Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bluescreen Loop After Removing Pihar Rootkit Trojan

Started by Don54 , Mar 18 2013 08:49 AM

  • Please log in to reply

#1
Don54
Posted 18 March 2013 - 08:49 AM

Don54

    Member

  • Member
  • PipPip
  • 57 posts
Hello,

I have an issue similar to the previous bluescreen loop topic (dated 3/7/2013) following virus removal by Kaspersky. My desktop running Win 7 64bit now will not boot (blue screen loop). Last evening suddenly all of my applications closed out and the computer shut down. I was able to log back in with normal windows and was met with normal desktop but could not run most programs or exe files, though I could run applications like windows file manager. I then booted with Kaspersky Rescue 10 disk and ran scan (just on boot and startup items). Kaspersky found Pihar Trojan rootkit which was disinfected. I then rebooted and was met with the blue screen loop. Tried startup repair which was ineffective. Booted again with Kaspersky Rescue, ran further scan on C: which reports also finding "Trojan-Dropper.Win32.TDSS.awyc." States it cannot disinfect and recommends deletion. I skipped deletion pending further advice...I am concerned the MBR might have been damaged when Kaspersky removed the initial Pihar trojan. Just ran Frst64 which I paste below. Thanks for any help, this is way above my paygrade and I really need a hand.

-Don

***************************************************************************
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013
Ran by SYSTEM at 18-03-2013 09:57:04
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16327712 2009-06-26] (NVIDIA Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [2419512 2012-11-04] (Logitech, Inc.)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKU\Don\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

3 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152720 2012-05-23] (Lavasoft Limited)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 NitroReaderDriverReadSpool3; "C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe" [230416 2012-10-30] (Nitro PDF Software)
2 Pantech UTM Service; C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\PantechService.exe [65536 2010-11-23] (TODO: <Company name>)
4 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) =====================

3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-11-13] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-11-03] (Lavasoft AB)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 PTHSBUS; C:\Windows\System32\Drivers\PTHSBUS.sys [70928 2010-04-01] (DEVGURU Co., LTD.)
3 PTHSMDM; C:\Windows\System32\Drivers\PTHSMDM.sys [184976 2010-04-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 PTHSVSP; C:\Windows\System32\Drivers\PTHSVSP.sys [184976 2010-04-01] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-26] ()
1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
2 WinRing0_1_2_0; \??\C:\Users\Don\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [14544 2010-09-04] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-03-18 09:56 - 2013-03-18 09:56 - 00000000 ____D C:\FRST
2013-03-17 15:54 - 2013-03-17 15:54 - 00000055 ____A C:\Users\Don\Application Data\mbam.context.scan
2013-03-17 15:54 - 2013-03-17 15:54 - 00000055 ____A C:\Users\Don\AppData\Roaming\mbam.context.scan
2013-03-17 14:09 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2013-03-06 07:38 - 2013-03-06 07:38 - 00002513 ____A C:\Users\Public\Desktop\TurboTax 2012.lnk
2013-03-06 07:38 - 2013-03-06 07:38 - 00002513 ____A C:\ProgramData\Desktop\TurboTax 2012.lnk
2013-03-01 13:29 - 2013-03-01 13:29 - 00000919 ____A C:\Users\Public\Desktop\Jarte.lnk
2013-03-01 13:29 - 2013-03-01 13:29 - 00000919 ____A C:\ProgramData\Desktop\Jarte.lnk
2013-03-01 13:29 - 2013-03-01 13:29 - 00000000 ____D C:\Users\Don\Application Data\Jarte
2013-03-01 13:29 - 2013-03-01 13:29 - 00000000 ____D C:\Users\Don\AppData\Roaming\Jarte
2013-03-01 13:29 - 2013-03-01 13:29 - 00000000 ____D C:\Program Files (x86)\Jarte
2013-03-01 12:56 - 2013-03-01 12:56 - 487488267 ____A C:\Windows\MEMORY.DMP
2013-03-01 12:56 - 2013-03-01 12:56 - 00291496 ____A C:\Windows\Minidump\030113-20420-01.dmp
2013-02-23 16:25 - 2013-02-23 16:25 - 00001868 ____A C:\Users\Don\Downloads\gdec3british-invasion.fuse
2013-02-23 16:24 - 2013-02-23 16:24 - 00002102 ____A C:\Users\Don\Downloads\gdec3bourbon-street-telecaster.fuse
2013-02-23 16:23 - 2013-02-23 16:23 - 00002428 ____A C:\Users\Don\Downloads\gdec3acoustic-srv.fuse
2013-02-23 16:22 - 2013-02-23 16:22 - 00002018 ____A C:\Users\Don\Downloads\gdec3acousticfloyd-the-happiest-days-of-our-lives.fuse
2013-02-23 16:22 - 2013-02-23 16:22 - 00001524 ____A C:\Users\Don\Downloads\gdec3blues.fuse
2013-02-23 16:21 - 2013-02-23 16:21 - 00001971 ____A C:\Users\Don\Downloads\gdec3almost-buddy-guy.fuse
2013-02-23 16:21 - 2013-02-23 16:21 - 00001940 ____A C:\Users\Don\Downloads\gdec3hexdrix-blues-stack.fuse
2013-02-23 16:18 - 2013-02-23 16:18 - 00002067 ____A C:\Users\Don\Downloads\gdec3crosstown.fuse
2013-02-23 16:16 - 2013-02-23 16:16 - 00001741 ____A C:\Users\Don\Downloads\gdec3srv_little-wing.fuse
2013-02-23 16:16 - 2013-02-23 16:16 - 00001692 ____A C:\Users\Don\Downloads\gdec3kansas-2.fuse
2013-02-23 16:15 - 2013-02-23 16:15 - 00002051 ____A C:\Users\Don\Downloads\gdec3chuck-berry.fuse

==================== One Month Modified Files and Folders =======

2013-03-18 09:56 - 2013-03-18 09:56 - 00000000 ____D C:\FRST
2013-03-18 01:29 - 2012-06-07 07:57 - 00000000 ____D C:\Windows\Minidump
2013-03-18 01:29 - 2010-09-12 18:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-18 01:29 - 2010-05-09 18:23 - 00000000 ____D C:\Legacy
2013-03-18 01:29 - 2009-12-12 11:55 - 00000000 ____D C:\users\Don
2013-03-18 01:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-03-17 20:15 - 2010-11-03 03:49 - 00070085 ____A C:\aaw7boot.log
2013-03-17 19:55 - 2009-12-12 12:12 - 00000000 ____D C:\Users\Don\Tracing
2013-03-17 18:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-03-17 18:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-03-17 18:06 - 2012-02-26 07:10 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-03-17 15:54 - 2013-03-17 15:54 - 00000055 ____A C:\Users\Don\Application Data\mbam.context.scan
2013-03-17 15:54 - 2013-03-17 15:54 - 00000055 ____A C:\Users\Don\AppData\Roaming\mbam.context.scan
2013-03-17 15:13 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-17 15:13 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-17 15:10 - 2009-07-13 21:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-17 15:09 - 2009-07-13 21:10 - 01413514 ____A C:\Windows\WindowsUpdate.log
2013-03-17 15:05 - 2012-12-10 17:19 - 00004682 ____A C:\Windows\setupact.log
2013-03-17 15:05 - 2010-05-09 06:42 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-17 15:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-12 22:43 - 2012-04-02 19:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-12 22:31 - 2010-05-09 06:42 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-12 13:47 - 2012-04-02 19:34 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-12 13:47 - 2011-06-13 05:33 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-10 04:44 - 2011-04-26 16:12 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2013-03-10 04:44 - 2011-04-26 16:12 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2013-03-09 11:51 - 2010-02-27 16:05 - 00000000 ____D C:\Users\Don\My Documents\TurboTax
2013-03-09 11:51 - 2010-02-27 16:05 - 00000000 ____D C:\Users\Don\Documents\TurboTax
2013-03-06 07:39 - 2012-03-06 08:13 - 00000774 ____A C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-03-06 07:39 - 2012-03-06 08:13 - 00000774 ____A C:\ProgramData\Application Data\Microsoft.SqlServer.Compact.400.32.bc
2013-03-06 07:38 - 2013-03-06 07:38 - 00002513 ____A C:\Users\Public\Desktop\TurboTax 2012.lnk
2013-03-06 07:38 - 2013-03-06 07:38 - 00002513 ____A C:\ProgramData\Desktop\TurboTax 2012.lnk
2013-03-06 07:37 - 2010-02-27 15:42 - 00000000 ____D C:\Program Files (x86)\TurboTax
2013-03-01 13:29 - 2013-03-01 13:29 - 00000919 ____A C:\Users\Public\Desktop\Jarte.lnk
2013-03-01 13:29 - 2013-03-01 13:29 - 00000919 ____A C:\ProgramData\Desktop\Jarte.lnk
2013-03-01 13:29 - 2013-03-01 13:29 - 00000000 ____D C:\Users\Don\Application Data\Jarte
2013-03-01 13:29 - 2013-03-01 13:29 - 00000000 ____D C:\Users\Don\AppData\Roaming\Jarte
2013-03-01 13:29 - 2013-03-01 13:29 - 00000000 ____D C:\Program Files (x86)\Jarte
2013-03-01 13:28 - 2011-08-16 18:06 - 00000000 ____D C:\Users\Don\Application Data\Orbit
2013-03-01 13:28 - 2011-08-16 18:06 - 00000000 ____D C:\Users\Don\AppData\Roaming\Orbit
2013-03-01 12:56 - 2013-03-01 12:56 - 487488267 ____A C:\Windows\MEMORY.DMP
2013-03-01 12:56 - 2013-03-01 12:56 - 00291496 ____A C:\Windows\Minidump\030113-20420-01.dmp
2013-03-01 12:56 - 2009-07-13 21:08 - 00032540 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-02-23 16:25 - 2013-02-23 16:25 - 00001868 ____A C:\Users\Don\Downloads\gdec3british-invasion.fuse
2013-02-23 16:24 - 2013-02-23 16:24 - 00002102 ____A C:\Users\Don\Downloads\gdec3bourbon-street-telecaster.fuse
2013-02-23 16:23 - 2013-02-23 16:23 - 00002428 ____A C:\Users\Don\Downloads\gdec3acoustic-srv.fuse
2013-02-23 16:22 - 2013-02-23 16:22 - 00002018 ____A C:\Users\Don\Downloads\gdec3acousticfloyd-the-happiest-days-of-our-lives.fuse
2013-02-23 16:22 - 2013-02-23 16:22 - 00001524 ____A C:\Users\Don\Downloads\gdec3blues.fuse
2013-02-23 16:21 - 2013-02-23 16:21 - 00001971 ____A C:\Users\Don\Downloads\gdec3almost-buddy-guy.fuse
2013-02-23 16:21 - 2013-02-23 16:21 - 00001940 ____A C:\Users\Don\Downloads\gdec3hexdrix-blues-stack.fuse
2013-02-23 16:18 - 2013-02-23 16:18 - 00002067 ____A C:\Users\Don\Downloads\gdec3crosstown.fuse
2013-02-23 16:16 - 2013-02-23 16:16 - 00001741 ____A C:\Users\Don\Downloads\gdec3srv_little-wing.fuse
2013-02-23 16:16 - 2013-02-23 16:16 - 00001692 ____A C:\Users\Don\Downloads\gdec3kansas-2.fuse
2013-02-23 16:15 - 2013-02-23 16:15 - 00002051 ____A C:\Users\Don\Downloads\gdec3chuck-berry.fuse
2013-02-23 16:08 - 2011-08-16 18:06 - 00000000 ____D C:\Program Files (x86)\Orbitdownloader
2013-02-22 11:47 - 2010-09-12 17:35 - 00000000 ____D C:\Users\Don\My Documents\Dell 8000
2013-02-22 11:47 - 2010-09-12 17:35 - 00000000 ____D C:\Users\Don\Documents\Dell 8000
2013-02-21 05:31 - 2012-08-27 06:51 - 00000000 ____D C:\Users\Don\My Documents\Consulting
2013-02-21 05:31 - 2012-08-27 06:51 - 00000000 ____D C:\Users\Don\Documents\Consulting


ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-26 16:53:38
Restore point made on: 2013-03-01 21:56:35
Restore point made on: 2013-03-05 13:36:45
Restore point made on: 2013-03-06 07:37:59
Restore point made on: 2013-03-06 15:03:59
Restore point made on: 2013-03-08 23:45:56
Restore point made on: 2013-03-12 22:43:22
Restore point made on: 2013-03-17 14:58:33
Restore point made on: 2013-03-17 15:23:53
Restore point made on: 2013-03-17 19:31:48

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8183.12 MB
Available physical RAM: 7333.14 MB
Total Pagefile: 8181.27 MB
Available Pagefile: 7330.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:916.82 GB) (Free:732.34 GB) NTFS
2 Drive e: (KIS 2013) (CDROM) (Total:0.39 GB) (Free:0 GB) CDFS
3 Drive f: () (Removable) (Total:7.47 GB) (Free:0.17 GB) FAT32
4 Drive g: () (Removable) (Total:7.47 GB) (Free:2.37 GB) FAT32
9 Drive l: () (Removable) (Total:0.24 GB) (Free:0.14 GB) FAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected. Check for MBR/Partition infection.

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 7663 MB 0 B
Disk 2 Online 7663 MB 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B
Disk 7 Online 245 MB 0 B

Partitions of Disk 0:
===============

Disk ID: E05EAAD9

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 916 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 916 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 7655 MB Healthy

=========================================================

Partitions of Disk 2:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7655 MB Healthy

=========================================================

Partitions of Disk 7:
===============

Disk ID: 91F72D24

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 244 MB 16 KB

==================================================================================

Disk: 7
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L FAT Removable 244 MB Healthy

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: E05EAAD9

Partition 1:
=========
Hex: 00010100DEFE3F043F00000086390100
Active: NO
Type: DE
Size: 39 MB

Partition 2:
=========
Hex: 8019150507FEFFFF0040010000C0D401
Active: YES
Type: 07 (NTFS)
Size: 15 GB

Partition 3:
=========
Hex: 00FEFFFF07FEFFFF0000D601B0659A72
Active: NO
Type: 07 (NTFS)
Size: 917 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 00000000

Partition 1:
=========
Hex: 00002D000BFEFFCF2C000000A43FEF00
Active: NO
Type: 0B
Size: 7 GB

==============================
Partitions of Disk 2:
===============
Disk ID: 00000000

Partition 1:
=========
Hex: 00002D000BFEFFCF2C000000A43FEF00
Active: NO
Type: 0B
Size: 7 GB

==============================
Partitions of Disk 7:
===============
Disk ID: 91F72D24

Partition 1:
=========
Hex: 80010100060FE0D220000000E0A70700
Active: YES
Type: 06
Size: 245 MB


Last Boot: 2013-03-15 09:34

==================== End Of Log =============================
  • 0

Advertisements

#2
JSntgRvr
Posted 18 March 2013 - 04:15 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
:welcome:

Download the enclosed file.

Save it in the USB drive, next to FRST64.

Run FRST64 as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Attempt to boot in Normal Mode.

If successful run TDSSKiller as follows:

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
Don54
Posted 18 March 2013 - 05:27 PM

Don54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
This is genius. Thankyou!!!! After running FRST64 with the provided fixlist I was able to boot normally and execute programs such as IE which I then used to download TDSSKiller. Ran TDSSKiller as directed, only 4 suspicious files found and I confirmed the "skip" default. Logs follow.
***

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-03-18 18:27:19 Run:1
Running from F:\

==============================================

C:\Windows\svchost.exe moved successfully.

The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

***

18:44:46.0094 3700 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:44:46.0614 3700 ============================================================
18:44:46.0614 3700 Current date / time: 2013/03/18 18:44:46.0614
18:44:46.0614 3700 SystemInfo:
18:44:46.0614 3700
18:44:46.0614 3700 OS Version: 6.1.7601 ServicePack: 1.0
18:44:46.0614 3700 Product type: Workstation
18:44:46.0614 3700 ComputerName: DON-PC
18:44:46.0614 3700 UserName: Don
18:44:46.0614 3700 Windows directory: C:\Windows
18:44:46.0614 3700 System windows directory: C:\Windows
18:44:46.0614 3700 Running under WOW64
18:44:46.0614 3700 Processor architecture: Intel x64
18:44:46.0614 3700 Number of processors: 8
18:44:46.0614 3700 Page size: 0x1000
18:44:46.0614 3700 Boot type: Normal boot
18:44:46.0614 3700 ============================================================
18:44:47.0554 3700 BG loaded
18:44:48.0144 3700 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:44:48.0184 3700 Drive \Device\Harddisk5\DR5 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:44:48.0184 3700 Drive \Device\Harddisk6\DR6 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:44:48.0184 3700 Drive \Device\Harddisk7\DR7 - Size: 0xF500000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:44:48.0184 3700 ============================================================
18:44:48.0184 3700 \Device\Harddisk0\DR0:
18:44:48.0204 3700 MBR partitions:
18:44:48.0204 3700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
18:44:48.0204 3700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x729A65B0
18:44:48.0204 3700 \Device\Harddisk5\DR5:
18:44:48.0204 3700 MBR partitions:
18:44:48.0204 3700 \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
18:44:48.0204 3700 \Device\Harddisk6\DR6:
18:44:48.0204 3700 MBR partitions:
18:44:48.0204 3700 \Device\Harddisk6\DR6\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
18:44:48.0204 3700 \Device\Harddisk7\DR7:
18:44:48.0204 3700 MBR partitions:
18:44:48.0204 3700 \Device\Harddisk7\DR7\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x7A7E0
18:44:48.0204 3700 ============================================================
18:44:48.0414 3700 C: <-> \Device\Harddisk0\DR0\Partition2
18:44:48.0414 3700 ============================================================
18:44:48.0414 3700 Initialize success
18:44:48.0414 3700 ============================================================
18:46:14.0024 4660 ============================================================
18:46:14.0024 4660 Scan started
18:46:14.0024 4660 Mode: Manual; SigCheck; TDLFS;
18:46:14.0024 4660 ============================================================
18:46:15.0044 4660 ================ Scan system memory ========================
18:46:15.0044 4660 System memory - ok
18:46:15.0044 4660 ================ Scan services =============================
18:46:15.0184 4660 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:46:15.0254 4660 1394ohci - ok
18:46:15.0304 4660 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:46:15.0324 4660 ACPI - ok
18:46:15.0354 4660 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:46:15.0424 4660 AcpiPmi - ok
18:46:15.0504 4660 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:46:15.0514 4660 AdobeARMservice - ok
18:46:15.0644 4660 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:46:15.0654 4660 AdobeFlashPlayerUpdateSvc - ok
18:46:15.0714 4660 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:46:15.0724 4660 adp94xx - ok
18:46:15.0734 4660 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:46:15.0754 4660 adpahci - ok
18:46:15.0754 4660 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:46:15.0764 4660 adpu320 - ok
18:46:15.0814 4660 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:46:15.0884 4660 AeLookupSvc - ok
18:46:15.0944 4660 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:46:15.0984 4660 AERTFilters - ok
18:46:16.0024 4660 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:46:16.0064 4660 AFD - ok
18:46:16.0094 4660 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:46:16.0104 4660 agp440 - ok
18:46:16.0114 4660 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:46:16.0154 4660 ALG - ok
18:46:16.0164 4660 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:46:16.0174 4660 aliide - ok
18:46:16.0174 4660 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:46:16.0184 4660 amdide - ok
18:46:16.0194 4660 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:46:16.0224 4660 AmdK8 - ok
18:46:16.0234 4660 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:46:16.0254 4660 AmdPPM - ok
18:46:16.0284 4660 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:46:16.0294 4660 amdsata - ok
18:46:16.0304 4660 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:46:16.0314 4660 amdsbs - ok
18:46:16.0324 4660 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:46:16.0334 4660 amdxata - ok
18:46:16.0364 4660 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:46:16.0464 4660 AppID - ok
18:46:16.0474 4660 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:46:16.0514 4660 AppIDSvc - ok
18:46:16.0554 4660 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:46:16.0584 4660 Appinfo - ok
18:46:16.0604 4660 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:46:16.0614 4660 arc - ok
18:46:16.0614 4660 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:46:16.0624 4660 arcsas - ok
18:46:16.0754 4660 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:46:16.0794 4660 aspnet_state - ok
18:46:16.0814 4660 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:46:16.0854 4660 AsyncMac - ok
18:46:16.0884 4660 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:46:16.0894 4660 atapi - ok
18:46:16.0924 4660 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:46:16.0964 4660 AudioEndpointBuilder - ok
18:46:16.0974 4660 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:46:17.0004 4660 AudioSrv - ok
18:46:17.0054 4660 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:46:17.0124 4660 AxInstSV - ok
18:46:17.0164 4660 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:46:17.0184 4660 b06bdrv - ok
18:46:17.0224 4660 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:46:17.0254 4660 b57nd60a - ok
18:46:17.0274 4660 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
18:46:17.0284 4660 BCM42RLY - ok
18:46:17.0354 4660 [ 37394D3553E220FB732C21E217E1BD8B ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
18:46:17.0384 4660 BCM43XX - ok
18:46:17.0424 4660 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:46:17.0454 4660 BDESVC - ok
18:46:17.0474 4660 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:46:17.0514 4660 Beep - ok
18:46:17.0584 4660 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:46:17.0624 4660 BFE - ok
18:46:17.0674 4660 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:46:17.0714 4660 BITS - ok
18:46:17.0724 4660 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:46:17.0734 4660 blbdrive - ok
18:46:17.0764 4660 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:46:17.0774 4660 bowser - ok
18:46:17.0784 4660 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:46:17.0834 4660 BrFiltLo - ok
18:46:17.0834 4660 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:46:17.0844 4660 BrFiltUp - ok
18:46:17.0874 4660 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:46:17.0884 4660 Browser - ok
18:46:17.0904 4660 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:46:17.0934 4660 Brserid - ok
18:46:17.0944 4660 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:46:17.0964 4660 BrSerWdm - ok
18:46:17.0974 4660 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:46:17.0984 4660 BrUsbMdm - ok
18:46:17.0984 4660 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:46:17.0994 4660 BrUsbSer - ok
18:46:18.0004 4660 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:46:18.0024 4660 BTHMODEM - ok
18:46:18.0064 4660 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:46:18.0094 4660 bthserv - ok
18:46:18.0114 4660 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:46:18.0154 4660 cdfs - ok
18:46:18.0194 4660 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:46:18.0214 4660 cdrom - ok
18:46:18.0244 4660 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:46:18.0274 4660 CertPropSvc - ok
18:46:18.0294 4660 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:46:18.0324 4660 circlass - ok
18:46:18.0354 4660 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:46:18.0364 4660 CLFS - ok
18:46:18.0424 4660 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:46:18.0434 4660 clr_optimization_v2.0.50727_32 - ok
18:46:18.0484 4660 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:46:18.0494 4660 clr_optimization_v2.0.50727_64 - ok
18:46:18.0564 4660 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:46:18.0624 4660 clr_optimization_v4.0.30319_32 - ok
18:46:18.0644 4660 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:46:18.0654 4660 clr_optimization_v4.0.30319_64 - ok
18:46:18.0674 4660 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:46:18.0674 4660 CmBatt - ok
18:46:18.0684 4660 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:46:18.0694 4660 cmdide - ok
18:46:18.0734 4660 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
18:46:18.0754 4660 CNG - ok
18:46:18.0754 4660 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:46:18.0764 4660 Compbatt - ok
18:46:18.0804 4660 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:46:18.0814 4660 CompositeBus - ok
18:46:18.0834 4660 COMSysApp - ok
18:46:18.0854 4660 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:46:18.0864 4660 crcdisk - ok
18:46:18.0904 4660 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:46:18.0944 4660 CryptSvc - ok
18:46:19.0004 4660 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
18:46:19.0004 4660 ctxusbm - ok
18:46:19.0044 4660 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:46:19.0064 4660 DcomLaunch - ok
18:46:19.0104 4660 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:46:19.0134 4660 defragsvc - ok
18:46:19.0164 4660 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:46:19.0204 4660 DfsC - ok
18:46:19.0244 4660 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:46:19.0284 4660 Dhcp - ok
18:46:19.0294 4660 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:46:19.0314 4660 discache - ok
18:46:19.0324 4660 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:46:19.0334 4660 Disk - ok
18:46:19.0374 4660 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:46:19.0404 4660 Dnscache - ok
18:46:19.0494 4660 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
18:46:19.0524 4660 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
18:46:19.0524 4660 DockLoginService - detected UnsignedFile.Multi.Generic (1)
18:46:19.0564 4660 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:46:19.0604 4660 dot3svc - ok
18:46:19.0634 4660 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:46:19.0674 4660 DPS - ok
18:46:19.0704 4660 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:46:19.0724 4660 drmkaud - ok
18:46:19.0774 4660 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:46:19.0784 4660 DXGKrnl - ok
18:46:19.0814 4660 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:46:19.0864 4660 EapHost - ok
18:46:19.0924 4660 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:46:19.0984 4660 ebdrv - ok
18:46:20.0014 4660 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:46:20.0054 4660 EFS - ok
18:46:20.0124 4660 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:46:20.0174 4660 ehRecvr - ok
18:46:20.0204 4660 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:46:20.0244 4660 ehSched - ok
18:46:20.0274 4660 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:46:20.0294 4660 elxstor - ok
18:46:20.0314 4660 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:46:20.0334 4660 ErrDev - ok
18:46:20.0384 4660 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:46:20.0424 4660 EventSystem - ok
18:46:20.0434 4660 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:46:20.0464 4660 exfat - ok
18:46:20.0474 4660 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:46:20.0504 4660 fastfat - ok
18:46:20.0524 4660 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:46:20.0564 4660 Fax - ok
18:46:20.0574 4660 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:46:20.0594 4660 fdc - ok
18:46:20.0604 4660 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:46:20.0634 4660 fdPHost - ok
18:46:20.0644 4660 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:46:20.0664 4660 FDResPub - ok
18:46:20.0674 4660 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:46:20.0684 4660 FileInfo - ok
18:46:20.0684 4660 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:46:20.0724 4660 Filetrace - ok
18:46:20.0734 4660 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:46:20.0744 4660 flpydisk - ok
18:46:20.0764 4660 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:46:20.0774 4660 FltMgr - ok
18:46:20.0824 4660 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:46:20.0844 4660 FontCache - ok
18:46:20.0914 4660 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:46:20.0924 4660 FontCache3.0.0.0 - ok
18:46:20.0934 4660 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:46:20.0944 4660 FsDepends - ok
18:46:20.0974 4660 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:46:20.0984 4660 Fs_Rec - ok
18:46:21.0034 4660 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:46:21.0044 4660 fvevol - ok
18:46:21.0084 4660 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:46:21.0084 4660 gagp30kx - ok
18:46:21.0184 4660 [ 8F6AE606EB0CC884EE12C41948424422 ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
18:46:21.0194 4660 GoToAssist - ok
18:46:21.0234 4660 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:46:21.0284 4660 gpsvc - ok
18:46:21.0394 4660 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:46:21.0394 4660 gupdate - ok
18:46:21.0414 4660 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:46:21.0424 4660 gupdatem - ok
18:46:21.0444 4660 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:46:21.0474 4660 hcw85cir - ok
18:46:21.0524 4660 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:46:21.0554 4660 HDAudBus - ok
18:46:21.0554 4660 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:46:21.0584 4660 HidBatt - ok
18:46:21.0604 4660 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:46:21.0614 4660 HidBth - ok
18:46:21.0634 4660 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:46:21.0644 4660 HidIr - ok
18:46:21.0664 4660 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:46:21.0704 4660 hidserv - ok
18:46:21.0754 4660 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:46:21.0764 4660 HidUsb - ok
18:46:21.0794 4660 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:46:21.0834 4660 hkmsvc - ok
18:46:21.0864 4660 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:46:21.0874 4660 HomeGroupListener - ok
18:46:21.0904 4660 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:46:21.0934 4660 HomeGroupProvider - ok
18:46:21.0974 4660 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:46:21.0984 4660 HpSAMD - ok
18:46:22.0034 4660 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:46:22.0074 4660 HTTP - ok
18:46:22.0084 4660 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:46:22.0094 4660 hwpolicy - ok
18:46:22.0124 4660 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:46:22.0134 4660 i8042prt - ok
18:46:22.0164 4660 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:46:22.0174 4660 iaStor - ok
18:46:22.0224 4660 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:46:22.0234 4660 iaStorV - ok
18:46:22.0274 4660 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:46:22.0294 4660 idsvc - ok
18:46:22.0334 4660 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:46:22.0344 4660 iirsp - ok
18:46:22.0364 4660 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:46:22.0404 4660 IKEEXT - ok
18:46:22.0474 4660 [ D42D651676883181400E22957A7E0B1E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:46:22.0504 4660 IntcAzAudAddService - ok
18:46:22.0504 4660 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:46:22.0514 4660 intelide - ok
18:46:22.0544 4660 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:46:22.0574 4660 intelppm - ok
18:46:22.0684 4660 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
18:46:22.0684 4660 IntuitUpdateService - ok
18:46:22.0744 4660 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
18:46:22.0744 4660 IntuitUpdateServiceV4 - ok
18:46:22.0784 4660 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:46:22.0814 4660 IPBusEnum - ok
18:46:22.0844 4660 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:46:22.0884 4660 IpFilterDriver - ok
18:46:22.0914 4660 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:46:22.0934 4660 iphlpsvc - ok
18:46:22.0974 4660 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:46:22.0984 4660 IPMIDRV - ok
18:46:22.0994 4660 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:46:23.0034 4660 IPNAT - ok
18:46:23.0054 4660 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:46:23.0104 4660 IRENUM - ok
18:46:23.0104 4660 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:46:23.0114 4660 isapnp - ok
18:46:23.0124 4660 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:46:23.0134 4660 iScsiPrt - ok
18:46:23.0174 4660 [ 249EE2D26CB1530F3BEDE0AC8B9E3099 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
18:46:23.0174 4660 k57nd60a - ok
18:46:23.0214 4660 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:46:23.0214 4660 kbdclass - ok
18:46:23.0254 4660 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:46:23.0254 4660 kbdhid - ok
18:46:23.0264 4660 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:46:23.0274 4660 KeyIso - ok
18:46:23.0304 4660 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:46:23.0314 4660 KSecDD - ok
18:46:23.0344 4660 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:46:23.0354 4660 KSecPkg - ok
18:46:23.0364 4660 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:46:23.0404 4660 ksthunk - ok
18:46:23.0434 4660 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:46:23.0464 4660 KtmRm - ok
18:46:23.0494 4660 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:46:23.0524 4660 LanmanServer - ok
18:46:23.0554 4660 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:46:23.0594 4660 LanmanWorkstation - ok
18:46:23.0694 4660 [ 55AFD4A9D5ED4AD40D5215CCDF4D65F3 ] Lavasoft Ad-Aware Service C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
18:46:23.0734 4660 Lavasoft Ad-Aware Service - ok
18:46:23.0784 4660 [ 9A7FA6371F68335FD3C3D6488BC5A9F8 ] Lavasoft Kernexplorer C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
18:46:23.0794 4660 Lavasoft Kernexplorer - ok
18:46:23.0824 4660 [ C8B3131857931AE76798A741CC52B021 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys
18:46:23.0834 4660 Lbd - ok
18:46:23.0924 4660 [ 95EC0CB52692894E050CFC3573ABC3B2 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:46:23.0934 4660 LBTServ - ok
18:46:23.0974 4660 [ 4838EA42D5BBE1CA6BEE9BBA35E8D2E5 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
18:46:23.0984 4660 LEqdUsb - ok
18:46:24.0014 4660 [ 6F63F8A7FF6D4671973619BCF821B2F5 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
18:46:24.0024 4660 LHidEqd - ok
18:46:24.0054 4660 [ E536A1D8502D0CA79B928CAB9EAEB807 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:46:24.0054 4660 LHidFilt - ok
18:46:24.0064 4660 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:46:24.0104 4660 lltdio - ok
18:46:24.0134 4660 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:46:24.0174 4660 lltdsvc - ok
18:46:24.0184 4660 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:46:24.0204 4660 lmhosts - ok
18:46:24.0214 4660 [ 2E6D0110DACC769AE478ADE6C2572E37 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:46:24.0224 4660 LMouFilt - ok
18:46:24.0254 4660 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:46:24.0264 4660 LSI_FC - ok
18:46:24.0304 4660 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:46:24.0314 4660 LSI_SAS - ok
18:46:24.0314 4660 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:46:24.0324 4660 LSI_SAS2 - ok
18:46:24.0334 4660 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:46:24.0344 4660 LSI_SCSI - ok
18:46:24.0374 4660 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:46:24.0414 4660 luafv - ok
18:46:24.0434 4660 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:46:24.0464 4660 Mcx2Svc - ok
18:46:24.0484 4660 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:46:24.0484 4660 megasas - ok
18:46:24.0504 4660 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:46:24.0514 4660 MegaSR - ok
18:46:24.0544 4660 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:46:24.0574 4660 MMCSS - ok
18:46:24.0594 4660 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:46:24.0634 4660 Modem - ok
18:46:24.0644 4660 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:46:24.0664 4660 monitor - ok
18:46:24.0674 4660 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:46:24.0684 4660 mouclass - ok
18:46:24.0714 4660 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:46:24.0734 4660 mouhid - ok
18:46:24.0774 4660 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:46:24.0784 4660 mountmgr - ok
18:46:24.0844 4660 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:46:24.0854 4660 MpFilter - ok
18:46:24.0864 4660 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:46:24.0874 4660 mpio - ok
18:46:24.0884 4660 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:46:24.0914 4660 mpsdrv - ok
18:46:24.0944 4660 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:46:24.0984 4660 MpsSvc - ok
18:46:25.0004 4660 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:46:25.0024 4660 MRxDAV - ok
18:46:25.0054 4660 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:46:25.0064 4660 mrxsmb - ok
18:46:25.0084 4660 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:46:25.0104 4660 mrxsmb10 - ok
18:46:25.0114 4660 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:46:25.0124 4660 mrxsmb20 - ok
18:46:25.0134 4660 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:46:25.0144 4660 msahci - ok
18:46:25.0174 4660 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:46:25.0184 4660 msdsm - ok
18:46:25.0194 4660 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:46:25.0214 4660 MSDTC - ok
18:46:25.0234 4660 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:46:25.0254 4660 Msfs - ok
18:46:25.0264 4660 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:46:25.0304 4660 mshidkmdf - ok
18:46:25.0334 4660 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:46:25.0334 4660 msisadrv - ok
18:46:25.0374 4660 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:46:25.0414 4660 MSiSCSI - ok
18:46:25.0414 4660 msiserver - ok
18:46:25.0444 4660 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:46:25.0484 4660 MSKSSRV - ok
18:46:25.0564 4660 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:46:25.0574 4660 MsMpSvc - ok
18:46:25.0584 4660 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:46:25.0624 4660 MSPCLOCK - ok
18:46:25.0624 4660 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:46:25.0654 4660 MSPQM - ok
18:46:25.0694 4660 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:46:25.0704 4660 MsRPC - ok
18:46:25.0714 4660 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:46:25.0724 4660 mssmbios - ok
18:46:25.0724 4660 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:46:25.0764 4660 MSTEE - ok
18:46:25.0774 4660 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:46:25.0784 4660 MTConfig - ok
18:46:25.0814 4660 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:46:25.0824 4660 Mup - ok
18:46:25.0854 4660 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:46:25.0904 4660 napagent - ok
18:46:25.0954 4660 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:46:25.0974 4660 NativeWifiP - ok
18:46:26.0034 4660 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:46:26.0054 4660 NDIS - ok
18:46:26.0064 4660 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:46:26.0094 4660 NdisCap - ok
18:46:26.0124 4660 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:46:26.0154 4660 NdisTapi - ok
18:46:26.0194 4660 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:46:26.0224 4660 Ndisuio - ok
18:46:26.0264 4660 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:46:26.0304 4660 NdisWan - ok
18:46:26.0324 4660 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:46:26.0354 4660 NDProxy - ok
18:46:26.0364 4660 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:46:26.0394 4660 NetBIOS - ok
18:46:26.0424 4660 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:46:26.0444 4660 NetBT - ok
18:46:26.0454 4660 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:46:26.0464 4660 Netlogon - ok
18:46:26.0504 4660 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:46:26.0544 4660 Netman - ok
18:46:26.0574 4660 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:46:26.0604 4660 NetMsmqActivator - ok
18:46:26.0604 4660 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:46:26.0614 4660 NetPipeActivator - ok
18:46:26.0634 4660 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:46:26.0674 4660 netprofm - ok
18:46:26.0674 4660 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:46:26.0684 4660 NetTcpActivator - ok
18:46:26.0684 4660 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:46:26.0694 4660 NetTcpPortSharing - ok
18:46:26.0724 4660 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:46:26.0734 4660 nfrd960 - ok
18:46:26.0774 4660 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:46:26.0784 4660 NisDrv - ok
18:46:26.0844 4660 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:46:26.0854 4660 NisSrv - ok
18:46:26.0954 4660 [ DCD9287B04DE83CA22C8057C358243EA ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
18:46:26.0964 4660 NitroReaderDriverReadSpool3 - ok
18:46:27.0004 4660 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:46:27.0024 4660 NlaSvc - ok
18:46:27.0044 4660 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:46:27.0074 4660 Npfs - ok
18:46:27.0074 4660 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:46:27.0114 4660 nsi - ok
18:46:27.0124 4660 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:46:27.0164 4660 nsiproxy - ok
18:46:27.0214 4660 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:46:27.0254 4660 Ntfs - ok
18:46:27.0274 4660 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:46:27.0304 4660 Null - ok
18:46:27.0494 4660 [ 51BD7EF17F0B525994AD5B3748C8288B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:46:27.0614 4660 nvlddmkm - ok
18:46:27.0654 4660 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:46:27.0664 4660 nvraid - ok
18:46:27.0694 4660 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:46:27.0704 4660 nvstor - ok
18:46:27.0714 4660 [ FCE8537BF5D504680212D536A3BFE5E2 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:46:27.0724 4660 nvsvc - ok
18:46:27.0734 4660 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:46:27.0744 4660 nv_agp - ok
18:46:27.0834 4660 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:46:27.0854 4660 odserv - ok
18:46:27.0864 4660 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:46:27.0874 4660 ohci1394 - ok
18:46:27.0924 4660 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:46:27.0934 4660 ose - ok
18:46:28.0044 4660 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:46:28.0144 4660 osppsvc - ok
18:46:28.0204 4660 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:46:28.0234 4660 p2pimsvc - ok
18:46:28.0254 4660 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:46:28.0264 4660 p2psvc - ok
18:46:28.0324 4660 [ 01254851AAC4D211CCCE58213A4F9EB3 ] Pantech UTM Service C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\PantechService.exe
18:46:28.0344 4660 Pantech UTM Service ( UnsignedFile.Multi.Generic ) - warning
18:46:28.0344 4660 Pantech UTM Service - detected UnsignedFile.Multi.Generic (1)
18:46:28.0374 4660 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:46:28.0384 4660 Parport - ok
18:46:28.0414 4660 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:46:28.0424 4660 partmgr - ok
18:46:28.0444 4660 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:46:28.0464 4660 PcaSvc - ok
18:46:28.0474 4660 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:46:28.0484 4660 pci - ok
18:46:28.0494 4660 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:46:28.0504 4660 pciide - ok
18:46:28.0514 4660 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:46:28.0524 4660 pcmcia - ok
18:46:28.0534 4660 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:46:28.0544 4660 pcw - ok
18:46:28.0554 4660 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:46:28.0604 4660 PEAUTH - ok
18:46:28.0664 4660 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:46:28.0674 4660 PerfHost - ok
18:46:28.0724 4660 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:46:28.0804 4660 pla - ok
18:46:28.0854 4660 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:46:28.0884 4660 PlugPlay - ok
18:46:28.0894 4660 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:46:28.0914 4660 PNRPAutoReg - ok
18:46:28.0924 4660 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:46:28.0934 4660 PNRPsvc - ok
18:46:28.0964 4660 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:46:28.0994 4660 PolicyAgent - ok
18:46:29.0034 4660 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:46:29.0074 4660 Power - ok
18:46:29.0124 4660 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:46:29.0154 4660 PptpMiniport - ok
18:46:29.0184 4660 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:46:29.0204 4660 Processor - ok
18:46:29.0244 4660 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:46:29.0274 4660 ProfSvc - ok
18:46:29.0284 4660 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:46:29.0294 4660 ProtectedStorage - ok
18:46:29.0344 4660 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:46:29.0374 4660 Psched - ok
18:46:29.0424 4660 [ C20D4AD831743EFE60F8CBE0D5D64641 ] PTHSBUS C:\Windows\system32\DRIVERS\PTHSBUS.sys
18:46:29.0434 4660 PTHSBUS - ok
18:46:29.0444 4660 [ E5F9ED0AE7BF1373DA25C650B2B3CA90 ] PTHSMDM C:\Windows\system32\DRIVERS\PTHSMDM.sys
18:46:29.0444 4660 PTHSMDM - ok
18:46:29.0464 4660 [ FB1C6EFC96EB7E0FD515D5D65C5FA80D ] PTHSVSP C:\Windows\system32\DRIVERS\PTHSVSP.sys
18:46:29.0464 4660 PTHSVSP - ok
18:46:29.0514 4660 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:46:29.0514 4660 PxHlpa64 - ok
18:46:29.0544 4660 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:46:29.0584 4660 ql2300 - ok
18:46:29.0614 4660 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:46:29.0624 4660 ql40xx - ok
18:46:29.0664 4660 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:46:29.0684 4660 QWAVE - ok
18:46:29.0694 4660 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:46:29.0724 4660 QWAVEdrv - ok
18:46:29.0734 4660 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:46:29.0764 4660 RasAcd - ok
18:46:29.0794 4660 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:46:29.0824 4660 RasAgileVpn - ok
18:46:29.0844 4660 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:46:29.0884 4660 RasAuto - ok
18:46:29.0914 4660 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:46:29.0954 4660 Rasl2tp - ok
18:46:29.0994 4660 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:46:30.0024 4660 RasMan - ok
18:46:30.0064 4660 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:46:30.0104 4660 RasPppoe - ok
18:46:30.0104 4660 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:46:30.0134 4660 RasSstp - ok
18:46:30.0164 4660 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:46:30.0194 4660 rdbss - ok
18:46:30.0204 4660 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:46:30.0214 4660 rdpbus - ok
18:46:30.0224 4660 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:46:30.0244 4660 RDPCDD - ok
18:46:30.0284 4660 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:46:30.0314 4660 RDPENCDD - ok
18:46:30.0334 4660 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:46:30.0354 4660 RDPREFMP - ok
18:46:30.0394 4660 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:46:30.0434 4660 RDPWD - ok
18:46:30.0464 4660 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:46:30.0474 4660 rdyboost - ok
18:46:30.0504 4660 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:46:30.0534 4660 RemoteAccess - ok
18:46:30.0574 4660 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:46:30.0614 4660 RemoteRegistry - ok
18:46:30.0714 4660 [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
18:46:30.0754 4660 RoxMediaDB10 - ok
18:46:30.0774 4660 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:46:30.0804 4660 RpcEptMapper - ok
18:46:30.0834 4660 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:46:30.0844 4660 RpcLocator - ok
18:46:30.0874 4660 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:46:30.0904 4660 RpcSs - ok
18:46:30.0934 4660 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:46:30.0964 4660 rspndr - ok
18:46:31.0034 4660 [ 2E887E52E45BBA3C47CCD0E75FC5266F ] RTCore64 C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
18:46:31.0034 4660 RTCore64 - ok
18:46:31.0044 4660 RxFilter - ok
18:46:31.0044 4660 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:46:31.0054 4660 SamSs - ok
18:46:31.0084 4660 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:46:31.0094 4660 sbp2port - ok
18:46:31.0124 4660 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:46:31.0164 4660 SCardSvr - ok
18:46:31.0194 4660 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:46:31.0234 4660 scfilter - ok
18:46:31.0274 4660 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:46:31.0304 4660 Schedule - ok
18:46:31.0334 4660 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:46:31.0364 4660 SCPolicySvc - ok
18:46:31.0394 4660 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:46:31.0434 4660 SDRSVC - ok
18:46:31.0514 4660 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:46:31.0524 4660 SeaPort - ok
18:46:31.0574 4660 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:46:31.0594 4660 secdrv - ok
18:46:31.0604 4660 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:46:31.0634 4660 seclogon - ok
18:46:31.0664 4660 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:46:31.0694 4660 SENS - ok
18:46:31.0724 4660 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:46:31.0734 4660 SensrSvc - ok
18:46:31.0754 4660 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:46:31.0764 4660 Serenum - ok
18:46:31.0774 4660 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:46:31.0784 4660 Serial - ok
18:46:31.0824 4660 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:46:31.0844 4660 sermouse - ok
18:46:31.0884 4660 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:46:31.0914 4660 SessionEnv - ok
18:46:31.0954 4660 SessionLauncher - ok
18:46:31.0984 4660 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:46:32.0014 4660 sffdisk - ok
18:46:32.0014 4660 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:46:32.0024 4660 sffp_mmc - ok
18:46:32.0034 4660 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:46:32.0044 4660 sffp_sd - ok
18:46:32.0054 4660 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:46:32.0084 4660 sfloppy - ok
18:46:32.0124 4660 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:46:32.0154 4660 SharedAccess - ok
18:46:32.0184 4660 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:46:32.0214 4660 ShellHWDetection - ok
18:46:32.0244 4660 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:46:32.0254 4660 SiSRaid2 - ok
18:46:32.0264 4660 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:46:32.0274 4660 SiSRaid4 - ok
18:46:32.0304 4660 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:46:32.0344 4660 Smb - ok
18:46:32.0384 4660 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:46:32.0404 4660 SNMPTRAP - ok
18:46:32.0414 4660 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:46:32.0424 4660 spldr - ok
18:46:32.0474 4660 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:46:32.0494 4660 Spooler - ok
18:46:32.0564 4660 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:46:32.0614 4660 sppsvc - ok
18:46:32.0624 4660 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:46:32.0654 4660 sppuinotify - ok
18:46:32.0674 4660 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:46:32.0714 4660 srv - ok
18:46:32.0724 4660 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:46:32.0744 4660 srv2 - ok
18:46:32.0784 4660 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:46:32.0794 4660 srvnet - ok
18:46:32.0834 4660 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:46:32.0874 4660 SSDPSRV - ok
18:46:32.0884 4660 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:46:32.0914 4660 SstpSvc - ok
18:46:32.0924 4660 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:46:32.0934 4660 stexstor - ok
18:46:32.0974 4660 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:46:32.0994 4660 stisvc - ok
18:46:33.0044 4660 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:46:33.0054 4660 stllssvr - ok
18:46:33.0074 4660 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:46:33.0084 4660 swenum - ok
18:46:33.0114 4660 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:46:33.0154 4660 swprv - ok
18:46:33.0194 4660 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:46:33.0234 4660 SysMain - ok
18:46:33.0274 4660 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:46:33.0284 4660 TabletInputService - ok
18:46:33.0294 4660 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:46:33.0344 4660 TapiSrv - ok
18:46:33.0354 4660 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:46:33.0384 4660 TBS - ok
18:46:33.0444 4660 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:46:33.0484 4660 Tcpip - ok
18:46:33.0534 4660 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:46:33.0554 4660 TCPIP6 - ok
18:46:33.0584 4660 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:46:33.0604 4660 tcpipreg - ok
18:46:33.0614 4660 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:46:33.0644 4660 TDPIPE - ok
18:46:33.0684 4660 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:46:33.0694 4660 TDTCP - ok
18:46:33.0744 4660 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:46:33.0764 4660 tdx - ok
18:46:33.0774 4660 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:46:33.0784 4660 TermDD - ok
18:46:33.0794 4660 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:46:33.0844 4660 TermService - ok
18:46:33.0854 4660 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:46:33.0864 4660 Themes - ok
18:46:33.0894 4660 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:46:33.0914 4660 THREADORDER - ok
18:46:33.0954 4660 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:46:33.0994 4660 TrkWks - ok
18:46:34.0024 4660 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:46:34.0074 4660 TrustedInstaller - ok
18:46:34.0094 4660 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:46:34.0134 4660 tssecsrv - ok
18:46:34.0174 4660 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:46:34.0194 4660 TsUsbFlt - ok
18:46:34.0234 4660 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:46:34.0274 4660 tunnel - ok
18:46:34.0304 4660 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:46:34.0314 4660 uagp35 - ok
18:46:34.0324 4660 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:46:34.0354 4660 udfs - ok
18:46:34.0364 4660 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:46:34.0374 4660 UI0Detect - ok
18:46:34.0384 4660 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:46:34.0394 4660 uliagpkx - ok
18:46:34.0424 4660 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:46:34.0444 4660 umbus - ok
18:46:34.0454 4660 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:46:34.0474 4660 UmPass - ok
18:46:34.0494 4660 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:46:34.0544 4660 upnphost - ok
18:46:34.0554 4660 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:46:34.0574 4660 usbaudio - ok
18:46:34.0574 4660 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:46:34.0594 4660 usbccgp - ok
18:46:34.0634 4660 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:46:34.0644 4660 usbcir - ok
18:46:34.0654 4660 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:46:34.0664 4660 usbehci - ok
18:46:34.0674 4660 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:46:34.0684 4660 usbhub - ok
18:46:34.0694 4660 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:46:34.0714 4660 usbohci - ok
18:46:34.0744 4660 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:46:34.0774 4660 usbprint - ok
18:46:34.0784 4660 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:46:34.0814 4660 USBSTOR - ok
18:46:34.0824 4660 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:46:34.0844 4660 usbuhci - ok
18:46:34.0854 4660 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:46:34.0884 4660 UxSms - ok
18:46:34.0904 4660 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:46:34.0914 4660 VaultSvc - ok
18:46:34.0944 4660 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:46:34.0954 4660 vdrvroot - ok
18:46:34.0994 4660 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:46:35.0024 4660 vds - ok
18:46:35.0034 4660 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:46:35.0044 4660 vga - ok
18:46:35.0054 4660 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:46:35.0084 4660 VgaSave - ok
18:46:35.0104 4660 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:46:35.0114 4660 vhdmp - ok
18:46:35.0124 4660 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:46:35.0134 4660 viaide - ok
18:46:35.0144 4660 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:46:35.0154 4660 volmgr - ok
18:46:35.0184 4660 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:46:35.0204 4660 volmgrx - ok
18:46:35.0214 4660 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:46:35.0224 4660 volsnap - ok
18:46:35.0264 4660 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:46:35.0274 4660 vsmraid - ok
18:46:35.0314 4660 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:46:35.0384 4660 VSS - ok
18:46:35.0394 4660 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:46:35.0414 4660 vwifibus - ok
18:46:35.0434 4660 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:46:35.0464 4660 vwififlt - ok
18:46:35.0504 4660 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:46:35.0534 4660 W32Time - ok
18:46:35.0544 4660 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:46:35.0564 4660 WacomPen - ok
18:46:35.0594 4660 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:46:35.0624 4660 WANARP - ok
18:46:35.0634 4660 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:46:35.0654 4660 Wanarpv6 - ok
18:46:35.0724 4660 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:46:35.0764 4660 WatAdminSvc - ok
18:46:35.0794 4660 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:46:35.0864 4660 wbengine - ok
18:46:35.0874 4660 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:46:35.0884 4660 WbioSrvc - ok
18:46:35.0914 4660 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:46:35.0934 4660 wcncsvc - ok
18:46:35.0944 4660 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:46:35.0954 4660 WcsPlugInService - ok
18:46:35.0964 4660 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:46:35.0974 4660 Wd - ok
18:46:36.0004 4660 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:46:36.0024 4660 Wdf01000 - ok
18:46:36.0044 4660 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:46:36.0104 4660 WdiServiceHost - ok
18:46:36.0104 4660 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:46:36.0114 4660 WdiSystemHost - ok
18:46:36.0154 4660 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:46:36.0174 4660 WebClient - ok
18:46:36.0194 4660 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:46:36.0234 4660 Wecsvc - ok
18:46:36.0234 4660 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:46:36.0264 4660 wercplsupport - ok
18:46:36.0294 4660 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:46:36.0324 4660 WerSvc - ok
18:46:36.0354 4660 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:46:36.0374 4660 WfpLwf - ok
18:46:36.0384 4660 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:46:36.0394 4660 WIMMount - ok
18:46:36.0404 4660 WinDefend - ok
18:46:36.0414 4660 WinHttpAutoProxySvc - ok
18:46:36.0464 4660 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:46:36.0494 4660 Winmgmt - ok
18:46:36.0664 4660 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Users\Don\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys
18:46:36.0674 4660 WinRing0_1_2_0 - ok
18:46:36.0724 4660 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:46:36.0794 4660 WinRM - ok
18:46:36.0834 4660 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:46:36.0844 4660 WinUsb - ok
18:46:36.0884 4660 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:46:36.0904 4660 Wlansvc - ok
18:46:36.0984 4660 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:46:37.0014 4660 wlidsvc - ok
18:46:37.0064 4660 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
18:46:37.0074 4660 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
18:46:37.0074 4660 wltrysvc - detected UnsignedFile.Multi.Generic (1)
18:46:37.0104 4660 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:46:37.0124 4660 WmiAcpi - ok
18:46:37.0154 4660 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:46:37.0174 4660 wmiApSrv - ok
18:46:37.0214 4660 WMPNetworkSvc - ok
18:46:37.0214 4660 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:46:37.0224 4660 WPCSvc - ok
18:46:37.0264 4660 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:46:37.0274 4660 WPDBusEnum - ok
18:46:37.0304 4660 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:46:37.0324 4660 ws2ifsl - ok
18:46:37.0334 4660 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:46:37.0354 4660 wscsvc - ok
18:46:37.0364 4660 WSearch - ok
18:46:37.0414 4660 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:46:37.0444 4660 wuauserv - ok
18:46:37.0474 4660 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:46:37.0494 4660 WudfPf - ok
18:46:37.0504 4660 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:46:37.0524 4660 WUDFRd - ok
18:46:37.0544 4660 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:46:37.0564 4660 wudfsvc - ok
18:46:37.0594 4660 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:46:37.0614 4660 WwanSvc - ok
18:46:37.0634 4660 ================ Scan global ===============================
18:46:37.0664 4660 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:46:37.0684 4660 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
18:46:37.0684 4660 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
18:46:37.0734 4660 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:46:37.0764 4660 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:46:37.0774 4660 [Global] - ok
18:46:37.0774 4660 ================ Scan MBR ==================================
18:46:37.0784 4660 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
18:46:37.0974 4660 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:46:37.0974 4660 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:46:37.0974 4660 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
18:46:38.0064 4660 \Device\Harddisk5\DR5 - ok
18:46:38.0074 4660 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk6\DR6
18:46:38.0164 4660 \Device\Harddisk6\DR6 - ok
18:46:38.0174 4660 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk7\DR7
18:46:40.0264 4660 \Device\Harddisk7\DR7 - ok
18:46:40.0264 4660 ================ Scan VBR ==================================
18:46:40.0264 4660 [ A5C682221BB3BE9CA89446427C662F59 ] \Device\Harddisk0\DR0\Partition1
18:46:40.0264 4660 \Device\Harddisk0\DR0\Partition1 - ok
18:46:40.0274 4660 [ 78D9B7DA3FB3AEA9283E388FAF2C2666 ] \Device\Harddisk0\DR0\Partition2
18:46:40.0274 4660 \Device\Harddisk0\DR0\Partition2 - ok
18:46:40.0274 4660 [ 418D1B6D90949C703C4F14E4983B984F ] \Device\Harddisk5\DR5\Partition1
18:46:40.0274 4660 \Device\Harddisk5\DR5\Partition1 - ok
18:46:40.0274 4660 [ 7CF722B13B6B444BED1269634712ABE5 ] \Device\Harddisk6\DR6\Partition1
18:46:40.0274 4660 \Device\Harddisk6\DR6\Partition1 - ok
18:46:40.0284 4660 [ 7CE2AF09AC401A39764155616A9C3842 ] \Device\Harddisk7\DR7\Partition1
18:46:40.0284 4660 \Device\Harddisk7\DR7\Partition1 - ok
18:46:40.0284 4660 ================ Scan active images ========================
18:46:40.0284 4660 [ 02062C0B390B7729EDC9E69C680A6F3C ] C:\Windows\System32\drivers\atapi.sys
18:46:40.0284 4660 C:\Windows\System32\drivers\atapi.sys - ok
18:46:40.0284 4660 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
18:46:40.0284 4660 C:\Windows\System32\drivers\crashdmp.sys - ok
18:46:40.0284 4660 [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
18:46:40.0284 4660 C:\Windows\System32\drivers\Dumpata.sys - ok
18:46:40.0294 4660 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
18:46:40.0294 4660 C:\Windows\System32\drivers\dumpfve.sys - ok
18:46:40.0294 4660 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
18:46:40.0294 4660 C:\Windows\System32\drivers\cdrom.sys - ok
18:46:40.0294 4660 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
18:46:40.0294 4660 C:\Windows\System32\drivers\null.sys - ok
18:46:40.0294 4660 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
18:46:40.0294 4660 C:\Windows\System32\drivers\beep.sys - ok
18:46:40.0304 4660 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
18:46:40.0304 4660 C:\Windows\System32\drivers\vga.sys - ok
18:46:40.0304 4660 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
18:46:40.0304 4660 C:\Windows\System32\drivers\videoprt.sys - ok
18:46:40.0304 4660 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
18:46:40.0304 4660 C:\Windows\System32\drivers\watchdog.sys - ok
18:46:40.0304 4660 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
18:46:40.0304 4660 C:\Windows\System32\drivers\RDPCDD.sys - ok
18:46:40.0314 4660 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
18:46:40.0314 4660 C:\Windows\System32\drivers\RDPENCDD.sys - ok
18:46:40.0314 4660 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
18:46:40.0314 4660 C:\Windows\System32\drivers\msfs.sys - ok
18:46:40.0314 4660 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
18:46:40.0314 4660 C:\Windows\System32\drivers\RDPREFMP.sys - ok
18:46:40.0314 4660 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
18:46:40.0314 4660 C:\Windows\System32\drivers\npfs.sys - ok
18:46:40.0324 4660 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
18:46:40.0324 4660 C:\Windows\System32\drivers\tdi.sys - ok
18:46:40.0324 4660 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
18:46:40.0324 4660 C:\Windows\System32\drivers\tdx.sys - ok
18:46:40.0324 4660 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
18:46:40.0324 4660 C:\Windows\System32\drivers\afd.sys - ok
18:46:40.0324 4660 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
18:46:40.0324 4660 C:\Windows\System32\drivers\netbt.sys - ok
18:46:40.0334 4660 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
18:46:40.0334 4660 C:\Windows\System32\drivers\wfplwf.sys - ok
18:46:40.0334 4660 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
18:46:40.0334 4660 C:\Windows\System32\drivers\pacer.sys - ok
18:46:40.0334 4660 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
18:46:40.0334 4660 C:\Windows\System32\drivers\vwififlt.sys - ok
18:46:40.0334 4660 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
18:46:40.0334 4660 C:\Windows\System32\drivers\netbios.sys - ok
18:46:40.0344 4660 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
18:46:40.0344 4660 C:\Windows\System32\drivers\wanarp.sys - ok
18:46:40.0344 4660 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
18:46:40.0344 4660 C:\Windows\System32\drivers\nsiproxy.sys - ok
18:46:40.0344 4660 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
18:46:40.0344 4660 C:\Windows\System32\drivers\rdbss.sys - ok
18:46:40.0344 4660 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
18:46:40.0344 4660 C:\Windows\System32\drivers\termdd.sys - ok
18:46:40.0354 4660 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
18:46:40.0354 4660 C:\Windows\System32\drivers\discache.sys - ok
18:46:40.0354 4660 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
18:46:40.0354 4660 C:\Windows\System32\drivers\mssmbios.sys - ok
18:46:40.0354 4660 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] C:\Windows\System32\drivers\ctxusbm.sys
18:46:40.0354 4660 C:\Windows\System32\drivers\ctxusbm.sys - ok
18:46:40.0354 4660 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
18:46:40.0354 4660 C:\Windows\System32\drivers\dfsc.sys - ok
18:46:40.0364 4660 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
18:46:40.0364 4660 C:\Windows\System32\drivers\blbdrive.sys - ok
18:46:40.0364 4660 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
18:46:40.0364 4660 C:\Windows\System32\drivers\tunnel.sys - ok
18:46:40.0364 4660 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
18:46:40.0364 4660 C:\Windows\System32\drivers\intelppm.sys - ok
18:46:40.0364 4660 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
18:46:40.0364 4660 C:\Windows\System32\ntdll.dll - ok
18:46:40.0374 4660 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
18:46:40.0374 4660 C:\Windows\System32\smss.exe - ok
18:46:40.0374 4660 [ 5E057D28C2C8A2F3ED2FBFD8429DE05B ] C:\Windows\System32\drivers\nvBridge.kmd
18:46:40.0374 4660 C:\Windows\System32\drivers\nvBridge.kmd - ok
18:46:40.0374 4660 [ 51BD7EF17F0B525994AD5B3748C8288B ] C:\Windows\System32\drivers\nvlddmkm.sys
18:46:40.0374 4660 C:\Windows\System32\drivers\nvlddmkm.sys - ok
18:46:40.0374 4660 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys
18:46:40.0374 4660 C:\Windows\System32\drivers\dxgkrnl.sys - ok
18:46:40.0384 4660 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys
18:46:40.0384 4660 C:\Windows\System32\drivers\dxgmms1.sys - ok
18:46:40.0384 4660 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
18:46:40.0384 4660 C:\Windows\System32\drivers\usbehci.sys - ok
18:46:40.0384 4660 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
18:46:40.0384 4660 C:\Windows\System32\drivers\usbport.sys - ok
18:46:40.0384 4660 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
18:46:40.0384 4660 C:\Windows\System32\drivers\hdaudbus.sys - ok
18:46:40.0394 4660 [ A87D604AEA360176311474C87A63BB88 ] C:\Windows\System32\drivers\1394ohci.sys
18:46:40.0394 4660 C:\Windows\System32\drivers\1394ohci.sys - ok
18:46:40.0394 4660 [ 37394D3553E220FB732C21E217E1BD8B ] C:\Windows\System32\drivers\BCMWL664.SYS
18:46:40.0394 4660 C:\Windows\System32\drivers\BCMWL664.SYS - ok
18:46:40.0394 4660 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
18:46:40.0394 4660 C:\Windows\System32\drivers\vwifibus.sys - ok
18:46:40.0394 4660 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
18:46:40.0394 4660 C:\Windows\System32\drivers\CompositeBus.sys - ok
18:46:40.0404 4660 [ 249EE2D26CB1530F3BEDE0AC8B9E3099 ] C:\Windows\System32\drivers\k57nd60a.sys
18:46:40.0404 4660 C:\Windows\System32\drivers\k57nd60a.sys - ok
18:46:40.0404 4660 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
18:46:40.0404 4660 C:\Windows\System32\drivers\agilevpn.sys - ok
18:46:40.0404 4660 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
18:46:40.0404 4660 C:\Windows\System32\drivers\rasl2tp.sys - ok
18:46:40.0404 4660 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
18:46:40.0404 4660 C:\Windows\System32\drivers\ndistapi.sys - ok
18:46:40.0414 4660 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
18:46:40.0414 4660 C:\Windows\System32\drivers\ndiswan.sys - ok
18:46:40.0414 4660 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
18:46:40.0414 4660 C:\Windows\System32\drivers\raspppoe.sys - ok
18:46:40.0414 4660 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
18:46:40.0414 4660 C:\Windows\System32\drivers\raspptp.sys - ok
18:46:40.0414 4660 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
18:46:40.0414 4660 C:\Windows\System32\drivers\rassstp.sys - ok
18:46:40.0424 4660 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
18:46:40.0424 4660 C:\Windows\System32\drivers\kbdclass.sys - ok
18:46:40.0424 4660 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
18:46:40.0424 4660 C:\Windows\System32\drivers\mouclass.sys - ok
18:46:40.0424 4660 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
18:46:40.0424 4660 C:\Windows\System32\drivers\ks.sys - ok
18:46:40.0424 4660 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
18:46:40.0424 4660 C:\Windows\System32\drivers\swenum.sys - ok
18:46:40.0434 4660 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
18:46:40.0434 4660 C:\Windows\System32\drivers\umbus.sys - ok
18:46:40.0434 4660 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
18:46:40.0434 4660 C:\Windows\System32\drivers\usbhub.sys - ok
18:46:40.0434 4660 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
18:46:40.0434 4660 C:\Windows\System32\drivers\ndproxy.sys - ok
18:46:40.0434 4660 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
18:46:40.0434 4660 C:\Windows\System32\drivers\drmk.sys - ok
18:46:40.0444 4660 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
18:46:40.0444 4660 C:\Windows\System32\drivers\portcls.sys - ok
18:46:40.0444 4660 [ D42D651676883181400E22957A7E0B1E ] C:\Windows\System32\drivers\RTKVHD64.sys
18:46:40.0444 4660 C:\Windows\System32\drivers\RTKVHD64.sys - ok
18:46:40.0444 4660 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
18:46:40.0444 4660 C:\Windows\System32\drivers\ksthunk.sys - ok
18:46:40.0444 4660 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
18:46:40.0444 4660 C:\Windows\System32\autochk.exe - ok
18:46:40.0454 4660 [ 7A3EA5CA1AE2C8D94DCA120E0BEA0B02 ] C:\Windows\System32\lsdelete.exe
18:46:40.0454 4660 C:\Windows\System32\lsdelete.exe - ok
18:46:40.0454 4660 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
18:46:40.0454 4660 C:\Windows\SysWOW64\ntdll.dll - ok
18:46:40.0454 4660 [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
18:46:40.0454 4660 C:\Windows\System32\wow64.dll - ok
18:46:40.0454 4660 [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
18:46:40.0454 4660 C:\Windows\System32\wow64win.dll - ok
18:46:40.0464 4660 [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
18:46:40.0464 4660 C:\Windows\System32\wow64cpu.dll - ok
18:46:40.0464 4660 [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
18:46:40.0464 4660 C:\Windows\System32\kernel32.dll - ok
18:46:40.0464 4660 [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
18:46:40.0464 4660 C:\Windows\SysWOW64\kernel32.dll - ok
18:46:40.0464 4660 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
18:46:40.0464 4660 C:\Windows\System32\user32.dll - ok
18:46:40.0474 4660 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
18:46:40.0474 4660 C:\Windows\System32\drivers\usbd.sys - ok
18:46:40.0474 4660 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
18:46:40.0474 4660 C:\Windows\System32\drivers\usbccgp.sys - ok
18:46:40.0474 4660 [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
18:46:40.0474 4660 C:\Windows\System32\usp10.dll - ok
18:46:40.0474 4660 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
18:46:40.0474 4660 C:\Windows\System32\oleaut32.dll - ok
18:46:40.0484 4660 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
18:46:40.0484 4660 C:\Windows\System32\advapi32.dll - ok
18:46:40.0484 4660 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
18:46:40.0484 4660 C:\Windows\System32\sechost.dll - ok
18:46:40.0484 4660 [ B8BD2BB284668C84865658C77574381A ] C:\Windows\System32\drivers\cdfs.sys
18:46:40.0484 4660 C:\Windows\System32\drivers\cdfs.sys - ok
18:46:40.0484 4660 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
18:46:40.0484 4660 C:\Windows\System32\rpcrt4.dll - ok
18:46:40.0494 4660 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
18:46:40.0494 4660 C:\Windows\System32\ole32.dll - ok
18:46:40.0494 4660 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
18:46:40.0494 4660 C:\Windows\System32\comdlg32.dll - ok
18:46:40.0494 4660 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
18:46:40.0494 4660 C:\Windows\System32\msctf.dll - ok
18:46:40.0494 4660 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
18:46:40.0494 4660 C:\Windows\System32\difxapi.dll - ok
18:46:40.0494 4660 [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
18:46:40.0494 4660 C:\Windows\System32\iertutil.dll - ok
18:46:40.0504 4660 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
18:46:40.0504 4660 C:\Windows\System32\imm32.dll - ok
18:46:40.0504 4660 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
18:46:40.0504 4660 C:\Windows\System32\nsi.dll - ok
18:46:40.0504 4660 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
18:46:40.0504 4660 C:\Windows\System32\psapi.dll - ok
18:46:40.0504 4660 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
18:46:40.0504 4660 C:\Windows\System32\lpk.dll - ok
18:46:40.0514 4660 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
18:46:40.0514 4660 C:\Windows\System32\Wldap32.dll - ok
18:46:40.0514 4660 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
18:46:40.0514 4660 C:\Windows\System32\normaliz.dll - ok
18:46:40.0514 4660 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
18:46:40.0514 4660 C:\Windows\System32\shell32.dll - ok
18:46:40.0514 4660 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
18:46:40.0514 4660 C:\Windows\System32\clbcatq.dll - ok
18:46:40.0524 4660 [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
18:46:40.0524 4660 C:\Windows\System32\urlmon.dll - ok
18:46:40.0524 4660 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
18:46:40.0524 4660 C:\Windows\System32\gdi32.dll - ok
18:46:40.0524 4660 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
18:46:40.0524 4660 C:\Windows\System32\imagehlp.dll - ok
18:46:40.0524 4660 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
18:46:40.0524 4660 C:\Windows\System32\shlwapi.dll - ok
18:46:40.0534 4660 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
18:46:40.0534 4660 C:\Windows\System32\msvcrt.dll - ok
18:46:40.0534 4660 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
18:46:40.0534 4660 C:\Windows\System32\ws2_32.dll - ok
18:46:40.0534 4660 [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
18:46:40.0534 4660 C:\Windows\System32\wininet.dll - ok
18:46:40.0534 4660 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
18:46:40.0534 4660 C:\Windows\System32\setupapi.dll - ok
18:46:40.0534 4660 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
18:46:40.0534 4660 C:\Windows\System32\crypt32.dll - ok
18:46:40.0544 4660 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
18:46:40.0544 4660 C:\Windows\System32\devobj.dll - ok
18:46:40.0544 4660 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
18:46:40.0544 4660 C:\Windows\System32\cfgmgr32.dll - ok
18:46:40.0544 4660 [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
18:46:40.0544 4660 C:\Windows\System32\KernelBase.dll - ok
18:46:40.0544 4660 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
18:46:40.0544 4660 C:\Windows\System32\comctl32.dll - ok
18:46:40.0554 4660 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
18:46:40.0554 4660 C:\Windows\System32\wintrust.dll - ok
18:46:40.0554 4660 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
18:46:40.0554 4660 C:\Windows\System32\drivers\hidparse.sys - ok
18:46:40.0554 4660 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
18:46:40.0554 4660 C:\Windows\System32\msasn1.dll - ok
18:46:40.0554 4660 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
18:46:40.0554 4660 C:\Windows\System32\drivers\hidclass.sys - ok
18:46:40.0564 4660 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
18:46:40.0564 4660 C:\Windows\System32\drivers\hidusb.sys - ok
18:46:40.0564 4660 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys
18:46:40.0564 4660 C:\Windows\System32\drivers\kbdhid.sys - ok
18:46:40.0564 4660 [ 4838EA42D5BBE1CA6BEE9BBA35E8D2E5 ] C:\Windows\System32\drivers\LEqdUsb.sys
18:46:40.0564 4660 C:\Windows\System32\drivers\LEqdUsb.sys - ok
18:46:40.0564 4660 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
18:46:40.0564 4660 C:\Windows\System32\drivers\mouhid.sys - ok
18:46:40.0574 4660 [ 6F63F8A7FF6D4671973619BCF821B2F5 ] C:\Windows\System32\drivers\LHidEqd.sys
18:46:40.0574 4660 C:\Windows\System32\drivers\LHidEqd.sys - ok
18:46:40.0574 4660 [ 73188F58FB384E75C4063D29413CEE3D ] C:\Windows\System32\drivers\usbprint.sys
18:46:40.0574 4660 C:\Windows\System32\drivers\usbprint.sys - ok
18:46:40.0574 4660 [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS
18:46:40.0574 4660 C:\Windows\System32\drivers\USBSTOR.SYS - ok
18:46:40.0574 4660 [ E536A1D8502D0CA79B928CAB9EAEB807 ] C:\Windows\System32\drivers\LHidFilt.Sys
18:46:40.0574 4660 C:\Windows\System32\drivers\LHidFilt.Sys - ok
18:46:40.0584 4660 [ 2E6D0110DACC769AE478ADE6C2572E37 ] C:\Windows\System32\drivers\LMouFilt.Sys
18:46:40.0584 4660 C:\Windows\System32\drivers\LMouFilt.Sys - ok
18:46:40.0584 4660 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
18:46:40.0584 4660 C:\Windows\SysWOW64\normaliz.dll - ok
18:46:40.0584 4660 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
18:46:40.0584 4660 C:\Windows\System32\drivers\dxapi.sys - ok
18:46:40.0584 4660 [ 523B9B64F2B6C630A2E0A87116C05F12 ] C:\Windows\System32\win32k.sys
18:46:40.0584 4660 C:\Windows\System32\win32k.sys - ok
18:46:40.0594 4660 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
18:46:40.0594 4660 C:\Windows\System32\csrsrv.dll - ok
18:46:40.0594 4660 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
18:46:40.0594 4660 C:\Windows\System32\csrss.exe - ok
18:46:40.0594 4660 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
18:46:40.0594 4660 C:\Windows\System32\basesrv.dll - ok
18:46:40.0594 4660 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\System32\winsrv.dll
18:46:40.0594 4660 C:\Windows\System32\winsrv.dll - ok
18:46:40.0604 4660 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
18:46:40.0604 4660 C:\Windows\System32\drivers\monitor.sys - ok
18:46:40.0604 4660 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
18:46:40.0604 4660 C:\Windows\System32\sxssrv.dll - ok
18:46:40.0604 4660 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
18:46:40.0604 4660 C:\Windows\System32\tsddd.dll - ok
18:46:40.0604 4660 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
18:46:40.0604 4660 C:\Windows\System32\wininit.exe - ok
18:46:40.0614 4660 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
18:46:40.0614 4660 C:\Windows\System32\KBDUS.DLL - ok
18:46:40.0614 4660 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
18:46:40.0614 4660 C:\Windows\System32\profapi.dll - ok
18:46:40.0614 4660 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
18:46:40.0614 4660 C:\Windows\System32\RpcRtRemote.dll - ok
18:46:40.0614 4660 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
18:46:40.0614 4660 C:\Windows\System32\sxs.dll - ok
18:46:40.0624 4660 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
18:46:40.0624 4660 C:\Windows\System32\WlS0WndH.dll - ok
18:46:40.0624 4660 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
18:46:40.0624 4660 C:\Windows\System32\cryptbase.dll - ok
18:46:40.0624 4660 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
18:46:40.0624 4660 C:\Windows\System32\apphelp.dll - ok
18:46:40.0624 4660 [ 685527DA09EBFB681E98C515978BDEE2 ] C:\Windows\System32\lsasrv.dll
18:46:40.0624 4660 C:\Windows\System32\lsasrv.dll - ok
18:46:40.0624 4660 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
18:46:40.0624 4660 C:\Windows\System32\lsass.exe - ok
18:46:40.0634 4660 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
18:46:40.0634 4660 C:\Windows\System32\lsm.exe - ok
18:46:40.0634 4660 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
18:46:40.0634 4660 C:\Windows\System32\services.exe - ok
18:46:40.0634 4660 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
18:46:40.0634 4660 C:\Windows\System32\sspicli.dll - ok
18:46:40.0634 4660 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
18:46:40.0634 4660 C:\Windows\System32\sspisrv.dll - ok
18:46:40.0644 4660 [ 8784236EED5079493DA9FC95B28B89F8 ] C:\Windows\System32\WerFault.exe
18:46:40.0644 4660 C:\Windows\System32\WerFault.exe - ok
18:46:40.0644 4660 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
18:46:40.0644 4660 C:\Windows\System32\scesrv.dll - ok
18:46:40.0644 4660 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
18:46:40.0644 4660 C:\Windows\System32\scext.dll - ok
18:46:40.0644 4660 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
18:46:40.0644 4660 C:\Windows\System32\secur32.dll - ok
18:46:40.0654 4660 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
18:46:40.0654 4660 C:\Windows\System32\samsrv.dll - ok
18:46:40.0654 4660 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
18:46:40.0654 4660 C:\Windows\System32\sysntfy.dll - ok
18:46:40.0654 4660 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
18:46:40.0654 4660 C:\Windows\System32\wmsgapi.dll - ok
18:46:40.0654 4660 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
18:46:40.0654 4660 C:\Windows\System32\srvcli.dll - ok
18:46:40.0664 4660 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
18:46:40.0664 4660 C:\Windows\System32\wer.dll - ok
18:46:40.0664 4660 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
18:46:40.0664 4660 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
18:46:40.0664 4660 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll
18:46:40.0664 4660 C:\Windows\System32\cdd.dll - ok
18:46:40.0664 4660 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
18:46:40.0664 4660 C:\Windows\System32\cryptdll.dll - ok
18:46:40.0674 4660 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
18:46:40.0674 4660 C:\Windows\System32\wevtapi.dll - ok
18:46:40.0674 4660 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
18:46:40.0674 4660 C:\Windows\System32\authz.dll - ok
18:46:40.0674 4660 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
18:46:40.0674 4660 C:\Windows\System32\cngaudit.dll - ok
18:46:40.0674 4660 [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
18:46:40.0674 4660 C:\Windows\System32\ncrypt.dll - ok
18:46:40.0684 4660 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
18:46:40.0684 4660 C:\Windows\System32\bcrypt.dll - ok
18:46:40.0684 4660 [ F152755F131ADFE452D534F4E9383590 ] C:\Windows\System32\Faultrep.dll
18:46:40.0684 4660 C:\Windows\System32\Faultrep.dll - ok
18:46:40.0684 4660 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
18:46:40.0684 4660 C:\Windows\System32\msprivs.dll - ok
18:46:40.0684 4660 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
18:46:40.0684 4660 C:\Windows\System32\netjoin.dll - ok
18:46:40.0694 4660 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
18:46:40.0694 4660 C:\Windows\System32\negoexts.dll - ok
18:46:40.0694 4660 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
18:46:40.0694 4660 C:\Windows\System32\wkscli.dll - ok
18:46:40.0694 4660 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
18:46:40.0694 4660 C:\Windows\System32\kerberos.dll - ok
18:46:40.0694 4660 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
18:46:40.0694 4660 C:\Windows\System32\cryptsp.dll - ok
18:46:40.0694 4660 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
18:46:40.0694 4660 C:\Windows\System32\mswsock.dll - ok
18:46:40.0704 4660 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
18:46:40.0704 4660 C:\Windows\System32\msv1_0.dll - ok
18:46:40.0704 4660 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
18:46:40.0704 4660 C:\Windows\System32\netlogon.dll - ok
18:46:40.0704 4660 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
18:46:40.0704 4660 C:\Windows\System32\wship6.dll - ok
18:46:40.0704 4660 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
18:46:40.0704 4660 C:\Windows\System32\dnsapi.dll - ok
18:46:40.0714 4660 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
18:46:40.0714 4660 C:\Windows\System32\logoncli.dll - ok
18:46:40.0714 4660 [ B7D42CB36C08FA017E73FF2433CD7287 ] C:\Windows\System32\schannel.dll
18:46:40.0714 4660 C:\Windows\System32\schannel.dll - ok
18:46:40.0714 4660 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
18:46:40.0714 4660 C:\Windows\System32\wdigest.dll - ok
18:46:40.0714 4660 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
18:46:40.0714 4660 C:\Windows\System32\pku2u.dll - ok
18:46:40.0724 4660 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
18:46:40.0724 4660 C:\Windows\System32\rsaenh.dll - ok
18:46:40.0724 4660 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
18:46:40.0724 4660 C:\Windows\System32\TSpkg.dll - ok
18:46:40.0724 4660 [ 918434C02A5A8ED1DD1B16A2FF16409C ] C:\Windows\System32\LIVESSP.DLL
18:46:40.0724 4660 C:\Windows\System32\LIVESSP.DLL - ok
18:46:40.0724 4660 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
18:46:40.0724 4660 C:\Windows\System32\winlogon.exe - ok
18:46:40.0734 4660 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
18:46:40.0734 4660 C:\Windows\System32\bcryptprimitives.dll - ok
18:46:40.0734 4660 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
18:46:40.0734 4660 C:\Windows\System32\winsta.dll - ok
18:46:40.0734 4660 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
18:46:40.0734 4660 C:\Windows\System32\credssp.dll - ok
18:46:40.0734 4660 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
18:46:40.0734 4660 C:\Windows\System32\efslsaext.dll - ok
18:46:40.0744 4660 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
18:46:40.0744 4660 C:\Windows\System32\scecli.dll - ok
18:46:40.0744 4660 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
18:46:40.0744 4660 C:\Windows\System32\ubpm.dll - ok
18:46:40.0744 4660 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
18:46:40.0744 4660 C:\Windows\System32\netutils.dll - ok
18:46:40.0744 4660 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
18:46:40.0744 4660 C:\Windows\System32\svchost.exe - ok
18:46:40.0754 4660 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
18:46:40.0754 4660 C:\Windows\System32\umpnpmgr.dll - ok
18:46:40.0754 4660 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
18:46:40.0754 4660 C:\Windows\System32\SPInf.dll - ok
18:46:40.0754 4660 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
18:46:40.0754 4660 C:\Windows\System32\devrtl.dll - ok
18:46:40.0754 4660 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
18:46:40.0754 4660 C:\Windows\System32\gpapi.dll - ok
18:46:40.0764 4660 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
18:46:40.0764 4660 C:\Windows\System32\userenv.dll - ok
18:46:40.0764 4660 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
18:46:40.0764 4660 C:\Windows\System32\umpo.dll - ok
18:46:40.0764 4660 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
18:46:40.0764 4660 C:\Windows\System32\pcwum.dll - ok
18:46:40.0764 4660 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
18:46:40.0764 4660 C:\Windows\System32\powrprof.dll - ok
18:46:40.0764 4660 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
18:46:40.0764 4660 C:\Windows\System32\drivers\luafv.sys - ok
18:46:40.0774 4660 [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
18:46:40.0774 4660 C:\Windows\System32\drivers\WUDFPf.sys - ok
18:46:40.0774 4660 [ FCE8537BF5D504680212D536A3BFE5E2 ] C:\Windows\System32\nvvsvc.exe
18:46:40.0774 4660 C:\Windows\System32\nvvsvc.exe - ok
18:46:40.0774 4660 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
18:46:40.0774 4660 C:\Windows\System32\rpcss.dll - ok
18:46:40.0774 4660 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
18:46:40.0774 4660 C:\Windows\System32\RpcEpMap.dll - ok
18:46:40.0784 4660 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
18:46:40.0784 4660 C:\Windows\System32\wshqos.dll - ok
18:46:40.0784 4660 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
18:46:40.0784 4660 C:\Windows\System32\WSHTCPIP.DLL - ok
18:46:40.0784 4660 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:46:40.0784 4660 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
18:46:40.0784 4660 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
18:46:40.0784 4660 C:\Windows\System32\FirewallAPI.dll - ok
18:46:40.0794 4660 [ BCF8F2758AA5C451F8E366C66A98BBFE ] C:\Program Files\Microsoft Security Client\MpSvc.dll
18:46:40.0794 4660 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
18:46:40.0794 4660 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
18:46:40.0794 4660 C:\Windows\System32\LogonUI.exe - ok
18:46:40.0794 4660 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
18:46:40.0794 4660 C:\Windows\System32\version.dll - ok
18:46:40.0794 4660 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
18:46:40.0794 4660 C:\Windows\System32\authui.dll - ok
18:46:40.0804 4660 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
18:46:40.0804 4660 C:\Windows\System32\cryptui.dll - ok
18:46:40.0804 4660 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
18:46:40.0804 4660 C:\Windows\System32\samlib.dll - ok
18:46:40.0804 4660 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
18:46:40.0804 4660 C:\Windows\System32\shacct.dll - ok
18:46:40.0804 4660 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
18:46:40.0804 4660 C:\Windows\System32\propsys.dll - ok
18:46:40.0814 4660 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
18:46:40.0814 4660 C:\Windows\System32\uxtheme.dll - ok
18:46:40.0814 4660 [ 2F67DEE6452EBC9F4A6C97A1CCC232FE ] C:\Program Files\Microsoft Security Client\MpClient.dll
18:46:40.0814 4660 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
18:46:40.0814 4660 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
18:46:40.0814 4660 C:\Windows\System32\wtsapi32.dll - ok
18:46:40.0814 4660 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
18:46:40.0814 4660 C:\Windows\System32\ntmarta.dll - ok
18:46:40.0824 4660 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
18:46:40.0824 4660 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
18:46:40.0824 4660 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
18:46:40.0824 4660 C:\Windows\System32\dui70.dll - ok
18:46:40.0824 4660 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
18:46:40.0824 4660 C:\Windows\System32\duser.dll - ok
18:46:40.0824 4660 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
18:46:40.0824 4660 C:\Windows\System32\SndVolSSO.dll - ok
18:46:40.0824 4660 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
18:46:40.0824 4660 C:\Windows\System32\hid.dll - ok
18:46:40.0834 4660 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
18:46:40.0834 4660 C:\Windows\System32\MMDevAPI.dll - ok
18:46:40.0834 4660 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
18:46:40.0834 4660 C:\Windows\System32\dwmapi.dll - ok
18:46:40.0834 4660 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
18:46:40.0834 4660 C:\Windows\System32\xmllite.dll - ok
18:46:40.0834 4660 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
18:46:40.0834 4660 C:\Windows\System32\WindowsCodecs.dll - ok
18:46:40.0844 4660 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
18:46:40.0844 4660 C:\Windows\System32\winbrand.dll - ok
18:46:40.0844 4660 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
18:46:40.0844 4660 C:\Windows\System32\VaultCredProvider.dll - ok
18:46:40.0844 4660 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
18:46:40.0844 4660 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
18:46:40.0844 4660 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
18:46:40.0844 4660 C:\Windows\System32\BioCredProv.dll - ok
18:46:40.0854 4660 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
18:46:40.0854 4660 C:\Windows\System32\winbio.dll - ok
18:46:40.0854 4660 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
18:46:40.0854 4660 C:\Windows\System32\credui.dll - ok
18:46:40.0854 4660 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
18:46:40.0854 4660 C:\Windows\System32\netapi32.dll - ok
18:46:40.0854 4660 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
18:46:40.0854 4660 C:\Windows\System32\vaultcli.dll - ok
18:46:40.0864 4660 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
18:46:40.0864 4660 C:\Windows\System32\certCredProvider.dll - ok
18:46:40.0864 4660 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
18:46:40.0864 4660 C:\Windows\System32\samcli.dll - ok
18:46:40.0864 4660 [ FB25067C233B686B50F29ABD688B2A6D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
18:46:40.0864 4660 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
18:46:40.0864 4660 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
18:46:40.0864 4660 C:\Windows\System32\rasapi32.dll - ok
18:46:40.0874 4660 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
18:46:40.0874 4660 C:\Windows\System32\rasplap.dll - ok
18:46:40.0874 4660 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
18:46:40.0874 4660 C:\Windows\System32\rasman.dll - ok
18:46:40.0874 4660 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
18:46:40.0874 4660 C:\Windows\System32\rtutils.dll - ok
18:46:40.0874 4660 [ 5F10310A5A9273475AA04930DFE16742 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
18:46:40.0874 4660 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
18:46:40.0884 4660 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
18:46:40.0884 4660 C:\Windows\System32\oleacc.dll - ok
18:46:40.0884 4660 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
18:46:40.0884 4660 C:\Windows\System32\wevtsvc.dll - ok
18:46:40.0884 4660 [ 019BDD35DE269CB98B22DE8923C2AA3B ] C:\Windows\System32\UIAutomationCore.dll
18:46:40.0884 4660 C:\Windows\System32\UIAutomationCore.dll - ok
18:46:40.0884 4660 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
18:46:40.0884 4660 C:\Windows\System32\audiosrv.dll - ok
18:46:40.0894 4660 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
18:46:40.0894 4660 C:\Windows\System32\avrt.dll - ok
18:46:40.0894 4660 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
18:46:40.0894 4660 C:\Windows\System32\mmcss.dll - ok
18:46:40.0894 4660 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
18:46:40.0894 4660 C:\Windows\System32\profsvc.dll - ok
18:46:40.0894 4660 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
18:46:40.0894 4660 C:\Windows\System32\adtschema.dll - ok
18:46:40.0904 4660 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
18:46:40.0904 4660 C:\Windows\System32\wlansvc.dll - ok
18:46:40.0904 4660 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
18:46:40.0904 4660 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
18:46:40.0904 4660 [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
18:46:40.0904 4660 C:\Windows\System32\WUDFPlatform.dll - ok
18:46:40.0904 4660 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
18:46:40.0904 4660 C:\Windows\System32\netprofm.dll - ok
18:46:40.0914 4660 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
18:46:40.0914 4660 C:\Windows\System32\audiodg.exe - ok
18:46:40.0914 4660 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
18:46:40.0914 4660 C:\Windows\System32\drivers\fltMgr.sys - ok
18:46:40.0914 4660 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
18:46:40.0914 4660 C:\Windows\System32\PSHED.DLL - ok
18:46:40.0914 4660 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
18:46:40.0914 4660 C:\Windows\System32\gpsvc.dll - ok
18:46:40.0924 4660 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
18:46:40.0924 4660 C:\Windows\System32\winmm.dll - ok
18:46:40.0924 4660 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
18:46:40.0924 4660 C:\Windows\System32\wdmaud.drv - ok
18:46:40.0924 4660 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
18:46:40.0924 4660 C:\Windows\System32\ksuser.dll - ok
18:46:40.0924 4660 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
18:46:40.0924 4660 C:\Windows\System32\MPSSVC.dll - ok
18:46:40.0934 4660 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
18:46:40.0934 4660 C:\Windows\System32\AudioSes.dll - ok
18:46:40.0934 4660 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
18:46:40.0934 4660 C:\Windows\System32\atl.dll - ok
18:46:40.0934 4660 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
18:46:40.0934 4660 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
18:46:40.0934 4660 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
18:46:40.0934 4660 C:\Windows\System32\msacm32.dll - ok
18:46:40.0934 4660 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
18:46:40.0934 4660 C:\Windows\System32\msacm32.drv - ok
18:46:40.0944 4660 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
18:46:40.0944 4660 C:\Windows\System32\nlaapi.dll - ok
18:46:40.0944 4660 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
18:46:40.0944 4660 C:\Windows\System32\themeservice.dll - ok
18:46:40.0944 4660 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
18:46:40.0944 4660 C:\Windows\System32\AudioEng.dll - ok
18:46:40.0944 4660 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
18:46:40.0944 4660 C:\Windows\System32\dsrole.dll - ok
18:46:40.0954 4660 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
18:46:40.0954 4660 C:\Windows\System32\es.dll - ok
18:46:40.0954 4660 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
18:46:40.0954 4660 C:\Windows\System32\midimap.dll - ok
18:46:40.0954 4660 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
18:46:40.0954 4660 C:\Windows\System32\slc.dll - ok
18:46:40.0954 4660 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
18:46:40.0954 4660 C:\Windows\System32\comres.dll - ok
18:46:40.0964 4660 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
18:46:40.0964 4660 C:\Windows\System32\Sens.dll - ok
18:46:40.0964 4660 [ 0840ABBBDF438691EE65A20040635CBE ] C:\Program Files\Dell\DellDock\DockLogin.exe
18:46:40.0964 4660 C:\Program Files\Dell\DellDock\DockLogin.exe - ok
18:46:40.0964 4660 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
18:46:40.0964 4660 C:\Windows\System32\AUDIOKSE.dll - ok
18:46:40.0964 4660 [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
18:46:40.0964 4660 C:\Windows\SysWOW64\KernelBase.dll - ok
18:46:40.0974 4660 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
18:46:40.0974 4660 C:\Windows\SysWOW64\msvcrt.dll - ok
18:46:40.0974 4660 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
18:46:40.0974 4660 C:\Windows\SysWOW64\wtsapi32.dll - ok
18:46:40.0974 4660 [ E877D921A20E311F0627A48EEFAB1849 ] C:\Windows\System32\MBWrp64.dll
18:46:40.0974 4660 C:\Windows\System32\MBWrp64.dll - ok
18:46:40.0974 4660 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
18:46:40.0974 4660 C:\Windows\SysWOW64\advapi32.dll - ok
18:46:40.0984 4660 [ F0681E28F3D59AB20A0A585A1CDC5690 ] C:\Windows\System32\MBAPO64.dll
18:46:40.0984 4660 C:\Windows\System32\MBAPO64.dll - ok
18:46:40.0984 4660 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
18:46:40.0984 4660 C:\Windows\SysWOW64\rpcrt4.dll - ok
18:46:40.0984 4660 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
18:46:40.0984 4660 C:\Windows\SysWOW64\sechost.dll - ok
18:46:40.0984 4660 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
18:46:40.0984 4660 C:\Windows\System32\IPHLPAPI.DLL - ok
18:46:40.0994 4660 [ 18DC604C7FF2DB44F3A50E47BAE5AB02 ] C:\Windows\System32\nvsvc64.dll
18:46:40.0994 4660 C:\Windows\System32\nvsvc64.dll - ok
18:46:40.0994 4660 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
18:46:40.0994 4660 C:\Windows\System32\UXInit.dll - ok
18:46:40.0994 4660 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
18:46:40.0994 4660 C:\Windows\SysWOW64\cryptbase.dll - ok
18:46:40.0994 4660 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
18:46:40.0994 4660 C:\Windows\SysWOW64\shlwapi.dll - ok
18:46:41.0004 4660 [ BFB26890612FB8AE8B0463EBEBE84B7E ] C:\Windows\SysWOW64\sspicli.dll
18:46:41.0004 4660 C:\Windows\SysWOW64\sspicli.dll - ok
18:46:41.0004 4660 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
18:46:41.0004 4660 C:\Windows\System32\winnsi.dll - ok
18:46:41.0004 4660 [ C56811CFF76E139CCBF1E5B9EFF839F5 ] C:\Windows\System32\RtkAPO64.dll
18:46:41.0004 4660 C:\Windows\System32\RtkAPO64.dll - ok
18:46:41.0004 4660 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
18:46:41.0004 4660 C:\Windows\SysWOW64\gdi32.dll - ok
18:46:41.0014 4660 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
18:46:41.0014 4660 C:\Windows\SysWOW64\user32.dll - ok
18:46:41.0014 4660 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
18:46:41.0014 4660 C:\Windows\System32\msimg32.dll - ok
18:46:41.0014 4660 [ 05C6DED0306F3815DDA6CA808713B1A1 ] C:\Windows\System32\nvapi64.dll
18:46:41.0014 4660 C:\Windows\System32\nvapi64.dll - ok
18:46:41.0014 4660 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
18:46:41.0014 4660 C:\Windows\System32\WMALFXGFXDSP.dll - ok
18:46:41.0014 4660 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
18:46:41.0014 4660 C:\Windows\System32\imageres.dll - ok
18:46:41.0024 4660 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
18:46:41.0024 4660 C:\Windows\SysWOW64\lpk.dll - ok
18:46:41.0024 4660 [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
18:46:41.0024 4660 C:\Windows\SysWOW64\usp10.dll - ok
18:46:41.0024 4660 [ 1B640303B936F8750FB0FFE4F164B5B5 ] C:\Windows\System32\nvsvcr.dll
18:46:41.0024 4660 C:\Windows\System32\nvsvcr.dll - ok
18:46:41.0024 4660 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
18:46:41.0024 4660 C:\Windows\SysWOW64\imm32.dll - ok
18:46:41.0034 4660 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
18:46:41.0034 4660 C:\Windows\SysWOW64\msctf.dll - ok
18:46:41.0034 4660 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
18:46:41.0034 4660 C:\Windows\System32\mfplat.dll - ok
18:46:41.0034 4660 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
18:46:41.0034 4660 C:\Windows\System32\uxsms.dll - ok
18:46:41.0034 4660 [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
18:46:41.0034 4660 C:\Windows\System32\WUDFSvc.dll - ok
18:46:41.0044 4660 [ BDCEDA1EF7561CFAA9A45857ADDC3A31 ] C:\Windows\System32\nvcpl.dll
18:46:41.0044 4660 C:\Windows\System32\nvcpl.dll - ok
18:46:41.0044 4660 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
18:46:41.0044 4660 C:\Windows\System32\dhcpcore.dll - ok
18:46:41.0044 4660 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
18:46:41.0044 4660 C:\Windows\System32\drivers\lltdio.sys - ok
18:46:41.0044 4660 [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
18:46:41.0044 4660 C:\Windows\System32\drivers\ndisuio.sys - ok
18:46:41.0054 4660 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
18:46:41.0054 4660 C:\Windows\System32\drivers\nwifi.sys - ok
18:46:41.0054 4660 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
18:46:41.0054 4660 C:\Windows\System32\drivers\rspndr.sys - ok
18:46:41.0054 4660 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
18:46:41.0054 4660 C:\Windows\System32\lmhsvc.dll - ok
18:46:41.0054 4660 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
18:46:41.0054 4660 C:\Windows\System32\nrpsrv.dll - ok
18:46:41.0064 4660 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
18:46:41.0064 4660 C:\Windows\System32\nsisvc.dll - ok
18:46:41.0064 4660 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
18:46:41.0064 4660 C:\Windows\System32\dnsrslvr.dll - ok
18:46:41.0064 4660 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
18:46:41.0064 4660 C:\Windows\System32\keyiso.dll - ok
18:46:41.0064 4660 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
18:46:41.0064 4660 C:\Windows\System32\eapsvc.dll - ok
18:46:41.0064 4660 [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
18:46:41.0064 4660 C:\Windows\System32\eapphost.dll - ok
18:46:41.0074 4660 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
18:46:41.0074 4660 C:\Windows\System32\dhcpcore6.dll - ok
18:46:41.0074 4660 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
18:46:41.0074 4660 C:\Windows\System32\dhcpcsvc6.dll - ok
18:46:41.0074 4660 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
18:46:41.0074 4660 C:\Windows\System32\FWPUCLNT.DLL - ok
18:46:41.0074 4660 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
18:46:41.0074 4660 C:\Windows\System32\dhcpcsvc.dll - ok
18:46:41.0084 4660 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
18:46:41.0084 4660 C:\Windows\System32\umb.dll - ok
18:46:41.0084 4660 [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
18:46:41.0084 4660 C:\Windows\System32\wlanmsm.dll - ok
18:46:41.0084 4660 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
18:46:41.0084 4660 C:\Windows\System32\wlansec.dll - ok
18:46:41.0084 4660 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
18:46:41.0084 4660 C:\Windows\System32\onex.dll - ok
18:46:41.0094 4660 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
18:46:41.0094 4660 C:\Windows\System32\eappcfg.dll - ok
18:46:41.0094 4660 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
18:46:41.0094 4660 C:\Windows\System32\eappprxy.dll - ok
18:46:41.0094 4660 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
18:46:41.0094 4660 C:\Windows\System32\dnsext.dll - ok
18:46:41.0094 4660 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
18:46:41.0094 4660 C:\Windows\System32\l2gpstore.dll - ok
18:46:41.0104 4660 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
18:46:41.0104 4660 C:\Windows\System32\WinSCard.dll - ok
18:46:41.0104 4660 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
18:46:41.0104 4660 C:\Windows\System32\wlanutil.dll - ok
18:46:41.0104 4660 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
18:46:41.0104 4660 C:\Windows\System32\wlgpclnt.dll - ok
18:46:41.0104 4660 [ 99B91C5D2FCEF218CAD3600ECB62A799 ] C:\Windows\System32\msxml6.dll
18:46:41.0104 4660 C:\Windows\System32\msxml6.dll - ok
18:46:41.0114 4660 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
18:46:41.0114 4660 C:\Windows\System32\winspool.drv - ok
18:46:41.0114 4660 [ 13B0A570E1AE451C92DA550085D72CF3 ] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
18:46:41.0114 4660 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE - ok
18:46:41.0114 4660 [ 43FAB56AE5F639AD59D7209693F4C4C2 ] C:\Windows\System32\wlanext.exe
18:46:41.0114 4660 C:\Windows\System32\wlanext.exe - ok
18:46:41.0114 4660 [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
18:46:41.0114 4660 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
18:46:41.0124 4660 [ 1BCDB508143B517F21BBDAC10F5777BF ] C:\Windows\System32\conhost.exe
18:46:41.0124 4660 C:\Windows\System32\conhost.exe - ok
18:46:41.0124 4660 [ AD3283C6BD152824A35E0E9B497AEACB ] C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
18:46:41.0124 4660 C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE - ok
18:46:41.0124 4660 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
18:46:41.0124 4660 C:\Windows\System32\shsvcs.dll - ok
18:46:41.0124 4660 [ 28B97AF4BE035D73684A066253CF3CAB ] C:\Windows\System32\bcmihvsrv64.dll
18:46:41.0124 4660 C:\Windows\System32\bcmihvsrv64.dll - ok
18:46:41.0134 4660 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
18:46:41.0134 4660 C:\Windows\System32\schedsvc.dll - ok
18:46:41.0134 4660 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
18:46:41.0134 4660 C:\Windows\System32\ktmw32.dll - ok
18:46:41.0134 4660 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
18:46:41.0134 4660 C:\Windows\System32\mscoree.dll - ok
18:46:41.0134 4660 [ 4BD79D03984226DB22D19BBE79369E0E ] C:\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\mfc90u.dll
18:46:41.0134 4660 C:\Windows\winsxs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\mfc90u.dll - ok
18:46:41.0144 4660 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
18:46:41.0144 4660 C:\Windows\System32\taskcomp.dll - ok
18:46:41.0144 4660 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
18:46:41.0144 4660 C:\Windows\System32\wlanapi.dll - ok
18:46:41.0144 4660 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
18:46:41.0144 4660 C:\Windows\System32\drivers\http.sys - ok
18:46:41.0144 4660 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
18:46:41.0144 4660 C:\Windows\System32\spoolsv.exe - ok
18:46:41.0154 4660 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
18:46:41.0154 4660 C:\Windows\System32\BFE.DLL - ok
18:46:41.0154 4660 [ DB4BC74DC444CC7A5F8F6DF2D38FBD96 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcm90.dll
18:46:41.0154 4660 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcm90.dll - ok
18:46:41.0154 4660 [ 241AF87821FDA0F5792037B779F49BE0 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll
18:46:41.0154 4660 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll - ok
18:46:41.0154 4660 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll
18:46:41.0154 4660 C:\Windows\System32\wsock32.dll - ok
18:46:41.0164 4660 [ D918AF3EA07D248F911F7C6B801AA1E3 ] C:\Windows\winsxs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_01c9581e60cbee58\MFC90ENU.DLL
18:46:41.0164 4660 C:\Windows\winsxs\amd64_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_01c9581e60cbee58\MFC90ENU.DLL - ok
18:46:41.0164 4660 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
18:46:41.0164 4660 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
18:46:41.0164 4660 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
18:46:41.0164 4660 C:\Windows\System32\drivers\bowser.sys - ok
18:46:41.0164 4660 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
18:46:41.0164 4660 C:\Windows\System32\drivers\mpsdrv.sys - ok
18:46:41.0174 4660 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
18:46:41.0174 4660 C:\Windows\System32\netcfgx.dll - ok
18:46:41.0174 4660 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
18:46:41.0174 4660 C:\Windows\System32\drivers\mrxsmb.sys - ok
18:46:41.0174 4660 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
18:46:41.0174 4660 C:\Windows\System32\drivers\mrxsmb10.sys - ok
18:46:41.0174 4660 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
18:46:41.0174 4660 C:\Windows\System32\drivers\mrxsmb20.sys - ok
18:46:41.0184 4660 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
18:46:41.0184 4660 C:\Windows\System32\wkssvc.dll - ok
18:46:41.0184 4660 [ 3927397AC60D943DAF8808AFFED582B7 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:46:41.0184 4660 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
18:46:41.0184 4660 [ 0ADC83218B66A6DB380C330836F3E36D ] C:\Windows\System32\drivers\fastfat.sys
18:46:41.0184 4660 C:\Windows\System32\drivers\fastfat.sys - ok
18:46:41.0184 4660 [ 02CD5B2C3B017122CAC00BDB520CD7AC ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
18:46:41.0184 4660 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
18:46:41.0194 4660 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
18:46:41.0194 4660 C:\Windows\System32\fveapi.dll - ok
18:46:41.0194 4660 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
18:46:41.0194 4660 C:\Windows\System32\wfapigp.dll - ok
18:46:41.0194 4660 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
18:46:41.0194 4660 C:\Windows\SysWOW64\shell32.dll - ok
18:46:41.0194 4660 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
18:46:41.0194 4660 C:\Windows\System32\mscms.dll - ok
18:46:41.0204 4660 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
18:46:41.0204 4660 C:\Windows\System32\fvecerts.dll - ok
18:46:41.0204 4660 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
18:46:41.0204 4660 C:\Windows\System32\tbs.dll - ok
18:46:41.0204 4660 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
18:46:41.0204 4660 C:\Windows\System32\pcasvc.dll - ok
18:46:41.0204 4660 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
18:46:41.0204 4660 C:\Windows\System32\snmptrap.exe - ok
18:46:41.0214 4660 [ 7C00C608FE4C8EDE9E30940837B9AC8B ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
18:46:41.0214 4660 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll - ok
18:46:41.0214 4660 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
18:46:41.0214 4660 C:\Windows\System32\provsvc.dll - ok
18:46:41.0214 4660 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
18:46:41.0214 4660 C:\Windows\System32\sstpsvc.dll - ok
18:46:41.0214 4660 [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
18:46:41.0214 4660 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
18:46:41.0224 4660 [ 2C1BB3AD51826AA96C9802CBC123814F ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\51a23687fdafc32b697f5a719e364651\mscorlib.ni.dll
18:46:41.0224 4660 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\51a23687fdafc32b697f5a719e364651\mscorlib.ni.dll - ok
18:46:41.0224 4660 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
18:46:41.0224 4660 C:\Windows\System32\wiarpc.dll - ok
18:46:41.0224 4660 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
18:46:41.0224 4660 C:\Windows\SysWOW64\ole32.dll - ok
18:46:41.0224 4660 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
18:46:41.0224 4660 C:\Windows\SysWOW64\oleaut32.dll - ok
18:46:41.0234 4660 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
18:46:41.0234 4660 C:\Windows\SysWOW64\crypt32.dll - ok
18:46:41.0234 4660 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
18:46:41.0234 4660 C:\Windows\SysWOW64\msasn1.dll - ok
18:46:41.0234 4660 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
18:46:41.0234 4660 C:\Windows\SysWOW64\wintrust.dll - ok
18:46:41.0234 4660 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
18:46:41.0234 4660 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
18:46:41.0244 4660 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:46:41.0244 4660 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe - ok
18:46:41.0244 4660 [ 1B1431D9520C7578AD5633ED2A70625F ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
18:46:41.0244 4660 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
18:46:41.0244 4660 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
18:46:41.0244 4660 C:\Windows\System32\cryptsvc.dll - ok
18:46:41.0244 4660 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
18:46:41.0244 4660 C:\Windows\System32\dps.dll - ok
18:46:41.0254 4660 [ 7F8E83B9466A0A002D4AB15C104062A7 ] C:\Windows\System32\efscore.dll
18:46:41.0254 4660 C:\Windows\System32\efscore.dll - ok
18:46:41.0254 4660 [ 0C043B0ABBB5E14E68906AB80365395B ] C:\Windows\System32\efssvc.dll
18:46:41.0254 4660 C:\Windows\System32\efssvc.dll - ok
18:46:41.0254 4660 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
18:46:41.0254 4660 C:\Windows\System32\cryptnet.dll - ok
18:46:41.0254 4660 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
18:46:41.0254 4660 C:\Windows\System32\FDResPub.dll - ok
18:46:41.0264 4660 [ A190DA6546501CB4146BBCC0B6A3F48B ] C:\Windows\System32\msiexec.exe
18:46:41.0264 4660 C:\Windows\System32\msiexec.exe - ok
18:46:41.0264 4660 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
18:46:41.0264 4660 C:\Windows\System32\vssapi.dll - ok
18:46:41.0264 4660 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
18:46:41.0264 4660 C:\Windows\System32\WSDApi.dll - ok
18:46:41.0264 4660 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
18:46:41.0264 4660 C:\Windows\System32\msi.dll - ok
18:46:41.0274 4660 [ 58283053C781AD3A579C95D7765C1FA0 ] C:\Windows\System32\efsutil.dll
18:46:41.0274 4660 C:\Windows\System32\efsutil.dll - ok
18:46:41.0274 4660 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
18:46:41.0274 4660 C:\Windows\System32\taskschd.dll - ok
18:46:41.0274 4660 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
18:46:41.0274 4660 C:\Windows\System32\webservices.dll - ok
18:46:41.0274 4660 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
18:46:41.0274 4660 C:\Windows\System32\fundisc.dll - ok
18:46:41.0274 4660 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
18:46:41.0274 4660 C:\Windows\System32\wdi.dll - ok
18:46:41.0284 4660 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
18:46:41.0284 4660 C:\Windows\System32\vsstrace.dll - ok
18:46:41.0284 4660 [ 3306930FD3AC4ABB17A6DFC9222467F1 ] C:\Windows\AppPatch\AppPatch64\AcLayers.dll
18:46:41.0284 4660 C:\Windows\AppPatch\AppPatch64\AcLayers.dll - ok
18:46:41.0284 4660 [ DB16A7C0A453F7E220A5F29E42572FD8 ] C:\Windows\AppPatch\AppPatch64\AcGenral.dll
18:46:41.0284 4660 C:\Windows\AppPatch\AppPatch64\AcGenral.dll - ok
18:46:41.0284 4660 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
18:46:41.0284 4660 C:\Windows\System32\mpr.dll - ok
18:46:41.0294 4660 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] C:\Windows\System32\drivers\NisDrvWFP.sys
18:46:41.0294 4660 C:\Windows\System32\drivers\NisDrvWFP.sys - ok
18:46:41.0294 4660 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
18:46:41.0294 4660 C:\Windows\System32\sfc.dll - ok
18:46:41.0294 4660 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
18:46:41.0294 4660 C:\Windows\System32\sfc_os.dll - ok
18:46:41.0294 4660 [ DCD9287B04DE83CA22C8057C358243EA ] C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
18:46:41.0294 4660 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe - ok
18:46:41.0304 4660 [ 720971F2603EF221AA4EF33980EF8137 ] C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
18:46:41.0304 4660 C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll - ok
18:46:41.0304 4660 [ 01254851AAC4D211CCCE58213A4F9EB3 ] C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\PantechService.exe
18:46:41.0304 4660 C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\PantechService.exe - ok
18:46:41.0304 4660 [ 0A888754C63C3A5D8CD8F7492C62B40D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
18:46:41.0304 4660 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
18:46:41.0304 4660 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
18:46:41.0304 4660 C:\Windows\System32\winhttp.dll - ok
18:46:41.0314 4660 [ 05DEB6BF3C7F0C241FFB9A7C3503BDFB ] C:\Windows\System32\wltrynt.dll
18:46:41.0314 4660 C:\Windows\System32\wltrynt.dll - ok
18:46:41.0314 4660 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
18:46:41.0314 4660 C:\Windows\System32\localspl.dll - ok
18:46:41.0314 4660 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
18:46:41.0314 4660 C:\Windows\System32\nlasvc.dll - ok
18:46:41.0314 4660 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
18:46:41.0314 4660 C:\Windows\System32\rasadhlp.dll - ok
18:46:41.0324 4660 [ 1F5AFD468EB5E09E9ED75A087529EAB5 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
18:46:41.0324 4660 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
18:46:41.0324 4660 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
18:46:41.0324 4660 C:\Windows\System32\webio.dll - ok
18:46:41.0324 4660 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
18:46:41.0324 4660 C:\Windows\System32\httpapi.dll - ok
18:46:41.0324 4660 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
18:46:41.0324 4660 C:\Windows\System32\ncsi.dll - ok
18:46:41.0334 4660 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
18:46:41.0334 4660 C:\Windows\System32\spoolss.dll - ok
18:46:41.0334 4660 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
18:46:41.0334 4660 C:\Windows\System32\ssdpapi.dll - ok
18:46:41.0334 4660 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
18:46:41.0334 4660 C:\Windows\System32\PrintIsolationProxy.dll - ok
18:46:41.0334 4660 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
18:46:41.0334 4660 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
18:46:41.0344 4660 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
18:46:41.0344 4660 C:\Windows\System32\FXSMON.dll - ok
18:46:41.0344 4660 [ C56EE5C70ACFF7AF17494F8BE5C81BF2 ] C:\Windows\System32\nitrolocalmon2.dll
18:46:41.0344 4660 C:\Windows\System32\nitrolocalmon2.dll - ok
18:46:41.0344 4660 [ 2E5353B4C22105C59484A927A3D064C7 ] C:\Windows\System32\PJLMON.DLL
18:46:41.0344 4660 C:\Windows\System32\PJLMON.DLL - ok
18:46:41.0344 4660 [ 962874341190719614FC9B37D5DE71F8 ] C:\Windows\System32\Primomonnt.dll
18:46:41.0344 4660 C:\Windows\System32\Primomonnt.dll - ok
18:46:41.0354 4660 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
18:46:41.0354 4660 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
18:46:41.0354 4660 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
18:46:41.0354 4660 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
18:46:41.0354 4660 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
18:46:41.0354 4660 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
18:46:41.0354 4660 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
18:46:41.0354 4660 C:\Windows\System32\aepic.dll - ok
18:46:41.0364 4660 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
18:46:41.0364 4660 C:\Windows\System32\drivers\PEAuth.sys - ok
18:46:41.0364 4660 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:46:41.0364 4660 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - ok
18:46:41.0364 4660 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
18:46:41.0364 4660 C:\Windows\SysWOW64\nsi.dll - ok
18:46:41.0364 4660 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
18:46:41.0364 4660 C:\Windows\SysWOW64\winhttp.dll - ok
18:46:41.0374 4660 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
18:46:41.0374 4660 C:\Windows\SysWOW64\ws2_32.dll - ok
18:46:41.0374 4660 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
18:46:41.0374 4660 C:\Windows\SysWOW64\wsock32.dll - ok
18:46:41.0374 4660 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
18:46:41.0374 4660 C:\Windows\SysWOW64\webio.dll - ok
18:46:41.0374 4660 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
18:46:41.0374 4660 C:\Windows\SysWOW64\profapi.dll - ok
18:46:41.0384 4660 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
18:46:41.0384 4660 C:\Windows\SysWOW64\SensApi.dll - ok
18:46:41.0384 4660 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
18:46:41.0384 4660 C:\Windows\SysWOW64\clbcatq.dll - ok
18:46:41.0384 4660 [ 21D3A18769EC2C4E56756D04E989A221 ] C:\Windows\SysWOW64\msxml3.dll
18:46:41.0384 4660 C:\Windows\SysWOW64\msxml3.dll - ok
18:46:41.0384 4660 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
18:46:41.0384 4660 C:\Windows\System32\drivers\secdrv.sys - ok
18:46:41.0394 4660 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
18:46:41.0394 4660 C:\Windows\SysWOW64\cryptsp.dll - ok
18:46:41.0394 4660 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
18:46:41.0394 4660 C:\Windows\SysWOW64\rsaenh.dll - ok
18:46:41.0394 4660 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
18:46:41.0394 4660 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
18:46:41.0394 4660 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
18:46:41.0394 4660 C:\Windows\System32\drivers\srvnet.sys - ok
18:46:41.0404 4660 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
18:46:41.0404 4660 C:\Windows\System32\drivers\tcpipreg.sys - ok
18:46:41.0404 4660 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
18:46:41.0404 4660 C:\Windows\System32\sysmain.dll - ok
18:46:41.0404 4660 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
18:46:41.0404 4660 C:\Windows\System32\wiaservc.dll - ok
18:46:41.0404 4660 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
18:46:41.0404 4660 C:\Windows\System32\wiatrace.dll - ok
18:46:41.0414 4660 [ 0C0195C48B6B8582FA6F6373032118DA ] C:\Users\Don\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys
18:46:41.0414 4660 C:\Users\Don\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys - ok
18:46:41.0414 4660 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
18:46:41.0414 4660 C:\Windows\System32\trkwks.dll - ok
18:46:41.0414 4660 [ 98F138897EF4246381D197CB81846D62 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:46:41.0414 4660 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
18:46:41.0414 4660 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
18:46:41.0414 4660 C:\Windows\System32\SensApi.dll - ok
18:46:41.0424 4660 [ 893C44082C97F7AED3E7C180FA1F93D8 ] C:\Windows\System32\mpnotify.exe
18:46:41.0424 4660 C:\Windows\System32\mpnotify.exe - ok
18:46:41.0424 4660 [ 80223885B9EB2DACEC4595D88F8345CB ] C:\Windows\System32\BCMLogon.dll
18:46:41.0424 4660 C:\Windows\System32\BCMLogon.dll - ok
18:46:41.0424 4660 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
18:46:41.0424 4660 C:\Windows\System32\aeevts.dll - ok
18:46:41.0424 4660 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
18:46:41.0424 4660 C:\Windows\System32\tcpmon.dll - ok
18:46:41.0434 4660 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
18:46:41.0434 4660 C:\Windows\System32\snmpapi.dll - ok
18:46:41.0434 4660 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
18:46:41.0434 4660 C:\Windows\System32\wsnmp32.dll - ok
18:46:41.0434 4660 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
18:46:41.0434 4660 C:\Windows\System32\usbmon.dll - ok
18:46:41.0434 4660 [ 57B736E990BA15568FAFAE9262C0AE6B ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
18:46:41.0434 4660 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
18:46:41.0444 4660 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
18:46:41.0444 4660 C:\Windows\System32\ntdsapi.dll - ok
18:46:41.0444 4660 [ 63DCDFFCBB7E41540F4D64CCED66536B ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
18:46:41.0444 4660 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
18:46:41.0444 4660 [ A1CF0ED4315C7EBFF0B8E86C36B86FE6 ] C:\ProgramData\Microsoft\IdentityCRL\production\wlidui.dll
18:46:41.0444 4660 C:\ProgramData\Microsoft\IdentityCRL\production\wlidui.dll - ok
18:46:41.0444 4660 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
18:46:41.0444 4660 C:\Windows\System32\drivers\srv2.sys - ok
18:46:41.0454 4660 [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
18:46:41.0454 4660 C:\Windows\System32\msxml3.dll - ok
18:46:41.0454 4660 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
18:46:41.0454 4660 C:\Windows\System32\drivers\srv.sys - ok
18:46:41.0454 4660 [ 57AC86AC664CC774C861DAB2B1D1E978 ] C:\Windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\ATL90.dll
18:46:41.0454 4660 C:\Windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\ATL90.dll - ok
18:46:41.0454 4660 [ 9682D5B9D9309377C1A7E08C3E6B7B3D ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6be6efa1e2ffc9d46e99839edac5c5a8\System.ni.dll
18:46:41.0454 4660 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6be6efa1e2ffc9d46e99839edac5c5a8\System.ni.dll - ok
18:46:41.0464 4660 [ 8965A4CAA8E006F5F32D084CABD3679E ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\ad25afb3a0820b92f311d6897df82e5f\System.Runtime.Remoting.ni.dll
18:46:41.0464 4660 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\ad25afb3a0820b92f311d6897df82e5f\System.Runtime.Remoting.ni.dll - ok
18:46:41.0464 4660 [ 0181B4C10F409299E0D8EE130EF87353 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\c54fc0cac648a174c5e35bd6589c9390\System.Management.ni.dll
18:46:41.0464 4660 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\c54fc0cac648a174c5e35bd6589c9390\System.Management.ni.dll - ok
18:46:41.0464 4660 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
18:46:41.0464 4660 C:\Windows\System32\wbem\WMIsvc.dll - ok
18:46:41.0464 4660 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
18:46:41.0464 4660 C:\Windows\System32\fdPnp.dll - ok
18:46:41.0474 4660 [ C30A50449EA4B611484A5F1F1F016774 ] C:\Windows\System32\spool\prtprocs\x64\HPZPPLHN.DLL
18:46:41.0474 4660 C:\Windows\System32\spool\prtprocs\x64\HPZPPLHN.DLL - ok
18:46:41.0474 4660 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
18:46:41.0474 4660 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
18:46:41.0474 4660 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
18:46:41.0474 4660 C:\Windows\System32\WSDMon.dll - ok
18:46:41.0474 4660 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
18:46:41.0474 4660 C:\Windows\System32\inetpp.dll - ok
18:46:41.0484 4660 [ 0353B239C28B0E9EBC7FA3D1F6181661 ] C:\Windows\System32\win32spl.dll
18:46:41.0484 4660 C:\Windows\System32\win32spl.dll - ok
18:46:41.0484 4660 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
18:46:41.0484 4660 C:\Windows\System32\cscapi.dll - ok
18:46:41.0484 4660 [ FDC385A0F7D7DD880C4622D1DF08ABE9 ] C:\Windows\System32\ntprint.dll
18:46:41.0484 4660 C:\Windows\System32\ntprint.dll - ok
18:46:41.0484 4660 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
18:46:41.0484 4660 C:\Windows\System32\wbemcomn.dll - ok
18:46:41.0494 4660 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
18:46:41.0494 4660 C:\Windows\System32\iphlpsvc.dll - ok
18:46:41.0494 4660 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
18:46:41.0494 4660 C:\Windows\System32\sqmapi.dll - ok
18:46:41.0494 4660 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
18:46:41.0494 4660 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
18:46:41.0494 4660 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
18:46:41.0494 4660 C:\Windows\System32\srvsvc.dll - ok
18:46:41.0504 4660 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
18:46:41.0504 4660 C:\Windows\System32\wdscore.dll - ok
18:46:41.0504 4660 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
18:46:41.0504 4660 C:\Windows\System32\browser.dll - ok
18:46:41.0504 4660 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
18:46:41.0504 4660 C:\Windows\System32\hnetcfg.dll - ok
18:46:41.0504 4660 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
18:46:41.0504 4660 C:\Windows\System32\netmsg.dll - ok
18:46:41.0514 4660 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
18:46:41.0514 4660 C:\Windows\System32\sscore.dll - ok
18:46:41.0514 4660 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
18:46:41.0514 4660 C:\Windows\System32\wbem\WinMgmtR.dll - ok
18:46:41.0514 4660 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
18:46:41.0514 4660 C:\Windows\System32\clusapi.dll - ok
18:46:41.0514 4660 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
18:46:41.0514 4660 C:\Windows\System32\resutils.dll - ok
18:46:41.0524 4660 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
18:46:41.0524 4660 C:\Windows\System32\nci.dll - ok
18:46:41.0524 4660 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
18:46:41.0524 4660 C:\Windows\System32\wbem\wbemprox.dll - ok
18:46:41.0524 4660 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
18:46:41.0524 4660 C:\Windows\System32\wbem\wbemcore.dll - ok
18:46:41.0524 4660 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
18:46:41.0524 4660 C:\Windows\System32\wbem\esscli.dll - ok
18:46:41.0524 4660 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
18:46:41.0524 4660 C:\Windows\System32\wbem\fastprox.dll - ok
18:46:41.0534 4660 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
18:46:41.0534 4660 C:\Windows\System32\wbem\wbemsvc.dll - ok
18:46:41.0534 4660 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
18:46:41.0534 4660 C:\Windows\System32\wbem\wmiutils.dll - ok
18:46:41.0534 4660 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
18:46:41.0534 4660 C:\Windows\System32\wbem\repdrvfs.dll - ok
18:46:41.0534 4660 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
18:46:41.0534 4660 C:\Windows\System32\dllhost.exe - ok
18:46:41.0544 4660 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
18:46:41.0544 4660 C:\Windows\System32\IDStore.dll - ok
18:46:41.0544 4660 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
18:46:41.0544 4660 C:\Windows\System32\actxprxy.dll - ok
18:46:41.0544 4660 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
18:46:41.0544 4660 C:\Windows\System32\ntshrui.dll - ok
18:46:41.0544 4660 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] C:\Windows\System32\drivers\bcm42rly.sys
18:46:41.0544 4660 C:\Windows\System32\drivers\bcm42rly.sys - ok
18:46:41.0554 4660 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
18:46:41.0554 4660 C:\Windows\System32\hidserv.dll - ok
18:46:41.0554 4660 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
18:46:41.0554 4660 C:\Windows\System32\npmproxy.dll - ok
18:46:41.0554 4660 [ 639774C9ACD063F028F6084ABF5593AD ] C:\Windows\System32\taskhost.exe
18:46:41.0554 4660 C:\Windows\System32\taskhost.exe - ok
18:46:41.0554 4660 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
18:46:41.0554 4660 C:\Windows\System32\wpdbusenum.dll - ok
18:46:41.0564 4660 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
18:46:41.0564 4660 C:\Windows\System32\SearchIndexer.exe - ok
18:46:41.0564 4660 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
18:46:41.0564 4660 C:\Windows\SysWOW64\winsta.dll - ok
18:46:41.0564 4660 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
18:46:41.0564 4660 C:\Windows\System32\PlaySndSrv.dll - ok
18:46:41.0564 4660 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
18:46:41.0564 4660 C:\Windows\SysWOW64\userenv.dll - ok
18:46:41.0574 4660 [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
18:46:41.0574 4660 C:\Windows\System32\taskeng.exe - ok
18:46:41.0574 4660 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
18:46:41.0574 4660 C:\Windows\System32\HotStartUserAgent.dll - ok
18:46:41.0574 4660 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
18:46:41.0574 4660 C:\Windows\System32\MsCtfMonitor.dll - ok
18:46:41.0574 4660 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
18:46:41.0574 4660 C:\Windows\System32\msutb.dll - ok
18:46:41.0574 4660 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
18:46:41.0574 4660 C:\Windows\System32\tquery.dll - ok
18:46:41.0584 4660 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
18:46:41.0584 4660 C:\Windows\System32\AtBroker.exe - ok
18:46:41.0584 4660 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
18:46:41.0584 4660 C:\Windows\System32\userinit.exe - ok
18:46:41.0584 4660 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
18:46:41.0584 4660 C:\Windows\System32\TSChannel.dll - ok
18:46:41.0584 4660 [ 143A396C5A8A4288787AC4628D70C0AC ] C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
18:46:41.0584 4660 C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe - ok
18:46:41.0594 4660 [ D4BC6895C5B75F75982E9FD90877018C ] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
18:46:41.0594 4660 C:\Program Files (x86)\MSI Afterburner\RTMUI.dll - ok
18:46:41.0594 4660 [ 69A62EACB43F96C71ACBE49D17F670A0 ] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
18:46:41.0594 4660 C:\Program Files (x86)\MSI Afterburner\RTFC.dll - ok
18:46:41.0594 4660 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
18:46:41.0594 4660 C:\Windows\SysWOW64\version.dll - ok
18:46:41.0594 4660 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:46:41.0594 4660 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
18:46:41.0604 4660 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
18:46:41.0604 4660 C:\Windows\explorer.exe - ok
18:46:41.0604 4660 [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files (x86)\Google\Update\1.3.21.135\goopdate.dll
18:46:41.0604 4660 C:\Program Files (x86)\Google\Update\1.3.21.135\goopdate.dll - ok
18:46:41.0604 4660 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
18:46:41.0604 4660 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
18:46:41.0604 4660 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
18:46:41.0604 4660 C:\Windows\SysWOW64\winnsi.dll - ok
18:46:41.0614 4660 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
18:46:41.0614 4660 C:\Windows\SysWOW64\netapi32.dll - ok
18:46:41.0614 4660 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
18:46:41.0614 4660 C:\Windows\SysWOW64\netutils.dll - ok
18:46:41.0614 4660 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
18:46:41.0614 4660 C:\Windows\SysWOW64\srvcli.dll - ok
18:46:41.0614 4660 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
18:46:41.0614 4660 C:\Windows\SysWOW64\wkscli.dll - ok
18:46:41.0624 4660 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
18:46:41.0624 4660 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
18:46:41.0624 4660 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
18:46:41.0624 4660 C:\Windows\SysWOW64\imagehlp.dll - ok
18:46:41.0624 4660 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
18:46:41.0624 4660 C:\Windows\SysWOW64\msi.dll - ok
18:46:41.0624 4660 [ 7FA3A810F383588D46220967DE8B64FF ] C:\Windows\SysWOW64\wininet.dll
18:46:41.0624 4660 C:\Windows\SysWOW64\wininet.dll - ok
18:46:41.0634 4660 [ 780E80E5502015EDAEC91DC0A0C96A79 ] C:\Windows\SysWOW64\iertutil.dll
18:46:41.0634 4660 C:\Windows\SysWOW64\iertutil.dll - ok
18:46:41.0634 4660 [ 4266A3230981DD4434C55957F6DD497D ] C:\Windows\SysWOW64\urlmon.dll
18:46:41.0634 4660 C:\Windows\SysWOW64\urlmon.dll - ok
18:46:41.0634 4660 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
18:46:41.0634 4660 C:\Windows\SysWOW64\cscapi.dll - ok
18:46:41.0634 4660 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
18:46:41.0634 4660 C:\Windows\SysWOW64\ntmarta.dll - ok
18:46:41.0644 4660 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
18:46:41.0644 4660 C:\Windows\SysWOW64\Wldap32.dll - ok
18:46:41.0644 4660 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
18:46:41.0644 4660 C:\Windows\SysWOW64\dbghelp.dll - ok
18:46:41.0644 4660 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
18:46:41.0644 4660 C:\Windows\SysWOW64\apphelp.dll - ok
18:46:41.0644 4660 [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
18:46:41.0644 4660 C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
18:46:41.0654 4660 [ B676429E44F2F8ACC3BAE7C89F46B212 ] C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
18:46:41.0654 4660 C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe - ok
18:46:41.0654 4660 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
18:46:41.0654 4660 C:\Windows\System32\dbghelp.dll - ok
18:46:41.0654 4660 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll
18:46:41.0654 4660 C:\Windows\SysWOW64\mstask.dll - ok
18:46:41.0654 4660 [ 499147F015E87AC2C2EBAA368F6BFE96 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
18:46:41.0654 4660 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
18:46:41.0664 4660 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
18:46:41.0664 4660 C:\Windows\System32\perftrack.dll - ok
18:46:41.0664 4660 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
18:46:41.0664 4660 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
18:46:41.0664 4660 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
18:46:41.0664 4660 C:\Windows\System32\ncobjapi.dll - ok
18:46:41.0664 4660 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
18:46:41.0664 4660 C:\Windows\System32\wbem\wbemess.dll - ok
18:46:41.0674 4660 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
18:46:41.0674 4660 C:\Windows\System32\PortableDeviceApi.dll - ok
18:46:41.0674 4660 [ DDA4CAF29D8C0A297F886BFE561E6659 ] C:\Windows\System32\drivers\WUDFRd.sys
18:46:41.0674 4660 C:\Windows\System32\drivers\WUDFRd.sys - ok
18:46:41.0674 4660 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
18:46:41.0674 4660 C:\Windows\System32\dwm.exe - ok
18:46:41.0674 4660 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
18:46:41.0674 4660 C:\Windows\System32\dwmredir.dll - ok
18:46:41.0684 4660 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
18:46:41.0684 4660 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
18:46:41.0684 4660 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
18:46:41.0684 4660 C:\Windows\System32\dimsjob.dll - ok
18:46:41.0684 4660 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
18:46:41.0684 4660 C:\Windows\System32\dwmcore.dll - ok
18:46:41.0684 4660 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
18:46:41.0684 4660 C:\Windows\System32\pautoenr.dll - ok
18:46:41.0694 4660 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
18:46:41.0694 4660 C:\Windows\System32\certcli.dll - ok
18:46:41.0694 4660 [ 8ABFE00F213F2571498F1B8FD7939A98 ] C:\Windows\System32\WUDFHost.exe
18:46:41.0694 4660 C:\Windows\System32\WUDFHost.exe - ok
18:46:41.0694 4660 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
18:46:41.0694 4660 C:\Windows\System32\CertEnroll.dll - ok
18:46:41.0694 4660 [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll
18:46:41.0694 4660 C:\Windows\System32\d3d10_1.dll - ok
18:46:41.0704 4660 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll
18:46:41.0704 4660 C:\Windows\System32\d3d10_1core.dll - ok
18:46:41.0704 4660 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll
18:46:41.0704 4660 C:\Windows\System32\dxgi.dll - ok
18:46:41.0704 4660 [ 51693F0F5A5F150ADE69F9BE7FA94D8C ] C:\Windows\System32\nvwgf2umx.dll
18:46:41.0704 4660 C:\Windows\System32\nvwgf2umx.dll - ok
18:46:41.0704 4660 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
18:46:41.0704 4660 C:\Windows\System32\uDWM.dll - ok
18:46:41.0714 4660 [ 25AE683DCB4AE7E6F1B193A0CB9DB35F ] C:\Windows\System32\WUDFx.dll
18:46:41.0714 4660 C:\Windows\System32\WUDFx.dll - ok
18:46:41.0714 4660 [ 91D6F0AB79AA36FFB932157865206F35 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
18:46:41.0714 4660 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
18:46:41.0714 4660 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
18:46:41.0714 4660 C:\Windows\System32\mssrch.dll - ok
18:46:41.0714 4660 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
18:46:41.0714 4660 C:\Windows\System32\esent.dll - ok
18:46:41.0714 4660 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
18:46:41.0714 4660 C:\Windows\System32\msidle.dll - ok
18:46:41.0724 4660 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
18:46:41.0724 4660 C:\Windows\System32\mssprxy.dll - ok
18:46:41.0724 4660 [ 6D137963730144698CBD10F202E9F251 ] C:\Windows\System32\wersvc.dll
18:46:41.0724 4660 C:\Windows\System32\wersvc.dll - ok
18:46:41.0724 4660 [ 990EA3103E06D68CE0E755A9C3D70107 ] C:\Windows\System32\dbgeng.dll
18:46:41.0724 4660 C:\Windows\System32\dbgeng.dll - ok
18:46:41.0724 4660 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
18:46:41.0724 4660 C:\Windows\System32\en-US\tquery.dll.mui - ok
18:46:41.0734 4660 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
18:46:41.0734 4660 C:\Windows\System32\NapiNSP.dll - ok
18:46:41.0734 4660 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
18:46:41.0734 4660 C:\Windows\System32\pnrpnsp.dll - ok
18:46:41.0734 4660 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
18:46:41.0734 4660 C:\Windows\System32\winrnr.dll - ok
18:46:41.0734 4660 [ A5E4B3FF51CF5B7926D9651908FEB666 ] C:\Program Files\Microsoft Security Client\DbgHelp.dll
18:46:41.0734 4660 C:\Program Files\Microsoft Security Client\DbgHelp.dll - ok
18:46:41.0744 4660 [ 0E7045E24F78351E021D3C01566DBBA3 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
18:46:41.0744 4660 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
18:46:41.0744 4660 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
18:46:41.0744 4660 C:\Windows\System32\aelupsvc.dll - ok
18:46:41.0744 4660 [ 5B8580B819BE32EEC18CE1FEC52A4BCE ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
18:46:41.0744 4660 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
18:46:41.0744 4660 [ 426701A2483D01948084AEB6C6664B09 ] C:\Program Files\Microsoft Security Client\MpCommu.dll
18:46:41.0744 4660 C:\Program Files\Microsoft Security Client\MpCommu.dll - ok
18:46:41.0754 4660 [ 43301EBACDAFBE5D235D904E452818A4 ] C:\Program Files\Microsoft Security Client\mpevmsg.dll
18:46:41.0754 4660 C:\Program Files\Microsoft Security Client\mpevmsg.dll - ok
18:46:41.0754 4660 [ 675E24B7C24E326264EDC1F28BB432EF ] C:\Program Files\Microsoft Security Client\MpOAv.dll
18:46:41.0754 4660 C:\Program Files\Microsoft Security Client\MpOAv.dll - ok
18:46:41.0754 4660 [ BF62F3BC1BE0700804EC394BB77F02C4 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
18:46:41.0754 4660 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
18:46:41.0764 4660 [ F6B99313B00D16B1EB48135BD59AEDBB ] C:\Program Files\Microsoft Security Client\MSESysprep.dll
18:46:41.0764 4660 C:\Program Files\Microsoft Security Client\MSESysprep.dll - ok
18:46:41.0764 4660 [ 92770FD9F2F2748EBA6594DF947B4D2F ] C:\Program Files\Microsoft Security Client\MsMpCom.dll
18:46:41.0764 4660 C:\Program Files\Microsoft Security Client\MsMpCom.dll - ok
18:46:41.0764 4660 [ FF7E814CBFEC3C27922C13BB94667416 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
18:46:41.0764 4660 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
18:46:41.0764 4660 [ DC5B5D3A1BF59A74ECA9C2EBB34574BE ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
18:46:41.0764 4660 C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
18:46:41.0774 4660 [ DC6612A9EE015A36BA2A27BC9CC12537 ] C:\Windows\SysWOW64\mfc42.dll
18:46:41.0774 4660 C:\Windows\SysWOW64\mfc42.dll - ok
18:46:41.0774 4660 [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\SysWOW64\odbc32.dll
18:46:41.0774 4660 C:\Windows\SysWOW64\odbc32.dll - ok
18:46:41.0774 4660 [ 590F12A4B2A734FD331D5AEC4BFFAFBC ] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
18:46:41.0774 4660 C:\Program Files (x86)\MSI Afterburner\RTCore.dll - ok
18:46:41.0774 4660 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
18:46:41.0774 4660 C:\Windows\SysWOW64\setupapi.dll - ok
18:46:41.0774 4660 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
18:46:41.0774 4660 C:\Windows\System32\diagperf.dll - ok
18:46:41.0784 4660 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
18:46:41.0784 4660 C:\Windows\SysWOW64\cfgmgr32.dll - ok
18:46:41.0784 4660 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
18:46:41.0784 4660 C:\Windows\SysWOW64\devobj.dll - ok
18:46:41.0784 4660 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
18:46:41.0784 4660 C:\Windows\SysWOW64\psapi.dll - ok
18:46:41.0784 4660 [ A06787C5FFE0CA690AE7AF0FB6A8A642 ] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
18:46:41.0784 4660 C:\Program Files (x86)\MSI Afterburner\RTUI.dll - ok
18:46:41.0794 4660 [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\SysWOW64\ncrypt.dll
18:46:41.0794 4660 C:\Windows\SysWOW64\ncrypt.dll - ok
18:46:41.0794 4660 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
18:46:41.0794 4660 C:\Windows\SysWOW64\winmm.dll - ok
18:46:41.0794 4660 [ 00CBA73A68374F2125AE0E9CAAF90291 ] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
18:46:41.0794 4660 C:\Program Files (x86)\MSI Afterburner\RTHAL.dll - ok
18:46:41.0794 4660 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
18:46:41.0794 4660 C:\Windows\SysWOW64\bcrypt.dll - ok
18:46:41.0804 4660 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
18:46:41.0804 4660 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
18:46:41.0804 4660 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll
18:46:41.0804 4660 C:\Windows\SysWOW64\odbcint.dll - ok
18:46:41.0804 4660 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
18:46:41.0804 4660 C:\Windows\System32\ExplorerFrame.dll - ok
18:46:41.0804 4660 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
18:46:41.0804 4660 C:\Windows\SysWOW64\gpapi.dll - ok
18:46:41.0814 4660 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
18:46:41.0814 4660 C:\Windows\SysWOW64\cryptnet.dll - ok
18:46:41.0814 4660 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
18:46:41.0814 4660 C:\Windows\System32\EhStorShell.dll - ok
18:46:41.0814 4660 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
18:46:41.0814 4660 C:\Windows\System32\IconCodecService.dll - ok
18:46:41.0814 4660 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
18:46:41.0814 4660 C:\Windows\System32\appinfo.dll - ok
18:46:41.0824 4660 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
18:46:41.0824 4660 C:\Windows\System32\runonce.exe - ok
18:46:41.0824 4660 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
18:46:41.0824 4660 C:\Windows\SysWOW64\runonce.exe - ok
18:46:41.0824 4660 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
18:46:41.0824 4660 C:\Windows\SysWOW64\uxtheme.dll - ok
18:46:41.0824 4660 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
18:46:41.0824 4660 C:\Windows\SysWOW64\propsys.dll - ok
18:46:41.0834 4660 [ A113AFEED3159A1ED52D78CB0226006D ] C:\Windows\SysWOW64\secur32.dll
18:46:41.0834 4660 C:\Windows\SysWOW64\secur32.dll - ok
18:46:41.0834 4660 [ 0DC6669BC2B552C0ECC905B6B761F508 ] C:\Program Files\Microsoft Security Client\msseces.exe
18:46:41.0834 4660 C:\Program Files\Microsoft Security Client\msseces.exe - ok
18:46:41.0834 4660 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
18:46:41.0834 4660 C:\Windows\SysWOW64\cmd.exe - ok
18:46:41.0834 4660 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
18:46:41.0834 4660 C:\Windows\SysWOW64\winbrand.dll - ok
18:46:41.0844 4660 [ 5466DCAEF5A648E04D1B6580F2C901B5 ] C:\Windows\SysWOW64\ieframe.dll
18:46:41.0844 4660 C:\Windows\SysWOW64\ieframe.dll - ok
18:46:41.0844 4660 [ 9864D52F15AD32094A636C6B5281D9E7 ] C:\Windows\System32\WMVCORE.DLL
18:46:41.0844 4660 C:\Windows\System32\WMVCORE.DLL - ok
18:46:41.0844 4660 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
18:46:41.0844 4660 C:\Windows\SysWOW64\oleacc.dll - ok
18:46:41.0844 4660 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
18:46:41.0844 4660 C:\Windows\SysWOW64\shdocvw.dll - ok
18:46:41.0854 4660 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Don\AppData\Local\Temp\0B03A00E-90D1-4360-9AB7-45EFDB8FD5D3.exe
18:46:41.0854 4660 C:\Users\Don\AppData\Local\Temp\0B03A00E-90D1-4360-9AB7-45EFDB8FD5D3.exe - ok
18:46:41.0854 4660 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
18:46:41.0854 4660 C:\Windows\SysWOW64\dwmapi.dll - ok
18:46:41.0854 4660 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll
18:46:41.0854 4660 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
18:46:41.0854 4660 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
18:46:41.0854 4660 C:\Windows\SysWOW64\EhStorShell.dll - ok
18:46:41.0864 4660 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
18:46:41.0864 4660 C:\Windows\SysWOW64\ntshrui.dll - ok
18:46:41.0864 4660 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
18:46:41.0864 4660 C:\Windows\SysWOW64\slc.dll - ok
18:46:41.0864 4660 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
18:46:41.0864 4660 C:\Windows\SysWOW64\imageres.dll - ok
18:46:41.0864 4660 [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\SysWOW64\IconCodecService.dll
18:46:41.0864 4660 C:\Windows\SysWOW64\IconCodecService.dll - ok
18:46:41.0874 4660 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
18:46:41.0874 4660 C:\Windows\System32\Apphlpdm.dll - ok
18:46:41.0874 4660 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
18:46:41.0874 4660 C:\Windows\System32\pnpts.dll - ok
18:46:41.0874 4660 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
18:46:41.0874 4660 C:\Windows\System32\radardt.dll - ok
18:46:41.0874 4660 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
18:46:41.0874 4660 C:\Windows\System32\wdiasqmmodule.dll - ok
18:46:41.0884 4660 [ 959038BD4BC8BC141F109E406BDE4467 ] C:\Windows\System32\MsiCofire.dll
18:46:41.0884 4660 C:\Windows\System32\MsiCofire.dll - ok
18:46:41.0884 4660 [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll
18:46:41.0884 4660 C:\Windows\System32\tdh.dll - ok
18:46:41.0884 4660 [ DD3255BB8D7773D005D4918E42E7868E ] C:\Program Files\Microsoft Security Client\msseoobe.exe
18:46:41.0884 4660 C:\Program Files\Microsoft Security Client\msseoobe.exe - ok
18:46:41.0884 4660 [ A62B56F7FE7DD8A123CC0123272E75F6 ] C:\Program Files\Microsoft Security Client\msseooberes.dll
18:46:41.0884 4660 C:\Program Files\Microsoft Security Client\msseooberes.dll - ok
18:46:41.0894 4660 [ CA9E3BD4752FA2C084F5CD35FD8D0025 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
18:46:41.0894 4660 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
18:46:41.0894 4660 [ 12FD09889C8A6141C8D10F7AE48BBAC8 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
18:46:41.0894 4660 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
18:46:41.0894 4660 [ 132045285DCC8654C14F1CFB4A8DCDA1 ] C:\Program Files\Microsoft Security Client\NisLog.dll
18:46:41.0894 4660 C:\Program Files\Microsoft Security Client\NisLog.dll - ok
18:46:41.0894 4660 [ 79E80B10FE8F6662E0C9162A68C43444 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
18:46:41.0894 4660 C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
18:46:41.0904 4660 [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe
18:46:41.0904 4660 C:\Windows\System32\SearchProtocolHost.exe - ok
18:46:41.0904 4660 [ 6EFE5629CF4C07CE61B887131535300F ] C:\Program Files\Microsoft Security Client\NisWFP.dll
18:46:41.0904 4660 C:\Program Files\Microsoft Security Client\NisWFP.dll - ok
18:46:41.0904 4660 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
18:46:41.0904 4660 C:\Windows\System32\msshooks.dll - ok
18:46:41.0904 4660 [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
18:46:41.0904 4660 C:\Windows\System32\SearchFilterHost.exe - ok
18:46:41.0914 4660 [ 6A6AA5A6563182E9DF1F20C4FA357663 ] C:\Program Files\Microsoft Security Client\Setup.exe
18:46:41.0914 4660 C:\Program Files\Microsoft Security Client\Setup.exe - ok
18:46:41.0914 4660 [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll
18:46:41.0914 4660 C:\Windows\System32\mssph.dll - ok
18:46:41.0914 4660 [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
18:46:41.0914 4660 C:\Windows\System32\mapi32.dll - ok
18:46:41.0914 4660 [ BD1BE32D324E3C4FD7981555307FCEDD ] C:\Program Files\Microsoft Security Client\SetupRes.dll
18:46:41.0914 4660 C:\Program Files\Microsoft Security Client\SetupRes.dll - ok
18:46:41.0924 4660 [ DBC01686ED79C13F2F6F842E825B4F04 ] C:\Program Files\Microsoft Security Client\shellext.dll
18:46:41.0924 4660 C:\Program Files\Microsoft Security Client\shellext.dll - ok
18:46:41.0924 4660 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft Security Client\sqmapi.dll
18:46:41.0924 4660 C:\Program Files\Microsoft Security Client\sqmapi.dll - ok
18:46:41.0924 4660 [ 65FB3391EB26F5AC647FC40501D8E21D ] C:\Program Files\Microsoft Security Client\SymSrv.dll
18:46:41.0924 4660 C:\Program Files\Microsoft Security Client\SymSrv.dll - ok
18:46:41.0924 4660 [ 5F10310A5A9273475AA04930DFE16742 ] C:\Program Files\Microsoft Security Client\Backup\EppManifest.dll
18:46:41.0924 4660 C:\Program Files\Microsoft Security Client\Backup\EppManifest.dll - ok
18:46:41.0934 4660 [ BD1BE32D324E3C4FD7981555307FCEDD ] C:\Program Files\Microsoft Security Client\Backup\setupres.dll
18:46:41.0934 4660 C:\Program Files\Microsoft Security Client\Backup\setupres.dll - ok
18:46:41.0934 4660 [ 2E887E52E45BBA3C47CCD0E75FC5266F ] C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
18:46:41.0934 4660 C:\Program Files (x86)\MSI Afterburner\RTCore64.sys - ok
18:46:41.0934 4660 [ A9035C4CA57ACB80419ED878FE1EB161 ] C:\Windows\System32\offfilt.dll
18:46:41.0934 4660 C:\Windows\System32\offfilt.dll - ok
18:46:41.0934 4660 [ 2C6F0D613854AFF4AD329C665028CB3C ] C:\Windows\SysWOW64\nvd3dum.dll
18:46:41.0934 4660 C:\Windows\SysWOW64\nvd3dum.dll - ok
18:46:41.0944 4660 [ 25A1C8A085A08C99F41FBA9A3EA9BE6B ] C:\Windows\SysWOW64\nvapi.dll
18:46:41.0944 4660 C:\Windows\SysWOW64\nvapi.dll - ok
18:46:41.0944 4660 [ AACC48FE239F0DF126DA2F28930A5B83 ] C:\Windows\System32\WMASF.DLL
18:46:41.0944 4660 C:\Windows\System32\WMASF.DLL - ok
18:46:41.0944 4660 [ 389CA818132C1D7DCF0C791E8D9035DE ] C:\Windows\System32\PortableDeviceClassExtension.dll
18:46:41.0944 4660 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
18:46:41.0944 4660 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
18:46:41.0944 4660 C:\Windows\System32\PortableDeviceTypes.dll - ok
18:46:41.0954 4660 [ 6A6AA5A6563182E9DF1F20C4FA357663 ] C:\Program Files\Microsoft Security Client\Backup\amd64\setup.exe
18:46:41.0954 4660 C:\Program Files\Microsoft Security Client\Backup\amd64\setup.exe - ok
18:46:41.0954 4660 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft Security Client\Backup\amd64\sqmapi.dll
18:46:41.0954 4660 C:\Program Files\Microsoft Security Client\Backup\amd64\sqmapi.dll - ok
18:46:41.0954 4660 [ 41DF7355A5A907E2C1D7804EC028965D ] C:\Windows\System32\wermgr.exe
18:46:41.0954 4660 C:\Windows\System32\wermgr.exe - ok
18:46:41.0954 4660 [ 0819EF7DB96DAB8AC3DACE567ED1B99E ] C:\Windows\System32\werui.dll
18:46:41.0954 4660 C:\Windows\System32\werui.dll - ok
18:46:41.0964 4660 [ 5234DA3E0E49934DDF6B8FE52F6F2672 ] C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
18:46:41.0964 4660 C:\Program Files (x86)\MSI Afterburner\RTTSH.dll - ok
18:46:41.0964 4660 [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\SysWOW64\taskschd.dll
18:46:41.0964 4660 C:\Windows\SysWOW64\taskschd.dll - ok
18:46:41.0964 4660 [ E5E54B7528E83E055D9F6F409F0D5C7A ] C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\PantechUTM.exe
18:46:41.0964 4660 C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\PantechUTM.exe - ok
18:46:41.0964 4660 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
18:46:41.0964 4660 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
18:46:41.0974 4660 [ 5FEAB868CAEDBBD1B7A145CA8261E4AA ] C:\Windows\SysWOW64\WerFault.exe
18:46:41.0974 4660 C:\Windows\SysWOW64\WerFault.exe - ok
18:46:41.0974 4660 [ 1E8D06AAE74FED674C1156B3FEA911C2 ] C:\Windows\SysWOW64\Faultrep.dll
18:46:41.0974 4660 C:\Windows\SysWOW64\Faultrep.dll - ok
18:46:41.0974 4660 [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\SysWOW64\wer.dll
18:46:41.0974 4660 C:\Windows\SysWOW64\wer.dll - ok
18:46:41.0974 4660 [ 8E8C92DD50F6B34907813AFDC0C8F7DD ] C:\Windows\SysWOW64\dbgeng.dll
18:46:41.0974 4660 C:\Windows\SysWOW64\dbgeng.dll - ok
18:46:41.0984 4660 [ 5DA28DE6B39E781DAEAE2173E0082720 ] C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\Downloader.dll
18:46:41.0984 4660 C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\Downloader.dll - ok
18:46:41.0984 4660 [ 86A846910AD8182169697F3CE75AC6CA ] C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\EjectPantechUTM.exe
18:46:41.0984 4660 C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\EjectPantechUTM.exe - ok
18:46:41.0984 4660 [ 0B8B5502BB148343439E924770CDC91E ] C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\InstallService.exe
18:46:41.0984 4660 C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\InstallService.exe - ok
18:46:41.0984 4660 [ 1CBA4E52039C2CB3698723073B774EDA ] C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\PSTItemloader.dll
18:46:41.0994 4660 C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\PSTItemloader.dll - ok
18:46:41.0994 4660 [ 2A4E90E1A210064F89F8804B41BC7DA9 ] C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\RemoveService.exe
18:46:41.0994 4660 C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\RemoveService.exe - ok
18:46:41.0994 4660 [ A843BFB5D687988110886E41459FA695 ] C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\RunInstallService.exe
18:46:41.0994 4660 C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\RunInstallService.exe - ok
18:46:41.0994 4660 [ A24933BB2FBC26F9C7CFB71379A8DAFC ] C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\Serial.dll
18:46:41.0994 4660 C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\Serial.dll - ok
18:46:42.0004 4660 [ 2A64BD407E869748284FF91A7F3C0465 ] C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\uninstall.exe
18:46:42.0004 4660 C:\Program Files (x86)\PCD\Pantech\EUDL\UTM\uninstall.exe - ok
18:46:42.0004 4660 [ EDF4DEC1041EEAF78A0B1E16C1BB4CC4 ] C:\Windows\System32\fthsvc.dll
18:46:42.0004 4660 C:\Windows\System32\fthsvc.dll - ok
18:46:42.0004 4660 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
18:46:42.0004 4660 C:\Windows\SysWOW64\sfc.dll - ok
18:46:42.0004 4660 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
18:46:42.0004 4660 C:\Windows\SysWOW64\sfc_os.dll - ok
18:46:42.0014 4660 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
18:46:42.0014 4660 C:\Windows\SysWOW64\devrtl.dll - ok
18:46:42.0014 4660 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
18:46:42.0014 4660 C:\Windows\SysWOW64\mpr.dll - ok
18:46:42.0014 4660 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
18:46:42.0014 4660 C:\Windows\System32\ie4uinit.exe - ok
18:46:42.0014 4660 [ C3E98C42EDF7EF237A4BAB91FEAC7426 ] C:\Windows\System32\iedkcs32.dll
18:46:42.0014 4660 C:\Windows\System32\iedkcs32.dll - ok
18:46:42.0024 4660 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
18:46:42.0024 4660 C:\Windows\System32\timedate.cpl - ok
18:46:42.0024 4660 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
18:46:42.0024 4660 C:\Windows\SysWOW64\credssp.dll - ok
18:46:42.0024 4660 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
18:46:42.0024 4660 C:\Windows\SysWOW64\mswsock.dll - ok
18:46:42.0024 4660 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
18:46:42.0024 4660 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
18:46:42.0024 4660 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
18:46:42.0024 4660 C:\Windows\System32\shdocvw.dll - ok
18:46:42.0034 4660 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
18:46:42.0034 4660 C:\Windows\SysWOW64\dnsapi.dll - ok
18:46:42.0034 4660 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
18:46:42.0034 4660 C:\Windows\SysWOW64\wship6.dll - ok
18:46:42.0034 4660 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
18:46:42.0034 4660 C:\Windows\System32\linkinfo.dll - ok
18:46:42.0034 4660 [ 835BFF67EBD89BCE0B13460B2A56C53E ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
18:46:42.0034 4660 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
18:46:42.0044 4660 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
18:46:42.0044 4660 C:\Windows\SysWOW64\rasadhlp.dll - ok
18:46:42.0044 4660 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
18:46:42.0044 4660 C:\Windows\System32\msftedit.dll - ok
18:46:42.0044 4660 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
18:46:42.0044 4660 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
18:46:42.0044 4660 [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
18:46:42.0044 4660 C:\Windows\System32\gameux.dll - ok
18:46:42.0054 4660 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
18:46:42.0054 4660 C:\Windows\System32\msls31.dll - ok
18:46:42.0054 4660 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
18:46:42.0054 4660 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
18:46:42.0054 4660 [ C71E7ABB1A34E56CE73AE117C8DD566F ] C:\Windows\System32\ieframe.dll
18:46:42.0054 4660 C:\Windows\System32\ieframe.dll - ok
18:46:42.0054 4660 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\10142695.sys
18:46:42.0054 4660 C:\Windows\System32\drivers\10142695.sys - ok
18:46:42.0064 4660 [ 981EDD3164829B256E71B5AC8CF12EC3 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:46:42.0064 4660 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - ok
18:46:42.0064 4660 [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
18:46:42.0064 4660 C:\Windows\System32\rundll32.exe - ok
18:46:42.0064 4660 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
18:46:42.0064 4660 C:\Windows\System32\DeviceCenter.dll - ok
18:46:42.0064 4660 [ 1F83CB91A9830038DBE7CD1BA1921205 ] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
18:46:42.0064 4660 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE - ok
18:46:42.0074 4660 [ 14EAAD6A782FF16B05AADACFE05C8D2A ] C:\Windows\System32\LogiLDA.DLL
18:46:42.0074 4660 C:\Windows\System32\LogiLDA.DLL - ok
18:46:42.0074 4660 [ 75F068F830DF1A0FAB8564D5A1927F51 ] C:\Program Files\Logitech\SetPointP\SetPoint.exe
18:46:42.0074 4660 C:\Program Files\Logitech\SetPointP\SetPoint.exe - ok
18:46:42.0074 4660 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
18:46:42.0074 4660 C:\Windows\SysWOW64\riched20.dll - ok
18:46:42.0074 4660 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
18:46:42.0074 4660 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
18:46:42.0084 4660 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
18:46:42.0084 4660 C:\Windows\System32\oledlg.dll - ok
18:46:42.0084 4660 [ 8ABE6D2589A841B40E477B4934D301F2 ] C:\Program Files\Logitech\SetPointP\khalwrapper.dll
18:46:42.0084 4660 C:\Program Files\Logitech\SetPointP\khalwrapper.dll - ok
18:46:42.0084 4660 [ E6D23B95892E0601BF49E7DC0CBA9653 ] C:\Program Files\Logitech\SetPointP\KemUtil.dll
18:46:42.0084 4660 C:\Program Files\Logitech\SetPointP\KemUtil.dll - ok
18:46:42.0084 4660 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
18:46:42.0084 4660 C:\Windows\SysWOW64\duser.dll - ok
18:46:42.0094 4660 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
18:46:42.0094 4660 C:\Windows\System32\networkexplorer.dll - ok
18:46:42.0094 4660 [ 39ADDDE1544A1158A47A77A908EB4B10 ] C:\Program Files\Logitech\SetPointP\KemXML.dll
18:46:42.0094 4660 C:\Program Files\Logitech\SetPointP\KemXML.dll - ok
18:46:42.0094 4660 [ 28DDCF45E56A6C589914BCD339E761B0 ] C:\Program Files\Logitech\SetPointP\kemutb.dll
18:46:42.0094 4660 C:\Program Files\Logitech\SetPointP\kemutb.dll - ok
18:46:42.0094 4660 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
18:46:42.0094 4660 C:\Windows\SysWOW64\dui70.dll - ok
18:46:42.0104 4660 [ F16BFD98DCEEC14F38D965D831C4B5E8 ] C:\Program Files\Logitech\SetPointP\KemWnd.dll
18:46:42.0104 4660 C:\Program Files\Logitech\SetPointP\KemWnd.dll - ok
18:46:42.0104 4660 [ E8D8EBC03D1F561AD9073519505BEDA5 ] C:\Program Files\Logitech\SetPointP\SetPointCOM.dll
18:46:42.0104 4660 C:\Program Files\Logitech\SetPointP\SetPointCOM.dll - ok
18:46:42.0104 4660 [ 0D34F36983BE81DEF7687C16BD052325 ] C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
18:46:42.0104 4660 C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll - ok
18:46:42.0104 4660 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
18:46:42.0104 4660 C:\Windows\System32\drprov.dll - ok
18:46:42.0114 4660 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
18:46:42.0114 4660 C:\Windows\System32\thumbcache.dll - ok
18:46:42.0114 4660 [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
18:46:42.0114 4660 C:\Windows\System32\ntlanman.dll - ok
18:46:42.0114 4660 [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
18:46:42.0114 4660 C:\Windows\System32\davclnt.dll - ok
18:46:42.0114 4660 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
18:46:42.0114 4660 C:\Windows\System32\davhlpr.dll - ok
18:46:42.0124 4660 [ D39DA5B7139B4B5147B3C6A94978B5AA ] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
18:46:42.0124 4660 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe - ok
18:46:42.0124 4660 [ 379F7C60181066264CA2A86EACAD8CF4 ] C:\Program Files\Logitech\SetPointP\WebBrowserSupport.dll
18:46:42.0124 4660 C:\Program Files\Logitech\SetPointP\WebBrowserSupport.dll - ok
18:46:42.0124 4660 [ E3BF29CED96790CDAAFA981FFDDF53A3 ] C:\Program Files\Windows Sidebar\sidebar.exe
18:46:42.0124 4660 C:\Program Files\Windows Sidebar\sidebar.exe - ok
18:46:42.0124 4660 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
18:46:42.0124 4660 C:\Windows\System32\msiltcfg.dll - ok
18:46:42.0134 4660 [ F5614C4503E9D76D4454E658CF6AC629 ] C:\Program Files\Logitech\SetPointP\Macros\MacroAppSwitch.dll
18:46:42.0134 4660 C:\Program Files\Logitech\SetPointP\Macros\MacroAppSwitch.dll - ok
18:46:42.0134 4660 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
18:46:42.0134 4660 C:\Windows\System32\UIAnimation.dll - ok
18:46:42.0134 4660 [ C098BF3845C738DD4F6F76B55B442D29 ] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
18:46:42.0134 4660 C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe - ok
18:46:42.0134 4660 [ 3181F76ED237CC3D50D10CEA05AF8B60 ] C:\Windows\System32\riched32.dll
18:46:42.0134 4660 C:\Windows\System32\riched32.dll - ok
18:46:42.0144 4660 [ 850BD2D2D9CB5894935C3B6333CAD6FD ] C:\Windows\System32\riched20.dll
18:46:42.0144 4660 C:\Windows\System32\riched20.dll - ok
18:46:42.0144 4660 [ 69F1F46C48424D9122AD89F4D64AE6C7 ] C:\Program Files\Dell\DellDock\DellDock.exe
18:46:42.0144 4660 C:\Program Files\Dell\DellDock\DellDock.exe - ok
18:46:42.0144 4660 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
18:46:42.0144 4660 C:\Windows\System32\stobject.dll - ok
18:46:42.0144 4660 [ 977E714EC5F03437CEDD2A00EF8214AF ] C:\Program Files\Logitech\SetPointP\Macros\MacroMedia.dll
18:46:42.0144 4660 C:\Program Files\Logitech\SetPointP\Macros\MacroMedia.dll - ok
18:46:42.0154 4660 [ 4260CDD7292900C79EF2F360C28100C1 ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
18:46:42.0154 4660 C:\Program Files (x86)\Citrix\ICA Client\concentr.exe - ok
18:46:42.0154 4660 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
18:46:42.0154 4660 C:\Windows\SysWOW64\winspool.drv - ok
18:46:42.0154 4660 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
18:46:42.0154 4660 C:\Windows\System32\batmeter.dll - ok
18:46:42.0154 4660 [ 0F32154980452B85CF05A892D7CE1C33 ] C:\Program Files (x86)\Citrix\ICA Client\ctxmui.dll
18:46:42.0154 4660 C:\Program Files (x86)\Citrix\ICA Client\ctxmui.dll - ok
18:46:42.0164 4660 [ 1F5A26DF97C33CD24A8ED4D4A1FF1348 ] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
18:46:42.0164 4660 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe - ok
18:46:42.0164 4660 [ B83F550A74598436ED3306E285D20B3A ] C:\Program Files\Logitech\SetPointP\Macros\MacroEmail.dll
18:46:42.0164 4660 C:\Program Files\Logitech\SetPointP\Macros\MacroEmail.dll - ok
18:46:42.0164 4660 [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
18:46:42.0164 4660 C:\Windows\System32\dsound.dll - ok
18:46:42.0164 4660 [ 901AA7A38CE13F14B6BBEC38C0595698 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
18:46:42.0164 4660 C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe - ok
18:46:42.0174 4660 [ AA31AE0C3CAC7E36B53F3C29559D7716 ] C:\Program Files\Logitech\SetPointP\KemMon.dll
18:46:42.0174 4660 C:\Program Files\Logitech\SetPointP\KemMon.dll - ok
18:46:42.0174 4660 [ 317EBF206D8FD56352F64E461F6BEEF3 ] C:\Program Files (x86)\Citrix\ICA Client\CCMSDK.dll
18:46:42.0174 4660 C:\Program Files (x86)\Citrix\ICA Client\CCMSDK.dll - ok
18:46:42.0174 4660 [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\SysWOW64\ddraw.dll
18:46:42.0174 4660 C:\Windows\SysWOW64\ddraw.dll - ok
18:46:42.0174 4660 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll
18:46:42.0174 4660 C:\Windows\SysWOW64\mscoree.dll - ok
18:46:42.0184 4660 [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
18:46:42.0184 4660 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
18:46:42.0184 4660 [ 8624742981EEAB4CBDF26977EC37F635 ] C:\Program Files\Common Files\LogiShrd\KHAL3\KHALAPI.dll
18:46:42.0184 4660 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALAPI.dll - ok
18:46:42.0184 4660 [ 1E220A0A6F5FCA76FB8E11EAC4F2B24B ] C:\Windows\System32\RtkCfg64.dll
18:46:42.0184 4660 C:\Windows\System32\RtkCfg64.dll - ok
18:46:42.0184 4660 [ A23F7345E43A96D7DB581D08BBAFFE05 ] C:\Program Files (x86)\Citrix\ICA Client\resource\en\ctxmuiUI.dll
18:46:42.0184 4660 C:\Program Files (x86)\Citrix\ICA Client\resource\en\ctxmuiUI.dll - ok
18:46:42.0194 4660 [ B77081F8221968C7DAB794B0BA55C43E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:46:42.0194 4660 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok
18:46:42.0194 4660 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
18:46:42.0194 4660 C:\Windows\System32\prnfldr.dll - ok
18:46:42.0194 4660 [ A6071FCAC74DB12D8CE03D78D6154D86 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\cd91841321f9942330b6097dcd96dce9\System.Web.ni.dll
18:46:42.0194 4660 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\cd91841321f9942330b6097dcd96dce9\System.Web.ni.dll - ok
18:46:42.0204 4660 [ 9553459D4BFCFB0D2D9B79255202AFB0 ] C:\Program Files (x86)\Citrix\ICA Client\resource\en\concenUI.dll
18:46:42.0204 4660 C:\Program Files (x86)\Citrix\ICA Client\resource\en\concenUI.dll - ok
18:46:42.0204 4660 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
18:46:42.0204 4660 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
18:46:42.0204 4660 [ 0A94DE4AA9864D312E60D747FD249ABE ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
18:46:42.0204 4660 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll - ok
18:46:42.0204 4660 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll
18:46:42.0204 4660 C:\Windows\SysWOW64\dciman32.dll - ok
18:46:42.0214 4660 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
18:46:42.0214 4660 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
18:46:42.0214 4660 [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\SysWOW64\d3d9.dll
18:46:42.0214 4660 C:\Windows\SysWOW64\d3d9.dll - ok
18:46:42.0214 4660 [ 5512238DB69736055565E6F5DE62574A ] C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
18:46:42.0214 4660 C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - ok
18:46:42.0214 4660 [ F1CA2A251E461C53BD7B305F5F44C050 ] C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
18:46:42.0214 4660 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe - ok
18:46:42.0224 4660 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
18:46:42.0224 4660 C:\Windows\SysWOW64\comdlg32.dll - ok
18:46:42.0224 4660 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
18:46:42.0224 4660 C:\Windows\System32\DXP.dll - ok
18:46:42.0224 4660 [ 608CB70D58284D91F541D85C93CBBDDD ] C:\Windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\350847b7d80b46e844d61776a9132fc4\MyDock.Util.ni.dll
18:46:42.0224 4660 C:\Windows\assembly\NativeImages_v2.0.50727_64\MyDock.Util\350847b7d80b46e844d61776a9132fc4\MyDock.Util.ni.dll - ok
18:46:42.0224 4660 [ 8B2946085FE12BA716EB5C4901EC1505 ] C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
18:46:42.0224 4660 C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe - ok
18:46:42.0234 4660 [ EBCBEC2E350BBA711F76BA7FA578D229 ] C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.dll
18:46:42.0234 4660 C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.dll - ok
18:46:42.0234 4660 [ CFF3C4ABDCC5356B0674743BDF0FB674 ] C:\Windows\System32\mshtml.dll
18:46:42.0234 4660 C:\Windows\System32\mshtml.dll - ok
18:46:42.0234 4660 [ C335EC1182AC10B188705554E0BC1186 ] C:\Windows\SysWOW64\msvfw32.dll
18:46:42.0234 4660 C:\Windows\SysWOW64\msvfw32.dll - ok
18:46:42.0234 4660 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
18:46:42.0234 4660 C:\Windows\System32\Syncreg.dll - ok
18:46:42.0244 4660 [ E8FB9829390AAB5DD65DCD06A8D0872B ] C:\Program Files\Common Files\LogiShrd\KHAL3\KHALITCH.dll
18:46:42.0244 4660 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALITCH.dll - ok
18:46:42.0244 4660 [ 4CB25D0504423D7BCCB9C547E253A67F ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
18:46:42.0244 4660 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe - ok
18:46:42.0244 4660 [ 32C26797AB646074A2BB562F9D10ADB5 ] C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
18:46:42.0244 4660 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE - ok
18:46:42.0244 4660 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
18:46:42.0244 4660 C:\Windows\ehome\ehSSO.dll - ok
18:46:42.0254 4660 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
18:46:42.0254 4660 C:\Windows\SysWOW64\oledlg.dll - ok
18:46:42.0254 4660 [ E6318B3E4C465D3E3F97CBB09ADA41F1 ] C:\Program Files (x86)\Citrix\ICA Client\ProgressNotificationCommon.dll
18:46:42.0254 4660 C:\Program Files (x86)\Citrix\ICA Client\ProgressNotificationCommon.dll - ok
18:46:42.0254 4660 [ BA32509D9B340162327B341013DE6522 ] C:\Windows\SysWOW64\tapi32.dll
18:46:42.0254 4660 C:\Windows\SysWOW64\tapi32.dll - ok
18:46:42.0254 4660 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
18:46:42.0254 4660 C:\Windows\System32\netshell.dll - ok
18:46:42.0264 4660 [ 85191F8BBBD2F19DC371B0F56A98405C ] C:\Program Files (x86)\Citrix\ICA Client\wfcwinn.dll
18:46:42.0264 4660 C:\Program Files (x86)\Citrix\ICA Client\wfcwinn.dll - ok
18:46:42.0264 4660 [ 1843E81FA7ACFFF4344A7DD4328D7DA0 ] C:\Program Files (x86)\Microsoft Office\Office12\1033\ONINTL.DLL
18:46:42.0264 4660 C:\Program Files (x86)\Microsoft Office\Office12\1033\ONINTL.DLL - ok
18:46:42.0264 4660 [ EE6658DEB1F7EB4580E82E7A1471C303 ] C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMW.dll
18:46:42.0264 4660 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMW.dll - ok
18:46:42.0264 4660 [ B80B73C036A4144C8AE7131CA4CD8441 ] C:\Program Files (x86)\Citrix\ICA Client\acrdlg.dll
18:46:42.0264 4660 C:\Program Files (x86)\Citrix\ICA Client\acrdlg.dll - ok
18:46:42.0274 4660 [ 706E08D62909FDD048B912497795FE72 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\DellDock\14634512839271adc141906b5e48a9c7\DellDock.ni.exe
18:46:42.0274 4660 C:\Windows\assembly\NativeImages_v2.0.50727_64\DellDock\14634512839271adc141906b5e48a9c7\DellDock.ni.exe - ok
18:46:42.0274 4660 [ 48D31132F0A3A588FFE7B5D0F7FA7D6A ] C:\Program Files (x86)\Citrix\ICA Client\statuin.dll
18:46:42.0274 4660 C:\Program Files (x86)\Citrix\ICA Client\statuin.dll - ok
18:46:42.0274 4660 [ C3A66D74BE87D4840794227F3486364C ] C:\Program Files (x86)\Windows Live\Messenger\uxcore.dll
18:46:42.0274 4660 C:\Program Files (x86)\Windows Live\Messenger\uxcore.dll - ok
18:46:42.0274 4660 [ D2B6D000F901E33C3DED56114AE2CBE4 ] C:\Program Files (x86)\Citrix\ICA Client\confmgr.dll
18:46:42.0274 4660 C:\Program Files (x86)\Citrix\ICA Client\confmgr.dll - ok
18:46:42.0284 4660 [ 380CBF3CF2E05D041D955A06A1B5253C ] C:\Program Files\Common Files\LogiShrd\KHAL3\KHALHPP.dll
18:46:42.0284 4660 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALHPP.dll - ok
18:46:42.0284 4660 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\SysWOW64\d3d8thk.dll
18:46:42.0284 4660 C:\Windows\SysWOW64\d3d8thk.dll - ok
18:46:42.0284 4660 [ 92F935051A2339CC14424BD43F4F5505 ] C:\Program Files (x86)\Citrix\ICA Client\ctxlogging.dll
18:46:42.0284 4660 C:\Program Files (x86)\Citrix\ICA Client\ctxlogging.dll - ok
18:46:42.0284 4660 [ F35A584E947A5B401FEB0FE01DB4A0D7 ] C:\Program Files (x86)\CyberLink\PowerDVD DX\MFC71.dll
18:46:42.0284 4660 C:\Program Files (x86)\CyberLink\PowerDVD DX\MFC71.dll - ok
18:46:42.0294 4660 [ 6DC7580A651B55128DDAE8A687CA8B73 ] C:\Program Files (x86)\Citrix\ICA Client\icafile.dll
18:46:42.0294 4660 C:\Program Files (x86)\Citrix\ICA Client\icafile.dll - ok
18:46:42.0294 4660 [ 5FD202489FEF9555FD3417C51206F0A2 ] C:\Program Files (x86)\Citrix\ICA Client\resource\en\ProgressNotificationCommonUI.dll
18:46:42.0294 4660 C:\Program Files (x86)\Citrix\ICA Client\resource\en\ProgressNotificationCommonUI.dll - ok
18:46:42.0294 4660 [ 508DFBBD0DAAE0FAAA519A8F549B5449 ] C:\Program Files (x86)\Citrix\ICA Client\resource\en\statuiUI.dll
18:46:42.0294 4660 C:\Program Files (x86)\Citrix\ICA Client\resource\en\statuiUI.dll - ok
18:46:42.0294 4660 [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
18:46:42.0294 4660 C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
18:46:42.0304 4660 [ A04D1D1D004F6EF0C0FBAC38EECAA361 ] C:\Program Files (x86)\Citrix\ICA Client\resource\en\wfcrunUI.dll
18:46:42.0304 4660 C:\Program Files (x86)\Citrix\ICA Client\resource\en\wfcrunUI.dll - ok
18:46:42.0304 4660 [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\Windows\SysWOW64\msvcp100.dll
18:46:42.0304 4660 C:\Windows\SysWOW64\msvcp100.dll - ok
18:46:42.0304 4660 [ 3FBC06A7A8854439B691601FA9DD9A47 ] C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMOU.dll
18:46:42.0304 4660 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMOU.dll - ok
18:46:42.0314 4660 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files (x86)\CyberLink\PowerDVD DX\msvcr71.dll
18:46:42.0314 4660 C:\Program Files (x86)\CyberLink\PowerDVD DX\msvcr71.dll - ok
18:46:42.0314 4660 [ BF38660A9125935658CFA3E53FDC7D65 ] C:\Windows\SysWOW64\msvcr100.dll
18:46:42.0314 4660 C:\Windows\SysWOW64\msvcr100.dll - ok
18:46:42.0314 4660 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files (x86)\CyberLink\PowerDVD DX\msvcp71.dll
18:46:42.0314 4660 C:\Program Files (x86)\CyberLink\PowerDVD DX\msvcp71.dll - ok
18:46:42.0314 4660 [ 0F84A96E2B6F96ED0134783C613BF9AD ] C:\Program Files\Common Files\LogiShrd\KHAL3\KHALHID.dll
18:46:42.0314 4660 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALHID.dll - ok
18:46:42.0324 4660 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
18:46:42.0324 4660 C:\Windows\System32\AltTab.dll - ok
18:46:42.0324 4660 [ 2DA48F2C163AB854A7D1041F1209DB8F ] C:\Windows\SysWOW64\ctl3d32.dll
18:46:42.0324 4660 C:\Windows\SysWOW64\ctl3d32.dll - ok
18:46:42.0324 4660 [ 1EA7969E3271CBC59E1730697DC74682 ] C:\Windows\System32\qmgr.dll
18:46:42.0324 4660 C:\Windows\System32\qmgr.dll - ok
18:46:42.0324 4660 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
18:46:42.0324 4660 C:\Windows\System32\ActionCenter.dll - ok
18:46:42.0324 4660 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
18:46:42.0324 4660 C:\Windows\SysWOW64\sxs.dll - ok
18:46:42.0334 4660 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
18:46:42.0334 4660 C:\Windows\SysWOW64\msimg32.dll - ok
18:46:42.0334 4660 [ BAF751E7061FF626AA60F56D1D5D1FDC ] C:\Windows\SysWOW64\MFC71ENU.DLL
18:46:42.0334 4660 C:\Windows\SysWOW64\MFC71ENU.DLL - ok
18:46:42.0334 4660 [ FE673CB3C1D2D7D9B3A2E3DF7DD5B277 ] C:\Program Files (x86)\Windows Live\Messenger\wldcore.dll
18:46:42.0334 4660 C:\Program Files (x86)\Windows Live\Messenger\wldcore.dll - ok
18:46:42.0334 4660 [ F7C58DF005C7C4FB43AFF22AD304CDAF ] C:\Program Files\Common Files\LogiShrd\KHAL3\KHALUSB.dll
18:46:42.0334 4660 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALUSB.dll - ok
18:46:42.0344 4660 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
18:46:42.0344 4660 C:\Windows\SysWOW64\msacm32.dll - ok
18:46:42.0344 4660 [ DEA4CA92F6DC948C881A219D93A7A8A6 ] C:\Program Files (x86)\Windows Live\Messenger\msidcrl40.dll
18:46:42.0344 4660 C:\Program Files (x86)\Windows Live\Messenger\msidcrl40.dll - ok
18:46:42.0344 4660 [ 84B7EB7DEBBB8BAFC83F9CABD9EFF430 ] C:\Program Files (x86)\Citrix\ICA Client\CCMProxy.dll
18:46:42.0344 4660 C:\Program Files (x86)\Citrix\ICA Client\CCMProxy.dll - ok
18:46:42.0344 4660 [ 29409ED7400CA5BCCC30C0EE5147A60D ] C:\Windows\System32\bitsperf.dll
18:46:42.0344 4660 C:\Windows\System32\bitsperf.dll - ok
18:46:42.0354 4660 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
18:46:42.0354 4660 C:\Windows\System32\WPDShServiceObj.dll - ok
18:46:42.0354 4660 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll
18:46:42.0354 4660 C:\Windows\SysWOW64\shfolder.dll - ok
18:46:42.0354 4660 [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll
18:46:42.0354 4660 C:\Windows\System32\bitsigd.dll - ok
18:46:42.0354 4660 [ 1C770610954E0A93C185E310DCA660ED ] C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll
18:46:42.0354 4660 C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\common\CLRCEngine3.dll - ok
18:46:42.0364 4660 [ 2D46787990DEDB1BA27A113003BD2545 ] C:\Program Files\Common Files\LogiShrd\CDDRV3\LDConfig.exe
18:46:42.0364 4660 C:\Program Files\Common Files\LogiShrd\CDDRV3\LDConfig.exe - ok
18:46:42.0364 4660 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
18:46:42.0364 4660 C:\Windows\System32\pnidui.dll - ok
18:46:42.0364 4660 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
18:46:42.0364 4660 C:\Windows\System32\upnp.dll - ok
18:46:42.0374 4660 [ 394C28ED4330BB03D250D1E0B6CFCC40 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\b2621175f72896a78c5570ce23063033\VistaBridgeLibrary.ni.dll
18:46:42.0374 4660 C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\b2621175f72896a78c5570ce23063033\VistaBridgeLibrary.ni.dll - ok
18:46:42.0374 4660 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
18:46:42.0374 4660 C:\Windows\System32\ssdpsrv.dll - ok
18:46:42.0374 4660 [ 12B2026CCE984E5AC2E5E0F39194047C ] C:\Program Files\Logitech\SetPointP\KGame.dll
18:46:42.0374 4660 C:\Program Files\Logitech\SetPointP\KGame.dll - ok
18:46:42.0374 4660 [ 9D401C3FF49BC38325C77D9355E6DFCD ] C:\Program Files (x86)\Windows Live\Messenger\wldlog.dll
18:46:42.0374 4660 C:\Program Files (x86)\Windows Live\Messenger\wldlog.dll - ok
18:46:42.0384 4660 [ 8FA0D236E73DB3F38C9D0D6938EA014D ] C:\Program Files (x86)\Windows Live\Messenger\uxcontacts.dll
18:46:42.0384 4660 C:\Program Files (x86)\Windows Live\Messenger\uxcontacts.dll - ok
18:46:42.0384 4660 [ B2A6389975D563927C9C9353F0F6CB8E ] C:\Windows\assembly\NativeImages_v2.0.50727_64\MenuSkinning\28cb6d6a7e5e2aa37ca2473773d46f90\MenuSkinning.ni.dll
18:46:42.0384 4660 C:\Windows\assembly\NativeImages_v2.0.50727_64\MenuSkinning\28cb6d6a7e5e2aa37ca2473773d46f90\MenuSkinning.ni.dll - ok
18:46:42.0384 4660 [ 384EAE6AA768F0BC6FB1BF6E51687D3F ] C:\Program Files (x86)\Windows Live\Messenger\uxcalendar.dll
18:46:42.0384 4660 C:\Program Files (x86)\Windows Live\Messenger\uxcalendar.dll - ok
18:46:42.0384 4660 [ A3FD8B703F60C92F17F06F8E14DF811C ] C:\Program Files (x86)\Windows Live\Messenger\liveNatTrav.dll
18:46:42.0384 4660 C:\Program Files (x86)\Windows Live\Messenger\liveNatTrav.dll - ok
18:46:42.0394 4660 [ E1D8CA925657D1DF00AA64015075B4E1 ] C:\Program Files\Logitech\SetPointP\LCabHandler.dll
18:46:42.0394 4660 C:\Program Files\Logitech\SetPointP\LCabHandler.dll - ok
18:46:42.0394 4660 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
18:46:42.0394 4660 C:\Windows\System32\QUTIL.DLL - ok
18:46:42.0394 4660 [ 4E354DD014071FA2F848BB2CE7CE4A24 ] C:\Program Files (x86)\Windows Live\Messenger\livetransport.dll
18:46:42.0394 4660 C:\Program Files (x86)\Windows Live\Messenger\livetransport.dll - ok
18:46:42.0394 4660 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
18:46:42.0394 4660 C:\Windows\System32\srchadmin.dll - ok
18:46:42.0404 4660 [ AC5DF873913B00E554D8F553459BC431 ] C:\Windows\System32\qmgrprxy.dll
18:46:42.0404 4660 C:\Windows\System32\qmgrprxy.dll - ok
18:46:42.0404 4660 [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\SysWOW64\qmgrprxy.dll
18:46:42.0404 4660 C:\Windows\SysWOW64\qmgrprxy.dll - ok
18:46:42.0404 4660 [ 4C3DAEE652B005B483F16B8E9131C99D ] C:\Windows\System32\d3d9.dll
18:46:42.0404 4660 C:\Windows\System32\d3d9.dll - ok
18:46:42.0404 4660 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
18:46:42.0404 4660 C:\Windows\System32\bthprops.cpl - ok
18:46:42.0414 4660 [ 14B258401CF67059EBE193B83020178D ] C:\Program Files (x86)\Windows Live\Messenger\PresenceIM.dll
18:46:42.0414 4660 C:\Program Files (x86)\Windows Live\Messenger\PresenceIM.dll - ok
18:46:42.0414 4660 [ D7CEAEDD5F75D2C8A2E80887D7C114CE ] C:\Windows\System32\webcheck.dll
18:46:42.0414 4660 C:\Windows\System32\webcheck.dll - ok
18:46:42.0414 4660 [ A0CF76137D2F23C76C860CAD2C605780 ] C:\Windows\AppPatch\AcSpecfc.dll
18:46:42.0414 4660 C:\Windows\AppPatch\AcSpecfc.dll - ok
18:46:42.0414 4660 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
18:46:42.0414 4660 C:\Windows\System32\mlang.dll - ok
18:46:42.0424 4660 [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\SysWOW64\mscms.dll
18:46:42.0424 4660 C:\Windows\SysWOW64\mscms.dll - ok
18:46:42.0424 4660 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
18:46:42.0424 4660 C:\Windows\System32\SyncCenter.dll - ok
18:46:42.0424 4660 [ 3044D07ABDF4BBEA27E2EE7B1E0C0C65 ] C:\Windows\System32\d3d8thk.dll
18:46:42.0424 4660 C:\Windows\System32\d3d8thk.dll - ok
18:46:42.0424 4660 [ ED27D1D75BF5E683AD3EDD9E3123520A ] C:\Windows\SysWOW64\inetcomm.dll
18:46:42.0424 4660 C:\Windows\SysWOW64\inetcomm.dll - ok
18:46:42.0434 4660 [ B0A4CD4B928F8BD5ABB91E397A86EB3A ] C:\Windows\System32\nvd3dumx.dll
18:46:42.0434 4660 C:\Windows\System32\nvd3dumx.dll - ok
18:46:42.0434 4660 [ B7592E80772071D66336B3EC9B82101D ] C:\Windows\SysWOW64\msoert2.dll
18:46:42.0434 4660 C:\Windows\SysWOW64\msoert2.dll - ok
18:46:42.0434 4660 [ 9CB30A4E79BE55751312991DE827F6ED ] C:\Windows\SysWOW64\INETRES.dll
18:46:42.0434 4660 C:\Windows\SysWOW64\INETRES.dll - ok
18:46:42.0434 4660 [ BD5BA264FC4C436212357A672269528B ] C:\Program Files (x86)\Windows Live\Messenger\msgrvsta.thm
18:46:42.0434 4660 C:\Program Files (x86)\Windows Live\Messenger\msgrvsta.thm - ok
18:46:42.0444 4660 [ 9C88C26E075631654C6963933572F742 ] C:\Program Files (x86)\Windows Live\Messenger\msgslang.14.0.8089.0726.dll
18:46:42.0444 4660 C:\Program Files (x86)\Windows Live\Messenger\msgslang.14.0.8089.0726.dll - ok
18:46:42.0444 4660 [ CE3DE2233048610D051685808742DD37 ] C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll
18:46:42.0444 4660 C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll - ok
18:46:42.0444 4660 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
18:46:42.0444 4660 C:\Windows\System32\FXSST.dll - ok
18:46:42.0444 4660 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
18:46:42.0444 4660 C:\Windows\System32\FXSAPI.dll - ok
18:46:42.0454 4660 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
18:46:42.0454 4660 C:\Windows\System32\imapi2.dll - ok
18:46:42.0454 4660 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
18:46:42.0454 4660 C:\Windows\System32\FXSRESM.dll - ok
18:46:42.0454 4660 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
18:46:42.0454 4660 C:\Windows\System32\FXSSVC.exe - ok
18:46:42.0454 4660 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
18:46:42.0454 4660 C:\Windows\System32\netman.dll - ok
18:46:42.0464 4660 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
18:46:42.0464 4660 C:\Windows\System32\rasdlg.dll - ok
18:46:42.0464 4660 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
18:46:42.0464 4660 C:\Windows\System32\hgcpl.dll - ok
18:46:42.0464 4660 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
18:46:42.0464 4660 C:\Windows\System32\mprapi.dll - ok
18:46:42.0464 4660 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll
18:46:42.0464 4660 C:\Windows\System32\fdPHost.dll - ok
18:46:42.0474 4660 [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll
18:46:42.0474 4660 C:\Windows\System32\fdWSD.dll - ok
18:46:42.0474 4660 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
18:46:42.0474 4660 C:\Windows\System32\dot3api.dll - ok
18:46:42.0474 4660 [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll
18:46:42.0474 4660 C:\Windows\System32\fdSSDP.dll - ok
18:46:42.0474 4660 [ B3CE0951E3C1EA3C733573C472EE85F9 ] C:\Windows\System32\msimtf.dll
18:46:42.0474 4660 C:\Windows\System32\msimtf.dll - ok
18:46:42.0474 4660 [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll
18:46:42.0474 4660 C:\Windows\System32\fdProxy.dll - ok
18:46:42.0484 4660 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
18:46:42.0484 4660 C:\Windows\System32\wlanhlp.dll - ok
18:46:42.0484 4660 [ 9568BB33BBAD356EDD6CDE988E570523 ] C:\Windows\System32\jscript9.dll
18:46:42.0484 4660 C:\Windows\System32\jscript9.dll - ok
18:46:42.0484 4660 [ EFDFB3DD38A4376F93E7985173813ABD ] C:\Windows\System32\ListSvc.dll
18:46:42.0484 4660 C:\Windows\System32\ListSvc.dll - ok
18:46:42.0484 4660 [ B6411CED931AFD059E48C52DBFBA95B4 ] C:\Windows\System32\P2P.dll
18:46:42.0484 4660 C:\Windows\System32\P2P.dll - ok
18:46:42.0494 4660 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
18:46:42.0494 4660 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
18:46:42.0494 4660 [ 4A82EA2807B16FF577AEAF8ADB8779FF ] C:\Windows\System32\IdListen.dll
18:46:42.0494 4660 C:\Windows\System32\IdListen.dll - ok
18:46:42.0494 4660 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
18:46:42.0494 4660 C:\Windows\System32\WWanAPI.dll - ok
18:46:42.0494 4660 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
18:46:42.0494 4660 C:\Windows\System32\p2pcollab.dll - ok
18:46:42.0504 4660 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
18:46:42.0504 4660 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
18:46:42.0504 4660 [ A0524499F4C63CADA7E1529FC77F5DC1 ] C:\Windows\System32\hgprint.dll
18:46:42.0504 4660 C:\Windows\System32\hgprint.dll - ok
18:46:42.0504 4660 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
18:46:42.0504 4660 C:\Windows\System32\wwapi.dll - ok
18:46:42.0504 4660 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
18:46:42.0504 4660 C:\Windows\System32\QAGENT.DLL - ok
18:46:42.0514 4660 [ C1D0691BE5DDB0C230D8370BD96BBE8B ] C:\Program Files\Internet Explorer\ieproxy.dll
18:46:42.0514 4660 C:\Program Files\Internet Explorer\ieproxy.dll - ok
18:46:42.0514 4660 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
18:46:42.0514 4660 C:\Windows\System32\pnrpsvc.dll - ok
18:46:42.0514 4660 [ 1F04E809409A9B5FFD510B5FD89A1155 ] C:\Windows\System32\d2d1.dll
18:46:42.0514 4660 C:\Windows\System32\d2d1.dll - ok
18:46:42.0514 4660 [ 046AD878F246D3801B719700B543A6EE ] C:\Windows\System32\jscript.dll
18:46:42.0514 4660 C:\Windows\System32\jscript.dll - ok
18:46:42.0524 4660 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
18:46:42.0524 4660 C:\Windows\System32\QAGENTRT.DLL - ok
18:46:42.0524 4660 [ 7426279D625196393EABBEFE1C60A0C2 ] C:\Windows\System32\DWrite.dll
18:46:42.0524 4660 C:\Windows\System32\DWrite.dll - ok
18:46:42.0524 4660 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
18:46:42.0524 4660 C:\Windows\System32\fveui.dll - ok
18:46:42.0524 4660 [ A9F3BFC9345F49614D5859EC95B9E994 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
18:46:42.0524 4660 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
18:46:42.0534 4660 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll
18:46:42.0534 4660 C:\Windows\System32\p2psvc.dll - ok
18:46:42.0534 4660 [ 3F0363B40376047EFF6A9B97D633B750 ] C:\Program Files (x86)\Windows Live\Messenger\sqmapi.dll
18:46:42.0534 4660 C:\Program Files (x86)\Windows Live\Messenger\sqmapi.dll - ok
18:46:42.0534 4660 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\SysWOW64\es.dll
18:46:42.0534 4660 C:\Windows\SysWOW64\es.dll - ok
18:46:42.0534 4660 [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1 ] C:\Windows\System32\P2PGraph.dll
18:46:42.0534 4660 C:\Windows\System32\P2PGraph.dll - ok
18:46:42.0534 4660 [ 8771BEDEAD950014EEDF6EEFE4A68066 ] C:\Windows\System32\scrrun.dll
18:46:42.0534 4660 C:\Windows\System32\scrrun.dll - ok
18:46:42.0544 4660 [ 71AF830064636BDF0EBAEE6101BB0E64 ] C:\Users\Don\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
18:46:42.0544 4660 C:\Users\Don\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll - ok
18:46:42.0544 4660 [ 23BB24B3CC03F7788A8EB6FE64947BBD ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig.dll
18:46:42.0544 4660 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig.dll - ok
18:46:42.0544 4660 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll
18:46:42.0544 4660 C:\Windows\System32\drmv2clt.dll - ok
18:46:42.0554 4660 [ 423982DD851406A52B6399DDB196C606 ] C:\Windows\System32\wmdrmdev.dll
18:46:42.0554 4660 C:\Windows\System32\wmdrmdev.dll - ok
18:46:42.0554 4660 [ 5C4CB4086FB83115B153E47ADD961A0C ] C:\Windows\System32\FntCache.dll
18:46:42.0554 4660 C:\Windows\System32\FntCache.dll - ok
18:46:42.0554 4660 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
18:46:42.0554 4660 C:\Windows\SysWOW64\rasapi32.dll - ok
18:46:42.0554 4660 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
18:46:42.0554 4660 C:\Windows\SysWOW64\rasman.dll - ok
18:46:42.0564 4660 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
18:46:42.0564 4660 C:\Windows\SysWOW64\rtutils.dll - ok
18:46:42.0564 4660 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
18:46:42.0564 4660 C:\Windows\SysWOW64\netprofm.dll - ok
18:46:42.0564 4660 [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll
18:46:42.0564 4660 C:\Windows\SysWOW64\nlaapi.dll - ok
18:46:42.0564 4660 [ 06A2588604F4078B3E8958ADF52B9947 ] C:\Program Files (x86)\Windows Live\Messenger\vvpltfrm.dll
18:46:42.0564 4660 C:\Program Files (x86)\Windows Live\Messenger\vvpltfrm.dll - ok
18:46:42.0574 4660 [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
18:46:42.0574 4660 C:\Windows\System32\wmp.dll - ok
18:46:42.0574 4660 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll
18:46:42.0574 4660 C:\Windows\SysWOW64\dsound.dll - ok
18:46:42.0574 4660 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
18:46:42.0574 4660 C:\Windows\SysWOW64\powrprof.dll - ok
18:46:42.0574 4660 [ 64ABE1250EC1A1CFD1442E7C8800216E ] C:\Windows\System32\d3d10warp.dll
18:46:42.0574 4660 C:\Windows\System32\d3d10warp.dll - ok
18:46:42.0574 4660 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
18:46:42.0574 4660 C:\Windows\SysWOW64\npmproxy.dll - ok
18:46:42.0584 4660 [ 86F3B67704ECEDE4667E7F7DCBCAAF3D ] C:\Program Files (x86)\Windows Live\Messenger\uccapi.dll
18:46:42.0584 4660 C:\Program Files (x86)\Windows Live\Messenger\uccapi.dll - ok
18:46:42.0584 4660 [ E73D6F3160CE2FD1D59FF1EF6167DF02 ] C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
18:46:42.0584 4660 C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll - ok
18:46:42.0584 4660 [ 28638660E651578C354BF43CD646EF6D ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\672fc9526d8954656bcb46e42082e09c\System.Drawing.ni.dll
18:46:42.0584 4660 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\672fc9526d8954656bcb46e42082e09c\System.Drawing.ni.dll - ok
18:46:42.0594 4660 [ A3287F8EB6182FB060C818524C7D6A63 ] C:\Windows\System32\dxtrans.dll
18:46:42.0594 4660 C:\Windows\System32\dxtrans.dll - ok
18:46:42.0594 4660 [ 3DCC84D1F63E5F7CB56F229D2149AB5D ] C:\Windows\System32\wshom.ocx
18:46:42.0594 4660 C:\Windows\System32\wshom.ocx - ok
18:46:42.0594 4660 [ 4938A4350327E1A5DEB0CD134AC1AAA3 ] C:\Windows\System32\ddrawex.dll
18:46:42.0594 4660 C:\Windows\System32\ddrawex.dll - ok
18:46:42.0594 4660 [ A6C09924C6730DE8DEED9890A12AA691 ] C:\Windows\System32\ddraw.dll
18:46:42.0594 4660 C:\Windows\System32\ddraw.dll - ok
18:46:42.0594 4660 [ 29C22748937F45C26590909E9F8E7137 ] C:\Windows\System32\dciman32.dll
18:46:42.0594 4660 C:\Windows\System32\dciman32.dll - ok
18:46:42.0604 4660 [ D6A99F26E31C9F15D8D8CC42FFE6D16B ] C:\Windows\System32\dxtmsft.dll
18:46:42.0604 4660 C:\Windows\System32\dxtmsft.dll - ok
18:46:42.0604 4660 [ 107243179484027540978F075F6941D4 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\24a22e5e6d47c2509aae62c7e9da0500\System.Windows.Forms.ni.dll
18:46:42.0604 4660 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\24a22e5e6d47c2509aae62c7e9da0500\System.Windows.Forms.ni.dll - ok
18:46:42.0604 4660 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
18:46:42.0604 4660 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
18:46:42.0614 4660 [ 50F9394F53CF8015C703EBD2EF3BABC6 ] C:\Windows\System32\LocationApi.dll
18:46:42.0614 4660 C:\Windows\System32\LocationApi.dll - ok
18:46:42.0614 4660 [ 3D2D108E14AD21889A2621B94C80A3DD ] C:\Windows\System32\tzres.dll
18:46:42.0614 4660 C:\Windows\System32\tzres.dll - ok
18:46:42.0614 4660 [ 754A0C324ECA95AE4F708D01EF27060E ] C:\Windows\System32\wbem\wbemdisp.dll
18:46:42.0614 4660 C:\Windows\System32\wbem\wbemdisp.dll - ok
18:46:42.0614 4660 [ 6E6602DE23AB3776007702FC9540E8E9 ] C:\Windows\System32\vbscript.dll
18:46:42.0614 4660 C:\Windows\System32\vbscript.dll - ok
18:46:42.0624 4660 [ 08A452E09922B354346C7489968B0C3E ] C:\Program Files (x86)\Windows Live\Messenger\rtmpltfm.dll
18:46:42.0624 4660 C:\Program Files (x86)\Windows Live\Messenger\rtmpltfm.dll - ok
18:46:42.0624 4660 [ 9111354A308612483F8DA995A1DD1835 ] C:\Windows\System32\SensorsApi.dll
18:46:42.0624 4660 C:\Windows\System32\SensorsApi.dll - ok
18:46:42.0624 4660 [ BD66ECA9479C688412DDDA9F2CCD2C69 ] C:\Windows\System32\d3d10.dll
18:46:42.0624 4660 C:\Windows\System32\d3d10.dll - ok
18:46:42.0624 4660 [ B628DA8B548E6D11A35B86799714CB22 ] C:\Windows\System32\d3d10core.dll
18:46:42.0624 4660 C:\Windows\System32\d3d10core.dll - ok
18:46:42.0634 4660 [ B79515AFF098E5A56DFBD316152534DE ] C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
18:46:42.0634 4660 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL - ok
18:46:42.0634 4660 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
18:46:42.0634 4660 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
18:46:42.0634 4660 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
18:46:42.0634 4660 C:\Windows\System32\shfolder.dll - ok
18:46:42.0634 4660 [ 45375DF47ED4D0535739465105AAABE3 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll
18:46:42.0634 4660 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\WMINet_Utils.dll - ok
18:46:42.0644 4660 [ 679CA891585CCEFC2B08FAEEF91FF6BE ] C:\Users\Don\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.dll
18:46:42.0644 4660 C:\Users\Don\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.dll - ok
18:46:42.0644 4660 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
18:46:42.0644 4660 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
18:46:42.0644 4660 [ 2E76FF14C5987BE45AB65A91332E3C58 ] C:\Program Files\Windows Sidebar\wlsrvc.dll
18:46:42.0644 4660 C:\Program Files\Windows Sidebar\wlsrvc.dll - ok
18:46:42.0644 4660 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
18:46:42.0644 4660 C:\Windows\System32\dssenh.dll - ok
18:46:42.0654 4660 [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll
18:46:42.0654 4660 C:\Windows\System32\wbem\cimwin32.dll - ok
18:46:42.0654 4660 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\SysWOW64\avrt.dll
18:46:42.0654 4660 C:\Windows\SysWOW64\avrt.dll - ok
18:46:42.0654 4660 [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\SysWOW64\MMDevAPI.dll
18:46:42.0654 4660 C:\Windows\SysWOW64\MMDevAPI.dll - ok
18:46:42.0654 4660 [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL
18:46:42.0654 4660 C:\Windows\System32\wmploc.DLL - ok
18:46:42.0664 4660 [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\SysWOW64\AudioSes.dll
18:46:42.0664 4660 C:\Windows\SysWOW64\AudioSes.dll - ok
18:46:42.0664 4660 [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\SysWOW64\wdmaud.drv
18:46:42.0664 4660 C:\Windows\SysWOW64\wdmaud.drv - ok
18:46:42.0664 4660 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\SysWOW64\ksuser.dll
18:46:42.0664 4660 C:\Windows\SysWOW64\ksuser.dll - ok
18:46:42.0664 4660 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\SysWOW64\msacm32.drv
18:46:42.0664 4660 C:\Windows\SysWOW64\msacm32.drv - ok
18:46:42.0674 4660 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\SysWOW64\midimap.dll
18:46:42.0674 4660 C:\Windows\SysWOW64\midimap.dll - ok
18:46:42.0674 4660 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\SysWOW64\devenum.dll
18:46:42.0674 4660 C:\Windows\SysWOW64\devenum.dll - ok
18:46:42.0674 4660 [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll
18:46:42.0674 4660 C:\Windows\System32\framedynos.dll - ok
18:46:42.0674 4660 [ 7069AAB8536F29ED7323140973A2894B ] C:\Windows\SysWOW64\msdmo.dll
18:46:42.0674 4660 C:\Windows\SysWOW64\msdmo.dll - ok
18:46:42.0674 4660 [ E24FE90E9DE8D8AE70E59F7B01675DEF ] C:\Windows\SysWOW64\avicap32.dll
18:46:42.0674 4660 C:\Windows\SysWOW64\avicap32.dll - ok
18:46:42.0684 4660 [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll
18:46:42.0684 4660 C:\Windows\System32\security.dll - ok
18:46:42.0684 4660 [ 0AE0C4955E1DE29CCDC9DA1B816FE5EE ] C:\Windows\SysWOW64\quartz.dll
18:46:42.0684 4660 C:\Windows\SysWOW64\quartz.dll - ok
18:46:42.0684 4660 [ 012787CEB35505EB78DF82E0A0072888 ] C:\Windows\System32\browcli.dll
18:46:42.0684 4660 C:\Windows\System32\browcli.dll - ok
18:46:42.0684 4660 [ C4BFE4B61086416B0529212F92BCE081 ] C:\Windows\System32\schedcli.dll
18:46:42.0684 4660 C:\Windows\System32\schedcli.dll - ok
18:46:42.0694 4660 [ 523214677C1D31D7991632C6D11E6B42 ] C:\Windows\SysWOW64\d3dim700.dll
18:46:42.0694 4660 C:\Windows\SysWOW64\d3dim700.dll - ok
18:46:42.0694 4660 [ 1F27643C4C626457FCE8F047AE1CD7E1 ] C:\Windows\SysWOW64\dxva2.dll
18:46:42.0694 4660 C:\Windows\SysWOW64\dxva2.dll - ok
18:46:42.0694 4660 [ 5CCD5B62076D4432D4728BB6CB3DEBFD ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\7a560781987776298120763de1df8f77\System.Xml.ni.dll
18:46:42.0694 4660 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\7a560781987776298120763de1df8f77\System.Xml.ni.dll - ok
18:46:42.0694 4660 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\SysWOW64\hid.dll
18:46:42.0694 4660 C:\Windows\SysWOW64\hid.dll - ok
18:46:42.0704 4660 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
18:46:42.0704 4660 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
18:46:42.0704 4660 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
18:46:42.0704 4660 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
18:46:42.0704 4660 [ AF78F66116814FDD6677CEBD73035CDD ] C:\Windows\SysWOW64\schannel.dll
18:46:42.0704 4660 C:\Windows\SysWOW64\schannel.dll - ok
18:46:42.0704 4660 [ 12EC1AECB247062BB4F32B00D71646EE ] C:\Program Files (x86)\Windows Live\Messenger\msgswcam.dll
18:46:42.0704 4660 C:\Program Files (x86)\Windows Live\Messenger\msgswcam.dll - ok
18:46:42.0714 4660 [ CF1C4265A73D50A1CE97FD308CE1AFC9 ] C:\Windows\SysWOW64\sirenacm.dll
18:46:42.0714 4660 C:\Windows\SysWOW64\sirenacm.dll - ok
18:46:42.0714 4660 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\SysWOW64\linkinfo.dll
18:46:42.0714 4660 C:\Windows\SysWOW64\linkinfo.dll - ok
18:46:42.0714 4660 [ 64E211E0FDFCE4D186DF58BB7D0503BC ] C:\Windows\SysWOW64\gameux.dll
18:46:42.0714 4660 C:\Windows\SysWOW64\gameux.dll - ok
18:46:42.0714 4660 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\SysWOW64\xmllite.dll
18:46:42.0714 4660 C:\Windows\SysWOW64\xmllite.dll - ok
18:46:42.0724 4660 [ 8323B32A6FC3FCD7E5C8BA94B36CE162 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\3762e80651ff8d0bbcdb0ccebfb3b3f7\System.Configuration.ni.dll
18:46:42.0724 4660 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\3762e80651ff8d0bbcdb0ccebfb3b3f7\System.Configuration.ni.dll - ok
18:46:42.0724 4660 [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll
18:46:42.0724 4660 C:\Windows\System32\wmi.dll - ok
18:46:42.0724 4660 [ 97FCB1E0AAB3FB2A73F6A5E6C94390A9 ] C:\Program Files\Dell\DellDock\MyDockLib.dll
18:46:42.0724 4660 C:\Program Files\Dell\DellDock\MyDockLib.dll - ok
18:46:42.0724 4660 [ E2107F227E1C174C20BEB7A51404BBAC ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
18:46:42.0724 4660 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe - ok
18:46:42.0734 4660 [ 17ED2224666F6F65F8054D84A3839E71 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cscomp.dll
18:46:42.0734 4660 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cscomp.dll - ok
18:46:42.0734 4660 [ EE338F7673C339D5497C97E86D1011A3 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\alink.dll
18:46:42.0734 4660 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\alink.dll - ok
18:46:42.0734 4660 [ E3A4D59ED585226D381225521BF2A36D ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorpe.dll
18:46:42.0734 4660 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorpe.dll - ok
18:46:42.0734 4660 [ 449F7C92A14B7F50B898FC67202A326C ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
18:46:42.0734 4660 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe - ok
18:46:42.0744 4660 [ F4B233C49ABD64B98272E4273B1D78B8 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\8856f5a897356823c4afd49a886f7c5c\Accessibility.ni.dll
18:46:42.0744 4660 C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\8856f5a897356823c4afd49a886f7c5c\Accessibility.ni.dll - ok
18:46:42.0744 4660 [ C54D40993360142D38A2C88E2C722CDB ] C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe
18:46:42.0744 4660 C:\Program Files\Common Files\LogiShrd\sp6\LU\LULnchr.exe - ok
18:46:42.0744 4660 [ 5331DC9D1C88840326F68C2C531A82A7 ] C:\Program Files\Common Files\LogiShrd\Unifying\LU.1\LULnchr.exe
18:46:42.0744 4660 C:\Program Files\Common Files\LogiShrd\Unifying\LU.1\LULnchr.exe - ok
18:46:42.0754 4660 [ 235D42833F2F89083FA70B9787899846 ] C:\Program Files\Common Files\LogiShrd\Unifying\LU.1\LogitechUpdate.exe
18:46:42.0754 4660 C:\Program Files\Common Files\LogiShrd\Unifying\LU.1\LogitechUpdate.exe - ok
18:46:42.0754 4660 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
18:46:42.0754 4660 C:\Windows\System32\wbem\NCProv.dll - ok
18:46:42.0754 4660 [ 01073F2BA36792C9BFD1BD622A6247B3 ] C:\Windows\System32\wpccpl.dll
18:46:42.0754 4660 C:\Windows\System32\wpccpl.dll - ok
18:46:42.0754 4660 [ C5413BC4F10CEB4C3070BBF04D324117 ] C:\Windows\SysWOW64\msisip.dll
18:46:42.0754 4660 C:\Windows\SysWOW64\msisip.dll - ok
18:46:42.0764 4660 [ EBCC2CEFDA0CE9F8DBFD7F4E380AF081 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
18:46:42.0764 4660 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe - ok
18:46:42.0764 4660 [ 97A891E2BF7FDA830BCFC6269DA3F5E9 ] C:\Windows\System32\blackbox.dll
18:46:42.0764 4660 C:\Windows\System32\blackbox.dll - ok
18:46:42.0764 4660 [ 355A138ABDFD43FBABCAE3A1B06AB93D ] C:\Windows\System32\wmpps.dll
18:46:42.0764 4660 C:\Windows\System32\wmpps.dll - ok
18:46:42.0764 4660 [ F149E8CAE538DBF7059B00326673F602 ] C:\Windows\System32\wmpmde.dll
18:46:42.0764 4660 C:\Windows\System32\wmpmde.dll - ok
18:46:42.0774 4660 [ 021287C2050FD5DB4A8B084E2C38139C ] C:\Windows\System32\WinSATAPI.dll
18:46:42.0774 4660 C:\Windows\System32\WinSATAPI.dll - ok
18:46:42.0774 4660 [ 28A7D7C7E2FDD1D55F12F750CD6331EC ] C:\Windows\System32\MSMPEG2ENC.DLL
18:46:42.0774 4660 C:\Windows\System32\MSMPEG2ENC.DLL - ok
18:46:42.0774 4660 [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll
18:46:42.0774 4660 C:\Windows\System32\devenum.dll - ok
18:46:42.0774 4660 [ 558C42D165DB5799B4072DC0A9C27C0B ] C:\Windows\System32\msdmo.dll
18:46:42.0774 4660 C:\Windows\System32\msdmo.dll - ok
18:46:42.0774 4660 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll
18:46:42.0774 4660 C:\Windows\System32\upnphost.dll - ok
18:46:42.0784 4660 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
18:46:42.0784 4660 C:\Windows\System32\wbem\wmiprov.dll - ok
18:46:42.0784 4660 [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll
18:46:42.0784 4660 C:\Windows\System32\udhisapi.dll - ok
18:46:42.0784 4660 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:46:42.0784 4660 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
18:46:42.0784 4660 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\SysWOW64\msvcr100_clr0400.dll
18:46:42.0784 4660 C:\Windows\SysWOW64\msvcr100_clr0400.dll - ok
18:46:42.0794 4660 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:46:42.0794 4660 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok
18:46:42.0794 4660 [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll
18:46:42.0794 4660 C:\Windows\System32\msvcr100_clr0400.dll - ok
18:46:42.0794 4660 [ 35DB83C4DE9FA3889E937125D115EAA0 ] C:\Program Files (x86)\Google\Update\1.3.21.135\goopdateres_en.dll
18:46:42.0794 4660 C:\Program Files (x86)\Google\Update\1.3.21.135\goopdateres_en.dll - ok
18:46:42.0804 4660 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
18:46:42.0804 4660 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe - ok
18:46:42.0804 4660 [ 82A98D0EB83505529AD81E4C1FADC37D ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
18:46:42.0804 4660 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll - ok
18:46:42.0804 4660 [ FDA1BA7B2179F29D6DEB3DEC9C9037D0 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
18:46:42.0804 4660 C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll - ok
18:46:42.0804 4660 [ E5BC8D93CDCB957146D971647849A154 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
18:46:42.0804 4660 C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll - ok
18:46:42.0814 4660 [ 07BBB3CBB86D2626B46BC1D210C4781B ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
18:46:42.0814 4660 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll - ok
18:46:42.0814 4660 [ D7999068E94589045BB8C5380AC79937 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
18:46:42.0814 4660 C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll - ok
18:46:42.0814 4660 [ 4D0E841C3C6ECCE2E93F3AF66EE8106F ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d92e5f1e586d494a2de3b3d091bc8793\System.ServiceProcess.ni.dll
18:46:42.0814 4660 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d92e5f1e586d494a2de3b3d091bc8793\System.ServiceProcess.ni.dll - ok
18:46:42.0814 4660 [ 4B7AF7BEB9B97A66B0D19690DC9364B5 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
18:46:42.0814 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll - ok
18:46:42.0824 4660 [ E18C76E32C9E2DAF7FC929E6D13412CF ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
18:46:42.0824 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll - ok
18:46:42.0824 4660 [ 848449F41B6E9553FF5D5F864191B834 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.Common.dll
18:46:42.0824 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.Common.dll - ok
18:46:42.0824 4660 [ 0EF54B7814EFA5C1364A7C6495BD1DBD ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
18:46:42.0824 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll - ok
18:46:42.0834 4660 [ 36B31861AD1B53433E8C9D09035E23D1 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\v4.0_4.0.22.0__3ff6b78e2989595a\Intuit.Spc.Esd.Core.dll
18:46:42.0834 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\v4.0_4.0.22.0__3ff6b78e2989595a\Intuit.Spc.Esd.Core.dll - ok
18:46:42.0834 4660 [ EAD7F8749BB2B19EF7DA62E20E008D6B ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
18:46:42.0834 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll - ok
18:46:42.0834 4660 [ A072B04165C379DFEF863214EF14EB5F ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\log4net\v4.0_1.2.11.0__669e0ddf0bb1aa2a\log4net.dll
18:46:42.0834 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\log4net\v4.0_1.2.11.0__669e0ddf0bb1aa2a\log4net.dll - ok
18:46:42.0834 4660 [ D206AB16CF82C078D00FDAE9130A4B44 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
18:46:42.0834 4660 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll - ok
18:46:42.0844 4660 [ 6CCADF81A2CE922D169C2B57D7ABCDC3 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
18:46:42.0844 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll - ok
18:46:42.0844 4660 [ 151375A2F276FBE67A31FC43C2799981 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
18:46:42.0844 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - ok
18:46:42.0844 4660 [ 5CA2A1DBE29AEA7F0B5D2848A8D03F58 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
18:46:42.0844 4660 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll - ok
18:46:42.0854 4660 [ 439A1A6796640284C82048B6A5379378 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
18:46:42.0854 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll - ok
18:46:42.0854 4660 [ CBDB42644849DC69D7D6169680272E1E ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Api.Net.dll
18:46:42.0854 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Api.Net.dll - ok
18:46:42.0854 4660 [ DF150B1D8AC2BCD91BDE25E2E2AB4634 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.DataAccess.dll
18:46:42.0854 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.DataAccess.dll - ok
18:46:42.0854 4660 [ E8F87E9951F1BA6CB6DB9CDA1B22F9A4 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.BusinessLogic.dll
18:46:42.0854 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.BusinessLogic.dll - ok
18:46:42.0864 4660 [ 650464CA12ED30AC31A8D4FE0353223C ] C:\Program Files (x86)\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\System.Data.SqlServerCe.dll
18:46:42.0864 4660 C:\Program Files (x86)\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\System.Data.SqlServerCe.dll - ok
18:46:42.0864 4660 [ CA618958889A8BA0E37E6E5E59B73BD5 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
18:46:42.0864 4660 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll - ok
18:46:42.0864 4660 [ 49E33BB5A579A15D3FC0CFA09513F3F9 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll
18:46:42.0864 4660 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll - ok
18:46:42.0874 4660 [ 29B86B3C8253280151EEBE843A9648CD ] C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
18:46:42.0874 4660 C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll - ok
18:46:42.0874 4660 [ A8E62772CF2B709282F416EE016C97C6 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll
18:46:42.0874 4660 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll - ok
18:46:42.0874 4660 [ 41962D5E18E9874390BC1F074571A6BB ] C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
18:46:42.0874 4660 C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll - ok
18:46:42.0874 4660 [ 484E37FF77E377C4B8D3A439F4D2D173 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.Reporter.dll
18:46:42.0874 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.Reporter.dll - ok
18:46:42.0884 4660 [ 4BF940A921BFAC209EC6CF31E091EA05 ] C:\Program Files (x86)\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceme40.dll
18:46:42.0884 4660 C:\Program Files (x86)\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceme40.dll - ok
18:46:42.0884 4660 [ A836803227004B6F513C825B25665E73 ] C:\Program Files (x86)\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceer40EN.dll
18:46:42.0884 4660 C:\Program Files (x86)\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceer40EN.dll - ok
18:46:42.0884 4660 [ EC133C3E2A97AA6FBC276DCCCD0645BF ] C:\Program Files (x86)\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlcese40.dll
18:46:42.0884 4660 C:\Program Files (x86)\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlcese40.dll - ok
18:46:42.0894 4660 [ AB97D171A77B5F4BAFB033BF539BED42 ] C:\Program Files (x86)\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceqp40.dll
18:46:42.0894 4660 C:\Program Files (x86)\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceqp40.dll - ok
18:46:42.0894 4660 [ 4E820CB4B2193922A4B7723925AB4B58 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll
18:46:42.0894 4660 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll - ok
18:46:42.0894 4660 [ F8C1508FAF0DD3CC9A61A02BF0CEC2B6 ] C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
18:46:42.0894 4660 C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - ok
18:46:42.0894 4660 [ C755E17BAC396F9A9F468320B3F6CF46 ] C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
18:46:42.0894 4660 C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - ok
18:46:42.0904 4660 [ 87AE6FD2F808B2706C441D697D58B294 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll
18:46:42.0904 4660 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll - ok
18:46:42.0904 4660 [ ED6463919045F584C9696D4876F65DDE ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
18:46:42.0904 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - ok
18:46:42.0904 4660 [ B45F3D98A83B6E17599FD8E70ED5D9AE ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
18:46:42.0904 4660 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll - ok
18:46:42.0914 4660 [ 5137542DD12223E58C385F7664B6AD62 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll
18:46:42.0914 4660 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll - ok
18:46:42.0914 4660 [ 2770DE874AC34B27AFC72B0C8CC3EC87 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
18:46:42.0914 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - ok
18:46:42.0914 4660 [ F99B93CE2EEB951DD980713C3C73A5E3 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
18:46:42.0914 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
18:46:42.0914 4660 [ CF6041854E73301B7FCE3390D34BDEC8 ] C:\Windows\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Map.WindowsFirewallUtilities\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.WindowsFirewallUtilities.dll
18:46:42.0914 4660 C:\Windows\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Map.WindowsFirewallUtilities\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.WindowsFirewallUtilities.dll - ok
18:46:42.0924 4660 [ 3F50200237961034FACE602373838980 ] C:\Windows\SysWOW64\FirewallAPI.dll
18:46:42.0924 4660 C:\Windows\SysWOW64\FirewallAPI.dll - ok
18:46:42.0924 4660 [ 24AF833D9DD4D2DC9DA9475CA380185B ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
18:46:42.0924 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - ok
18:46:42.0924 4660 [ 386D6256BB8CD7496DBF7AEF9DC03836 ] C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\14850aef08b8af036fd6f1e5b38a3719\CustomMarshalers.ni.dll
18:46:42.0924 4660 C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\14850aef08b8af036fd6f1e5b38a3719\CustomMarshalers.ni.dll - ok
18:46:42.0924 4660 [ 8A74BCA77FDB507065A8D0F2BEE9558D ] C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
18:46:42.0924 4660 C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - ok
18:46:42.0934 4660 [ 6E5443A0FCB85D219584189BDFC326BB ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\v4.0_4.0.78.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.Common.dll
18:46:42.0934 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\v4.0_4.0.78.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.Common.dll - ok
18:46:42.0934 4660 [ 7D548E2C73F52320827634C8C967AADD ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\v4.0_4.0.78.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
18:46:42.0934 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\v4.0_4.0.78.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll - ok
18:46:42.0934 4660 [ 5EE563B27F1ABB774F253EFE23EB8A9C ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\v4.0_4.0.27.0__3ff6b78e2989595a\Intuit.Spc.Esd.Core.dll
18:46:42.0934 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\v4.0_4.0.27.0__3ff6b78e2989595a\Intuit.Spc.Esd.Core.dll - ok
18:46:42.0944 4660 [ 6B493042FF896455D8F5D117F28D0937 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\v4.0_4.0.78.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
18:46:42.0944 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\v4.0_4.0.78.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll - ok
18:46:42.0944 4660 [ 962EA0650CE952EE4983442FB24C70E1 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\v4.0_4.0.78.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Api.Net.dll
18:46:42.0944 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\v4.0_4.0.78.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Api.Net.dll - ok
18:46:42.0944 4660 [ 94E001AECCD3E00DCACF0B53D4F0FD28 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\v4.0_4.0.78.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.DataAccess.dll
18:46:42.0944 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\v4.0_4.0.78.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.DataAccess.dll - ok
18:46:42.0944 4660 [ 05EB64E15138AD7CA4B4292049A2576A ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\v4.0_4.0.78.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.BusinessLogic.dll
18:46:42.0944 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\v4.0_4.0.78.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.BusinessLogic.dll - ok
18:46:42.0954 4660 [ 21A20EF07F223B250CB0A1784562E0B4 ] C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\v4.0_6.0.39.0__30bbd97113d631f1\Intuit.Spc.Map.Reporter.dll
18:46:42.0954 4660 C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\v4.0_6.0.39.0__30bbd97113d631f1\Intuit.Spc.Map.Reporter.dll - ok
18:46:42.0954 4660 [ 96C47A1F582CE6ADAEF5FEA4D0ABBF47 ] C:\Windows\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Map.WindowsFirewallUtilities\v4.0_6.0.39.0__30bbd97113d631f1\Intuit.Spc.Map.WindowsFirewallUtilities.dll
18:46:42.0954 4660 C:\Windows\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Map.WindowsFirewallUtilities\v4.0_6.0.39.0__30bbd97113d631f1\Intuit.Spc.Map.WindowsFirewallUtilities.dll - ok
18:46:42.0954 4660 [ E17E0188BB90FAE42D83E98707EFA59C ] C:\Windows\System32\sppsvc.exe
18:46:42.0954 4660 C:\Windows\System32\sppsvc.exe - ok
18:46:42.0964 4660 [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys
18:46:42.0964 4660 C:\Windows\System32\drivers\spsys.sys - ok
18:46:42.0964 4660 [ E8B1FE6669397D1772D8196DF0E57A9E ] C:\Windows\System32\wscsvc.dll
18:46:42.0964 4660 C:\Windows\System32\wscsvc.dll - ok
18:46:42.0964 4660 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll
18:46:42.0964 4660 C:\Windows\System32\wuaueng.dll - ok
18:46:42.0964 4660 [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll
18:46:42.0964 4660 C:\Windows\System32\wuapi.dll - ok
18:46:42.0974 4660 [ F6F22291024906E43D135A4B1705FEAC ] C:\Windows\System32\sppwinob.dll
18:46:42.0974 4660 C:\Windows\System32\sppwinob.dll - ok
18:46:42.0974 4660 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
18:46:42.0974 4660 C:\Windows\System32\cabinet.dll - ok
18:46:42.0974 4660 [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll
18:46:42.0974 4660 C:\Windows\System32\wups.dll - ok
18:46:42.0974 4660 [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll
18:46:42.0974 4660 C:\Windows\System32\mspatcha.dll - ok
18:46:42.0984 4660 [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll
18:46:42.0984 4660 C:\Windows\System32\wups2.dll - ok
18:46:42.0984 4660 [ 2B373B5F7E36B5ED5DA176D4400EF091 ] C:\Windows\System32\sppobjs.dll
18:46:42.0984 4660 C:\Windows\System32\sppobjs.dll - ok
18:46:42.0984 4660 ============================================================
18:46:42.0984 4660 Scan finished
18:46:42.0984 4660 ============================================================
18:46:42.0984 1100 Detected object count: 4
18:46:42.0984 1100 Actual detected object count: 4
18:48:08.0664 1100 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
18:48:08.0664 1100 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:48:08.0664 1100 Pantech UTM Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:48:08.0664 1100 Pantech UTM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:48:08.0664 1100 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:48:08.0664 1100 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:48:08.0664 1100 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:48:08.0664 1100 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:49:07.0254 3640 Deinitialize success
  • 0

#4
Don54
Posted 18 March 2013 - 06:10 PM

Don54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I also note that Microsoft Security Essentials has stopped and I am unable to restart the service, so I really have no real time virus protection at all right now.
  • 0

#5
JSntgRvr
Posted 18 March 2013 - 07:23 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Ok. Just keep away from browsing the web for the time being.

Lets scan the Computer:

Combofix.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Malwarebytes' Anti-Malware

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#6
Don54
Posted 18 March 2013 - 09:36 PM

Don54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Ok I ran Combofix and MBAM and wanted to post logs before I run ESET - not knowing how long it will take - I may have to hit the sack and post the ESET results tomorrow morning (it is about 11:30 p.m. here). Logs for Combofix and MBAM follow.
***

ComboFix 13-03-17.01 - Don 03/18/2013 23:05:53.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6132 [GMT -4:00]
Running from: c:\users\Don\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\FE8F.tmp
c:\programdata\Microsoft\Windows\DRM\FE90.tmp
c:\users\Don\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\popcaploader.inf
.
.
((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 )))))))))))))))))))))))))))))))
.
.
2013-03-19 03:14 . 2013-03-19 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-18 17:56 . 2013-03-18 17:56 -------- d-----w- C:\FRST
2013-03-11 03:34 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89D694A6-A126-494D-8BE7-82BC9AE2F2F5}\mpengine.dll
2013-03-10 13:10 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-01 21:29 . 2013-03-01 21:29 -------- d-----w- c:\users\Don\AppData\Roaming\Jarte
2013-03-01 21:29 . 2013-03-01 21:29 -------- d-----w- c:\program files (x86)\Jarte
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 21:47 . 2012-04-03 03:34 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 21:47 . 2011-06-13 13:33 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-02 06:06 . 2013-02-02 06:06 53248 ----a-r- c:\users\Don\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-02-02 06:05 . 2010-12-26 05:13 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-01-30 10:53 . 2009-12-12 20:10 273840 ----a-w- c:\windows\system32\MpSigStub.exe
2013-01-15 21:56 . 2012-06-22 22:27 477616 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-15 21:56 . 2010-04-17 16:17 473520 ----a-w- c:\windows\SysWow64\deployJava1.dll
2003-03-19 02:20 . 2003-03-19 02:20 1060864 ----a-w- c:\program files (x86)\mfc71.dll
2003-03-19 02:12 . 2003-03-19 02:12 1047552 ----a-w- c:\program files (x86)\mfc71u.dll
2003-03-19 01:44 . 2003-03-19 01:44 57344 ----a-w- c:\program files (x86)\MFC71ENU.DLL
2003-03-19 01:44 . 2003-03-19 01:44 49152 ----a-w- c:\program files (x86)\MFC71KOR.DLL
2003-03-19 01:44 . 2003-03-19 01:44 61440 ----a-w- c:\program files (x86)\MFC71ITA.DLL
2003-03-19 01:44 . 2003-03-19 01:44 61440 ----a-w- c:\program files (x86)\MFC71ESP.DLL
2003-03-19 01:44 . 2003-03-19 01:44 45056 ----a-w- c:\program files (x86)\MFC71CHT.DLL
2003-03-19 01:44 . 2003-03-19 01:44 40960 ----a-w- c:\program files (x86)\MFC71CHS.DLL
2003-03-19 01:44 . 2003-03-19 01:44 65536 ----a-w- c:\program files (x86)\MFC71DEU.DLL
2003-03-19 01:44 . 2003-03-19 01:44 61440 ----a-w- c:\program files (x86)\MFC71FRA.DLL
2003-03-19 01:44 . 2003-03-19 01:44 49152 ----a-w- c:\program files (x86)\MFC71JPN.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-10-19 1316192]
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-10-19 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Pantech UTM Service;Pantech Service;c:\program files (x86)\PCD\Pantech\EUDL\UTM\PantechService.exe [2010-11-23 65536]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-13 17152]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 PTHSBUS;PANTECH Handset USB Composite Device Driver (UDP);c:\windows\system32\DRIVERS\PTHSBUS.sys [2010-04-01 70928]
R3 PTHSMDM;PANTECH Handset Drivers (UDP);c:\windows\system32\DRIVERS\PTHSMDM.sys [2010-04-01 184976]
R3 PTHSVSP;PANTECH Handset Diagnostic Serial Port (UDP);c:\windows\system32\DRIVERS\PTHSVSP.sys [2010-04-01 184976]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]
R4 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-11-03 69376]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-23 2152720]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-10-31 230416]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Don\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-09-05 14544]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2012-09-18 78648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2012-09-18 15160]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 70022068
*NewlyCreated* - 83318224
*Deregistered* - 70022068
*Deregistered* - 83318224
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:47]
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-09 14:42]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-09 14:42]
.
2010-11-11 c:\windows\Tasks\PDVDDXSrv.exe_20101110_215440_0928.job
- c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2010-11-11 01:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab
DPF: {9C3EFB8A-DC20-484B-B905-5E337A988C5D} - hxxp://74.92.80.6:89/LNetCam.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-70022068.sys
Toolbar-Locked - (no file)
HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-18 23:16:13
ComboFix-quarantined-files.txt 2013-03-19 03:16
.
Pre-Run: 787,918,856,192 bytes free
Post-Run: 787,642,826,752 bytes free
.
- - End Of File - - C538C57DEF7F5F9A88418C9A86E77794
***

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.18.15

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Don :: DON-PC [administrator]

3/18/2013 11:25:36 PM
mbam-log-2013-03-18 (23-25-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218907
Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
***
  • 0

#7
Don54
Posted 18 March 2013 - 09:59 PM

Don54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I also just noticed that when I click the right mouse button on an .exe file for the context menu, the command at the very top now reads: "%1" %*. This could be from before when I started having problems and couldn't run exe programs, I ran a reg merge file to rebuild the exe association.
  • 0

#8
Don54
Posted 18 March 2013 - 10:48 PM

Don54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Thanks for your help so far... will pick this up in the morning.
  • 0

#9
JSntgRvr
Posted 18 March 2013 - 10:51 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Open a command prompt. (Start->type CMD on the Search line->press Enter)

At the prompt copy and paste the following command and press Enter

Reg query HKEY_CLASSES_ROOT\exefile\shell /s >"%Userprofile%\desktop\Report.txt"

Type Exit and press Enter to return to Windows. A Report.txt will be produced on your desktop. Opened with Notepad and post its contents.
  • 0

#10
Don54
Posted 19 March 2013 - 07:12 AM

Don54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Good morning. Ran the reg query, log follows. Meanwhile will run ESET scan.

***

HKEY_CLASSES_ROOT\exefile\shell\open
EditFlags REG_BINARY 00000000
(Default) REG_SZ "%1" %*

HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*

HKEY_CLASSES_ROOT\exefile\shell\runas
HasLUAShield REG_SZ

HKEY_CLASSES_ROOT\exefile\shell\runas\command
(Default) REG_SZ "%1" %*
IsolatedCommand REG_SZ "%1" %*

HKEY_CLASSES_ROOT\exefile\shell\runasuser
(Default) REG_SZ @shell32.dll,-50944
Extended REG_SZ
SuppressionPolicyEx REG_SZ {F211AA05-D4DF-4370-A2A0-9F19C09756A7}

HKEY_CLASSES_ROOT\exefile\shell\runasuser\command
DelegateExecute REG_SZ {ea72d00e-4960-42fa-ba92-7792a7944c1d}
  • 0

Advertisements

#11
JSntgRvr
Posted 19 March 2013 - 09:58 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Try this .exe fix:

Extract its contents to the desktop. Open the folder and right click on the .reg file. Select Merge and confirm. Re-try after a restart and let me know the outcome.
  • 0

#12
Don54
Posted 19 March 2013 - 10:41 AM

Don54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Here is the result of the ESET scan - 11 items detected. Meanwhile I will run the exe reg merge.

***

# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 115253535 0 0
# scanned=636599
# found=11
# cleaned=0
# scan_time=10954
sh=1B9B1145335C36E3771B813C65EDACF7B0B45CCA ft=1 fh=69faa1891e30b55b vn="Win32/OpenCandy application" ac=I fn="C:\Documents and Settings\Don\Downloads\OrbitDownloaderSetup.exe"
sh=6EB1CB1D94A00DAF1FB91218B050FDCBA8436C03 ft=1 fh=4ee2e677a5bceddb vn="Win32/Joke.ScreenMate application" ac=I fn="C:\Documents and Settings\Don\Transferred Files\Removable Disk\Documents 10-18-09\Archived Downloads\cat.exe"
sh=7A941BFB5A066BFCA64F9E303094C1D212408ABD ft=1 fh=008ff51ea5872511 vn="a variant of Win32/Adware.Trymedia application" ac=I fn="C:\Documents and Settings\Don\Transferred Files\Removable Disk\Documents 10-18-09\Downloads\BeachHead2002-dm.exe"
sh=A5F6640AEC86D886FC7787CA04446DDBB59F1C9E ft=1 fh=755d50e842f97319 vn="Win32/OpenCandy application" ac=I fn="C:\Download\avc-free.exe"
sh=EFAC080A07CAB61A490E95196E20144DBB9559D4 ft=1 fh=374fcfb0d61be5f7 vn="multiple threats" ac=I fn="C:\Download\freeripmp3-setup.exe"
sh=ACB832AEC89467DFBD083ED618A9C2A24F87725F ft=1 fh=73872efc986f58cd vn="Win32/OpenCandy application" ac=I fn="C:\Download\OrbitSetup4.1.02.exe"
sh=7716E0269CC27533E9533C03FC610DF9687F4898 ft=1 fh=72814eb2e30c0010 vn="Win64/Olmarik.AY trojan" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\FE8F.tmp.vir"
sh=E07401BDE324618EAC27B34D4E0655259BAF25BB ft=1 fh=72814eb2bf04741a vn="Win64/Olmarik.AY trojan" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\FE90.tmp.vir"
sh=1B9B1145335C36E3771B813C65EDACF7B0B45CCA ft=1 fh=69faa1891e30b55b vn="Win32/OpenCandy application" ac=I fn="C:\Users\Don\Downloads\OrbitDownloaderSetup.exe"
sh=6EB1CB1D94A00DAF1FB91218B050FDCBA8436C03 ft=1 fh=4ee2e677a5bceddb vn="Win32/Joke.ScreenMate application" ac=I fn="C:\Users\Don\Transferred Files\Removable Disk\Documents 10-18-09\Archived Downloads\cat.exe"
sh=7A941BFB5A066BFCA64F9E303094C1D212408ABD ft=1 fh=008ff51ea5872511 vn="a variant of Win32/Adware.Trymedia application" ac=I fn="C:\Users\Don\Transferred Files\Removable Disk\Documents 10-18-09\Downloads\BeachHead2002-dm.exe"
  • 0

#13
Don54
Posted 19 March 2013 - 11:09 AM

Don54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Unfortunately the EXE reg fix did not work -- where it should read "Open" at the top of the menu when I right click on an .exe file, it still reads:"%1" %*
  • 0

#14
JSntgRvr
Posted 19 March 2013 - 11:42 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Download the enclosed file:

Save it next to Combofix.

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Security check

Download and run Security Check by screen317 and post its report.

Send me a screenshot of the Context Menu.

  • You can do this by pressing the PrintScreen key.
  • Then go to Start > All Programs > Accessories > Paint
  • In Paint, go up to Edit > Paste
  • Then Go up to File > Save As. Click the drop-down box to change the "Save As Type" to "JPEG", name it what you want, and save it on the desktop.
  • Then click Add Reply in this topic.
  • Scroll down to Attachments
  • Click the Browse button.
  • Locate the file you just saved, click on it, then click Open, then Attach This File.
  • Click Attach to Post.
  • Add a Reply

  • 0

#15
Don54
Posted 19 March 2013 - 12:53 PM

Don54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Here are the results of latest Combofix and Security Check. When running Combofix I received a dialog asking if I wanted to download a newer version which was available... I declined. Context menu screenshot attached.

***

ComboFix 13-03-17.01 - Don 03/19/2013 14:18:39.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6207 [GMT -4:00]
Running from: c:\users\Don\Desktop\ComboFix.exe
Command switches used :: c:\users\Don\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\documents and settings\Don\Downloads\OrbitDownloaderSetup.exe"
"c:\documents and settings\Don\Transferred Files\Removable Disk\Documents 10-18-09\Archived Downloads\cat.exe"
"c:\documents and settings\Don\Transferred Files\Removable Disk\Documents 10-18-09\Downloads\BeachHead2002-dm.exe"
"c:\download\avc-free.exe"
"c:\download\freeripmp3-setup.exe"
"c:\download\OrbitSetup4.1.02.exe"
"C:\FRST"
"c:\users\Don\Downloads\OrbitDownloaderSetup.exe"
"c:\users\Don\Transferred Files\Removable Disk\Documents 10-18-09\Archived Downloads\cat.exe"
"c:\users\Don\Transferred Files\Removable Disk\Documents 10-18-09\Downloads\BeachHead2002-dm.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\download\avc-free.exe
c:\download\freeripmp3-setup.exe
c:\download\OrbitSetup4.1.02.exe
c:\users\Don\Downloads\OrbitDownloaderSetup.exe
c:\users\Don\Transferred Files\Removable Disk\Documents 10-18-09\Archived Downloads\cat.exe
c:\users\Don\Transferred Files\Removable Disk\Documents 10-18-09\Downloads\BeachHead2002-dm.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 )))))))))))))))))))))))))))))))
.
.
2013-03-19 18:28 . 2013-03-19 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-19 13:15 . 2013-03-19 13:15 -------- d-----w- c:\program files (x86)\ESET
2013-03-18 17:56 . 2013-03-18 17:56 -------- d-----w- C:\FRST
2013-03-11 03:34 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89D694A6-A126-494D-8BE7-82BC9AE2F2F5}\mpengine.dll
2013-03-10 13:10 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-01 21:29 . 2013-03-01 21:29 -------- d-----w- c:\users\Don\AppData\Roaming\Jarte
2013-03-01 21:29 . 2013-03-01 21:29 -------- d-----w- c:\program files (x86)\Jarte
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 21:47 . 2012-04-03 03:34 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 21:47 . 2011-06-13 13:33 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-02 06:06 . 2013-02-02 06:06 53248 ----a-r- c:\users\Don\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-02-02 06:05 . 2010-12-26 05:13 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-01-30 10:53 . 2009-12-12 20:10 273840 ----a-w- c:\windows\system32\MpSigStub.exe
2013-01-15 21:56 . 2012-06-22 22:27 477616 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-15 21:56 . 2010-04-17 16:17 473520 ----a-w- c:\windows\SysWow64\deployJava1.dll
2003-03-19 02:20 . 2003-03-19 02:20 1060864 ----a-w- c:\program files (x86)\mfc71.dll
2003-03-19 02:12 . 2003-03-19 02:12 1047552 ----a-w- c:\program files (x86)\mfc71u.dll
2003-03-19 01:44 . 2003-03-19 01:44 57344 ----a-w- c:\program files (x86)\MFC71ENU.DLL
2003-03-19 01:44 . 2003-03-19 01:44 49152 ----a-w- c:\program files (x86)\MFC71KOR.DLL
2003-03-19 01:44 . 2003-03-19 01:44 61440 ----a-w- c:\program files (x86)\MFC71ITA.DLL
2003-03-19 01:44 . 2003-03-19 01:44 61440 ----a-w- c:\program files (x86)\MFC71ESP.DLL
2003-03-19 01:44 . 2003-03-19 01:44 45056 ----a-w- c:\program files (x86)\MFC71CHT.DLL
2003-03-19 01:44 . 2003-03-19 01:44 40960 ----a-w- c:\program files (x86)\MFC71CHS.DLL
2003-03-19 01:44 . 2003-03-19 01:44 65536 ----a-w- c:\program files (x86)\MFC71DEU.DLL
2003-03-19 01:44 . 2003-03-19 01:44 61440 ----a-w- c:\program files (x86)\MFC71FRA.DLL
2003-03-19 01:44 . 2003-03-19 01:44 49152 ----a-w- c:\program files (x86)\MFC71JPN.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-10-19 1316192]
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-10-19 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Pantech UTM Service;Pantech Service;c:\program files (x86)\PCD\Pantech\EUDL\UTM\PantechService.exe [2010-11-23 65536]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 PTHSBUS;PANTECH Handset USB Composite Device Driver (UDP);c:\windows\system32\DRIVERS\PTHSBUS.sys [2010-04-01 70928]
R3 PTHSMDM;PANTECH Handset Drivers (UDP);c:\windows\system32\DRIVERS\PTHSMDM.sys [2010-04-01 184976]
R3 PTHSVSP;PANTECH Handset Diagnostic Serial Port (UDP);c:\windows\system32\DRIVERS\PTHSVSP.sys [2010-04-01 184976]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1255736]
R4 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-11-03 69376]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-10-31 230416]
S2 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Don\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [2010-09-05 14544]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-23 2152720]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-13 17152]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2012-09-18 78648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2012-09-18 15160]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:47]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-09 14:42]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-09 14:42]
.
2010-11-11 c:\windows\Tasks\PDVDDXSrv.exe_20101110_215440_0928.job
- c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2010-11-11 01:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {72376E32-8AF2-473F-BE32-E5D0F39C865D} - hxxp://www.cyberlink.com/prog/win7/js/UpdateAdvisor.cab
DPF: {9C3EFB8A-DC20-484B-B905-5E337A988C5D} - hxxp://74.92.80.6:89/LNetCam.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-19 14:30:05
ComboFix-quarantined-files.txt 2013-03-19 18:30
ComboFix2.txt 2013-03-19 03:16
.
Pre-Run: 786,812,891,136 bytes free
Post-Run: 789,576,073,216 bytes free
.
- - End Of File - - 86074547C7DCE01C9705F9720E5150EE

***

Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Lavasoft Ad-Watch Live! Anti-Virus
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 39
Java version out of Date!
Adobe Reader 9
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Attached Thumbnails

  • Exe Context Menu.jpg

  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP