LOGONCLI.DLL, SYSNTFY.dll,      
                                   nlaapi.dll, dsrole.dll, RpcRtRemote.dll,    
                                   slc.dll, SAMLIB.dll                         
EgisTicketService.exe         1140 ntdll.dll, wow64.dll, wow64win.dll,         
                                   wow64cpu.dll                                
atieclxx.exe                  1160 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, ADVAPI32.dll, sechost.dll,      
                                   RPCRT4.dll, USERENV.dll, profapi.dll,       
                                   WTSAPI32.dll, POWRPROF.dll, SETUPAPI.dll,   
                                   CFGMGR32.dll, OLEAUT32.dll, ole32.dll,      
                                   DEVOBJ.dll, dwmapi.dll, DIFXAPI.dll,        
                                   WINTRUST.dll, CRYPT32.dll, MSASN1.dll,      
                                   PSAPI.DLL, PROPSYS.dll, SHELL32.dll,        
                                   SHLWAPI.dll, IMM32.DLL, MSCTF.dll,          
                                   uxtheme.dll, WINSTA.dll, CRYPTBASE.dll,     
                                   CLBCatQ.DLL, MMDevApi.dll, SspiCli.dll      
EgisService.exe               1352 ntdll.dll, wow64.dll, wow64win.dll,         
                                   wow64cpu.dll                                
svchost.exe                   1408 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, dnsrslvr.dll,  
                                   WS2_32.dll, NSI.dll, DNSAPI.dll,            
                                   WINNSI.DLL, Fwpuclnt.dll, dnsext.dll,       
                                   USERENV.dll, profapi.dll, GPAPI.dll,        
                                   mswsock.dll, RpcRtRemote.dll, iphlpapi.dll,
                                   dhcpcsvc.DLL, wship6.dll, dhcpcsvc6.DLL,    
                                   wkssvc.dll, netutils.dll, netjoin.dll,      
                                   SspiCli.dll, cryptsvc.dll, CRYPTNET.dll,    
                                   CRYPT32.dll, MSASN1.dll, WLDAP32.dll,       
                                   VSSAPI.DLL, ATL.DLL, VssTrace.DLL,          
                                   OLEAUT32.dll, samcli.dll, SAMLIB.dll,       
                                   CRYPTSP.dll, rsaenh.dll, CLBCatQ.DLL,       
                                   es.dll, PROPSYS.dll, nlasvc.dll,            
                                   wevtapi.dll, ncsi.dll, WINHTTP.dll,         
                                   webio.dll, CFGMGR32.dll, secur32.dll,       
                                   credssp.dll, ssdpapi.dll, wkscli.dll,       
                                   wshtcpip.dll, bcrypt.dll,                   
                                   bcryptprimitives.dll, WTSAPI32.dll,         
                                   WINSTA.dll, SHLWAPI.dll, logoncli.dll,      
                                   rasadhlp.dll, ESENT.dll, psapi.dll,         
                                   SensApi.dll                                 
spoolsv.exe                   1556 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   POWRPROF.dll, SETUPAPI.dll, CFGMGR32.dll,   
                                   ADVAPI32.dll, OLEAUT32.dll, ole32.dll,      
                                   DEVOBJ.dll, DNSAPI.dll, WS2_32.dll,         
                                   NSI.dll, IMM32.DLL, MSCTF.dll,              
                                   CRYPTBASE.dll, slc.dll, RpcRtRemote.dll,    
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   IPHLPAPI.DLL, WINNSI.DLL, mswsock.dll,      
                                   wshtcpip.dll, wship6.dll, rasadhlp.dll,     
                                   fwpuclnt.dll, CLBCatQ.DLL, umb.dll,         
                                   ATL.DLL, WINTRUST.dll, CRYPT32.dll,         
                                   MSASN1.dll, localspl.dll, SPOOLSS.DLL,      
                                   srvcli.dll, winspool.drv,                   
                                   PrintIsolationProxy.dll, FXSMON.DLL,        
                                   tcpmon.dll, snmpapi.dll, wsnmp32.dll,       
                                   msxml6.dll, SHLWAPI.dll, bcrypt.dll,        
                                   usbmon.dll, wls0wndh.dll, WSDMon.dll,       
                                   wsdapi.dll, webservices.dll,                
                                   FirewallAPI.dll, VERSION.dll, FunDisc.dll,  
                                   fdPnp.dll, winprint.dll, USERENV.dll,       
                                   profapi.dll, GPAPI.dll, dsrole.dll,         
                                   win32spl.dll, DEVRTL.dll, SPINF.dll,        
                                   inetpp.dll, CRYPTSP.dll, WINSTA.dll,        
                                   rsaenh.dll, cscapi.dll, netutils.dll,       
                                   WTSAPI32.dll                                
svchost.exe                   1584 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, bfe.dll,       
                                   AUTHZ.dll, slc.dll, SspiCli.dll, pcwum.dll,
                                   RpcRtRemote.dll, mpssvc.dll,                
                                   FirewallAPI.dll, VERSION.dll, fwpuclnt.dll,
                                   NSI.dll, CFGMGR32.dll, SHLWAPI.dll,         
                                   secur32.dll, credssp.dll, USERENV.dll,      
                                   profapi.dll, GPAPI.dll, WS2_32.dll,         
                                   IPHLPAPI.DLL, WINNSI.DLL, dhcpcsvc.DLL,     
                                   dhcpcsvc6.DLL, wfapigp.dll, dps.dll,        
                                   OLEAUT32.dll, CLBCatQ.DLL, taskschd.dll,    
                                   ntmarta.dll, WLDAP32.dll, bcrypt.dll,       
                                   mswsock.dll, wshtcpip.dll, wship6.dll,      
                                   wdi.dll, netprofm.dll, nlaapi.dll,          
                                   CRYPTSP.dll, rsaenh.dll, npmproxy.dll,      
                                   wdiasqmmodule.dll, radardt.dll,             
                                   WTSAPI32.dll, WINSTA.dll, diagperf.dll      
svchost.exe                   1680 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, diagtrack.dll,
                                   USERENV.dll, profapi.dll, OLEAUT32.dll,     
                                   bcrypt.dll, SHLWAPI.dll, XmlLite.dll,       
                                   WINHTTP.dll, webio.dll, CRYPT32.dll,        
                                   MSASN1.dll, WTSAPI32.dll, WINSTA.dll,       
                                   Netapi32.dll, netutils.dll, srvcli.dll,     
                                   wkscli.dll, aepic.dll, SspiCli.dll,         
                                   WS2_32.dll, NSI.dll, credssp.dll,           
                                   mswsock.dll, IPHLPAPI.DLL, WINNSI.DLL,      
                                   dhcpcsvc.DLL, dhcpcsvc6.DLL, CFGMGR32.dll,  
                                   DNSAPI.dll, rasadhlp.dll, schannel.DLL,     
                                   secur32.dll, ncrypt.dll,                    
                                   bcryptprimitives.dll, GPAPI.dll,            
                                   CRYPTSP.dll, rsaenh.dll, cryptnet.dll,      
                                   WLDAP32.dll, SensApi.dll                    
svchost.exe                   1736 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   ole32.dll, GDI32.dll, USER32.dll, LPK.dll,  
                                   USP10.dll, IMM32.DLL, MSCTF.dll,            
                                   CRYPTBASE.dll, ADVAPI32.dll, fdrespub.dll,  
                                   wsdapi.dll, WS2_32.dll, NSI.dll,            
                                   IPHLPAPI.DLL, WINNSI.DLL, webservices.dll,  
                                   FirewallAPI.dll, VERSION.dll, CLBCatQ.DLL,  
                                   OLEAUT32.dll, FunDisc.dll, ATL.DLL,         
                                   SHLWAPI.dll, dhcpcsvc.DLL, dhcpcsvc6.DLL,   
                                   mswsock.dll, wship6.dll, wshtcpip.dll,      
                                   WINHTTP.dll, webio.dll, HTTPAPI.dll,        
                                   pcwum.dll, wkscli.dll, netutils.dll,        
                                   msxml6.dll, bcrypt.dll, CRYPTSP.dll,        
                                   rsaenh.dll, XmlLite.dll, ssdpsrv.dll,       
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   RpcRtRemote.dll, upnphost.dll, SHELL32.dll,
                                   SSDPAPI.dll, USERENV.dll, profapi.dll,      
                                   msxml3.dll,                                 
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   udhisapi.dll                                
PresentationFontCache.exe     1764 ntdll.dll, MSCOREE.DLL, KERNEL32.dll,       
                                   KERNELBASE.dll, ADVAPI32.dll, msvcrt.dll,   
                                   sechost.dll, RPCRT4.dll, mscoreei.dll,      
                                   SHLWAPI.dll, GDI32.dll, USER32.dll,         
                                   LPK.dll, USP10.dll, IMM32.DLL, MSCTF.dll,   
                                   VERSION.dll, mscorwks.dll, MSVCR80.dll,     
                                   shell32.dll, ole32.dll, profapi.dll,        
                                   mscorlib.ni.dll, CRYPTBASE.dll,             
                                   CRYPTSP.dll, rsaenh.dll, System.ni.dll,     
                                   System.ServiceProcess.ni.dll, mscorjit.dll,
                                   WindowsBase.ni.dll,                         
                                   PresentationCore.ni.dll, wpfgfx_v0300.dll,  
                                   OLEAUT32.dll, shfolder.dll                  
sftvsa.exe                    2112 ntdll.dll, wow64.dll, wow64win.dll,         
                                   wow64cpu.dll                                
svchost.exe                   2220 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   wiaservc.dll, ADVAPI32.dll, USER32.dll,     
                                   GDI32.dll, LPK.dll, USP10.dll,              
                                   OLEAUT32.dll, ole32.dll, VERSION.dll,       
                                   IMM32.DLL, MSCTF.dll, wiatrace.dll,         
                                   CRYPTBASE.dll, RpcRtRemote.dll,             
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   msv1_0.DLL, cryptdll.dll, CFGMGR32.dll,     
                                   CLBCatQ.DLL, CRYPTSP.dll, rsaenh.dll,       
                                   SETUPAPI.dll, DEVOBJ.dll                    
UpdaterService.exe            2344 ntdll.dll, wow64.dll, wow64win.dll,         
                                   wow64cpu.dll                                
MBAMService.exe               2380 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   IPHLPAPI.DLL, msvcrt.dll, NSI.dll,          
                                   WINNSI.DLL, RPCRT4.dll, WS2_32.dll,         
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   ADVAPI32.dll, sechost.dll, ole32.dll,       
                                   SHELL32.dll, SHLWAPI.dll, OLEAUT32.dll,     
                                   WTSAPI32.dll, USERENV.dll, profapi.dll,     
                                   NETAPI32.dll, netutils.dll, srvcli.dll,     
                                   wkscli.dll, MPR.dll, PSAPI.DLL,             
                                   VERSION.dll, CRYPT32.dll, MSASN1.dll,       
                                   IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,        
                                   CLBCatQ.DLL, CRYPTSP.dll, rsaenh.dll,       
                                   RpcRtRemote.dll, drprov.dll, WINSTA.dll,    
                                   ntlanman.dll, davclnt.dll, DAVHLPR.dll,     
                                   cscapi.dll, SXS.DLL, Bcrypt.dll,            
                                   bcryptprimitives.dll,                       
                                   PoliciesControllerImpl.dll,                 
                                   LicenseControllerImpl.dll,                  
                                   UpdateControllerImpl.dll,                   
                                   CloudControllerImpl.dll, pdh.dll,           
                                   ntmarta.dll, WLDAP32.dll, perfos.dll,       
                                   wbemprox.dll, wbemcomn.dll, wbemsvc.dll,    
                                   fastprox.dll, NTDSAPI.dll,                  
                                   TelemetryControllerImpl.dll,                
                                   CleanControllerImpl.dll, WINTRUST.dll,      
                                   sfc.dll, sfc_os.DLL, mswsock.dll,           
                                   wshtcpip.dll, wship6.dll, DNSAPI.dll,       
                                   rasadhlp.dll, fwpuclnt.dll, ncrypt.dll,     
                                   ScanControllerImpl.dll, imagehlp.dll,       
                                   SAMCLI.DLL, MBAMShim.dll, 7z.dll,           
                                   SwissarmyShim.dll, ActionsShim.dll,         
                                   Swissarmy.dll, Actions.dll,                 
                                   RTPControllerImpl.dll, dhcpcsvc.DLL,        
                                   RtpShim.dll, MwacControllerImpl.dll,        
                                   rtp.dll, FLTLIB.DLL, MwacSdkShim.dll,       
                                   ArwControllerImpl.dll, MwacLib.dll,         
                                   ArwSdkShim.dll, MBAMCore.dll, arwlib.dll,   
                                   AEControllerImpl.dll, AeShim.dll,           
                                   mbae-api-na.dll, SPControllerImpl.dll,      
                                   SelfProtectionShim.dll,                     
                                   SelfProtectionSdk.dll, Wscapi.dll,          
                                   urlmon.dll,                                 
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll, WININET.dll,    
                                   Secur32.dll, SSPICLI.DLL,                   
                                   api-ms-win-downlevel-advapi32-l2-1-0.dll,   
                                   SETUPAPI.dll, CFGMGR32.dll, DEVOBJ.dll,     
                                   DEVRTL.dll, GPAPI.dll, cryptnet.dll,        
                                   SensApi.dll, apphelp.dll                    
sftlist.exe                   2468 ntdll.dll, wow64.dll, wow64win.dll,         
                                   wow64cpu.dll                                
CVHSVC.EXE                    2812 ntdll.dll, wow64.dll, wow64win.dll,         
                                   wow64cpu.dll                                
GoogleUpdate.exe              3984 ntdll.dll, wow64.dll, wow64win.dll,         
                                   wow64cpu.dll                                
svchost.exe                   4024 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   mpsvc.dll, ADVAPI32.dll, ole32.dll,         
                                   GDI32.dll, USER32.dll, LPK.dll, USP10.dll,  
                                   WTSAPI32.dll, sfc.dll, sfc_os.DLL,          
                                   MpClient.dll, OLEAUT32.dll, USERENV.dll,    
                                   profapi.dll, WINTRUST.dll, CRYPT32.dll,     
                                   MSASN1.dll, VERSION.dll, SHELL32.dll,       
                                   SHLWAPI.dll, IMM32.DLL, MSCTF.dll,          
                                   GPAPI.dll, CRYPTSP.dll, rsaenh.dll,         
                                   CRYPTBASE.dll, imagehlp.dll, bcrypt.dll,    
                                   bcryptprimitives.dll, ncrypt.dll,           
                                   mprtp.dll, PSAPI.DLL, tdh.dll,              
                                   mpengine.dll,                               
                                   api-ms-win-core-synch-l1-2-0.DLL,           
                                   ntmarta.dll, WLDAP32.dll, secur32.dll,      
                                   SSPICLI.DLL, credssp.dll, RpcRtRemote.dll,  
                                   wscapi.dll, urlmon.dll,                     
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll, WININET.dll,    
                                   CLBCatQ.DLL, XmlLite.dll                    
GoogleCrashHandler.exe        4040 ntdll.dll, wow64.dll, wow64win.dll,         
                                   wow64cpu.dll                                
GoogleCrashHandler64.exe      4060 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   USER32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, ADVAPI32.dll, sechost.dll,      
                                   RPCRT4.dll, ole32.dll, SHELL32.dll,         
                                   SHLWAPI.dll, NETAPI32.dll, netutils.dll,    
                                   srvcli.dll, wkscli.dll, USERENV.dll,        
                                   profapi.dll, VERSION.dll, IMM32.DLL,        
                                   MSCTF.dll,                                  
                                   api-ms-win-core-synch-l1-2-0.DLL,           
                                   ntmarta.dll, WLDAP32.dll, dbghelp.dll,      
                                   CRYPTBASE.dll                               
wmpnetwk.exe                  2080 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
                                   USP10.dll, OLEAUT32.dll, ole32.dll,         
                                   WSOCK32.dll, WS2_32.dll, NSI.dll,           
                                   IPHLPAPI.DLL, WINNSI.DLL, SHLWAPI.dll,      
                                   USERENV.dll, profapi.dll, WTSAPI32.dll,     
                                   IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,        
                                   WINSTA.dll, ntmarta.dll, WLDAP32.dll,       
                                   wmdrmdev.dll, drmv2clt.dll, VERSION.dll,    
                                   MFPlat.DLL, AVRT.dll, SETUPAPI.dll,         
                                   CFGMGR32.dll, DEVOBJ.dll, SHELL32.dll,      
                                   WINTRUST.dll, CRYPT32.dll, MSASN1.dll,      
                                   CLBCatQ.DLL, CRYPTSP.dll, rsaenh.dll,       
                                   RpcRtRemote.dll, upnp.dll, WINHTTP.dll,     
                                   webio.dll, SSDPAPI.dll, SXS.DLL,            
                                   dhcpcsvc.DLL, dhcpcsvc6.DLL, wmp.dll,       
                                   gdiplus.dll, dwmapi.dll, wmploc.dll,        
                                   ieproxy.dll,                                
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   windowscodecs.dll, provsvc.dll, slc.dll,    
                                   SspiCli.dll, NETAPI32.dll, netutils.dll,    
                                   srvcli.dll, wkscli.dll, wmpps.dll,          
                                   wmpmde.dll, HTTPAPI.dll, pcwum.dll,         
                                   mswsock.dll, wshtcpip.dll, wship6.dll,      
                                   Indiv01_64.key, WinSATAPI.dll, dxgi.dll,    
                                   msxml6.dll, bcrypt.dll, urlmon.dll,         
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll, WININET.dll,    
                                   PROPSYS.dll, msmpeg2enc.dll, devenum.dll,   
                                   WINMM.dll, msdmo.dll, netprofm.dll,         
                                   nlaapi.dll, npmproxy.dll, upnphost.dll,     
                                   wbemprox.dll, wbemcomn.dll, wbemsvc.dll,    
                                   fastprox.dll, NTDSAPI.dll, GPAPI.dll,       
                                   FirewallAPI.dll, credssp.dll, msxml3.dll,   
                                   DNSAPI.dll, comctl32.dll, XmlLite.dll,      
                                   LINKINFO.dll, apphelp.dll,                  
                                   NetworkExplorer.dll, MPR.dll, drprov.dll,   
                                   ntlanman.dll, davclnt.dll, DAVHLPR.dll,     
                                   AUTHZ.dll, dsrole.dll, SAMLIB.dll,          
                                   PhotoMetadataHandler.dll, ntshrui.dll,      
                                   cscapi.dll                                  
SearchIndexer.exe             1100 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
                                   USP10.dll, ole32.dll, OLEAUT32.dll,         
                                   TQUERY.DLL, SHLWAPI.dll, MSSRCH.DLL,        
                                   ESENT.dll, IMM32.dll, MSCTF.dll, psapi.dll,
                                   SHELL32.dll, profapi.dll, CRYPTBASE.dll,    
                                   secur32.dll, SSPICLI.DLL, credssp.dll,      
                                   CLBCatQ.DLL, Msidle.dll, CRYPTSP.dll,       
                                   rsaenh.dll, RpcRtRemote.dll, propsys.dll,   
                                   tQuery.dll.mui, ntmarta.dll, WLDAP32.dll,   
                                   VSSAPI.DLL, ATL.DLL, VssTrace.DLL,          
                                   samcli.dll, SAMLIB.dll, netutils.dll,       
                                   es.dll, CFGMGR32.dll, WTSAPI32.dll,         
                                   WINSTA.dll, apphelp.dll, USERENV.dll,       
                                   mssprxy.dll, SXS.DLL, NaturalLanguage6.dll,
                                   CRYPT32.dll, MSASN1.dll, elscore.dll,       
                                   ElsLad.dll                                  
taskhost.exe                  3264 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, ole32.dll, GDI32.dll,           
                                   USER32.dll, LPK.dll, USP10.dll, RPCRT4.dll,
                                   OLEAUT32.dll, IMM32.DLL, MSCTF.dll,         
                                   CRYPTBASE.dll, sechost.dll, ADVAPI32.dll,   
                                   uxtheme.dll, dwmapi.dll, CLBCatQ.DLL,       
                                   wininet.dll,                                
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   shlwapi.DLL,                                
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   version.DLL,                                
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll,                 
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   USERENV.dll, profapi.dll,                   
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   dimsjob.dll, MsCtfMonitor.dll, MSUTB.dll,   
                                   WINSTA.dll, WTSAPI32.dll, PlaySndSrv.dll,   
                                   taskschd.dll, SspiCli.dll, mscms.dll,       
                                   api-ms-win-downlevel-advapi32-l2-1-0.dll,   
                                   HotStartUserAgent.dll, netprofm.dll,        
                                   NSI.dll, nlaapi.dll, slc.dll,               
                                   RpcRtRemote.dll, CRYPTSP.dll, rsaenh.dll,   
                                   npmproxy.dll, dsrole.dll, Dxva2.dll,        
                                   ESENT.dll, psapi.dll, WINMM.dll,            
                                   SHELL32.dll, msxml6.dll, bcrypt.dll,        
                                   MMDevAPI.DLL, PROPSYS.dll, wdmaud.drv,      
                                   ksuser.dll, AVRT.dll, SETUPAPI.dll,         
                                   CFGMGR32.dll, DEVOBJ.dll, AUDIOSES.DLL,     
                                   msacm32.drv, MSACM32.dll, midimap.dll,      
                                   sqmapi.dll                                  
dwm.exe                       1724 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   GDI32.dll, USER32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, UxTheme.dll, IMM32.dll,         
                                   MSCTF.dll, dwmredir.dll, dwmcore.dll,       
                                   ADVAPI32.dll, sechost.dll, RPCRT4.dll,      
                                   WindowsCodecs.dll, ole32.dll, d3d10_1.dll,  
                                   d3d10_1core.dll, dxgi.dll, VERSION.dll,     
                                   dwmapi.dll, d3d11.dll, WINTRUST.dll,        
                                   CRYPT32.dll, MSASN1.dll, aticfx64.dll,      
                                   WINMM.dll, atiuxp64.dll, atidxx64.dll,      
                                   uDWM.dll, slc.dll                           
explorer.exe                  3832 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, GDI32.dll, USER32.dll, LPK.dll,
                                   USP10.dll, SHLWAPI.dll, SHELL32.dll,        
                                   ole32.dll, OLEAUT32.dll, EXPLORERFRAME.dll,
                                   DUser.dll, DUI70.dll, IMM32.dll, MSCTF.dll,
                                   UxTheme.dll, POWRPROF.dll, SETUPAPI.dll,    
                                   CFGMGR32.dll, DEVOBJ.dll, dwmapi.dll,       
                                   slc.dll, gdiplus.dll, Secur32.dll,          
                                   SSPICLI.DLL, PROPSYS.dll, WINSTA.dll,       
                                   CRYPTBASE.dll, comctl32.dll,                
                                   WindowsCodecs.dll, profapi.dll,             
                                   apphelp.dll, CLBCatQ.DLL, CoreSync_x64.dll,
                                   api-ms-win-core-synch-l1-2-0.DLL,           
                                   EhStorShell.dll, ntshrui.dll, srvcli.dll,   
                                   cscapi.dll, IconCodecService.dll,           
                                   CRYPTSP.dll, rsaenh.dll, RpcRtRemote.dll,   
                                   SndVolSSO.DLL, HID.DLL, MMDevApi.dll,       
                                   timedate.cpl, ATL.DLL, actxprxy.dll,        
                                   ntmarta.dll, WLDAP32.dll, shdocvw.dll,      
                                   LINKINFO.dll, msutb.dll, USERENV.dll,       
                                   SAMLIB.dll, samcli.dll, gameux.dll,         
                                   XmlLite.dll, CRYPT32.dll, MSASN1.dll,       
                                   wer.dll, netutils.dll, MsftEdit.dll,        
                                   msls31.dll, tiptsf.dll, authui.dll,         
                                   CRYPTUI.dll, urlmon.dll,                    
                                   api-ms-win-downlevel-ole32-l1-1-0.dll,      
                                   api-ms-win-downlevel-shlwapi-l1-1-0.dll,    
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   api-ms-win-downlevel-user32-l1-1-0.dll,     
                                   api-ms-win-downlevel-version-l1-1-0.dll,    
                                   version.DLL,                                
                                   api-ms-win-downlevel-normaliz-l1-1-0.dll,   
                                   normaliz.DLL, iertutil.dll, WININET.dll,    
                                   api-ms-win-downlevel-advapi32-l2-1-0.dll,   
                                   msiltcfg.dll, msi.dll, NetworkExplorer.dll,
                                   WINMM.dll, wdmaud.drv, ksuser.dll,          
                                   AVRT.dll, AUDIOSES.DLL, msacm32.drv,        
                                   MSACM32.dll, midimap.dll, stobject.dll,     
                                   BatMeter.dll, WTSAPI32.dll, WINTRUST.dll,   
                                   es.dll, prnfldr.dll, WINSPOOL.DRV, dxp.dll,
                                   Syncreg.dll, ehSSO.dll, netshell.dll,       
                                   IPHLPAPI.DLL, NSI.dll, WINNSI.DLL,          
                                   nlaapi.dll, wpdshserviceobj.dll,            
                                   PortableDeviceTypes.dll,                    
                                   PortableDeviceApi.dll, srchadmin.dll,       
                                   AthCopyHook.dll, Actioncenter.dll,          
                                   wevtapi.dll, mssprxy.dll, SyncCenter.dll,   
                                   AltTab.dll, imapi2.dll, pnidui.dll,         
                                   QUtil.dll, bthprops.cpl, dhcpcsvc.DLL,      
                                   WS2_32.dll, dhcpcsvc6.DLL, credssp.dll,     
                                   npmproxy.dll, hgcpl.dll, provsvc.dll,       
                                   Wlanapi.dll, wlanutil.dll, wwanapi.dll,     
                                   wwapi.dll, QAgent.dll, SXS.DLL, fxsst.dll,  
                                   FXSAPI.dll, FXSRESM.DLL, ieproxy.dll,       
                                   api-ms-win-downlevel-shlwapi-l2-1-0.dll,    
                                   DEVRTL.dll, MPR.dll, wkscli.dll,            
                                   UIAnimation.dll, ieframe.DLL,               
                                   api-ms-win-downlevel-shell32-l1-1-0.dll,    
                                   drprov.dll, ntlanman.dll, davclnt.dll,      
                                   DAVHLPR.dll, StructuredQuery.dll,           
                                   twext.dll, mbshlext.dll, sfc.dll,           
                                   sfc_os.DLL, syncui.dll, SYNCENG.dll,        
                                   acppage.dll, wscinterop.dll, WSCAPI.dll,    
                                   wscui.cpl, werconcpl.dll, framedynos.dll,   
                                   wercplsupport.dll, msxml6.dll, bcrypt.dll,  
                                   hcproviders.dll, SearchFolder.dll,          
                                   NaturalLanguage6.dll, NLSData0009.dll,      
                                   NLSLexicons0009.dll, thumbcache.dll,        
                                   PSAPI.DLL, MLANG.dll, EhStorAPI.dll         
mbamtray.exe                  4056 ntdll.dll, wow64.dll, wow64win.dll,         
                                   wow64cpu.dll                                
svchost.exe                   3968 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, sechost.dll, RPCRT4.dll,        
                                   pnrpsvc.dll, USERENV.dll, profapi.dll,      
                                   GPAPI.dll, CRYPTBASE.dll, secur32.dll,      
                                   SSPICLI.DLL, credssp.dll, RpcRtRemote.dll,  
                                   WS2_32.dll, NSI.dll, mswsock.dll,           
                                   user32.dll, GDI32.dll, LPK.dll, USP10.dll,  
                                   IMM32.DLL, MSCTF.dll, wship6.dll,           
                                   IPHLPAPI.DLL, WINNSI.DLL, dhcpcsvc.DLL,     
                                   dhcpcsvc6.DLL, sqmapi.dll, ADVAPI32.dll,    
                                   ole32.dll, SSDPAPI.DLL, SHELL32.dll,        
                                   SHLWAPI.dll, CRYPT32.dll, MSASN1.dll,       
                                   CRYPTSP.dll, rsaenh.dll, ncrypt.dll,        
                                   bcrypt.dll, p2psvc.dll, P2PGRAPH.dll,       
                                   ESENT.dll, slc.dll, XmlLite.dll, psapi.dll,
                                   OLEAUT32.dll, AUTHZ.dll, pnrpnsp.dll,       
                                   rasadhlp.dll, ntmarta.dll, WLDAP32.dll,     
                                   schannel.DLL                                
wuauclt.exe                    340 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, ole32.dll, GDI32.dll,           
                                   USER32.dll, LPK.dll, USP10.dll, RPCRT4.dll,
                                   ADVAPI32.dll, sechost.dll, OLEAUT32.dll,    
                                   SHLWAPI.dll, IMM32.DLL, MSCTF.dll,          
                                   profapi.dll, wucltux.dll, gdiplus.dll,      
                                   MSIMG32.dll, SHELL32.dll, OLEACC.dll,       
                                   slc.dll, UxTheme.dll, DUser.dll,            
                                   Cabinet.dll, CRYPT32.dll, MSASN1.dll,       
                                   WindowsCodecs.dll, WINTRUST.dll,            
                                   comctl32.dll, CRYPTBASE.dll, CLBCatQ.DLL,   
                                   CRYPTSP.dll, rsaenh.dll, RpcRtRemote.dll,   
                                   wups2.dll                                   
iexplore.exe                  2408 ntdll.dll, wow64.dll, wow64win.dll,         
                                   wow64cpu.dll                                
firefox.exe                   1360 ntdll.dll, wow64.dll, wow64win.dll,         
                                   wow64cpu.dll                                
firefox.exe                   3952 ntdll.dll, wow64.dll, wow64win.dll,         
                                   wow64cpu.dll                                
audiodg.exe                   4320 N/A                                         
cmd.exe                       4000 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   msvcrt.dll, WINBRAND.dll, USER32.dll,       
                                   GDI32.dll, LPK.dll, USP10.dll, IMM32.DLL,   
                                   MSCTF.dll, RPCRT4.dll, ADVAPI32.dll,        
                                   sechost.dll,                                
                                   api-ms-win-downlevel-advapi32-l1-1-0.dll,   
                                   SspiCli.dll, apphelp.dll                    
conhost.exe                   3304 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   GDI32.dll, USER32.dll, LPK.dll, USP10.dll,  
                                   msvcrt.dll, IMM32.dll, MSCTF.dll,           
                                   ole32.dll, RPCRT4.dll, OLEAUT32.dll,        
                                   uxtheme.dll, dwmapi.dll, ADVAPI32.dll,      
                                   sechost.dll, comctl32.DLL, SHLWAPI.dll,     
                                   CRYPTBASE.dll                               
tasklist.exe                   936 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
                                   USP10.dll, ole32.dll, VERSION.dll, MPR.dll,
                                   OLEAUT32.dll, Secur32.dll, SSPICLI.DLL,     
                                   WS2_32.dll, NSI.dll, framedynos.dll,        
                                   WTSAPI32.dll, NETAPI32.dll, netutils.dll,   
                                   srvcli.dll, wkscli.dll, dbghelp.dll,        
                                   SHLWAPI.dll, IMM32.DLL, MSCTF.dll,          
                                   CRYPTBASE.dll, CLBCatQ.DLL, wbemprox.dll,   
                                   wbemcomn.dll, Winsta.dll, CRYPTSP.dll,      
                                   rsaenh.dll, RpcRtRemote.dll, wbemsvc.dll,   
                                   fastprox.dll, NTDSAPI.dll, wmiutils.dll     
WmiPrvSE.exe                  3800 ntdll.dll, kernel32.dll, KERNELBASE.dll,    
                                   ADVAPI32.dll, msvcrt.dll, sechost.dll,      
                                   RPCRT4.dll, USER32.dll, GDI32.dll, LPK.dll,
                                   USP10.dll, wbemcomn.dll, OLEAUT32.dll,      
                                   ole32.dll, WS2_32.dll, NSI.dll,             
                                   FastProx.dll, NTDSAPI.dll, NCObjAPI.DLL,    
                                   IMM32.DLL, MSCTF.dll, CRYPTBASE.dll,        
                                   ntmarta.dll, WLDAP32.dll, CLBCatQ.DLL,      
                                   wbemprox.dll, CRYPTSP.dll, rsaenh.dll,      
                                   RpcRtRemote.dll, wbemsvc.dll, wmiutils.dll,
                                   cimwin32.dll, framedynos.dll, SspiCli.dll,  
                                   WTSAPI32.dll, WINBRAND.dll                


  • 0

#70
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

Nothing unusual there.  Run Process Explorer then View, Show Lower Pane.

 

Now click on Process column header.  Find Iexplore.exe and click on it. (there may be more than one but any one will do.)

 

Now File, Save As, to your desktop.  OK.  It will save it as iexplore.exe.txt  Open the file and copy and paste the text.  

 

We're going to be watching TV the rest of the evening.  I'll check back after 10 PM Eastern Time.


  • 0

Advertisements


#71
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Alrighty, enjoy your evening - thank you for helping me so far, by the way, here is the log you've requested.

 

 

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    95.77    0 K    24 K    0            
System    0.27    176 K    3,104 K    4            
 Interrupts    0.31    0 K    0 K    n/a    Hardware Interrupts and DPCs        
 smss.exe        732 K    2,620 K    360            
csrss.exe    < 0.01    2,644 K    19,240 K    460            
wininit.exe        2,048 K    18,024 K    528            
 services.exe        6,024 K    26,852 K    584            
  svchost.exe        5,740 K    44,052 K    756    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe        4,984 K    29,432 K    840    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  atiesrxx.exe        2,024 K    28,096 K    956    AMD External Events Service Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
   atieclxx.exe        3,184 K    51,824 K    1160            
  svchost.exe        19,944 K    88,536 K    988    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
   audiodg.exe        16,244 K    16,240 K    2420            
  svchost.exe    0.19    173,236 K    243,484 K    1020    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
   dwm.exe    0.14    33,868 K    107,032 K    1724    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe    < 0.01    16,168 K    87,284 K    372    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe    < 0.01    28,336 K    106,808 K    536    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
   wuauclt.exe        2,848 K    51,772 K    340    Windows Update    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe    < 0.01    3,024 K    25,760 K    1052    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  EgisTicketService.exe        2,528 K    43,156 K    1140    Egis Ticket Service    Egis Technology Inc.     (Verified) EGIS TECHNOLOGY INC.
  EgisService.exe        4,356 K    43,932 K    1352    Egis Service    Egis Technology Inc.     (Verified) EGIS TECHNOLOGY INC.
  svchost.exe    0.01    18,912 K    57,552 K    1408    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  spoolsv.exe        7,356 K    44,880 K    1556    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe        15,976 K    45,404 K    1584    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe        7,244 K    69,892 K    1680    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe        7,248 K    57,072 K    1736    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  PresentationFontCache.exe        26,756 K    111,980 K    1764    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Corporation
  sftvsa.exe        1,696 K    30,128 K    2112    Microsoft Application Virtualization Virtual Service Agent    Microsoft Corporation    (Verified) Microsoft Corporation
  svchost.exe        2,336 K    27,616 K    2220    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  UpdaterService.exe        1,272 K    28,424 K    2344    Updater Service    Acer Group    (Verified) Acer Incorporated
  MBAMService.exe    0.02    360,344 K    384,800 K    2380    Malwarebytes Service    Malwarebytes    (Verified) Malwarebytes Corporation
  sftlist.exe        6,468 K    59,460 K    2468    Microsoft Application Virtualization Client Service    Microsoft Corporation    (Verified) Microsoft Corporation
  CVHSVC.EXE        5,664 K    64,444 K    2812            
  svchost.exe        51,564 K    201,224 K    4024    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
  wmpnetwk.exe        13,544 K    15,340 K    2080    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
  SearchIndexer.exe        32,800 K    84,376 K    1100    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
  taskhost.exe    < 0.01    17,732 K    75,976 K    3264    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
  svchost.exe        5,256 K    58,044 K    3968    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
 lsass.exe    < 0.01    8,324 K    59,212 K    608    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
 lsm.exe        3,060 K    17,132 K    616            
csrss.exe    0.15    4,076 K    32,304 K    552            
winlogon.exe        4,332 K    25,060 K    672            
GoogleUpdate.exe        2,284 K    31,192 K    3984            
 GoogleCrashHandler.exe        1,736 K    31,776 K    4040            
 GoogleCrashHandler64.exe        2,024 K    34,848 K    4060            
explorer.exe    < 0.01    64,380 K    226,292 K    3832    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
 mbamtray.exe        13,668 K    16,988 K    4056    Malwarebytes Tray Application    Malwarebytes    (Verified) Malwarebytes Corporation
 iexplore.exe    2.17    11,468 K    12,512 K    2408    Internet Explorer    Microsoft Corporation    (Verified) Microsoft Corporation
 firefox.exe    0.02    363,992 K    390,824 K    1360    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
  firefox.exe    0.28    693,252 K    715,876 K    3952    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
 procexp.exe        2,536 K    7,760 K    5020    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
  procexp64.exe    0.63    26,976 K    44,220 K    4356    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation

Process: iexplore.exe Pid: 2408

Type    Name
Desktop    \Default
Directory    \KnownDlls
Directory    \KnownDlls32
Directory    \KnownDlls32
Directory    \Sessions\1\BaseNamedObjects
File    C:\Windows
File    C:\Program Files (x86)\Internet Explorer
File    C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
File    \Device\Nsi
File    \Device\KsecDD
Key    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key    HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
Key    HKLM
Key    HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
Key    HKLM\SYSTEM\ControlSet001\Control\Nls\CustomLocale
Key    HKCU
Section    \Sessions\1\BaseNamedObjects\AutoUnhookMap$00000968$74c20000
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $76321e4d
Section    \Sessions\1\BaseNamedObjects\mchLLEW2$968
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $71ac0000
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $77519c07
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $75939400
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $75643efc
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $756682ed
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $75653bbb
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $7565a4a7
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $7564103d
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $75641072
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $7751c8a8
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $75659ae0
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $756bdf21
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $756658cd
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $756c3231
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $76313c29
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $759fb177
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $759fb057
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $77512bdc
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $77511e4c
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $77c0fd97
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $75e595d0
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $75efc650
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $75e59030
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $75efc500
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $75efcbb0
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $75efcb00
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $75efc820
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $75efc760
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $75ba3ab2
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $77565d10
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $775f1470
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $77646fc0
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $77646500
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $77572200
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $7758ed20
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $77568a40
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $775eaf60
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $775e2b30
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $7766a8d0
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $7750f125
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $7750f0e6
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $7750f088
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $7750efbf
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $7750edc6
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $77515610
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $7565eb82
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $77bffad0
Section    \Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00000968, API $77c00048
Thread    iexplore.exe(2408): 4956
Thread    iexplore.exe(2408): 4400
Thread    iexplore.exe(2408): 4748
Thread    iexplore.exe(2408): 4428
Thread    iexplore.exe(2408): 4428
Thread    iexplore.exe(2408): 4908
Thread    <Non-existent Process>(4632): 1192
Thread    firefox.exe(1360): 4896
WindowStation    \Sessions\1\Windows\WindowStations\WinSta0
WindowStation    \Sessions\1\Windows\WindowStations\WinSta0
 


  • 0

#72
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

This time it appears to be started by Firefox.  Can you click on Firefox and make a log?

 

I hate to do it but I think we are going to have to try Process Monitor.  This is a program that creates giant logs but you  can use wikisend to get them to me.  

 

 
Save and right click on it and Run As Admin.
 
then under Options, click Enable Boot Logging.  Close Process Monitor and reboot.
 
Open Process Monitor (Right click on it and Run As Admin.) and it should tell you it has a boot log for you to look at.
 
Once it loads the save log then:
 
File, Save, All Events,Native Process Monitor Format
 
(Note the path.  You can change it to your desktop)
 
file will be called logfile.pml
 
upload the file to wikisend like we did the other file.  Then post the link.

  • 0

#73
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

For some reasons, I am unable to upload files, including bootlog and loglife to Wikisend, every time I try to upload, I get error.


  • 0

#74
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,019 posts
  • MVP

Try renaming the file's extension to .txt or .jpg  We might have to zip up the file.  


  • 0

#75
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

It turns out that all of the files is way over 100mb, this is why I cannot upload files.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP