View Full Version : Zbot.gen!AP and Fraud.Fedexword
Hi,
I have been here a couple of times and you guys have done an amazing job walking me through the removal of stuff on my computer. I hope you can do it again! I will thank you in advance for your patience and help!
I have read through the "Before You Post" notes and am including what you need here. I seem to have a Win32/Zbot.gen!AP issue among other bugs and am very nervous about the status of my computer so here we go. One question I had about the aswMBR download was am I supposed to actually SCAN or just SAVE FILE with the small bit that showed up? I was afraid hit scan after reading through the notes. If so, I will resubmit that in next post.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.51.2
Run by The Arnolds at 19:00:34 on 2014-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.3681 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\My Dell\uaclauncher.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe -update activex
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\THEARN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2CD7CF38-6B63-4E45-8E8C-12C0DC71B922} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A39A604B-7C4A-4A39-99FE-D29B6FD237C6} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A39A604B-7C4A-4A39-99FE-D29B6FD237C6}\37072796E67637475656E6 : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.ancestry.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-12 55856]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-8 2279608]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-12 1692480]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-12 317440]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-9 327704]
R3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-12-9 6379288]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-12 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-16 22:59:35 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4403281-CB81-40B0-A551-9A9A1E9B5511}\mpengine.dll
2014-06-14 10:44:47 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-13 20:22:13 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5C29DE9-F4B6-4BE1-B2FB-876BDD32CD36}\gapaengine.dll
2014-06-11 08:05:59 722432 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-06-10 19:01:08 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-06-09 20:17:34 -------- d-----w- C:\Program Files\iPod
2014-06-09 20:17:33 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 20:17:33 -------- d-----w- C:\Program Files\iTunes
2014-06-09 20:17:33 -------- d-----w- C:\Program Files (x86)\iTunes
2014-05-27 16:54:49 -------- d-----w- C:\Users\The Arnolds\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-26 22:20:55 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-26 22:20:55 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 19:01:04.75 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-06-16 19:02:55
-----------------------------
19:02:55.791 OS Version: Windows x64 6.1.7601 Service Pack 1
19:02:55.791 Number of processors: 4 586 0x2A07
19:02:55.791 ComputerName: 2011 UserName:
19:02:58.042 Initialize success
19:04:46.714 AVAST engine defs: 14061601
19:06:19.234 The log file has been saved successfully to "C:\Users\The Arnolds\Desktop\aswMBR.txt"
LiquidTension
2014-06-17, 16:34
Hello mla34,
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
======================================================
Important: I have laid out some "ground rules" I would very much appreciate you follow. Please read through the points below, to ensure this process moves as quickly and efficiently as possible.
Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
Ensure you are subscribed to this topic to receive instant email notifications of my responses.
Please attempt to backup important documents before proceeding with my instructions.
If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
Topics are locked if no response is made after 5 days. Please inform me if you will require additional time to complete my instructions.
======================================================
Please be advised that I am currently in training at WhattheTech.com. My responses will need to be approved by a teaching expert at WhattheTech.com before I post in order to ensure you are receiving accurate instructions. I will return as soon as possible.
Thank you, Adam, for replying and helping me! Yes, by all means, use my first name, Maureen!
Before we start, I have to ask. Is it safe to be on my computer while it is infected? I have been coming here to post, then turn the computer off, but I don't know if that is necessary. I am not planning on doing any transactions or using websites that have sensitive information, but I do quite a bit of ancestry and wonder if it is okay to do that and check my email as well. I dug out the old laptop to use and have realized that it uses XP and now has no Microsoft Security Essentials on it. When it rains, it pours.
Anyway, let me know if I need to go back and scan with the aswMBR and send that log. Otherwise, I will wait to hear back from you before doing anything else. Thanks again for helping me!
Maureen
LiquidTension
2014-06-17, 21:56
Hi Maureen,
Is it safe to be on my computer while it is infected?
As you've already mentioned, I would advise against using this machine for online banking, or anything involving sensitive information. In the meantime, I suggest you (using a clean device) change the passwords for any accounts accessed on this machine recently. Minimizing the time this machine is connected to the Internet is a good idea - until clean, accessing your email, etc would be best on a different machine or device.
I dug out the old laptop to use and have realized that it uses XP and now has no Microsoft Security Essentials on it.
As Windows XP is no longer supported, I do no recommend connecting the machine to the Internet. I can provide information on the dangers of using XP later if you so wish.
I will return with instructions for you shortly!
Thanks, Adam. I will stay off the infected computer except to d/l and run whatever programs you need me to in order to assess the progress of the fix. As for the laptop, I will have to get the pics and documents off and pitch it as I highly doubt it will fit the requirements of Windows 8.1. Oh well, it has served us well.
Thanks for your help. I will wait for your next bit of instructions.
Maureen
LiquidTension
2014-06-19, 19:13
Hello Maureen,
Apologies for the delay. I would like you to rerun aswMBR (as instructed below), as well as the following programmes.
STEP 1
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan
Please download Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your desktop.
Right-Click FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply.
STEP 2
http://i.imgur.com/YARWD1t.png TDSSKiller Scan
Please download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save the file to your desktop.
Right-Click TDSSKiller.exe and select http://i.imgur.com/AVOiBNU.jpg] Run as administrator to run the programme.
Click Change parameters. Place a checkmark next to:
Loaded Modules
Detect TDLFS file system
Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
Click Start Scan.
Note: Do not use the computer during the scan.
If objects are found, change the action to skip.
Click Continue and close the window.
A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply.
STEP 3
http://i.imgur.com/aA7bkRO.png aswMBR
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Right-Click aswMBR.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
If you are prompted to download the latest anti-virus definitions from avast!, click Yes.
Click the AV Scan: drop down box and click C:\.
Click Scan.
Upon completion, you will see Scan finished successfully. Click Save log.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.
Note: Do NOT attempt to click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your desktop. Do NOT click or delete it.
======================================================
STEP 4
http://i.imgur.com/pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
FRST.txt
Addition.txt
TDSSKiller log
aswMBR log
Hi, Adam,
Here are the logs you requested. It won't send with all the logs so I am posted them in separate posts. Sorry. I will wait to hear back from you. Thanks!
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by The Arnolds (administrator) on 2011 on 19-06-2014 17:15:32
Running from C:\Users\The Arnolds\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2307240755-147757143-1248280979-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2307240755-147757143-1248280979-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\The Arnolds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM-x32 - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://search.chatzum.com/?q={searchTerms}
SearchScopes: HKLM-x32 - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YXxdm003YYus&ptb=D20CA6D2-67BB-4B16-B801-67AC3EF1A618&ind=2012012515&ptnrS=YXxdm003YYus&si=CPTN3LWH7K0CFQnd4AodmlJ97Q&n=77ecdfe3&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://search.chatzum.com/?q={searchTerms}
SearchScopes: HKLM-x32 - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YO^xdm135^YYA^us&si=314029&ptb=3AF0B5F2-5A43-4A18-8482-542E3287C45C&psa=&ind=2014012022&st=sb&n=780b6276&searchfor={searchTerms}
SearchScopes: HKCU - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL =
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default
FF Homepage: hxxp://home.ancestry.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: InboxAce - C:\Users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default\Extensions\1gffxtbr@InboxAce_1g.com [2014-06-05]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-30]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-30]
==================== Services (Whitelisted) =================
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S1 buddqjrj; \??\C:\Windows\system32\drivers\buddqjrj.sys [X]
S1 bxdjryrn; \??\C:\Windows\system32\drivers\bxdjryrn.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-19 17:15 - 2014-06-19 17:16 - 00015649 _____ () C:\Users\The Arnolds\Desktop\FRST.txt
2014-06-19 17:15 - 2014-06-19 17:15 - 00000000 ____D () C:\FRST
2014-06-19 17:14 - 2014-06-19 17:14 - 02082304 _____ (Farbar) C:\Users\The Arnolds\Desktop\FRST64.exe
2014-06-16 19:14 - 2014-06-16 19:14 - 00002728 _____ () C:\Users\The Arnolds\Desktop\aswMBR.zip
2014-06-16 19:06 - 2014-06-16 19:06 - 00000474 _____ () C:\Users\The Arnolds\Desktop\aswMBR.txt
2014-06-16 19:02 - 2014-06-16 19:02 - 04745728 _____ (AVAST Software) C:\Users\The Arnolds\Desktop\aswMBR.exe
2014-06-16 19:01 - 2014-06-16 19:01 - 00023616 _____ () C:\Users\The Arnolds\Desktop\dds.txt
2014-06-16 19:01 - 2014-06-16 19:01 - 00006293 _____ () C:\Users\The Arnolds\Desktop\attach.txt
2014-06-16 18:59 - 2014-06-16 18:59 - 00000000 ____D () C:\Windows\ERDNT
2014-06-16 18:58 - 2014-06-16 18:58 - 00000907 _____ () C:\Users\The Arnolds\Desktop\ERUNT.lnk
2014-06-16 18:58 - 2014-06-16 18:58 - 00000907 _____ () C:\Users\Greg\Desktop\ERUNT.lnk
2014-06-16 18:58 - 2014-06-16 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-16 18:58 - 2014-06-16 18:58 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-16 18:57 - 2014-06-16 18:57 - 00791393 _____ (Lars Hederer ) C:\Users\The Arnolds\Desktop\erunt-setup.exe
2014-06-16 18:54 - 2014-06-16 18:54 - 00791393 _____ (Lars Hederer ) C:\Users\The Arnolds\Downloads\erunt-setup.exe
2014-06-14 12:14 - 2014-06-14 12:14 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-06-14 09:40 - 2014-06-16 19:25 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Ymnaeh
2014-06-14 09:06 - 2014-06-14 09:06 - 00000000 ___RD () C:\Users\The Arnolds\Desktop\MySyncUPFiles
2014-06-14 08:36 - 2014-06-14 08:36 - 00000000 ____D () C:\Users\The Arnolds\Desktop\Artwork for Kids
2014-06-14 08:24 - 2014-06-14 08:24 - 00000000 ____D () C:\Users\Greg\Desktop\Carolyn
2014-06-14 05:48 - 2014-06-14 08:50 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Ucoxmeak
2014-06-14 01:50 - 2014-06-14 08:50 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Ogivxa
2014-06-13 21:52 - 2014-06-14 08:50 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Diimuvzi
2014-06-13 21:12 - 2014-06-14 06:32 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Untieci
2014-06-12 13:45 - 2014-06-14 06:32 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Foikuv
2014-06-12 11:34 - 2014-06-12 11:34 - 00068609 _____ () C:\Users\Greg\AppData\Local\eagrnepa
2014-06-12 11:33 - 2014-06-14 06:32 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Haciew
2014-06-11 04:06 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 04:06 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 04:06 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 04:06 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 04:06 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 04:06 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 04:06 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 04:06 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 04:06 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 04:06 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 04:06 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 04:06 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 04:06 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 04:06 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 04:06 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 04:06 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 04:06 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 04:06 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 04:06 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 04:06 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 04:06 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 04:06 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 04:06 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 04:06 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 04:06 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 04:06 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 04:06 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 04:06 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 04:06 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 04:06 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 04:06 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 04:06 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 04:06 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 04:06 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 04:06 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 04:06 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 04:06 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 04:06 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 04:05 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 04:05 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 04:05 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 04:05 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 04:05 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 04:05 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 04:05 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 04:05 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 04:05 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 04:05 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 04:05 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 04:05 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 04:05 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 04:05 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 04:05 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 04:05 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 04:05 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 04:05 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 04:05 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 04:05 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 04:05 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 04:05 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 04:05 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 04:05 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 04:05 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 04:05 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 04:05 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 04:05 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 15:01 - 2014-06-10 15:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-09 16:18 - 2014-06-09 16:18 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-09 16:18 - 2014-06-09 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-09 16:17 - 2014-06-09 16:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 16:17 - 2014-06-09 16:18 - 00000000 ____D () C:\Program Files\iTunes
2014-06-09 16:17 - 2014-06-09 16:18 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-09 16:17 - 2014-06-09 16:17 - 00000000 ____D () C:\Program Files\iPod
2014-05-27 12:54 - 2014-05-27 12:54 - 00000000 ____D () C:\Users\The Arnolds\AppData\Local\Macromedia
2014-05-22 11:03 - 2014-05-22 11:04 - 00000000 ____D () C:\Users\Greg\Documents\Outlook Files
2014-05-22 11:03 - 2014-05-22 11:03 - 00000000 ____D () C:\Users\Greg\AppData\Local\847DC36F-5174-4F14-9EED-6B7F679132CA.aplzod
2014-05-22 09:31 - 2014-05-22 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
==================== One Month Modified Files and Folders =======
2014-06-19 17:16 - 2014-06-19 17:15 - 00015649 _____ () C:\Users\The Arnolds\Desktop\FRST.txt
2014-06-19 17:15 - 2014-06-19 17:15 - 00000000 ____D () C:\FRST
2014-06-19 17:15 - 2011-10-12 08:12 - 01339780 _____ () C:\Windows\WindowsUpdate.log
2014-06-19 17:14 - 2014-06-19 17:14 - 02082304 _____ (Farbar) C:\Users\The Arnolds\Desktop\FRST64.exe
2014-06-19 17:12 - 2011-12-09 12:38 - 00000000 ____D () C:\Users\The Arnolds\AppData\Roaming\Skype
2014-06-19 17:12 - 2011-10-12 08:57 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-06-19 17:12 - 2011-10-12 08:57 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-06-19 17:12 - 2011-10-12 08:26 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-06-19 17:11 - 2013-07-10 20:19 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-19 17:11 - 2011-12-09 13:28 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-06-19 17:11 - 2010-11-20 23:47 - 00407122 _____ () C:\Windows\PFRO.log
2014-06-19 17:11 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-19 17:11 - 2009-07-14 00:51 - 00067954 _____ () C:\Windows\setupact.log
2014-06-17 15:31 - 2012-03-30 18:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-17 15:31 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-17 15:31 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-16 19:26 - 2011-12-01 16:16 - 00000000 ____D () C:\Users\The Arnolds\AppData\Local\VirtualStore
2014-06-16 19:25 - 2014-06-14 09:40 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Ymnaeh
2014-06-16 19:14 - 2014-06-16 19:14 - 00002728 _____ () C:\Users\The Arnolds\Desktop\aswMBR.zip
2014-06-16 19:06 - 2014-06-16 19:06 - 00000474 _____ () C:\Users\The Arnolds\Desktop\aswMBR.txt
2014-06-16 19:03 - 2012-01-14 15:42 - 00000000 ____D () C:\Users\The Arnolds\AppData\Local\Nero
2014-06-16 19:02 - 2014-06-16 19:02 - 04745728 _____ (AVAST Software) C:\Users\The Arnolds\Desktop\aswMBR.exe
2014-06-16 19:01 - 2014-06-16 19:01 - 00023616 _____ () C:\Users\The Arnolds\Desktop\dds.txt
2014-06-16 19:01 - 2014-06-16 19:01 - 00006293 _____ () C:\Users\The Arnolds\Desktop\attach.txt
2014-06-16 18:59 - 2014-06-16 18:59 - 00000000 ____D () C:\Windows\ERDNT
2014-06-16 18:58 - 2014-06-16 18:58 - 00000907 _____ () C:\Users\The Arnolds\Desktop\ERUNT.lnk
2014-06-16 18:58 - 2014-06-16 18:58 - 00000907 _____ () C:\Users\Greg\Desktop\ERUNT.lnk
2014-06-16 18:58 - 2014-06-16 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-16 18:58 - 2014-06-16 18:58 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-16 18:57 - 2014-06-16 18:57 - 00791393 _____ (Lars Hederer ) C:\Users\The Arnolds\Desktop\erunt-setup.exe
2014-06-16 18:57 - 2013-07-10 20:19 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-16 18:54 - 2014-06-16 18:54 - 00791393 _____ (Lars Hederer ) C:\Users\The Arnolds\Downloads\erunt-setup.exe
2014-06-14 12:14 - 2014-06-14 12:14 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-06-14 12:14 - 2014-03-09 12:43 - 00004954 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for 2011-Greg 2011
2014-06-14 12:14 - 2011-10-12 08:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-14 09:06 - 2014-06-14 09:06 - 00000000 ___RD () C:\Users\The Arnolds\Desktop\MySyncUPFiles
2014-06-14 09:02 - 2013-05-21 16:05 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-06-14 09:02 - 2011-12-09 13:28 - 00045976 _____ () C:\Windows\system32\lvcoinst.log
2014-06-14 08:50 - 2014-06-14 05:48 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Ucoxmeak
2014-06-14 08:50 - 2014-06-14 01:50 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Ogivxa
2014-06-14 08:50 - 2014-06-13 21:52 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Diimuvzi
2014-06-14 08:49 - 2011-12-13 09:12 - 00000000 ____D () C:\Users\The Arnolds\AppData\Roaming\SoftGrid Client
2014-06-14 08:45 - 2012-03-24 13:21 - 00000000 ____D () C:\Users\The Arnolds\Documents\genealogy
2014-06-14 08:44 - 2012-10-05 10:23 - 00000000 ____D () C:\Users\The Arnolds\Desktop\unused
2014-06-14 08:36 - 2014-06-14 08:36 - 00000000 ____D () C:\Users\The Arnolds\Desktop\Artwork for Kids
2014-06-14 08:24 - 2014-06-14 08:24 - 00000000 ____D () C:\Users\Greg\Desktop\Carolyn
2014-06-14 07:04 - 2012-06-18 15:20 - 00000000 ____D () C:\Users\Greg\AppData\Local\Nero
2014-06-14 06:42 - 2011-10-12 08:28 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-14 06:42 - 2011-10-12 08:28 - 00000000 ____D () C:\ProgramData\Skype
2014-06-14 06:32 - 2014-06-13 21:12 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Untieci
2014-06-14 06:32 - 2014-06-12 13:45 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Foikuv
2014-06-14 06:32 - 2014-06-12 11:33 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Haciew
2014-06-12 11:34 - 2014-06-12 11:34 - 00068609 _____ () C:\Users\Greg\AppData\Local\eagrnepa
2014-06-12 08:12 - 2013-11-12 18:42 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-12 07:55 - 2011-10-12 08:45 - 00000000 ____D () C:\ProgramData\Sonic
2014-06-12 03:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 03:19 - 2014-01-09 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 03:03 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:02 - 2011-12-09 18:02 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 15:01 - 2014-06-10 15:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-09 16:18 - 2014-06-09 16:18 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-09 16:18 - 2014-06-09 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-09 16:18 - 2014-06-09 16:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 16:18 - 2014-06-09 16:17 - 00000000 ____D () C:\Program Files\iTunes
2014-06-09 16:18 - 2014-06-09 16:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-09 16:17 - 2014-06-09 16:17 - 00000000 ____D () C:\Program Files\iPod
2014-06-08 05:13 - 2014-06-11 04:05 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-11 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 22:28 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 06:21 - 2014-06-11 04:05 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-11 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-11 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-11 04:05 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-11 04:05 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:39 - 2014-06-11 04:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:38 - 2014-06-11 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-11 04:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-11 04:05 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-11 04:05 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-11 04:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:21 - 2014-06-11 04:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:20 - 2014-06-11 04:05 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-11 04:06 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-11 04:05 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-11 04:05 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-11 04:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-11 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-11 04:06 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-11 04:05 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-11 04:05 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-11 04:05 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-11 04:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-11 04:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-11 04:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-11 04:06 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-11 04:06 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-11 04:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-11 04:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-11 04:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-11 04:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-11 04:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-11 04:06 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-11 04:05 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-11 04:05 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-11 04:06 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-11 04:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-11 04:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-11 04:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-11 04:06 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-11 04:05 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-11 04:05 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-11 04:06 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-11 04:05 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-11 04:06 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-11 04:05 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-11 04:06 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-11 04:06 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-11 04:05 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-11 04:06 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-11 04:05 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-11 04:05 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 00:12 - 2012-12-06 08:34 - 00000000 ____D () C:\Users\The Arnolds\AppData\Roaming\Apple Computer
2014-05-27 12:54 - 2014-05-27 12:54 - 00000000 ____D () C:\Users\The Arnolds\AppData\Local\Macromedia
2014-05-26 20:12 - 2012-06-22 13:38 - 00000000 ____D () C:\Users\The Arnolds\Documents\Recipes
2014-05-26 18:21 - 2011-12-01 17:29 - 00000000 ____D () C:\Users\The Arnolds\AppData\Local\Adobe
2014-05-26 18:20 - 2012-03-30 18:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-26 18:20 - 2012-03-30 18:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-26 18:20 - 2011-10-12 08:14 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-22 11:04 - 2014-05-22 11:03 - 00000000 ____D () C:\Users\Greg\Documents\Outlook Files
2014-05-22 11:03 - 2014-05-22 11:03 - 00000000 ____D () C:\Users\Greg\AppData\Local\847DC36F-5174-4F14-9EED-6B7F679132CA.aplzod
2014-05-22 11:03 - 2012-12-08 18:53 - 00000000 ____D () C:\Users\Greg\AppData\Local\Apple
2014-05-22 11:03 - 2012-12-05 16:09 - 00000000 ____D () C:\Users\Greg\AppData\Roaming\Apple Computer
2014-05-22 11:02 - 2012-12-05 16:09 - 00000000 ____D () C:\Users\Greg\AppData\Local\Apple Computer
2014-05-22 09:31 - 2014-05-22 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-05-22 09:30 - 2012-12-05 16:07 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-05-21 19:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
Files to move or delete:
====================
C:\Users\The Arnolds\jobq.dat
Some content of TEMP:
====================
C:\Users\The Arnolds\AppData\Local\Temp\jqweil5a.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-08 00:18
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014
Ran by The Arnolds at 2014-06-19 17:16:30
Running from C:\Users\The Arnolds\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4600 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
FamilySearch Indexing 3.11.0 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.11.0 - FamilySearch)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5 (HKLM\...\{1E1746EF-F5BF-4677-8F30-04FE399130DA}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20010 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_05_C4600_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.14900 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
==================== Restore Points =========================
07-06-2014 19:27:23 Windows Update
10-06-2014 20:21:07 Windows Update
12-06-2014 07:00:11 Windows Update
16-06-2014 22:58:57 Windows Update
==================== Hosts content: ==========================
2009-07-13 22:34 - 2012-04-16 09:42 - 00442669 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {49A290FF-113F-44E0-99D4-35CEC754443D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-10] (Google Inc.)
Task: {517241ED-C24A-4BF5-A069-04076654AEEA} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {53A49C41-48C3-4636-952A-EE308B1A92AA} - \Security Center Update - 2855993320 No Task File <==== ATTENTION
Task: {584CAE2E-A612-40E5-868C-48DD1FD45CC8} - System32\Tasks\{2CD8D41C-8923-4422-A94E-554C67A7733C} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {587DBF42-2B68-4196-AFB9-1861CA0C7A62} - \Security Center Update - 2142642058 No Task File <==== ATTENTION
Task: {602E62B3-0434-4C3E-A076-AA8C922DF28F} - \Security Center Update - 430648085 No Task File <==== ATTENTION
Task: {637A953F-D675-4575-BDB1-8024C78F3AC3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for 2011-Greg 2011 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-12] (Microsoft Corporation)
Task: {783E7ACB-0D10-4E61-90ED-BBDBC22FDB97} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {7D18245B-57A1-4C62-9CE0-78853CC89742} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {8142211D-2FAA-4ACF-BD4C-1A2BAF75182D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-26] (Adobe Systems Incorporated)
Task: {8CC07400-10E3-480A-993C-468828D5C9D0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-12] (Microsoft Corporation)
Task: {A520B0F6-144C-4F22-AD53-11AC95063C43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-10] (Google Inc.)
Task: {A7F8EF9D-4591-426E-A148-5B66C3493DD7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {B4BFD874-B65E-4E6B-A046-E5A039479898} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BB73F895-56A2-4E6C-AA6F-4401989E6989} - System32\Tasks\{C132595D-2BA6-44BE-98C5-8DCBDED0F80C} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {C42AE82E-A9C3-41AE-9CB8-686FA2E84F4E} - \Security Center Update - 2120148171 No Task File <==== ATTENTION
Task: {DC0BE39B-3027-4087-A94F-8F57D73D9494} - \Security Center Update - 2612136593 No Task File <==== ATTENTION
Task: {F9941DEB-9224-4E7A-ADCE-9F4D3BF50DED} - \Security Center Update - 3780038812 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-06-12 08:11 - 2014-06-12 08:11 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-08 10:24 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-10-12 09:52 - 2011-01-27 11:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2012-08-21 15:20 - 2012-08-21 15:20 - 00067496 _____ () C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
2011-10-12 08:26 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/19/2014 05:12:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/17/2014 03:34:00 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (06/17/2014 03:25:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 07:27:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 06:58:27 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (06/16/2014 06:50:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/14/2014 00:13:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/14/2014 00:09:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/14/2014 00:01:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: imhoma.exe, version: 0.13.9573.53145, time stamp: 0x5349a356
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x005c5009
Faulting process id: 0x2b90
Faulting application start time: 0ximhoma.exe0
Faulting application path: imhoma.exe1
Faulting module path: imhoma.exe2
Report Id: imhoma.exe3
Error: (06/14/2014 11:43:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: imhoma.exe, version: 0.13.9573.53145, time stamp: 0x5349a356
Faulting module name: Flash32_13_0_0_214.ocx, version: 13.0.0.214, time stamp: 0x5359c422
Exception code: 0xc0000005
Fault offset: 0x001b932c
Faulting process id: 0x32d4
Faulting application start time: 0ximhoma.exe0
Faulting application path: imhoma.exe1
Faulting module path: imhoma.exe2
Report Id: imhoma.exe3
System errors:
=============
Error: (06/19/2014 05:10:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error: (06/19/2014 05:07:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error: (06/19/2014 05:07:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (06/19/2014 05:07:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error: (06/16/2014 07:40:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Process Monitor service terminated with the following error:
%%110
Error: (06/16/2014 07:40:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error:
%%1062
Error: (06/16/2014 07:40:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1115
Error: (06/16/2014 07:40:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error:
%%1069
Error: (06/16/2014 07:40:43 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error:
%%1352
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (06/16/2014 07:40:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error:
%%1069
Microsoft Office Sessions:
=========================
Error: (06/19/2014 05:12:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/17/2014 03:34:00 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (06/17/2014 03:25:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 07:27:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 06:58:27 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (06/16/2014 06:50:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/14/2014 00:13:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/14/2014 00:09:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/14/2014 00:01:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: imhoma.exe0.13.9573.531455349a356Flash32_13_0_0_214.ocx13.0.0.2145359c422c0000005005c50092b9001cf87e9b487084cC:\Users\Greg\AppData\Roaming\Ymnaeh\imhoma.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocx360bb9b4-f3dd-11e3-a521-d067e51d414b
Error: (06/14/2014 11:43:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: imhoma.exe0.13.9573.531455349a356Flash32_13_0_0_214.ocx13.0.0.2145359c422c0000005001b932c32d401cf87e7634b8539C:\Users\Greg\AppData\Roaming\Ymnaeh\imhoma.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_13_0_0_214.ocxb305833d-f3da-11e3-a521-d067e51d414b
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 6056.63 MB
Available physical RAM: 3522.89 MB
Total Pagefile: 12111.44 MB
Available Pagefile: 9370.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:804.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 31547343)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)
==================== End Of Log ============================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.51.2
Run by The Arnolds at 19:00:34 on 2014-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.3681 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\My Dell\uaclauncher.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe -update activex
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\THEARN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2CD7CF38-6B63-4E45-8E8C-12C0DC71B922} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A39A604B-7C4A-4A39-99FE-D29B6FD237C6} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A39A604B-7C4A-4A39-99FE-D29B6FD237C6}\37072796E67637475656E6 : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.ancestry.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-10-12 55856]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-8 2279608]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-10-12 1692480]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-10-12 317440]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-12-9 327704]
R3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-12-9 6379288]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-12 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-16 22:59:35 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4403281-CB81-40B0-A551-9A9A1E9B5511}\mpengine.dll
2014-06-14 10:44:47 10702536 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-13 20:22:13 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5C29DE9-F4B6-4BE1-B2FB-876BDD32CD36}\gapaengine.dll
2014-06-11 08:05:59 722432 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-06-10 19:01:08 93808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-06-09 20:17:34 -------- d-----w- C:\Program Files\iPod
2014-06-09 20:17:33 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 20:17:33 -------- d-----w- C:\Program Files\iTunes
2014-06-09 20:17:33 -------- d-----w- C:\Program Files (x86)\iTunes
2014-05-27 16:54:49 -------- d-----w- C:\Users\The Arnolds\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-26 22:20:55 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-26 22:20:55 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 19:01:04.75 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-06-16 19:02:55
-----------------------------
19:02:55.791 OS Version: Windows x64 6.1.7601 Service Pack 1
19:02:55.791 Number of processors: 4 586 0x2A07
19:02:55.791 ComputerName: 2011 UserName:
19:02:58.042 Initialize success
19:04:46.714 AVAST engine defs: 14061601
19:06:19.234 The log file has been saved successfully to "C:\Users\The Arnolds\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-06-19 17:34:27
-----------------------------
17:34:27.786 OS Version: Windows x64 6.1.7601 Service Pack 1
17:34:27.786 Number of processors: 4 586 0x2A07
17:34:27.786 ComputerName: 2011 UserName:
17:34:29.798 Initialize success
17:36:01.163 AVAST engine defs: 14061901
17:36:33.056 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:36:33.066 Disk 0 Vendor: ST31000524AS JC47 Size: 953869MB BusType: 3
17:36:33.176 Disk 0 MBR read successfully
17:36:33.176 Disk 0 MBR scan
17:36:33.186 Disk 0 Windows VISTA default MBR code
17:36:33.186 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
17:36:33.196 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15166 MB offset 81920
17:36:33.216 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938662 MB offset 31141888
17:36:33.236 Disk 0 scanning C:\Windows\system32\drivers
17:36:44.268 Service scanning
17:37:01.092 Modules scanning
17:37:01.092 Disk 0 trace - called modules:
17:37:01.122 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
17:37:01.122 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800658b060]
17:37:01.132 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800620d520]
17:37:01.132 5 ACPI.sys[fffff88000d7d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800620f060]
17:37:02.432 AVAST engine scan C:\
19:57:02.865 Scan finished successfully
19:58:37.465 Disk 0 MBR has been saved successfully to "C:\Users\The Arnolds\Desktop\MBR.dat"
19:58:37.465 The log file has been saved successfully to "C:\Users\The Arnolds\Desktop\aswMBR.txt"
LiquidTension
2014-06-20, 03:21
Hi Maureen,
Using multiple posts was indeed the right thing to do. Thank you. However, it looks as if you've accidently posted the DDS log again. Please double-check my previous post, and run TDSSKiller from STEP 2.
I will return afterwards with instructions. :)
Hi, Adam,
Sorry about that. When the post wouldn't go through I started again and I chose the wrong file to send you. So sorry! Here it is.
It still won't all send at once so I am splitting the log into a few parts. Hope that is ok.
07:43:39.0496 0x1450 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
07:43:39.0871 0x1450 ============================================================
07:43:39.0871 0x1450 Current date / time: 2014/06/20 07:43:39.0871
07:43:39.0871 0x1450 SystemInfo:
07:43:39.0871 0x1450
07:43:39.0871 0x1450 OS Version: 6.1.7601 ServicePack: 1.0
07:43:39.0871 0x1450 Product type: Workstation
07:43:39.0871 0x1450 ComputerName: 2011
07:43:39.0871 0x1450 UserName: The Arnolds
07:43:39.0871 0x1450 Windows directory: C:\Windows
07:43:39.0871 0x1450 System windows directory: C:\Windows
07:43:39.0871 0x1450 Running under WOW64
07:43:39.0871 0x1450 Processor architecture: Intel x64
07:43:39.0871 0x1450 Number of processors: 4
07:43:39.0871 0x1450 Page size: 0x1000
07:43:39.0871 0x1450 Boot type: Normal boot
07:43:39.0871 0x1450 ============================================================
07:43:39.0871 0x1450 BG loaded
07:43:40.0963 0x1450 System UUID: {DB64B4B6-7ACB-047C-326E-9A1B48D3B138}
07:43:43.0279 0x1450 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:43:43.0319 0x1450 ============================================================
07:43:43.0319 0x1450 \Device\Harddisk0\DR0:
07:43:43.0339 0x1450 MBR partitions:
07:43:43.0339 0x1450 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D9F000
07:43:43.0339 0x1450 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB3000, BlocksNum 0x72953000
07:43:43.0339 0x1450 ============================================================
07:43:43.0449 0x1450 C: <-> \Device\Harddisk0\DR0\Partition2
07:43:43.0459 0x1450 ============================================================
07:43:43.0459 0x1450 Initialize success
07:43:43.0459 0x1450 ============================================================
07:43:55.0209 0x18d8 ============================================================
07:43:55.0209 0x18d8 Scan started
07:43:55.0209 0x18d8 Mode: Manual; TDLFS;
07:43:55.0209 0x18d8 ============================================================
07:43:55.0209 0x18d8 KSN ping started
07:43:57.0881 0x18d8 KSN ping finished: true
07:44:10.0954 0x18d8 ================ Scan system memory ========================
07:44:10.0954 0x18d8 System memory - ok
07:44:10.0954 0x18d8 ================ Scan services =============================
07:44:11.0214 0x18d8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:44:11.0224 0x18d8 1394ohci - ok
07:44:11.0254 0x18d8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:44:11.0264 0x18d8 ACPI - ok
07:44:11.0274 0x18d8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:44:11.0274 0x18d8 AcpiPmi - ok
07:44:11.0414 0x18d8 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:44:11.0414 0x18d8 AdobeARMservice - ok
07:44:11.0564 0x18d8 [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:44:11.0584 0x18d8 AdobeFlashPlayerUpdateSvc - ok
07:44:11.0624 0x18d8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
07:44:11.0644 0x18d8 adp94xx - ok
07:44:11.0684 0x18d8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
07:44:11.0694 0x18d8 adpahci - ok
07:44:11.0704 0x18d8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
07:44:11.0714 0x18d8 adpu320 - ok
07:44:11.0744 0x18d8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:44:11.0744 0x18d8 AeLookupSvc - ok
07:44:11.0804 0x18d8 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
07:44:11.0814 0x18d8 AFD - ok
07:44:11.0844 0x18d8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
07:44:11.0844 0x18d8 agp440 - ok
07:44:11.0864 0x18d8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
07:44:11.0864 0x18d8 ALG - ok
07:44:11.0894 0x18d8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
07:44:11.0894 0x18d8 aliide - ok
07:44:11.0934 0x18d8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
07:44:11.0944 0x18d8 amdide - ok
07:44:11.0964 0x18d8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
07:44:11.0964 0x18d8 AmdK8 - ok
07:44:11.0984 0x18d8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
07:44:11.0984 0x18d8 AmdPPM - ok
07:44:12.0014 0x18d8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:44:12.0014 0x18d8 amdsata - ok
07:44:12.0024 0x18d8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
07:44:12.0034 0x18d8 amdsbs - ok
07:44:12.0044 0x18d8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:44:12.0044 0x18d8 amdxata - ok
07:44:12.0054 0x18d8 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
07:44:12.0064 0x18d8 AppID - ok
07:44:12.0074 0x18d8 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:44:12.0074 0x18d8 AppIDSvc - ok
07:44:12.0104 0x18d8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
07:44:12.0114 0x18d8 Appinfo - ok
07:44:12.0214 0x18d8 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:44:12.0214 0x18d8 Apple Mobile Device - ok
07:44:12.0224 0x18d8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
07:44:12.0234 0x18d8 arc - ok
07:44:12.0244 0x18d8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
07:44:12.0254 0x18d8 arcsas - ok
07:44:12.0354 0x18d8 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:44:12.0404 0x18d8 aspnet_state - ok
07:44:12.0424 0x18d8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:44:12.0424 0x18d8 AsyncMac - ok
07:44:12.0454 0x18d8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
07:44:12.0454 0x18d8 atapi - ok
07:44:12.0555 0x18d8 [ 96ABF88241F90FF647E55C934C55C2F1, DC9EBDD132BC6A1A79A768C575C962B19DB9805C490F926BE8D4804164A2CD7F ] athr C:\Windows\system32\DRIVERS\athrx.sys
07:44:12.0595 0x18d8 athr - ok
07:44:12.0655 0x18d8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:44:12.0665 0x18d8 AudioEndpointBuilder - ok
07:44:12.0805 0x18d8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:44:12.0815 0x18d8 AudioSrv - ok
07:44:12.0865 0x18d8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:44:12.0865 0x18d8 AxInstSV - ok
07:44:12.0895 0x18d8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
07:44:12.0905 0x18d8 b06bdrv - ok
07:44:12.0945 0x18d8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:44:12.0945 0x18d8 b57nd60a - ok
07:44:12.0965 0x18d8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
07:44:12.0975 0x18d8 BDESVC - ok
07:44:12.0975 0x18d8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
07:44:12.0975 0x18d8 Beep - ok
07:44:13.0005 0x18d8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
07:44:13.0015 0x18d8 BFE - ok
07:44:13.0055 0x18d8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
07:44:13.0075 0x18d8 BITS - ok
07:44:13.0095 0x18d8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:44:13.0095 0x18d8 blbdrive - ok
07:44:13.0195 0x18d8 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:44:13.0205 0x18d8 Bonjour Service - ok
07:44:13.0255 0x18d8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:44:13.0255 0x18d8 bowser - ok
07:44:13.0295 0x18d8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
07:44:13.0315 0x18d8 BrFiltLo - ok
07:44:13.0335 0x18d8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
07:44:13.0335 0x18d8 BrFiltUp - ok
07:44:13.0365 0x18d8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
07:44:13.0375 0x18d8 Browser - ok
07:44:13.0435 0x18d8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:44:13.0475 0x18d8 Brserid - ok
07:44:13.0495 0x18d8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:44:13.0495 0x18d8 BrSerWdm - ok
07:44:13.0505 0x18d8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:44:13.0505 0x18d8 BrUsbMdm - ok
07:44:13.0525 0x18d8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:44:13.0525 0x18d8 BrUsbSer - ok
07:44:13.0535 0x18d8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
07:44:13.0545 0x18d8 BTHMODEM - ok
07:44:13.0575 0x18d8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
07:44:13.0575 0x18d8 bthserv - ok
07:44:13.0605 0x18d8 buddqjrj - ok
07:44:13.0625 0x18d8 bxdjryrn - ok
07:44:13.0645 0x18d8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:44:13.0645 0x18d8 cdfs - ok
07:44:13.0655 0x18d8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:44:13.0665 0x18d8 cdrom - ok
07:44:13.0685 0x18d8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
07:44:13.0685 0x18d8 CertPropSvc - ok
07:44:13.0705 0x18d8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
07:44:13.0705 0x18d8 circlass - ok
07:44:13.0725 0x18d8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
07:44:13.0735 0x18d8 CLFS - ok
07:44:14.0355 0x18d8 [ 6FBAED1D15BF7FE648CE0888F8DA034D, B593937DF1A00306816D19D4CBE8F253D6C24E22FF0AE1B88784CB7CC9AA6AB7 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
07:44:14.0385 0x18d8 ClickToRunSvc - ok
07:44:14.0575 0x18d8 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:44:14.0605 0x18d8 clr_optimization_v2.0.50727_32 - ok
07:44:14.0635 0x18d8 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:44:14.0645 0x18d8 clr_optimization_v2.0.50727_64 - ok
07:44:14.0705 0x18d8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:44:14.0805 0x18d8 clr_optimization_v4.0.30319_32 - ok
07:44:14.0825 0x18d8 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:44:14.0835 0x18d8 clr_optimization_v4.0.30319_64 - ok
07:44:14.0865 0x18d8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
07:44:14.0865 0x18d8 CmBatt - ok
07:44:14.0885 0x18d8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:44:14.0895 0x18d8 cmdide - ok
07:44:14.0925 0x18d8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
07:44:14.0945 0x18d8 CNG - ok
07:44:15.0015 0x18d8 [ 5C855932E4DF00B1B6F5F6F57E82B6C5, 6E33BC6E079E883837DA7E625DDFC71A3757B9F15C97A46D405823E1FE45932C ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
07:44:15.0035 0x18d8 CnxtHdAudService - ok
07:44:15.0045 0x18d8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
07:44:15.0065 0x18d8 Compbatt - ok
07:44:15.0085 0x18d8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
07:44:15.0085 0x18d8 CompositeBus - ok
07:44:15.0095 0x18d8 COMSysApp - ok
07:44:15.0185 0x18d8 [ F08C6020E57F5E5BF2FD034DB10BEDFB, 288EA64A57057EAD135685F2C46CA53BA0319EA28B7B7A2ECBE29E50ED807FCA ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
07:44:15.0205 0x18d8 cphs - ok
07:44:15.0215 0x18d8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
07:44:15.0215 0x18d8 crcdisk - ok
07:44:15.0275 0x18d8 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:44:15.0275 0x18d8 CryptSvc - ok
07:44:15.0385 0x18d8 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
07:44:15.0395 0x18d8 cvhsvc - ok
07:44:15.0435 0x18d8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:44:15.0445 0x18d8 DcomLaunch - ok
07:44:15.0475 0x18d8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
07:44:15.0475 0x18d8 defragsvc - ok
07:44:15.0485 0x18d8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:44:15.0485 0x18d8 DfsC - ok
07:44:15.0505 0x18d8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
07:44:15.0505 0x18d8 Dhcp - ok
07:44:15.0515 0x18d8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
07:44:15.0515 0x18d8 discache - ok
07:44:15.0535 0x18d8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
07:44:15.0535 0x18d8 Disk - ok
07:44:15.0565 0x18d8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:44:15.0575 0x18d8 Dnscache - ok
07:44:15.0615 0x18d8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
07:44:15.0625 0x18d8 dot3svc - ok
07:44:15.0675 0x18d8 [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
07:44:15.0675 0x18d8 Dot4 - ok
07:44:15.0725 0x18d8 [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
07:44:15.0725 0x18d8 Dot4Print - ok
07:44:15.0745 0x18d8 [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
07:44:15.0755 0x18d8 dot4usb - ok
07:44:15.0765 0x18d8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
07:44:15.0775 0x18d8 DPS - ok
07:44:15.0815 0x18d8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:44:15.0815 0x18d8 drmkaud - ok
07:44:16.0015 0x18d8 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:44:16.0035 0x18d8 DXGKrnl - ok
07:44:16.0075 0x18d8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
07:44:16.0075 0x18d8 EapHost - ok
07:44:16.0676 0x18d8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
07:44:16.0796 0x18d8 ebdrv - ok
07:44:16.0886 0x18d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
07:44:16.0886 0x18d8 EFS - ok
07:44:16.0946 0x18d8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:44:16.0966 0x18d8 ehRecvr - ok
07:44:16.0996 0x18d8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
07:44:17.0016 0x18d8 ehSched - ok
07:44:17.0176 0x18d8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
07:44:17.0226 0x18d8 elxstor - ok
07:44:17.0246 0x18d8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:44:17.0246 0x18d8 ErrDev - ok
07:44:17.0316 0x18d8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
07:44:17.0326 0x18d8 EventSystem - ok
07:44:17.0386 0x18d8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
07:44:17.0396 0x18d8 exfat - ok
07:44:17.0406 0x18d8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:44:17.0416 0x18d8 fastfat - ok
07:44:17.0466 0x18d8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
07:44:17.0476 0x18d8 Fax - ok
07:44:17.0486 0x18d8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
07:44:17.0496 0x18d8 fdc - ok
07:44:17.0516 0x18d8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
07:44:17.0516 0x18d8 fdPHost - ok
07:44:17.0536 0x18d8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
07:44:17.0536 0x18d8 FDResPub - ok
07:44:17.0546 0x18d8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:44:17.0556 0x18d8 FileInfo - ok
07:44:17.0556 0x18d8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:44:17.0566 0x18d8 Filetrace - ok
07:44:17.0576 0x18d8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
07:44:17.0576 0x18d8 flpydisk - ok
07:44:17.0596 0x18d8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:44:17.0596 0x18d8 FltMgr - ok
07:44:17.0676 0x18d8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
07:44:17.0696 0x18d8 FontCache - ok
07:44:17.0826 0x18d8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:44:17.0846 0x18d8 FontCache3.0.0.0 - ok
07:44:17.0866 0x18d8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:44:17.0876 0x18d8 FsDepends - ok
07:44:17.0896 0x18d8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:44:17.0906 0x18d8 Fs_Rec - ok
07:44:17.0956 0x18d8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:44:17.0976 0x18d8 fvevol - ok
07:44:17.0996 0x18d8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
07:44:18.0066 0x18d8 gagp30kx - ok
07:44:18.0096 0x18d8 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:44:18.0096 0x18d8 GEARAspiWDM - ok
07:44:18.0216 0x18d8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
07:44:18.0226 0x18d8 gpsvc - ok
07:44:18.0366 0x18d8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:44:18.0366 0x18d8 gupdate - ok
07:44:18.0496 0x18d8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:44:18.0496 0x18d8 gupdatem - ok
07:44:18.0526 0x18d8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:44:18.0576 0x18d8 hcw85cir - ok
07:44:18.0596 0x18d8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
07:44:18.0616 0x18d8 HDAudBus - ok
07:44:18.0626 0x18d8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
07:44:18.0656 0x18d8 HidBatt - ok
07:44:18.0676 0x18d8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
07:44:18.0706 0x18d8 HidBth - ok
07:44:18.0736 0x18d8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
07:44:18.0756 0x18d8 HidIr - ok
07:44:18.0776 0x18d8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
07:44:18.0786 0x18d8 hidserv - ok
07:44:18.0826 0x18d8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
07:44:18.0826 0x18d8 HidUsb - ok
07:44:18.0886 0x18d8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:44:18.0896 0x18d8 hkmsvc - ok
07:44:18.0916 0x18d8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:44:18.0916 0x18d8 HomeGroupListener - ok
07:44:18.0946 0x18d8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:44:18.0946 0x18d8 HomeGroupProvider - ok
07:44:19.0236 0x18d8 [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
07:44:19.0246 0x18d8 hpqcxs08 - ok
07:44:19.0296 0x18d8 [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
07:44:19.0306 0x18d8 hpqddsvc - ok
07:44:19.0326 0x18d8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:44:19.0326 0x18d8 HpSAMD - ok
07:44:19.0356 0x18d8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:44:19.0366 0x18d8 HTTP - ok
07:44:19.0406 0x18d8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:44:19.0426 0x18d8 hwpolicy - ok
07:44:19.0456 0x18d8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:44:19.0456 0x18d8 i8042prt - ok
07:44:19.0486 0x18d8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:44:19.0496 0x18d8 iaStorV - ok
07:44:19.0656 0x18d8 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:44:19.0716 0x18d8 idsvc - ok
07:44:19.0736 0x18d8 IEEtwCollectorService - ok
07:44:21.0046 0x18d8 [ 371D7F91C0D2314EB984A4A6CBEABC92, DD4B04308596C1E6C75B8772D4421137F3A83285DBCFD4DF54166D2B0B45A317 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
07:44:21.0256 0x18d8 igfx - ok
07:44:21.0306 0x18d8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
07:44:21.0316 0x18d8 iirsp - ok
07:44:21.0376 0x18d8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
07:44:21.0396 0x18d8 IKEEXT - ok
07:44:21.0436 0x18d8 [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
07:44:21.0436 0x18d8 IntcDAud - ok
07:44:21.0476 0x18d8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
07:44:21.0496 0x18d8 intelide - ok
07:44:21.0526 0x18d8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:44:21.0526 0x18d8 intelppm - ok
07:44:21.0616 0x18d8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:44:21.0646 0x18d8 IPBusEnum - ok
07:44:21.0666 0x18d8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:44:21.0676 0x18d8 IpFilterDriver - ok
07:44:21.0726 0x18d8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:44:21.0746 0x18d8 iphlpsvc - ok
07:44:21.0776 0x18d8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:44:21.0786 0x18d8 IPMIDRV - ok
07:44:21.0806 0x18d8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:44:21.0816 0x18d8 IPNAT - ok
07:44:22.0066 0x18d8 [ 835FC2EA0631B734BB06C12B0665F01D, B8A8B0148C6C3AFC40835B44E3D6508CB9EEE8AC430A7904711C8B51C2116A8D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:44:22.0086 0x18d8 iPod Service - ok
07:44:22.0136 0x18d8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:44:22.0136 0x18d8 IRENUM - ok
07:44:22.0156 0x18d8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:44:22.0156 0x18d8 isapnp - ok
07:44:22.0216 0x18d8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:44:22.0226 0x18d8 iScsiPrt - ok
07:44:22.0256 0x18d8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:44:22.0256 0x18d8 kbdclass - ok
07:44:22.0276 0x18d8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:44:22.0276 0x18d8 kbdhid - ok
07:44:22.0286 0x18d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
07:44:22.0286 0x18d8 KeyIso - ok
07:44:22.0316 0x18d8 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:44:22.0326 0x18d8 KSecDD - ok
07:44:22.0356 0x18d8 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:44:22.0356 0x18d8 KSecPkg - ok
07:44:22.0366 0x18d8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:44:22.0366 0x18d8 ksthunk - ok
07:44:22.0436 0x18d8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
07:44:22.0446 0x18d8 KtmRm - ok
07:44:22.0496 0x18d8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
07:44:22.0496 0x18d8 LanmanServer - ok
07:44:22.0516 0x18d8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:44:22.0526 0x18d8 LanmanWorkstation - ok
07:44:22.0536 0x18d8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:44:22.0536 0x18d8 lltdio - ok
07:44:22.0636 0x18d8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:44:22.0686 0x18d8 lltdsvc - ok
07:44:22.0696 0x18d8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:44:22.0696 0x18d8 lmhosts - ok
07:44:22.0756 0x18d8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
07:44:22.0766 0x18d8 LSI_FC - ok
07:44:22.0776 0x18d8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
07:44:22.0776 0x18d8 LSI_SAS - ok
07:44:22.0786 0x18d8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
07:44:22.0786 0x18d8 LSI_SAS2 - ok
07:44:22.0796 0x18d8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
07:44:22.0796 0x18d8 LSI_SCSI - ok
07:44:22.0816 0x18d8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
07:44:22.0826 0x18d8 luafv - ok
07:44:22.0856 0x18d8 [ DED333DBDBBCC3555A6E6244522E2F1A, 6909875090A9013685BA16EAAC666C173F138F0AF7172A40E746E6EFDE02D133 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
07:44:22.0856 0x18d8 LVPr2M64 - ok
07:44:22.0866 0x18d8 [ DED333DBDBBCC3555A6E6244522E2F1A, 6909875090A9013685BA16EAAC666C173F138F0AF7172A40E746E6EFDE02D133 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
07:44:22.0866 0x18d8 LVPr2Mon - ok
07:44:22.0906 0x18d8 [ A35679E56E78091E1042A2D7ADBF2958, F2282B697DCDD5767F65D99FEA374D3757C6133D42BD5A9C582C217619213290 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
07:44:22.0906 0x18d8 LVPrcS64 - ok
07:44:22.0946 0x18d8 [ 986C1CB787A007BAA5F74E7D316D7246, 8846D5FF09A669816F57C98507FBCBE60F770B22BC784269765E46B36EE38D9D ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
07:44:22.0956 0x18d8 LVRS64 - ok
07:44:23.0346 0x18d8 [ 5747BC465ABEA2858C5D037252AED84E, 1D62E05ED1D3265FEFDD02C8653B2901B05994091F1D417632E2FBF053C5D451 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
07:44:23.0436 0x18d8 LVUVC64 - ok
07:44:23.0497 0x18d8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:44:23.0517 0x18d8 Mcx2Svc - ok
07:44:23.0547 0x18d8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
07:44:23.0547 0x18d8 megasas - ok
07:44:23.0577 0x18d8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
07:44:23.0587 0x18d8 MegaSR - ok
07:44:23.0627 0x18d8 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
07:44:23.0627 0x18d8 MEIx64 - ok
07:44:23.0647 0x18d8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
07:44:23.0647 0x18d8 MMCSS - ok
07:44:23.0657 0x18d8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
07:44:23.0657 0x18d8 Modem - ok
07:44:23.0697 0x18d8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:44:23.0697 0x18d8 monitor - ok
07:44:23.0737 0x18d8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:44:23.0737 0x18d8 mouclass - ok
07:44:23.0757 0x18d8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:44:23.0757 0x18d8 mouhid - ok
07:44:23.0777 0x18d8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:44:23.0777 0x18d8 mountmgr - ok
07:44:23.0887 0x18d8 [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:44:23.0917 0x18d8 MozillaMaintenance - ok
07:44:23.0967 0x18d8 [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
07:44:23.0977 0x18d8 MpFilter - ok
07:44:24.0017 0x18d8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
07:44:24.0037 0x18d8 mpio - ok
07:44:24.0067 0x18d8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:44:24.0067 0x18d8 mpsdrv - ok
07:44:24.0237 0x18d8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:44:24.0247 0x18d8 MpsSvc - ok
07:44:24.0307 0x18d8 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:44:24.0327 0x18d8 MRxDAV - ok
07:44:24.0347 0x18d8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:44:24.0357 0x18d8 mrxsmb - ok
07:44:24.0407 0x18d8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:44:24.0407 0x18d8 mrxsmb10 - ok
07:44:24.0417 0x18d8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:44:24.0427 0x18d8 mrxsmb20 - ok
07:44:24.0457 0x18d8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
07:44:24.0477 0x18d8 msahci - ok
07:44:24.0497 0x18d8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:44:24.0507 0x18d8 msdsm - ok
07:44:24.0527 0x18d8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
07:44:24.0537 0x18d8 MSDTC - ok
07:44:24.0557 0x18d8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:44:24.0567 0x18d8 Msfs - ok
07:44:24.0587 0x18d8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:44:24.0587 0x18d8 mshidkmdf - ok
07:44:24.0617 0x18d8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:44:24.0617 0x18d8 msisadrv - ok
07:44:24.0647 0x18d8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:44:24.0647 0x18d8 MSiSCSI - ok
07:44:24.0657 0x18d8 msiserver - ok
07:44:24.0667 0x18d8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:44:24.0667 0x18d8 MSKSSRV - ok
07:44:24.0747 0x18d8 [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:44:24.0757 0x18d8 MsMpSvc - ok
07:44:24.0807 0x18d8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:44:24.0807 0x18d8 MSPCLOCK - ok
07:44:24.0837 0x18d8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:44:24.0837 0x18d8 MSPQM - ok
07:44:24.0867 0x18d8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:44:24.0877 0x18d8 MsRPC - ok
07:44:24.0897 0x18d8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
07:44:24.0897 0x18d8 mssmbios - ok
07:44:24.0907 0x18d8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:44:24.0907 0x18d8 MSTEE - ok
07:44:24.0917 0x18d8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
07:44:24.0917 0x18d8 MTConfig - ok
07:44:24.0937 0x18d8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
07:44:24.0937 0x18d8 Mup - ok
07:44:24.0977 0x18d8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
07:44:24.0987 0x18d8 napagent - ok
07:44:25.0017 0x18d8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:44:25.0027 0x18d8 NativeWifiP - ok
07:44:25.0197 0x18d8 [ 934BB0D23A25C8C136570800A5A149B6, 15D99CE4E970FECE257F6D69810F8104720B26D8DC3787BC38CC8692ACEABD37 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
07:44:25.0217 0x18d8 NAUpdate - ok
07:44:25.0417 0x18d8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
07:44:25.0467 0x18d8 NDIS - ok
07:44:25.0487 0x18d8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:44:25.0487 0x18d8 NdisCap - ok
07:44:25.0507 0x18d8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:44:25.0507 0x18d8 NdisTapi - ok
07:44:25.0517 0x18d8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:44:25.0517 0x18d8 Ndisuio - ok
07:44:25.0527 0x18d8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:44:25.0537 0x18d8 NdisWan - ok
07:44:25.0547 0x18d8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:44:25.0557 0x18d8 NDProxy - ok
07:44:25.0607 0x18d8 [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
07:44:25.0607 0x18d8 Net Driver HPZ12 - ok
07:44:25.0617 0x18d8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:44:25.0627 0x18d8 NetBIOS - ok
07:44:25.0647 0x18d8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:44:25.0647 0x18d8 NetBT - ok
07:44:25.0657 0x18d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
07:44:25.0667 0x18d8 Netlogon - ok
07:44:25.0687 0x18d8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
07:44:25.0687 0x18d8 Netman - ok
07:44:25.0957 0x18d8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:44:25.0987 0x18d8 NetMsmqActivator - ok
07:44:25.0997 0x18d8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:44:25.0997 0x18d8 NetPipeActivator - ok
07:44:26.0017 0x18d8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
07:44:26.0027 0x18d8 netprofm - ok
07:44:26.0047 0x18d8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:44:26.0047 0x18d8 NetTcpActivator - ok
07:44:26.0057 0x18d8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:44:26.0057 0x18d8 NetTcpPortSharing - ok
07:44:26.0147 0x18d8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
07:44:26.0157 0x18d8 nfrd960 - ok
07:44:26.0197 0x18d8 [ C3E0696C3B42F694C5822776AA6FFFDF, 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
07:44:26.0197 0x18d8 NisDrv - ok
07:44:26.0287 0x18d8 [ DCEE3592299B2229A0DB98CB415059A2, 709AAA095DF44DDCB6159CE1635AB05EC666D845445790E569F56B297DC64AC3 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
07:44:26.0297 0x18d8 NisSrv - ok
07:44:26.0377 0x18d8 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:44:26.0387 0x18d8 NlaSvc - ok
07:44:26.0778 0x18d8 [ B9B72FAAAA41D59B73B88FE3DD737ED1, 050E741FB5313523340B19C9C168611222C4AE9A6084FE3E2F908A49EA909A29 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
07:44:26.0818 0x18d8 NOBU - ok
07:44:26.0878 0x18d8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:44:26.0878 0x18d8 Npfs - ok
07:44:26.0908 0x18d8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
07:44:26.0918 0x18d8 nsi - ok
07:44:26.0958 0x18d8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:44:26.0958 0x18d8 nsiproxy - ok
07:44:27.0238 0x18d8 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:44:27.0308 0x18d8 Ntfs - ok
07:44:27.0338 0x18d8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
07:44:27.0338 0x18d8 Null - ok
07:44:27.0398 0x18d8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:44:27.0408 0x18d8 nvraid - ok
07:44:27.0418 0x18d8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:44:27.0428 0x18d8 nvstor - ok
07:44:27.0458 0x18d8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:44:27.0458 0x18d8 nv_agp - ok
07:44:27.0478 0x18d8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:44:27.0478 0x18d8 ohci1394 - ok
07:44:27.0508 0x18d8 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:44:27.0518 0x18d8 ose - ok
07:44:28.0398 0x18d8 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:44:28.0608 0x18d8 osppsvc - ok
07:44:28.0708 0x18d8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:44:28.0718 0x18d8 p2pimsvc - ok
07:44:28.0838 0x18d8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
07:44:28.0858 0x18d8 p2psvc - ok
07:44:28.0918 0x18d8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
07:44:28.0938 0x18d8 Parport - ok
07:44:28.0968 0x18d8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:44:28.0968 0x18d8 partmgr - ok
07:44:28.0988 0x18d8 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
07:44:28.0998 0x18d8 PcaSvc - ok
07:44:29.0068 0x18d8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
07:44:29.0088 0x18d8 pci - ok
07:44:29.0128 0x18d8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
07:44:29.0138 0x18d8 pciide - ok
07:44:29.0168 0x18d8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
07:44:29.0168 0x18d8 pcmcia - ok
07:44:29.0188 0x18d8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
07:44:29.0188 0x18d8 pcw - ok
07:44:29.0208 0x18d8 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:44:29.0218 0x18d8 PEAUTH - ok
07:44:29.0328 0x18d8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:44:29.0338 0x18d8 PerfHost - ok
07:44:29.0458 0x18d8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
07:44:29.0528 0x18d8 pla - ok
07:44:29.0558 0x18d8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:44:29.0568 0x18d8 PlugPlay - ok
07:44:29.0608 0x18d8 [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
07:44:29.0608 0x18d8 Pml Driver HPZ12 - ok
07:44:29.0648 0x18d8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:44:29.0658 0x18d8 PNRPAutoReg - ok
07:44:29.0678 0x18d8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:44:29.0688 0x18d8 PNRPsvc - ok
07:44:29.0798 0x18d8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:44:29.0818 0x18d8 PolicyAgent - ok
07:44:29.0868 0x18d8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
07:44:29.0878 0x18d8 Power - ok
07:44:29.0908 0x18d8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:44:29.0908 0x18d8 PptpMiniport - ok
07:44:29.0928 0x18d8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
07:44:29.0948 0x18d8 Processor - ok
07:44:29.0968 0x18d8 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
07:44:29.0978 0x18d8 ProfSvc - ok
07:44:29.0988 0x18d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:44:29.0988 0x18d8 ProtectedStorage - ok
07:44:30.0028 0x18d8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:44:30.0028 0x18d8 Psched - ok
07:44:30.0058 0x18d8 [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
07:44:30.0068 0x18d8 PxHlpa64 - ok
07:44:30.0148 0x18d8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
07:44:30.0208 0x18d8 ql2300 - ok
07:44:30.0248 0x18d8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
07:44:30.0248 0x18d8 ql40xx - ok
07:44:30.0278 0x18d8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
07:44:30.0288 0x18d8 QWAVE - ok
07:44:30.0298 0x18d8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:44:30.0308 0x18d8 QWAVEdrv - ok
07:44:30.0318 0x18d8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:44:30.0318 0x18d8 RasAcd - ok
07:44:30.0328 0x18d8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:44:30.0328 0x18d8 RasAgileVpn - ok
07:44:30.0348 0x18d8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
07:44:30.0358 0x18d8 RasAuto - ok
07:44:30.0368 0x18d8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:44:30.0378 0x18d8 Rasl2tp - ok
07:44:30.0388 0x18d8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
07:44:30.0398 0x18d8 RasMan - ok
07:44:30.0408 0x18d8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:44:30.0408 0x18d8 RasPppoe - ok
07:44:30.0418 0x18d8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:44:30.0418 0x18d8 RasSstp - ok
07:44:30.0438 0x18d8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:44:30.0438 0x18d8 rdbss - ok
07:44:30.0458 0x18d8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
07:44:30.0468 0x18d8 rdpbus - ok
07:44:30.0488 0x18d8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:44:30.0488 0x18d8 RDPCDD - ok
07:44:30.0508 0x18d8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:44:30.0508 0x18d8 RDPENCDD - ok
07:44:30.0528 0x18d8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:44:30.0528 0x18d8 RDPREFMP - ok
07:44:30.0588 0x18d8 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:44:30.0618 0x18d8 RDPWD - ok
07:44:30.0638 0x18d8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:44:30.0648 0x18d8 rdyboost - ok
07:44:30.0658 0x18d8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:44:30.0668 0x18d8 RemoteAccess - ok
07:44:30.0698 0x18d8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:44:30.0698 0x18d8 RemoteRegistry - ok
07:44:31.0168 0x18d8 [ 3C957189B31C34D3AD21967B12B6AED7, 878FE6EA03F60592D6D557B905A5119E2CC836C2A6A86ED2867C3C9B0F0FDBA2 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
07:44:31.0198 0x18d8 RoxMediaDB12OEM - ok
07:44:31.0218 0x18d8 [ 2B73088CC2CA757A172B425C9398E5BC, 3D296B4D6F66F7729CC48FE54456E6E6D8207DBA7E31D66653566C128E53163B ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
07:44:31.0228 0x18d8 RoxWatch12 - ok
07:44:31.0238 0x18d8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:44:31.0248 0x18d8 RpcEptMapper - ok
07:44:31.0298 0x18d8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
07:44:31.0318 0x18d8 RpcLocator - ok
07:44:31.0358 0x18d8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
07:44:31.0378 0x18d8 RpcSs - ok
07:44:31.0408 0x18d8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:44:31.0408 0x18d8 rspndr - ok
07:44:31.0458 0x18d8 [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
07:44:31.0468 0x18d8 RTL8167 - ok
07:44:31.0478 0x18d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
07:44:31.0478 0x18d8 SamSs - ok
07:44:31.0508 0x18d8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:44:31.0528 0x18d8 sbp2port - ok
07:44:31.0568 0x18d8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:44:31.0568 0x18d8 SCardSvr - ok
07:44:31.0588 0x18d8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:44:31.0588 0x18d8 scfilter - ok
07:44:31.0638 0x18d8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
07:44:31.0658 0x18d8 Schedule - ok
07:44:31.0678 0x18d8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
07:44:31.0678 0x18d8 SCPolicySvc - ok
07:44:31.0748 0x18d8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:44:31.0778 0x18d8 SDRSVC - ok
07:44:31.0808 0x18d8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:44:31.0808 0x18d8 secdrv - ok
07:44:31.0828 0x18d8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
07:44:31.0838 0x18d8 seclogon - ok
07:44:31.0868 0x18d8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
07:44:31.0878 0x18d8 SENS - ok
07:44:31.0898 0x18d8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:44:31.0898 0x18d8 SensrSvc - ok
07:44:31.0928 0x18d8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
07:44:31.0928 0x18d8 Serenum - ok
07:44:31.0958 0x18d8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
07:44:31.0958 0x18d8 Serial - ok
07:44:31.0998 0x18d8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
07:44:31.0998 0x18d8 sermouse - ok
07:44:32.0018 0x18d8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
07:44:32.0028 0x18d8 SessionEnv - ok
07:44:32.0048 0x18d8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:44:32.0048 0x18d8 sffdisk - ok
07:44:32.0058 0x18d8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:44:32.0058 0x18d8 sffp_mmc - ok
07:44:32.0068 0x18d8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:44:32.0068 0x18d8 sffp_sd - ok
07:44:32.0078 0x18d8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
07:44:32.0088 0x18d8 sfloppy - ok
07:44:32.0238 0x18d8 [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
07:44:32.0248 0x18d8 Sftfs - ok
07:44:32.0398 0x18d8 [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
07:44:32.0418 0x18d8 sftlist - ok
07:44:32.0518 0x18d8 [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
07:44:32.0518 0x18d8 Sftplay - ok
07:44:32.0548 0x18d8 [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
07:44:32.0558 0x18d8 Sftredir - ok
07:44:32.0858 0x18d8 [ 74EC60E20516AAA573BE74F31175270F, 35A68231368DEE46FEF2A4E30BFAAC38F093FC5A362A7491ED38BDE11F0FC356 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
07:44:32.0878 0x18d8 SftService - ok
07:44:32.0908 0x18d8 [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
07:44:32.0918 0x18d8 Sftvol - ok
07:44:32.0958 0x18d8 [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
07:44:32.0968 0x18d8 sftvsa - ok
07:44:33.0058 0x18d8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:44:33.0078 0x18d8 SharedAccess - ok
07:44:33.0148 0x18d8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:44:33.0158 0x18d8 ShellHWDetection - ok
07:44:33.0198 0x18d8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
07:44:33.0198 0x18d8 SiSRaid2 - ok
07:44:33.0218 0x18d8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
07:44:33.0218 0x18d8 SiSRaid4 - ok
07:44:33.0278 0x18d8 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
07:44:33.0278 0x18d8 SkypeUpdate - ok
07:44:33.0328 0x18d8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:44:33.0328 0x18d8 Smb - ok
07:44:33.0358 0x18d8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:44:33.0358 0x18d8 SNMPTRAP - ok
07:44:33.0368 0x18d8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
07:44:33.0368 0x18d8 spldr - ok
07:44:33.0518 0x18d8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
07:44:33.0538 0x18d8 Spooler - ok
07:44:34.0158 0x18d8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
07:44:34.0288 0x18d8 sppsvc - ok
07:44:34.0318 0x18d8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:44:34.0338 0x18d8 sppuinotify - ok
07:44:34.0378 0x18d8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:44:34.0388 0x18d8 srv - ok
07:44:34.0428 0x18d8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:44:34.0438 0x18d8 srv2 - ok
07:44:34.0508 0x18d8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:44:34.0518 0x18d8 srvnet - ok
07:44:34.0598 0x18d8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:44:34.0608 0x18d8 SSDPSRV - ok
07:44:34.0628 0x18d8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:44:34.0628 0x18d8 SstpSvc - ok
07:44:34.0688 0x18d8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
07:44:34.0688 0x18d8 stexstor - ok
07:44:34.0738 0x18d8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
07:44:34.0758 0x18d8 stisvc - ok
07:44:34.0818 0x18d8 [ 7731F46EC0D687A931CBA063E8F90EF0, 5CF996A209756B901316C4406C7D3E52ECC9C15A1BDB0D4D9C77846AB29FD040 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
07:44:34.0908 0x18d8 stllssvr - ok
07:44:34.0928 0x18d8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
07:44:34.0928 0x18d8 swenum - ok
07:44:34.0968 0x18d8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
07:44:34.0978 0x18d8 swprv - ok
07:44:35.0038 0x18d8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
07:44:35.0058 0x18d8 SysMain - ok
07:44:35.0138 0x18d8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:44:35.0168 0x18d8 TabletInputService - ok
07:44:35.0198 0x18d8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
07:44:35.0208 0x18d8 TapiSrv - ok
07:44:35.0228 0x18d8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
07:44:35.0228 0x18d8 TBS - ok
07:44:35.0318 0x18d8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:44:35.0368 0x18d8 Tcpip - ok
07:44:35.0558 0x18d8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:44:35.0578 0x18d8 TCPIP6 - ok
07:44:35.0648 0x18d8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:44:35.0658 0x18d8 tcpipreg - ok
07:44:35.0748 0x18d8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:44:35.0758 0x18d8 TDPIPE - ok
07:44:35.0788 0x18d8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:44:35.0788 0x18d8 TDTCP - ok
07:44:35.0808 0x18d8 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:44:35.0808 0x18d8 tdx - ok
07:44:35.0828 0x18d8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
07:44:35.0828 0x18d8 TermDD - ok
07:44:35.0988 0x18d8 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
07:44:36.0008 0x18d8 TermService - ok
07:44:36.0028 0x18d8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
07:44:36.0038 0x18d8 Themes - ok
07:44:36.0048 0x18d8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
07:44:36.0048 0x18d8 THREADORDER - ok
07:44:36.0058 0x18d8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
07:44:36.0068 0x18d8 TrkWks - ok
07:44:36.0148 0x18d8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:44:36.0168 0x18d8 TrustedInstaller - ok
07:44:36.0188 0x18d8 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:44:36.0198 0x18d8 tssecsrv - ok
07:44:36.0208 0x18d8 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:44:36.0208 0x18d8 TsUsbFlt - ok
07:44:36.0228 0x18d8 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
07:44:36.0228 0x18d8 TsUsbGD - ok
07:44:36.0258 0x18d8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:44:36.0258 0x18d8 tunnel - ok
07:44:36.0278 0x18d8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
07:44:36.0288 0x18d8 uagp35 - ok
07:44:36.0308 0x18d8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:44:36.0328 0x18d8 udfs - ok
07:44:36.0348 0x18d8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:44:36.0358 0x18d8 UI0Detect - ok
07:44:36.0368 0x18d8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:44:36.0368 0x18d8 uliagpkx - ok
07:44:36.0388 0x18d8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
07:44:36.0388 0x18d8 umbus - ok
07:44:36.0398 0x18d8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
07:44:36.0418 0x18d8 UmPass - ok
07:44:36.0458 0x18d8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
07:44:36.0468 0x18d8 upnphost - ok
07:44:36.0528 0x18d8 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
07:44:36.0528 0x18d8 USBAAPL64 - ok
07:44:36.0548 0x18d8 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
07:44:36.0558 0x18d8 usbaudio - ok
07:44:36.0578 0x18d8 [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:44:36.0588 0x18d8 usbccgp - ok
07:44:36.0638 0x18d8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:44:36.0648 0x18d8 usbcir - ok
07:44:36.0678 0x18d8 [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci C:\Windows\system32\drivers\usbehci.sys
07:44:36.0678 0x18d8 usbehci - ok
07:44:36.0738 0x18d8 [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:44:36.0748 0x18d8 usbhub - ok
07:44:36.0788 0x18d8 [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:44:36.0818 0x18d8 usbohci - ok
07:44:36.0848 0x18d8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:44:36.0848 0x18d8 usbprint - ok
07:44:36.0858 0x18d8 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:44:36.0858 0x18d8 usbscan - ok
07:44:36.0878 0x18d8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:44:36.0878 0x18d8 USBSTOR - ok
07:44:36.0938 0x18d8 [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
07:44:36.0958 0x18d8 usbuhci - ok
07:44:36.0988 0x18d8 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
07:44:36.0988 0x18d8 usbvideo - ok
07:44:37.0018 0x18d8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
07:44:37.0018 0x18d8 UxSms - ok
07:44:37.0028 0x18d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
07:44:37.0028 0x18d8 VaultSvc - ok
07:44:37.0048 0x18d8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:44:37.0048 0x18d8 vdrvroot - ok
07:44:37.0078 0x18d8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
07:44:37.0088 0x18d8 vds - ok
07:44:37.0098 0x18d8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:44:37.0098 0x18d8 vga - ok
07:44:37.0118 0x18d8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
07:44:37.0118 0x18d8 VgaSave - ok
07:44:37.0138 0x18d8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:44:37.0148 0x18d8 vhdmp - ok
07:44:37.0178 0x18d8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
07:44:37.0188 0x18d8 viaide - ok
07:44:37.0198 0x18d8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:44:37.0198 0x18d8 volmgr - ok
07:44:37.0228 0x18d8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:44:37.0228 0x18d8 volmgrx - ok
07:44:37.0248 0x18d8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:44:37.0248 0x18d8 volsnap - ok
07:44:37.0268 0x18d8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
07:44:37.0268 0x18d8 vsmraid - ok
07:44:37.0348 0x18d8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
07:44:37.0418 0x18d8 VSS - ok
07:44:37.0438 0x18d8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
07:44:37.0438 0x18d8 vwifibus - ok
07:44:37.0468 0x18d8 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
07:44:37.0468 0x18d8 vwififlt - ok
07:44:37.0488 0x18d8 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
07:44:37.0488 0x18d8 vwifimp - ok
07:44:37.0508 0x18d8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
07:44:37.0518 0x18d8 W32Time - ok
07:44:37.0528 0x18d8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
07:44:37.0538 0x18d8 WacomPen - ok
07:44:37.0558 0x18d8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:44:37.0568 0x18d8 WANARP - ok
07:44:37.0568 0x18d8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:44:37.0578 0x18d8 Wanarpv6 - ok
07:44:37.0768 0x18d8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
07:44:37.0858 0x18d8 WatAdminSvc - ok
07:44:38.0188 0x18d8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
07:44:38.0248 0x18d8 wbengine - ok
07:44:38.0278 0x18d8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:44:38.0278 0x18d8 WbioSrvc - ok
07:44:38.0298 0x18d8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:44:38.0308 0x18d8 wcncsvc - ok
07:44:38.0318 0x18d8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:44:38.0318 0x18d8 WcsPlugInService - ok
07:44:38.0338 0x18d8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
07:44:38.0338 0x18d8 Wd - ok
07:44:38.0388 0x18d8 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
07:44:38.0398 0x18d8 WDC_SAM - ok
07:44:38.0558 0x18d8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:44:38.0588 0x18d8 Wdf01000 - ok
07:44:38.0638 0x18d8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:44:38.0638 0x18d8 WdiServiceHost - ok
07:44:38.0648 0x18d8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:44:38.0658 0x18d8 WdiSystemHost - ok
07:44:38.0758 0x18d8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
07:44:38.0818 0x18d8 WebClient - ok
07:44:38.0848 0x18d8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:44:38.0848 0x18d8 Wecsvc - ok
07:44:38.0868 0x18d8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:44:38.0868 0x18d8 wercplsupport - ok
07:44:38.0878 0x18d8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
07:44:38.0878 0x18d8 WerSvc - ok
07:44:38.0888 0x18d8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:44:38.0898 0x18d8 WfpLwf - ok
07:44:38.0928 0x18d8 [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
07:44:38.0938 0x18d8 WimFltr - ok
07:44:38.0948 0x18d8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:44:38.0958 0x18d8 WIMMount - ok
07:44:38.0968 0x18d8 WinDefend - ok
07:44:38.0998 0x18d8 WinHttpAutoProxySvc - ok
07:44:39.0068 0x18d8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:44:39.0078 0x18d8 Winmgmt - ok
07:44:39.0248 0x18d8 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
07:44:39.0318 0x18d8 WinRM - ok
07:44:39.0368 0x18d8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:44:39.0368 0x18d8 WinUsb - ok
07:44:39.0418 0x18d8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:44:39.0428 0x18d8 Wlansvc - ok
07:44:39.0509 0x18d8 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
07:44:39.0519 0x18d8 wlcrasvc - ok
07:44:40.0069 0x18d8 [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:44:40.0099 0x18d8 wlidsvc - ok
07:44:40.0119 0x18d8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:44:40.0139 0x18d8 WmiAcpi - ok
07:44:40.0179 0x18d8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:44:40.0179 0x18d8 wmiApSrv - ok
07:44:40.0199 0x18d8 WMPNetworkSvc - ok
07:44:40.0219 0x18d8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:44:40.0219 0x18d8 WPCSvc - ok
07:44:40.0239 0x18d8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:44:40.0249 0x18d8 WPDBusEnum - ok
07:44:40.0249 0x18d8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:44:40.0249 0x18d8 ws2ifsl - ok
07:44:40.0269 0x18d8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
07:44:40.0269 0x18d8 wscsvc - ok
07:44:40.0279 0x18d8 WSearch - ok
07:44:40.0669 0x18d8 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
07:44:40.0759 0x18d8 wuauserv - ok
07:44:40.0799 0x18d8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:44:40.0799 0x18d8 WudfPf - ok
07:44:40.0819 0x18d8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:44:40.0829 0x18d8 WUDFRd - ok
07:44:40.0859 0x18d8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:44:40.0859 0x18d8 wudfsvc - ok
07:44:40.0929 0x18d8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
07:44:40.0959 0x18d8 WwanSvc - ok
07:44:40.0969 0x18d8 ================ Scan global ===============================
07:44:40.0989 0x18d8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
07:44:41.0019 0x18d8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:44:41.0039 0x18d8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:44:41.0069 0x18d8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
07:44:41.0189 0x18d8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
07:44:41.0199 0x18d8 [ Global ] - ok
07:44:41.0199 0x18d8 ================ Scan MBR ==================================
07:44:41.0229 0x18d8 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
07:44:43.0020 0x18d8 \Device\Harddisk0\DR0 - ok
07:44:43.0020 0x18d8 ================ Scan VBR ==================================
07:44:43.0040 0x18d8 [ 53A5BA7745053E8DE0EE8629D0A50A26 ] \Device\Harddisk0\DR0\Partition1
07:44:43.0150 0x18d8 \Device\Harddisk0\DR0\Partition1 - ok
07:44:43.0170 0x18d8 [ F3C821A9A584EBDFE92158B3478937DA ] \Device\Harddisk0\DR0\Partition2
07:44:43.0210 0x18d8 \Device\Harddisk0\DR0\Partition2 - ok
07:44:43.0220 0x18d8 ================ Scan active images ========================
07:44:43.0220 0x18d8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] C:\Windows\System32\drivers\atapi.sys
07:44:43.0220 0x18d8 C:\Windows\System32\drivers\atapi.sys - ok
07:44:43.0220 0x18d8 [ 3E588B60EC061686BA05D33574A344C6, 19D2D863F95CCC4493A2328B6BEB04248B6A80F957532E58C1D1D868C19FDCCB ] C:\Windows\System32\drivers\crashdmp.sys
07:44:43.0220 0x18d8 C:\Windows\System32\drivers\crashdmp.sys - ok
07:44:43.0230 0x18d8 [ 839B5FE3D48E9F35B22C21A3D5103F6C, A9CEA695E43092B72B0E988063E00A7C0BCE90095344E9A2F380218482BCE77F ] C:\Windows\System32\drivers\Dumpata.sys
07:44:43.0230 0x18d8 C:\Windows\System32\drivers\Dumpata.sys - ok
07:44:43.0230 0x18d8 [ 814DB88F2641691575A455CF25354098, 79C50F0CD72612733217A0316BEFEA0B6D819C3159D9452EAB89AC26A18A0F89 ] C:\Windows\System32\drivers\dumpfve.sys
07:44:43.0230 0x18d8 C:\Windows\System32\drivers\dumpfve.sys - ok
07:44:43.0240 0x18d8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] C:\Windows\System32\drivers\beep.sys
07:44:43.0240 0x18d8 C:\Windows\System32\drivers\beep.sys - ok
07:44:43.0240 0x18d8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] C:\Windows\System32\drivers\cdrom.sys
07:44:43.0240 0x18d8 C:\Windows\System32\drivers\cdrom.sys - ok
07:44:43.0250 0x18d8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] C:\Windows\System32\drivers\null.sys
07:44:43.0250 0x18d8 C:\Windows\System32\drivers\null.sys - ok
07:44:43.0250 0x18d8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] C:\Windows\System32\drivers\vga.sys
07:44:43.0250 0x18d8 C:\Windows\System32\drivers\vga.sys - ok
07:44:43.0260 0x18d8 [ E7353D59C9842BC7299FAEB7E7E09340, C37ED1025E07BAC2F535DCFED6C6C509515D95722EADE5AF94F1FC5D8B1DC783 ] C:\Windows\System32\drivers\videoprt.sys
07:44:43.0260 0x18d8 C:\Windows\System32\drivers\videoprt.sys - ok
07:44:43.0260 0x18d8 [ FC438D1430B28618E2D0C7C332A710AD, 873957B202E454E2C8F625E5799F278CAC16EC5EEAEE2C33E2FE5D1FF0408CB2 ] C:\Windows\System32\drivers\watchdog.sys
07:44:43.0260 0x18d8 C:\Windows\System32\drivers\watchdog.sys - ok
07:44:43.0260 0x18d8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] C:\Windows\System32\drivers\RDPCDD.sys
07:44:43.0260 0x18d8 C:\Windows\System32\drivers\RDPCDD.sys - ok
07:44:43.0270 0x18d8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] C:\Windows\System32\drivers\msfs.sys
07:44:43.0270 0x18d8 C:\Windows\System32\drivers\msfs.sys - ok
07:44:43.0270 0x18d8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] C:\Windows\System32\drivers\npfs.sys
07:44:43.0270 0x18d8 C:\Windows\System32\drivers\npfs.sys - ok
07:44:43.0270 0x18d8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] C:\Windows\System32\drivers\RDPENCDD.sys
07:44:43.0270 0x18d8 C:\Windows\System32\drivers\RDPENCDD.sys - ok
07:44:43.0270 0x18d8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] C:\Windows\System32\drivers\RDPREFMP.sys
07:44:43.0270 0x18d8 C:\Windows\System32\drivers\RDPREFMP.sys - ok
07:44:43.0280 0x18d8 [ 6F020A220388ECA0AB6062DC27BD16B6, 48655230E482DEB7B4B50EF05818EBB29CA61E780AEFCD9D31B02DE4DF9D9540 ] C:\Windows\System32\drivers\tdi.sys
07:44:43.0280 0x18d8 C:\Windows\System32\drivers\tdi.sys - ok
07:44:43.0280 0x18d8 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] C:\Windows\System32\drivers\tdx.sys
07:44:43.0280 0x18d8 C:\Windows\System32\drivers\tdx.sys - ok
07:44:43.0280 0x18d8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] C:\Windows\System32\drivers\netbt.sys
07:44:43.0280 0x18d8 C:\Windows\System32\drivers\netbt.sys - ok
07:44:43.0280 0x18d8 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] C:\Windows\System32\drivers\afd.sys
07:44:43.0280 0x18d8 C:\Windows\System32\drivers\afd.sys - ok
07:44:43.0290 0x18d8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] C:\Windows\System32\drivers\wfplwf.sys
07:44:43.0290 0x18d8 C:\Windows\System32\drivers\wfplwf.sys - ok
07:44:43.0290 0x18d8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] C:\Windows\System32\drivers\pacer.sys
07:44:43.0290 0x18d8 C:\Windows\System32\drivers\pacer.sys - ok
07:44:43.0290 0x18d8 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] C:\Windows\System32\drivers\vwififlt.sys
07:44:43.0290 0x18d8 C:\Windows\System32\drivers\vwififlt.sys - ok
07:44:43.0290 0x18d8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] C:\Windows\System32\drivers\netbios.sys
07:44:43.0290 0x18d8 C:\Windows\System32\drivers\netbios.sys - ok
07:44:43.0300 0x18d8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] C:\Windows\System32\drivers\wanarp.sys
07:44:43.0300 0x18d8 C:\Windows\System32\drivers\wanarp.sys - ok
07:44:43.0300 0x18d8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] C:\Windows\System32\drivers\rdbss.sys
07:44:43.0300 0x18d8 C:\Windows\System32\drivers\rdbss.sys - ok
07:44:43.0300 0x18d8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] C:\Windows\System32\drivers\termdd.sys
07:44:43.0300 0x18d8 C:\Windows\System32\drivers\termdd.sys - ok
07:44:43.0300 0x18d8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] C:\Windows\System32\drivers\dfsc.sys
07:44:43.0300 0x18d8 C:\Windows\System32\drivers\dfsc.sys - ok
07:44:43.0310 0x18d8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] C:\Windows\System32\drivers\discache.sys
07:44:43.0310 0x18d8 C:\Windows\System32\drivers\discache.sys - ok
07:44:43.0310 0x18d8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] C:\Windows\System32\drivers\mssmbios.sys
07:44:43.0310 0x18d8 C:\Windows\System32\drivers\mssmbios.sys - ok
07:44:43.0310 0x18d8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] C:\Windows\System32\drivers\nsiproxy.sys
07:44:43.0310 0x18d8 C:\Windows\System32\drivers\nsiproxy.sys - ok
07:44:43.0320 0x18d8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] C:\Windows\System32\drivers\blbdrive.sys
07:44:43.0320 0x18d8 C:\Windows\System32\drivers\blbdrive.sys - ok
07:44:43.0320 0x18d8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] C:\Windows\System32\drivers\tunnel.sys
07:44:43.0320 0x18d8 C:\Windows\System32\drivers\tunnel.sys - ok
07:44:43.0320 0x18d8 [ CAAAC014C5C56A69F710B5F1B836DE22, DA98EF2EBF9A7F180344A88CC2C74F69101E17BBAB58B1C46176FD6EE7AA2E6A ] C:\Windows\System32\ntdll.dll
07:44:43.0320 0x18d8 C:\Windows\System32\ntdll.dll - ok
07:44:43.0320 0x18d8 [ F0970A4BC8395659C22BF53D0FADF16F, 23BE3066D89A5ACBF8130899640D377476E78B6C3D19E2D13C32238464A83E21 ] C:\Windows\System32\smss.exe
07:44:43.0320 0x18d8 C:\Windows\System32\smss.exe - ok
07:44:43.0330 0x18d8 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93, 7BC847CE6C2D29C334F0D1600BBBDE3933FF45F6BEE5186F442E6270A3F9EC4E ] C:\Windows\System32\autochk.exe
07:44:43.0330 0x18d8 C:\Windows\System32\autochk.exe - ok
07:44:43.0330 0x18d8 [ 371D7F91C0D2314EB984A4A6CBEABC92, DD4B04308596C1E6C75B8772D4421137F3A83285DBCFD4DF54166D2B0B45A317 ] C:\Windows\System32\drivers\igdkmd64.sys
07:44:43.0330 0x18d8 C:\Windows\System32\drivers\igdkmd64.sys - ok
07:44:43.0340 0x18d8 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] C:\Windows\System32\drivers\dxgkrnl.sys
07:44:43.0340 0x18d8 C:\Windows\System32\drivers\dxgkrnl.sys - ok
07:44:43.0340 0x18d8 [ 1F04CFB79DD5FB7694468CE3FB3DCC31, A40C0BF6D1EC6C4281611A830EA7B22FEF523A3E197E5A8F59332D64E90376B6 ] C:\Windows\System32\drivers\dxgmms1.sys
07:44:43.0340 0x18d8 C:\Windows\System32\drivers\dxgmms1.sys - ok
07:44:43.0340 0x18d8 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] C:\Windows\System32\drivers\HECIx64.sys
07:44:43.0340 0x18d8 C:\Windows\System32\drivers\HECIx64.sys - ok
07:44:43.0340 0x18d8 [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] C:\Windows\System32\drivers\usbehci.sys
07:44:43.0340 0x18d8 C:\Windows\System32\drivers\usbehci.sys - ok
07:44:43.0350 0x18d8 [ D7322DA647332AB0FA3809555BB04325, CD5FE99901A9B214205EF77B3C59FE78C5779E4B1AF4404195D708D6885A6FF0 ] C:\Windows\System32\drivers\usbport.sys
07:44:43.0350 0x18d8 C:\Windows\System32\drivers\usbport.sys - ok
07:44:43.0350 0x18d8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] C:\Windows\System32\drivers\hdaudbus.sys
07:44:43.0350 0x18d8 C:\Windows\System32\drivers\hdaudbus.sys - ok
07:44:43.0350 0x18d8 [ 96ABF88241F90FF647E55C934C55C2F1, DC9EBDD132BC6A1A79A768C575C962B19DB9805C490F926BE8D4804164A2CD7F ] C:\Windows\System32\drivers\athrx.sys
07:44:43.0350 0x18d8 C:\Windows\System32\drivers\athrx.sys - ok
07:44:43.0350 0x18d8 [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] C:\Windows\System32\drivers\Rt64win7.sys
07:44:43.0350 0x18d8 C:\Windows\System32\drivers\Rt64win7.sys - ok
07:44:43.0360 0x18d8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] C:\Windows\System32\drivers\vwifibus.sys
07:44:43.0360 0x18d8 C:\Windows\System32\drivers\vwifibus.sys - ok
07:44:43.0360 0x18d8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] C:\Windows\System32\drivers\CompositeBus.sys
07:44:43.0360 0x18d8 C:\Windows\System32\drivers\CompositeBus.sys - ok
07:44:43.0360 0x18d8 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] C:\Windows\System32\drivers\GEARAspiWDM.sys
07:44:43.0360 0x18d8 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
07:44:43.0360 0x18d8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] C:\Windows\System32\drivers\intelppm.sys
07:44:43.0360 0x18d8 C:\Windows\System32\drivers\intelppm.sys - ok
07:44:43.0370 0x18d8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] C:\Windows\System32\drivers\agilevpn.sys
07:44:43.0370 0x18d8 C:\Windows\System32\drivers\agilevpn.sys - ok
07:44:43.0370 0x18d8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] C:\Windows\System32\drivers\ndistapi.sys
07:44:43.0370 0x18d8 C:\Windows\System32\drivers\ndistapi.sys - ok
07:44:43.0370 0x18d8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] C:\Windows\System32\drivers\ndiswan.sys
07:44:43.0370 0x18d8 C:\Windows\System32\drivers\ndiswan.sys - ok
07:44:43.0370 0x18d8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] C:\Windows\System32\drivers\rasl2tp.sys
07:44:43.0370 0x18d8 C:\Windows\System32\drivers\rasl2tp.sys - ok
07:44:43.0380 0x18d8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] C:\Windows\System32\drivers\raspppoe.sys
07:44:43.0380 0x18d8 C:\Windows\System32\drivers\raspppoe.sys - ok
07:44:43.0380 0x18d8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] C:\Windows\System32\drivers\raspptp.sys
07:44:43.0380 0x18d8 C:\Windows\System32\drivers\raspptp.sys - ok
07:44:43.0380 0x18d8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] C:\Windows\System32\drivers\kbdclass.sys
07:44:43.0380 0x18d8 C:\Windows\System32\drivers\kbdclass.sys - ok
07:44:43.0380 0x18d8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] C:\Windows\System32\drivers\mouclass.sys
07:44:43.0380 0x18d8 C:\Windows\System32\drivers\mouclass.sys - ok
07:44:43.0390 0x18d8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] C:\Windows\System32\drivers\rassstp.sys
07:44:43.0390 0x18d8 C:\Windows\System32\drivers\rassstp.sys - ok
07:44:43.0390 0x18d8 [ 24FBF5CC5C04150073C315A7C83521EE, 581BD5F15B5E57B3BAA762E421FFD859FDA46DDB8515C2A7AAFF208D784E906C ] C:\Windows\System32\drivers\ks.sys
07:44:43.0390 0x18d8 C:\Windows\System32\drivers\ks.sys - ok
07:44:43.0390 0x18d8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] C:\Windows\System32\drivers\swenum.sys
07:44:43.0390 0x18d8 C:\Windows\System32\drivers\swenum.sys - ok
07:44:43.0390 0x18d8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] C:\Windows\System32\drivers\umbus.sys
07:44:43.0390 0x18d8 C:\Windows\System32\drivers\umbus.sys - ok
07:44:43.0400 0x18d8 [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] C:\Windows\System32\drivers\usbhub.sys
07:44:43.0400 0x18d8 C:\Windows\System32\drivers\usbhub.sys - ok
07:44:43.0400 0x18d8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] C:\Windows\System32\drivers\ndproxy.sys
07:44:43.0400 0x18d8 C:\Windows\System32\drivers\ndproxy.sys - ok
07:44:43.0400 0x18d8 [ 5C855932E4DF00B1B6F5F6F57E82B6C5, 6E33BC6E079E883837DA7E625DDFC71A3757B9F15C97A46D405823E1FE45932C ] C:\Windows\System32\drivers\CHDRT64.sys
07:44:43.0400 0x18d8 C:\Windows\System32\drivers\CHDRT64.sys - ok
07:44:43.0410 0x18d8 [ E0D3CD5841E5C7BE7B94BA946AF1E498, 4EAE1B226255623DA41A047633994D6902F6D4CA5757BF5D85E227378336227F ] C:\Windows\System32\drivers\drmk.sys
07:44:43.0410 0x18d8 C:\Windows\System32\drivers\drmk.sys - ok
07:44:43.0410 0x18d8 [ 1E0B4CBBA91C6B041A14ECC2186F7E24, 63039A317F906454A0652704DA2D646658A148B9B55BFB5D2F4B27997F357DF9 ] C:\Windows\System32\drivers\portcls.sys
07:44:43.0410 0x18d8 C:\Windows\System32\drivers\portcls.sys - ok
07:44:43.0410 0x18d8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] C:\Windows\System32\drivers\ksthunk.sys
07:44:43.0410 0x18d8 C:\Windows\System32\drivers\ksthunk.sys - ok
07:44:43.0410 0x18d8 [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] C:\Windows\System32\drivers\IntcDAud.sys
07:44:43.0410 0x18d8 C:\Windows\System32\drivers\IntcDAud.sys - ok
07:44:43.0420 0x18d8 [ 26036E228D2467DE6975AD819C22C043, B4A30EC7ABAEFFF55DE662F4A17415F2BD737BD563215638C86C580B8F3EA907 ] C:\Windows\System32\rpcrt4.dll
07:44:43.0420 0x18d8 C:\Windows\System32\rpcrt4.dll - ok
07:44:43.0420 0x18d8 [ B4F29F65AD3114051F01E9403346047F, 7EB58545211C51E95B3F45C47C1F7CCE05B707D168E7C20F46D36E19EE3D8DFC ] C:\Windows\System32\imagehlp.dll
07:44:43.0420 0x18d8 C:\Windows\System32\imagehlp.dll - ok
07:44:43.0420 0x18d8 [ 28C0B5024F5C5A438E78B188CFC81B7F, AB81FB63F2908CE316B45609077ACBD85F4B2AAD1606B1E9030F06DB82EDDFAD ] C:\Windows\System32\normaliz.dll
07:44:43.0420 0x18d8 C:\Windows\System32\normaliz.dll - ok
07:44:43.0420 0x18d8 [ 56325BB1FF19F2A5AC8713756AC41140, B2124E57783312EE37D2621E689D8FB4C43A04BDBD4F481225C21038605A28CE ] C:\Windows\System32\gdi32.dll
07:44:43.0420 0x18d8 C:\Windows\System32\gdi32.dll - ok
07:44:43.0430 0x18d8 [ EAF32CB8C1F810E4715B4DFBE785C7FF, DB6AD07FDED42433E669508AB73FAFF6DAFF04575D6F1D016FE3EB6ECEC4DD5D ] C:\Windows\System32\shlwapi.dll
07:44:43.0430 0x18d8 C:\Windows\System32\shlwapi.dll - ok
07:44:43.0430 0x18d8 [ 63A580C88CFAF72A92550940054569EF, A66C89123D1833446ACC31D5CF536B0D0EC24D2F805C022A637596CF98429D9F ] C:\Windows\System32\advapi32.dll
07:44:43.0430 0x18d8 C:\Windows\System32\advapi32.dll - ok
07:44:43.0430 0x18d8 [ 25983DE69B57142039AC8D95E71CD9C9, A677DA7EBCBCB6073D27E8A38809F51E971E83ED379BC599AAAD6EF4216348DA ] C:\Windows\System32\clbcatq.dll
07:44:43.0430 0x18d8 C:\Windows\System32\clbcatq.dll - ok
07:44:43.0440 0x18d8 [ 4BBFA57F594F7E8A8EDC8F377184C3F0, 9F3AC5DEA5A6250C3DBB97AF79C81C0A48429486521F807355A1D7D3D861B75F ] C:\Windows\System32\ws2_32.dll
07:44:43.0440 0x18d8 C:\Windows\System32\ws2_32.dll - ok
07:44:43.0440 0x18d8 [ F7CE0C81C545364020ED8203CF0A633E, 24B47A7492B7048096AF87E26786E8108455ADBD1A374B6A0466DE008505B8A9 ] C:\Windows\System32\difxapi.dll
07:44:43.0440 0x18d8 C:\Windows\System32\difxapi.dll - ok
07:44:43.0440 0x18d8 [ 83404DCBCE4925B6A5A77C5170F46D86, D669614D0B4461DB244AD99FBE1BA92CEB9B4ED5EC8E987E23764E77D9AC7074 ] C:\Windows\System32\sechost.dll
07:44:43.0440 0x18d8 C:\Windows\System32\sechost.dll - ok
07:44:43.0440 0x18d8 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5, 12130837D7F89A2C7E9D25747A8E5B9001E0A38D545178B49B450C23AE62664A ] C:\Windows\System32\setupapi.dll
07:44:43.0440 0x18d8 C:\Windows\System32\setupapi.dll - ok
07:44:43.0450 0x18d8 [ 4E4FFB09D895AA000DD56D1404F69A7E, D999E04BB35780088480EAB322176570591A21E311D204BDCAB010A63B34D24C ] C:\Windows\System32\Wldap32.dll
07:44:43.0450 0x18d8 C:\Windows\System32\Wldap32.dll - ok
07:44:43.0450 0x18d8 [ 063EF4239479F52DAF9F4849B0B304F1, 5D406C819CE5F382717BF0D70F4AF980E3951A2315776E4DE1A4F4A127209EAD ] C:\Windows\System32\iertutil.dll
07:44:43.0450 0x18d8 C:\Windows\System32\iertutil.dll - ok
07:44:43.0450 0x18d8 [ 796B47A4B82EF1C39F13435B88834C48, AFC3E89476BAAD8A71663F0DB8D15E00FF9D131F1306A2F69D728E3AD1184602 ] C:\Windows\System32\lpk.dll
07:44:43.0450 0x18d8 C:\Windows\System32\lpk.dll - ok
07:44:43.0450 0x18d8 [ 6C60B5ACA7442EFB794082CDACFC001C, FC1D9124856A70FF232EF3057D66BEE803295847624CE23B4D0217F23AF52C75 ] C:\Windows\System32\ole32.dll
07:44:43.0450 0x18d8 C:\Windows\System32\ole32.dll - ok
07:44:43.0460 0x18d8 [ C391FC68282A000CDF953F8B6B55D2EF, 1CB0DAB84545D9FDEA5A7865A1E7132CEAC91DECF8B100285B63098D7B09E584 ] C:\Windows\System32\msvcrt.dll
07:44:43.0460 0x18d8 C:\Windows\System32\msvcrt.dll - ok
07:44:43.0460 0x18d8 [ C06B32165E23A72A898B7A89679AD754, 721405158F6E9F1A7FE7BB33EF642D91332726629D0D3B07DF3CF3152A91C85D ] C:\Windows\System32\oleaut32.dll
07:44:43.0460 0x18d8 C:\Windows\System32\oleaut32.dll - ok
07:44:43.0460 0x18d8 [ 088CF6AFCD5CDD44E40C0ACDE3C1A5E0, AC6AFCAE3A58AAABC972B3D6A1ED383A59910C689F38D9D4A059A0A535BA1039 ] C:\Windows\System32\usp10.dll
07:44:43.0460 0x18d8 C:\Windows\System32\usp10.dll - ok
07:44:43.0460 0x18d8 [ 427015D56DF17241F634611557146C57, BCDC51FE0D88AA8FB3815B401A682D38F24BE7D9CAC8B9F9588295A66D036DDB ] C:\Windows\System32\shell32.dll
07:44:43.0460 0x18d8 C:\Windows\System32\shell32.dll - ok
07:44:43.0470 0x18d8 [ 40BFD9D6EC8E174145F012246CA73CCD, 69A6BAE01582C5B84D0F8F33B8408AFDA32A3FA49FF3AC915CFB89FD897DD5B8 ] C:\Windows\System32\wininet.dll
07:44:43.0470 0x18d8 C:\Windows\System32\wininet.dll - ok
07:44:43.0470 0x18d8 [ FE70103391A64039A921DBFFF9C7AB1B, F7D219D75037BC98F6C69143B00AB6000A31F8B5E211E0AF514F4F4B681522A0 ] C:\Windows\System32\user32.dll
07:44:43.0470 0x18d8 C:\Windows\System32\user32.dll - ok
07:44:43.0470 0x18d8 [ D2A513EE880D71BDE7F0257F38B9D019, 7BDBFEA312061C0498E4C09EF5E4B3AAA23309E7448028F67EAA6F8F7188E871 ] C:\Windows\System32\kernel32.dll
07:44:43.0470 0x18d8 C:\Windows\System32\kernel32.dll - ok
07:44:43.0480 0x18d8 [ AA2C08CE85653B1A0D2E4AB407FA176C, 83DFD0C119B20AEDB07114C9D1CF9CE2DFA938D0F1070256B0591A9E2C3997FA ] C:\Windows\System32\imm32.dll
07:44:43.0480 0x18d8 C:\Windows\System32\imm32.dll - ok
07:44:43.0480 0x18d8 [ 044FE45FFD6AD40E3BBBE60B7F41BABE, A1688A5E6E0F7037C850699462C2655006A7D873C97F9AB406C59D81749B6F09 ] C:\Windows\System32\nsi.dll
07:44:43.0480 0x18d8 C:\Windows\System32\nsi.dll - ok
07:44:43.0480 0x18d8 [ D87E1E59C73C1F98D5DED5B3850C40F5, 536419BFF9F877D4314B5D0C045D9A6E729489C389863FADF07E382050BC84FD ] C:\Windows\System32\psapi.dll
07:44:43.0480 0x18d8 C:\Windows\System32\psapi.dll - ok
07:44:43.0480 0x18d8 [ C431EAF5CAA1C82CAC2534A2EAB348A3, ADDF850128DC675E67FABA9A3D0D27E684F01F733962CA22927BB94503549E44 ] C:\Windows\System32\msctf.dll
07:44:43.0480 0x18d8 C:\Windows\System32\msctf.dll - ok
07:44:43.0490 0x18d8 [ 9835E63E09F824D22B689D2BB789BAB9, 5BCFFAFB894D69FBCDDB91E64D30A356F4BD57098E8B4C51B98AFAF6581BDB63 ] C:\Windows\System32\comdlg32.dll
07:44:43.0490 0x18d8 C:\Windows\System32\comdlg32.dll - ok
07:44:43.0490 0x18d8 [ 3A1AB9DE852F2BC1ECE6403BDD01B9F0, 3BABD4429E405CDC2D2D7E9F64F018FEEC9EF4CE87BAA69F827AF85B07CBF2DF ] C:\Windows\System32\urlmon.dll
07:44:43.0490 0x18d8 C:\Windows\System32\urlmon.dll - ok
07:44:43.0490 0x18d8 [ 9094039A00485F71C4DE64BF51F64C46, 4ACFEF4C747ADF806A4FDEDDFD9CC48168DFB05075306C77D3F3927749DD7484 ] C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
07:44:43.0490 0x18d8 C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll - ok
07:44:43.0490 0x18d8 [ 851BB346CD59D9B3BC8854384C7DD5C3, 0CA1BCBDA6CB8CAC1186B3BE13C3937EDF46264FDFFCEBDF94C7EB10DE957DC6 ] C:\Windows\System32\KernelBase.dll
07:44:43.0490 0x18d8 C:\Windows\System32\KernelBase.dll - ok
07:44:43.0500 0x18d8 [ 64A4AB126E24FD3F58EBE64852773DB5, ED425BBC91EB8BEF54C363036A770C551C97EF324F1AE31049CA750D0E2D6776 ] C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
07:44:43.0500 0x18d8 C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
07:44:43.0500 0x18d8 [ 0E6FBF19D9DFBB77316C23DF91F8A101, 680F88E1BC55EA3342AACE6F2E3511BF877AC8F03276D028FEE84EEFE8B5611A ] C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
07:44:43.0500 0x18d8 C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
07:44:43.0500 0x18d8 [ 06FEC9E8117103BB1141A560E98077DA, C5E61B11DDBBBBBA3D9488970524F0975EA5FBDF16E2FA31F579F8BFA48353B1 ] C:\Windows\System32\devobj.dll
07:44:43.0500 0x18d8 C:\Windows\System32\devobj.dll - ok
07:44:43.0500 0x18d8 [ 959041D7014C97133D859B45BCA0FC58, 282D34828DA7404470949483CB9789A8B4861D188093F0FBD07138A37F60B94B ] C:\Windows\System32\wintrust.dll
07:44:43.0500 0x18d8 C:\Windows\System32\wintrust.dll - ok
07:44:43.0510 0x18d8 [ 2477A28081BDAEE622CF045ACF8EE124, 00A09CAF9129E84FEEA98FA03CE9012C9F961B64FEE15C4F268822C0F82ACC3C ] C:\Windows\System32\cfgmgr32.dll
07:44:43.0510 0x18d8 C:\Windows\System32\cfgmgr32.dll - ok
07:44:43.0510 0x18d8 [ 72723D3E4781BADC62C3180C137E7B23, 0BDA5292928578C5DA79C761E15B8A892B9D4A3DA26D3635E714797C653CF492 ] C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
07:44:43.0510 0x18d8 C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll - ok
07:44:43.0510 0x18d8 [ 9028D1621C43DF8DFBD1C76860412A11, A1D48D9B33180BDE50D2FA9BB07E9520B7B7788C39B3AABB4A06AE4B1AACA755 ] C:\Windows\System32\comctl32.dll
07:44:43.0510 0x18d8 C:\Windows\System32\comctl32.dll - ok
07:44:43.0510 0x18d8 [ 7A17485DC7D8A7AC81321A42CD034519, 88D8705FA901793FC8C1CFD0175E49A6502BF0FC94A066BA573D2FD13AA5F04A ] C:\Windows\System32\userenv.dll
07:44:43.0510 0x18d8 C:\Windows\System32\userenv.dll - ok
07:44:43.0520 0x18d8 [ 780F6ECC4F55D76C9730E6B6C9B31913, 1AEA642AFA210A672A92AAA49CFDE52D9E48ED41248F7644FAADE760E8A0E72E ] C:\Windows\System32\crypt32.dll
07:44:43.0520 0x18d8 C:\Windows\System32\crypt32.dll - ok
07:44:43.0520 0x18d8 [ F49E92B50CED5C9F1725D3C0329FD933, 6155FA4D8242F07FC578FF746890C2EE19FC3D6A20ED8AE4C6F021DB2DAC184F ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
07:44:43.0520 0x18d8 C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
07:44:43.0520 0x18d8 [ AFC3DB5C6EB8CA8017DDB81D6C0AD02A, 445C2857398252756FD25BB94DAFCCEFF573DE55F1F8BF9094C191F409FE6437 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
07:44:43.0520 0x18d8 C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
07:44:43.0520 0x18d8 [ 884415BD4269C02EAF8E2613BF85500D, EFE771709EC942694FD206AC8D0A48ED7DCD35036F074268E4AECD68AC982CEA ] C:\Windows\System32\msasn1.dll
07:44:43.0520 0x18d8 C:\Windows\System32\msasn1.dll - ok
07:44:43.0530 0x18d8 [ 2C942733A5983DD4502219FF37C7EBC7, 34B20B6B0D7274E4B5B783F1D2345BC3DD9888964D5C2C65712F041A00CF5B45 ] C:\Windows\System32\profapi.dll
07:44:43.0530 0x18d8 C:\Windows\System32\profapi.dll - ok
07:44:43.0530 0x18d8 [ 9C278785347BCC991F8EA2999D90F58D, EA680C3642A6ABF627415AEE019956FAC702DC6A8F4B4D0FC8A4FB21EADD3896 ] C:\Windows\SysWOW64\normaliz.dll
07:44:43.0530 0x18d8 C:\Windows\SysWOW64\normaliz.dll - ok
07:44:43.0530 0x18d8 [ BF24D6F2ED97FE830BFD52B246F98E67, 6BBF4C4221A245462EF653798F6B416EEB12594AD1CB4E8BC8908A8CB2F53384 ] C:\Windows\System32\drivers\dxapi.sys
07:44:43.0530 0x18d8 C:\Windows\System32\drivers\dxapi.sys - ok
07:44:43.0530 0x18d8 [ E918C0DE5CF2AE6BEDBF387C09627D93, B45B0CE2BDD41CD46DE2AC76CF7753DF38C29435DCF833B5CFF1DB9329559F3C ] C:\Windows\System32\win32k.sys
07:44:43.0530 0x18d8 C:\Windows\System32\win32k.sys - ok
07:44:43.0540 0x18d8 [ 1A13DCABD19D093B4D3949CE33EF1FA1, D336F2B721FB82FA06E855EFAC117F1C23F02BA35DF6F1C091B798FFDFD1B7FB ] C:\Windows\System32\drivers\usbd.sys
07:44:43.0540 0x18d8 C:\Windows\System32\drivers\usbd.sys - ok
07:44:43.0540 0x18d8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] C:\Windows\System32\drivers\USBSTOR.SYS
07:44:43.0540 0x18d8 C:\Windows\System32\drivers\USBSTOR.SYS - ok
07:44:43.0540 0x18d8 [ 216BABD555BC550952320EEA89C25DDF, 1BBB92415280032CD18F361382A69D0D91266AAD56FC88A99C804B0053743D72 ] C:\Windows\System32\csrsrv.dll
07:44:43.0540 0x18d8 C:\Windows\System32\csrsrv.dll - ok
07:44:43.0540 0x18d8 [ 60C2862B4BF0FD9F582EF344C2B1EC72, CB1C6018FC5C15483AC5BB96E5C2E2E115BB0C0E1314837D77201BAB37E8C03A ] C:\Windows\System32\csrss.exe
07:44:43.0540 0x18d8 C:\Windows\System32\csrss.exe - ok
07:44:43.0550 0x18d8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\System32\basesrv.dll
07:44:43.0550 0x18d8 C:\Windows\System32\basesrv.dll - ok
07:44:43.0550 0x18d8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\System32\winsrv.dll
07:44:43.0550 0x18d8 C:\Windows\System32\winsrv.dll - ok
07:44:43.0550 0x18d8 [ 597C3699384E53CC59587ED50CCE5CA2, 4F61E9B5BEB3BD1634D733983381E516664BD7E250DF4B0150B168E05EFD652A ] C:\Windows\System32\drivers\hidclass.sys
07:44:43.0550 0x18d8 C:\Windows\System32\drivers\hidclass.sys - ok
07:44:43.0550 0x18d8 [ 856E76B3641746ABBC2946BED1372098, FD93CC7F72560F72CA49AD5609C079E25B8A3A4802E72B127B63A9E7B4884710 ] C:\Windows\System32\drivers\hidparse.sys
07:44:43.0550 0x18d8 C:\Windows\System32\drivers\hidparse.sys - ok
07:44:43.0560 0x18d8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] C:\Windows\System32\drivers\hidusb.sys
07:44:43.0560 0x18d8 C:\Windows\System32\drivers\hidusb.sys - ok
07:44:43.0560 0x18d8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] C:\Windows\System32\drivers\monitor.sys
07:44:43.0560 0x18d8 C:\Windows\System32\drivers\monitor.sys - ok
07:44:43.0560 0x18d8 [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] C:\Windows\System32\drivers\usbccgp.sys
07:44:43.0560 0x18d8 C:\Windows\System32\drivers\usbccgp.sys - ok
07:44:43.0560 0x18d8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] C:\Windows\System32\drivers\mouhid.sys
07:44:43.0560 0x18d8 C:\Windows\System32\drivers\mouhid.sys - ok
07:44:43.0570 0x18d8 [ 5747BC465ABEA2858C5D037252AED84E, 1D62E05ED1D3265FEFDD02C8653B2901B05994091F1D417632E2FBF053C5D451 ] C:\Windows\System32\drivers\lvuvc64.sys
07:44:43.0570 0x18d8 C:\Windows\System32\drivers\lvuvc64.sys - ok
07:44:43.0570 0x18d8 [ 986C1CB787A007BAA5F74E7D316D7246, 8846D5FF09A669816F57C98507FBCBE60F770B22BC784269765E46B36EE38D9D ] C:\Windows\System32\drivers\lvrs64.sys
07:44:43.0570 0x18d8 C:\Windows\System32\drivers\lvrs64.sys - ok
07:44:43.0570 0x18d8 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] C:\Windows\System32\drivers\USBAUDIO.sys
07:44:43.0570 0x18d8 C:\Windows\System32\drivers\USBAUDIO.sys - ok
07:44:43.0570 0x18d8 [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] C:\Windows\System32\drivers\Dot4usb.sys
07:44:43.0570 0x18d8 C:\Windows\System32\drivers\Dot4usb.sys - ok
07:44:43.0580 0x18d8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] C:\Windows\System32\drivers\usbprint.sys
07:44:43.0580 0x18d8 C:\Windows\System32\drivers\usbprint.sys - ok
07:44:43.0580 0x18d8 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] C:\Windows\System32\drivers\usbscan.sys
07:44:43.0580 0x18d8 C:\Windows\System32\drivers\usbscan.sys - ok
07:44:43.0580 0x18d8 [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] C:\Windows\System32\drivers\Dot4.sys
07:44:43.0580 0x18d8 C:\Windows\System32\drivers\Dot4.sys - ok
07:44:43.0580 0x18d8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] C:\Windows\System32\drivers\kbdhid.sys
07:44:43.0580 0x18d8 C:\Windows\System32\drivers\kbdhid.sys - ok
07:44:43.0590 0x18d8 [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] C:\Windows\System32\drivers\Dot4Prt.sys
07:44:43.0590 0x18d8 C:\Windows\System32\drivers\Dot4Prt.sys - ok
07:44:43.0590 0x18d8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\System32\sxssrv.dll
07:44:43.0590 0x18d8 C:\Windows\System32\sxssrv.dll - ok
07:44:43.0590 0x18d8 [ F29FE765E1448EF371CFE05BFAC74ADB, F251581222D78543272FD4B14A6A59F4B0E0CC44A5FCBCF56DE4CA5783F78A75 ] C:\Windows\System32\tsddd.dll
07:44:43.0590 0x18d8 C:\Windows\System32\tsddd.dll - ok
07:44:43.0590 0x18d8 [ 94355C28C1970635A31B3FE52EB7CEBA, C4E98F07170CEC69CACDD5CEDB8927E48A2A299CB1B8CDA87526E768AF6174F0 ] C:\Windows\System32\wininit.exe
07:44:43.0590 0x18d8 C:\Windows\System32\wininit.exe - ok
07:44:43.0600 0x18d8 [ 943F527DF79E6B400104341AA7023C75, 53C7B9426181D3D172E6B1A07E6DF8A0CB8FCA27D3A03CE5F544D3209B5F4651 ] C:\Windows\System32\cdd.dll
07:44:43.0600 0x18d8 C:\Windows\System32\cdd.dll - ok
07:44:43.0600 0x18d8 [ 78523A26F5604C0568FE9D1CE86E36F4, 534A7228BF69719106F581616A32EAEF0B770DDB36DCE94F84E7D52FDB1382B5 ] C:\Windows\System32\KBDUS.DLL
07:44:43.0600 0x18d8 C:\Windows\System32\KBDUS.DLL - ok
07:44:43.0600 0x18d8 [ C2A8CB1275ECB85D246A9ECC02A728E3, 3603FADCA0060BD201148F9D59E4E2627F024609A6463AB525B5D1AD17BDCD10 ] C:\Windows\System32\RpcRtRemote.dll
07:44:43.0600 0x18d8 C:\Windows\System32\RpcRtRemote.dll - ok
07:44:43.0600 0x18d8 [ 9CEAD32E79A62150FE9F8557E58E008B, AFE4C1725EE94D7DE0749AE1495A4E5CC33C369F29B2A589DA66FFE27FF9777E ] C:\Windows\System32\sxs.dll
07:44:43.0600 0x18d8 C:\Windows\System32\sxs.dll - ok
07:44:43.0610 0x18d8 [ B26B1801356760841C3BC69F9F91537F, 83B9DF333E36C09E81D44E12AE5BE14650126FDA0CF4A0EA853BF40C5780EF81 ] C:\Windows\System32\WlS0WndH.dll
07:44:43.0610 0x18d8 C:\Windows\System32\WlS0WndH.dll - ok
07:44:43.0610 0x18d8 [ 784FA3DF338E2E8F5F0389D6FAC428AF, 9C8AA0CFDEB9E38AAF8EB08626070E0F0364F4F8A793CFE3532EC6C007980C34 ] C:\Windows\System32\cryptbase.dll
07:44:43.0610 0x18d8 C:\Windows\System32\cryptbase.dll - ok
07:44:43.0610 0x18d8 [ 88AB9B72B4BF3963A0DE0820B4B0B06C, 29EFEADCB26E408CD41492FCEC6D411A018099D6FF5ECA9526ED59564975F3E6 ] C:\Windows\System32\winlogon.exe
07:44:43.0610 0x18d8 C:\Windows\System32\winlogon.exe - ok
07:44:43.0610 0x18d8 [ 0D9764D58C5EFD672B7184854B152E5E, 9827B43DABBEC39AB2E2294408D9C5304EF27A684903C5234C6070387723D49E ] C:\Windows\System32\winsta.dll
07:44:43.0610 0x18d8 C:\Windows\System32\winsta.dll - ok
07:44:43.0620 0x18d8 [ 90499F3163A9F815CF196A205EA3CD5D, 29B4ED3795CEC1177EB367132914CE21C194CDEC5DB9DC923FD928C85E94D821 ] C:\Windows\System32\apphelp.dll
07:44:43.0620 0x18d8 C:\Windows\System32\apphelp.dll - ok
07:44:43.0620 0x18d8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] C:\Windows\System32\lsass.exe
07:44:43.0620 0x18d8 C:\Windows\System32\lsass.exe - ok
07:44:43.0620 0x18d8 [ 9662EE182644511439F1C53745DC1C88, D205B2C163E78AB42A5D67D7664EF6B75EA0374FF0924467D624F9DB0611F0AD ] C:\Windows\System32\lsm.exe
07:44:43.0620 0x18d8 C:\Windows\System32\lsm.exe - ok
07:44:43.0630 0x18d8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\System32\services.exe
07:44:43.0630 0x18d8 C:\Windows\System32\services.exe - ok
07:44:43.0630 0x18d8 [ 8098627D0AA1706D69C5AF3F74332ABB, 9582F6162A8405DC568FFBEA08A9090FE92FE2C9DB640077BD7F23AC4FABF700 ] C:\Windows\System32\sspisrv.dll
07:44:43.0630 0x18d8 C:\Windows\System32\sspisrv.dll - ok
07:44:43.0630 0x18d8 [ 9358149234A4F3FE00CF5C2096DC1652, 14A9C7102BBF4E4E706BAE13C04F59FAFB2ED5E1D90984C64815310B538F6649 ] C:\Windows\System32\lsasrv.dll
07:44:43.0630 0x18d8 C:\Windows\System32\lsasrv.dll - ok
07:44:43.0640 0x18d8 [ C072064F95579C0D6D86AF5B3DC53192, CF4A088DF97F4D4963BEAB9CBDBF69FEA2D4773159054A0AF8B8DFFDF83E18DA ] C:\Windows\System32\sspicli.dll
07:44:43.0640 0x18d8 C:\Windows\System32\sspicli.dll - ok
07:44:43.0640 0x18d8 [ BBCDF350817BA86416C0F06B6981BE8D, D064438F97852B9BD6015C8B19377C61C671E0969E09506B8359FE7B1F373A61 ] C:\Windows\System32\scesrv.dll
07:44:43.0640 0x18d8 C:\Windows\System32\scesrv.dll - ok
07:44:43.0640 0x18d8 [ E914A50A151DFFE63D3935226DB5E2C1, 7DCCE4060344E1C771679F1C20378A0BEB3C1F06DB684072F07B98921A62A299 ] C:\Windows\System32\scext.dll
07:44:43.0640 0x18d8 C:\Windows\System32\scext.dll - ok
07:44:43.0640 0x18d8 [ 39312B37C5FE5138F99680A49ACD3AEA, B9566B4117FBBECF77A0D3F49E9DF302088B9D483F817720B22E4F9C5754264A ] C:\Windows\System32\secur32.dll
07:44:43.0640 0x18d8 C:\Windows\System32\secur32.dll - ok
07:44:43.0650 0x18d8 [ 68083118797CAF30FB2EA3E71494D67E, 5F1BCDFCB00A20CD60CBC70A2FD97405EF0F7173DD0E404BBA7B06D39DB37364 ] C:\Windows\System32\sysntfy.dll
07:44:43.0650 0x18d8 C:\Windows\System32\sysntfy.dll - ok
07:44:43.0650 0x18d8 [ DEE7267C5D232A3B816866872CE199E6, A1994FD37667C52E7CBF873514C190DA61A3D1349786D187BFAE0006F61799AE ] C:\Windows\System32\wmsgapi.dll
07:44:43.0650 0x18d8 C:\Windows\System32\wmsgapi.dll - ok
07:44:43.0650 0x18d8 [ 3A9C9BAF610B0DD4967086040B3B62A9, E8E9A0F42B1EE7806EDCEED08AA024D037215D06CA317E3678BD5364AD513D23 ] C:\Windows\System32\srvcli.dll
07:44:43.0650 0x18d8 C:\Windows\System32\srvcli.dll - ok
07:44:43.0650 0x18d8 [ A744BA6E04C8AA4592818178DBF89521, 9E7C85D842DF16F9B8FED7B06AF309B5ECCBFD465F5552347D4C3F1FEFDC6F7A ] C:\Windows\System32\samsrv.dll
07:44:43.0650 0x18d8 C:\Windows\System32\samsrv.dll - ok
07:44:43.0660 0x18d8 [ 3A061472B38233BAFF9CFEFF2E49C46B, DF29B14C8D22A8A16AA336A09A6152E2C7FCA6CAF4E76F0C5DCB55BEF9D00515 ] C:\Windows\System32\cryptdll.dll
07:44:43.0660 0x18d8 C:\Windows\System32\cryptdll.dll - ok
07:44:43.0660 0x18d8 [ 3C073B0C596A0AF84933E7406766B040, 4698BBA678F553E15AD4B07AD7FB236281F872DEFEE97BFD637114476C8F97B3 ] C:\Windows\System32\wevtapi.dll
07:44:43.0660 0x18d8 C:\Windows\System32\wevtapi.dll - ok
07:44:43.0660 0x18d8 [ 7FBEBD2229EA5FD48D41B199EC2D541C, A465975D445A8D50CAF3EF29BD33354B320D11173C127BE30D5EBBFF7008CDCE ] C:\Windows\System32\authz.dll
07:44:43.0660 0x18d8 C:\Windows\System32\authz.dll - ok
07:44:43.0660 0x18d8 [ 86FE1B1F8FD42CD0DB641AB1CDB13093, 8C4BB4415105CE82FFFE658879EAE9D259A24C0F6DFC7D25507352DC99241BE2 ] C:\Windows\System32\cngaudit.dll
07:44:43.0660 0x18d8 C:\Windows\System32\cngaudit.dll - ok
07:44:43.0670 0x18d8 [ 747B9BA5412422F27934CB21131F0A3E, 2441F925C3B46A15141A0A1E1AA9DFCCA2891D823D55C6E6DA0E30C2DE3A7341 ] C:\Windows\System32\ncrypt.dll
07:44:43.0670 0x18d8 C:\Windows\System32\ncrypt.dll - ok
07:44:43.0670 0x18d8 [ B9A95365E52F421A20E1501935FADDA5, DDB4CB575139233EFAF2C59B7E9B04AF36BBCCC63190181F3B2A7E6BFC86E77E ] C:\Windows\System32\bcrypt.dll
07:44:43.0670 0x18d8 C:\Windows\System32\bcrypt.dll - ok
07:44:43.0670 0x18d8 [ 02B64609F865A39365FF88580DF11738, 2F676B93898E1B6131AF6227BB7AB731EB9C29477F9BD4C2C60F0FC1E35CD968 ] C:\Windows\System32\msprivs.dll
07:44:43.0670 0x18d8 C:\Windows\System32\msprivs.dll - ok
07:44:43.0670 0x18d8 [ 50532FCD7ECF02DD169CE5C485F02534, 8EE5D9D0EA53DC72BCC300692E521ACADD56AB09BFA3E78149D8B5A90648512C ] C:\Windows\System32\negoexts.dll
07:44:43.0670 0x18d8 C:\Windows\System32\negoexts.dll - ok
07:44:43.0680 0x18d8 [ C6505DE3561537BA1004D638C2F93F2F, 3E4FDF374B1A9E43A8F61FD2D79E0515390ECABFDAF72C4BD44A7B6429039AF6 ] C:\Windows\System32\netjoin.dll
07:44:43.0680 0x18d8 C:\Windows\System32\netjoin.dll - ok
07:44:43.0680 0x18d8 [ B19C8390A1D641B9AC4490D4828A7B5E, 23F376D3BC09C95D7FE4729EDD907F06A96E4AD296D33588839382224361C0FC ] C:\Windows\System32\kerberos.dll
07:44:43.0680 0x18d8 C:\Windows\System32\kerberos.dll - ok
07:44:43.0680 0x18d8 [ E1BB958681BE311E7CFF06CFEC5F1F2B, C2FDFC6C7350788A07DCB99A6A54FB9A96A6A578013DF46D0E5094A3CBF6E862 ] C:\Windows\System32\atmfd.dll
07:44:43.0680 0x18d8 C:\Windows\System32\atmfd.dll - ok
07:44:43.0680 0x18d8 [ D0C2FBB6D97416B0166478FC7AE2B212, 7EAB6C37F0A845E645CA44CC060AC6C56E386C7EF7A64716C6786C9602AD8C9D ] C:\Windows\System32\cryptsp.dll
07:44:43.0680 0x18d8 C:\Windows\System32\cryptsp.dll - ok
07:44:43.0690 0x18d8 [ 9A9F9F1A77D6A80EE28B57664F00013E, 0D441638E086EF1342FCDC43E826BF9E9CC6B2E8AE100D89BFC70163F987DE91 ] C:\Windows\System32\mswsock.dll
07:44:43.0690 0x18d8 C:\Windows\System32\mswsock.dll - ok
07:44:43.0690 0x18d8 [ EC7CBFF96B05ECF3D366355B3C64ADCF, F69ED45EBEDCA9CF000AC03281F0EC2C351F98513FBA90E63394E4E561D6C7A2 ] C:\Windows\System32\wship6.dll
07:44:43.0690 0x18d8 C:\Windows\System32\wship6.dll - ok
07:44:43.0690 0x18d8 [ E2A483E796D5FC7E447725FD01D98FA0, 78F7F253CE8391A9BD073AC507A55A29B562AFBB0154C2DA8F5E837CA8DE8B79 ] C:\Windows\System32\msv1_0.dll
07:44:43.0690 0x18d8 C:\Windows\System32\msv1_0.dll - ok
07:44:43.0690 0x18d8 [ AA339DD8BB128EF66660DFBBB59043D3, 76D9F849AFDDA38E04549EB67B4163478776F1B6EF46434168278F84FEB8FC5C ] C:\Windows\System32\netlogon.dll
07:44:43.0690 0x18d8 C:\Windows\System32\netlogon.dll - ok
07:44:43.0700 0x18d8 [ 492D07D79E7024CA310867B526D9636D, F2FE647AB85C6C3C1AA3DF4BCE6E4D42B9676C9D837E11388C235AE8DB20044F ] C:\Windows\System32\dnsapi.dll
07:44:43.0700 0x18d8 C:\Windows\System32\dnsapi.dll - ok
07:44:43.0700 0x18d8 [ 8FFE297B8449386E7B6851458B6E474E, E149B37E11091D69D926242517E5655596594A6F01FEF06EB65D6BA5B354E326 ] C:\Windows\System32\logoncli.dll
07:44:43.0700 0x18d8 C:\Windows\System32\logoncli.dll - ok
07:44:43.0700 0x18d8 [ 481F70241D4EA038BB02590A30F15A23, 794418F8538BE8B90531C99C876D40625FC7C39FDCFCA9114843F44F9FE6D85C ] C:\Windows\System32\schannel.dll
07:44:43.0700 0x18d8 C:\Windows\System32\schannel.dll - ok
07:44:43.0710 0x18d8 [ 26AF184300C0868D854D5A3092234E24, 46FFF8B9212F2AE99D494A7BD1CDD5C95F451593B46CECAF25CE897931374250 ] C:\Windows\System32\wdigest.dll
07:44:43.0710 0x18d8 C:\Windows\System32\wdigest.dll - ok
07:44:43.0710 0x18d8 [ 5D8874A8C11DDDDE29E12DE0E2013493, 3E9A57137BF622AF83E3E4D58971E2C0200559CCA7545D16CF263AA03EE9C7D2 ] C:\Windows\System32\rsaenh.dll
07:44:43.0710 0x18d8 C:\Windows\System32\rsaenh.dll - ok
07:44:43.0710 0x18d8 [ E08088A97F95345E181C3DFCE2C615EF, DEF3B087DF5E10E4F8418029DB6E82546E62FEFA39694B7BD6A48CE8AAFD1B96 ] C:\Windows\System32\pku2u.dll
07:44:43.0710 0x18d8 C:\Windows\System32\pku2u.dll - ok
07:44:43.0710 0x18d8 [ B6D8C1202DACA028AD94BDA2795CBBE9, 967DA60ED456F6DC0D1D5F793DB947E81427811FA98BEF215A55F0171C204A12 ] C:\Windows\System32\TSpkg.dll
07:44:43.0710 0x18d8 C:\Windows\System32\TSpkg.dll - ok
07:44:43.0720 0x18d8 [ D6C7780A364C6BBACFA796BAB9F1B374, 3B5ED1A030BFD0BB73D4FFCD67A6A0B8501EF70293F223EFAA12F430ADF270F9 ] C:\Windows\System32\bcryptprimitives.dll
07:44:43.0720 0x18d8 C:\Windows\System32\bcryptprimitives.dll - ok
07:44:43.0720 0x18d8 [ 55C892560C1B42BC57FB61AEFCED2F22, 9A15D6559B4FD2FE3A5C5CE13F3C1AD01D9576F6023BDBD12336A1654D33EC63 ] C:\Windows\System32\LIVESSP.DLL
07:44:43.0720 0x18d8 C:\Windows\System32\LIVESSP.DLL - ok
07:44:43.0720 0x18d8 [ 82A72E99AA1CF0B04D3B9843CBA3AEC1, 0CB811379A40A993544013FA36A9B49532A9954CD8CD0D376E3B740F028C90C4 ] C:\Windows\System32\credssp.dll
07:44:43.0720 0x18d8 C:\Windows\System32\credssp.dll - ok
07:44:43.0720 0x18d8 [ 90BDEFC5DF334E5100EAA781D798DE1A, F48B650D811B6D57D2252E326C0C9CC74534BE9D510E7D3403F91D1C5C36281E ] C:\Windows\System32\efslsaext.dll
07:44:43.0720 0x18d8 C:\Windows\System32\efslsaext.dll - ok
07:44:43.0730 0x18d8 [ ED78427259134C63ED69804D2132B86C, F6F51B8B35881ABCA5580ED111AAC80E466E6474ABAE31EC8BE46C23EDCA77B2 ] C:\Windows\System32\scecli.dll
07:44:43.0730 0x18d8 C:\Windows\System32\scecli.dll - ok
07:44:43.0730 0x18d8 [ 7CC7DF5B654DA579613F811D8C637E29, 70EAC059C1ED814810C75DBB9F4D188428CB942FFD8869D692158D384EB6BB35 ] C:\Windows\System32\ubpm.dll
07:44:43.0730 0x18d8 C:\Windows\System32\ubpm.dll - ok
07:44:43.0730 0x18d8 [ C78655BC80301D76ED4FEF1C1EA40A7D, 93B2ED4004ED5F7F3039DD7ECBD22C7E4E24B6373B4D9EF8D6E45A179B13A5E8 ] C:\Windows\System32\svchost.exe
07:44:43.0730 0x18d8 C:\Windows\System32\svchost.exe - ok
07:44:43.0740 0x18d8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] C:\Windows\System32\umpnpmgr.dll
07:44:43.0740 0x18d8 C:\Windows\System32\umpnpmgr.dll - ok
07:44:43.0740 0x18d8 [ CD1B5AD07E5F7FEF30E055DCC9E96180, 63C58551F32B0B09377F64A6AE1FA81AF93B8A707A57A8C18722086906AD3046 ] C:\Windows\System32\devrtl.dll
07:44:43.0740 0x18d8 C:\Windows\System32\devrtl.dll - ok
07:44:43.0740 0x18d8 [ 9C9307C95671AC962F3D6EB3A4A89BAE, D1433791C9B8BCEEAD8937EC18D33E89E4E2012B5975228A8500FD141BC30078 ] C:\Windows\System32\gpapi.dll
07:44:43.0740 0x18d8 C:\Windows\System32\gpapi.dll - ok
07:44:43.0740 0x18d8 [ E6EB44ABAAF1F330119F854856C53EBE, 77279972FFBFA984578DD4F17EB615F5D2D93590AF3A9FEFEFDB9128206C9887 ] C:\Windows\System32\SPInf.dll
07:44:43.0740 0x18d8 C:\Windows\System32\SPInf.dll - ok
07:44:43.0740 0x18d8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] C:\Windows\System32\umpo.dll
07:44:43.0740 0x18d8 C:\Windows\System32\umpo.dll - ok
07:44:43.0750 0x18d8 [ F6C011B46FAEEF33536B2E80F48B5CBE, BDD149D3D6F9F6C8F6F34C311219BE5618CEEFBC7D35E37473A47F1D5D015067 ] C:\Windows\System32\pcwum.dll
07:44:43.0750 0x18d8 C:\Windows\System32\pcwum.dll - ok
07:44:43.0750 0x18d8 [ 716175021BDA290504CE434273F666BC, FA18CA2D8A5F4335E051E2933147D3C1E7308F7D446E2AEB6596CDEF6E2AFC88 ] C:\Windows\System32\powrprof.dll
07:44:43.0750 0x18d8 C:\Windows\System32\powrprof.dll - ok
07:44:43.0750 0x18d8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] C:\Windows\System32\drivers\luafv.sys
07:44:43.0750 0x18d8 C:\Windows\System32\drivers\luafv.sys - ok
07:44:43.0750 0x18d8 [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] C:\Windows\System32\drivers\Sftvollh.sys
07:44:43.0750 0x18d8 C:\Windows\System32\drivers\Sftvollh.sys - ok
07:44:43.0760 0x18d8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] C:\Windows\System32\RpcEpMap.dll
07:44:43.0760 0x18d8 C:\Windows\System32\RpcEpMap.dll - ok
07:44:43.0760 0x18d8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] C:\Windows\System32\rpcss.dll
07:44:43.0760 0x18d8 C:\Windows\System32\rpcss.dll - ok
07:44:43.0760 0x18d8 [ 16E964ABF6D1E0F0CC7822FCA9BA754D, 0E461387ACFD641DA22EE542A3C68AF5F7D3A7F967D974E3B198143D461ABE39 ] C:\Windows\System32\wshqos.dll
07:44:43.0760 0x18d8 C:\Windows\System32\wshqos.dll - ok
07:44:43.0760 0x18d8 [ 31559F3244C6BC00A52030CAA83B6B91, B2025742B5F0025ACE9821D5722DE3F997EEEAB21D2F381C9E307882DF422579 ] C:\Windows\System32\WSHTCPIP.DLL
07:44:43.0760 0x18d8 C:\Windows\System32\WSHTCPIP.DLL - ok
07:44:43.0770 0x18d8 [ 92A0FCE28889EE68552C0D9132096639, 796C1224CA13AD21BD317C6B001125D9759BE6776CBB00D9DB1D6D3D2997EF73 ] C:\Program Files\Microsoft Security Client\MpSvc.dll
07:44:43.0770 0x18d8 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
07:44:43.0770 0x18d8 [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
07:44:43.0770 0x18d8 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
07:44:43.0770 0x18d8 [ 9AD9E06F8656F296D91FAE8EE5B95A27, 53384747D5864D699BCC4F48E0A5E656430EDAA65DCDAB4B11EA68FC7106459E ] C:\Windows\System32\FirewallAPI.dll
07:44:43.0770 0x18d8 C:\Windows\System32\FirewallAPI.dll - ok
07:44:43.0780 0x18d8 [ 34152997FB906895290E0199AC94B85F, 6AEEB989FA6E4354F96F70D0169CC6CAAA56EEE3056F1CD20F5FE846EAC058C1 ] C:\Windows\System32\authui.dll
07:44:43.0780 0x18d8 C:\Windows\System32\authui.dll - ok
07:44:43.0780 0x18d8 [ 715F03B4C7223349768013EA95D9E5B7, 09AB0535A54C2E2962F0FD06988D99060F8CECA39B07AC00A63204C773B95893 ] C:\Windows\System32\LogonUI.exe
07:44:43.0780 0x18d8 C:\Windows\System32\LogonUI.exe - ok
07:44:43.0780 0x18d8 [ 94E026870A55AAEAFF7853C1754091E9, B2F5D5629D12BDFA98DBED3898368F37D9009C7531B6909C7285A2C11C9A0F93 ] C:\Windows\System32\version.dll
07:44:43.0780 0x18d8 C:\Windows\System32\version.dll - ok
07:44:43.0790 0x18d8 [ BD3674BE7FC9D8D3732C83E8499576ED, E6716A5895D629263A4D21959F48840429AB6F4B55A5FA2663EE5E86C9CA2BF1 ] C:\Windows\System32\wtsapi32.dll
07:44:43.0790 0x18d8 C:\Windows\System32\wtsapi32.dll - ok
07:44:43.0790 0x18d8 [ F50B9765F2F4B4506F5EF86B888B4350, DBD78B89C51B10DD4F330CBB083FBB9CA63F23E8B5FC7EFD68945645969B58E2 ] C:\Program Files\Microsoft Security Client\MpClient.dll
07:44:43.0790 0x18d8 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
07:44:43.0790 0x18d8 [ B3BFBD758506ECB50C5804AAA76318F9, 34E079A6AB2D41D1E0B3887B6AE31C43941061B7176FFF2801C3F465C2C89578 ] C:\Windows\System32\cryptui.dll
07:44:43.0790 0x18d8 C:\Windows\System32\cryptui.dll - ok
07:44:43.0790 0x18d8 [ 1F4492FE41767CDB8B89D17655847CDD, 184547FAC0C3D7148FAA3F601929A7089DE393BD19929A137DAD743331DD3F77 ] C:\Windows\System32\ntmarta.dll
07:44:43.0790 0x18d8 C:\Windows\System32\ntmarta.dll - ok
07:44:43.0800 0x18d8 [ 7FA8FDC2C2A27817FD0F624E78D3B50C, 7B63F6AA2CD6D4D07EA3C595B868B1A0749BB11620027A2BD9B935E3055481E4 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
07:44:43.0800 0x18d8 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
07:44:43.0800 0x18d8 [ 5B3EBFC3DA142324B388DDCC4465E1FF, 5D58642305311F9BC9B779C9598BFC4E7433B3EA58404BF1FF9466838A2328C7 ] C:\Windows\System32\samlib.dll
07:44:43.0800 0x18d8 C:\Windows\System32\samlib.dll - ok
07:44:43.0800 0x18d8 [ 4E9C2DB10F7E6AE91BF761139D4B745B, 8F63F78294F5585D599A114AF449DCC447CCB239D0F0B490BFE6B34A2146E730 ] C:\Windows\System32\shacct.dll
07:44:43.0800 0x18d8 C:\Windows\System32\shacct.dll - ok
07:44:43.0810 0x18d8 [ F06BB4E336EA57511FDBAFAFCC47DE62, BE43EC62548E9FF89A9495A1722E22DBB76EEC3764F86E64057B636F27D15765 ] C:\Windows\System32\propsys.dll
07:44:43.0810 0x18d8 C:\Windows\System32\propsys.dll - ok
07:44:43.0810 0x18d8 [ D29E998E8277666982B4F0303BF4E7AF, 4F19AB5DC173E278EBE45832F6CEAA40E2DF6A2EDDC81B2828122442FE5D376C ] C:\Windows\System32\uxtheme.dll
07:44:43.0810 0x18d8 C:\Windows\System32\uxtheme.dll - ok
07:44:43.0810 0x18d8 [ A9A87481B1A6589898C1DAB37C03E4AB, 803DB46E9FEE4E45B63A13A8CE3E589D7498532B8A7D8C3424E210E6A9AAC61F ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\GdiPlus.dll
07:44:43.0810 0x18d8 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_2b283fd671e9bf4d\GdiPlus.dll - ok
07:44:43.0810 0x18d8 [ 84B9BEE43277716291F9079E1CB03FF1, 44C3FC4F37BE0578DF62CA97C04C5A7E48A24628C02AFFE02FB956AFC1F4AB43 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
07:44:43.0810 0x18d8 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
07:44:43.0820 0x18d8 [ 3CB6A7286422C72C34DAB54A5DFF1A34, 98D21EFFF511E407336A226420701E82554DA01FA05661303836B6860D63749D ] C:\Windows\System32\dui70.dll
07:44:43.0820 0x18d8 C:\Windows\System32\dui70.dll - ok
07:44:43.0820 0x18d8 [ 6011714C8C5C55CBFFAD24D61E879FBD, 75D615082A1C71C6ED3ABB49EDAF660EE538D112CF79B9C8AF0A583D1CE1BBB0 ] C:\Windows\System32\wevtsvc.dll
07:44:43.0820 0x18d8 C:\Windows\System32\wevtsvc.dll - ok
07:44:43.0820 0x18d8 [ 801F3E903818B49BA55D925211FB9584, FDFEFED29EF2B909AE998B1D2BD6DEBED9A035C8BDA78A4B8F4BFB8C0EEAAB68 ] C:\Program Files\Microsoft Security Client\MpCommu.dll
07:44:43.0820 0x18d8 C:\Program Files\Microsoft Security Client\MpCommu.dll - ok
07:44:43.0830 0x18d8 [ 58F4493BF748A3A89689997B7BD00E95, EC5DEEC73E357C7C87B001275C4E635011A9CF39419F2B86E2C2B8D7E388C551 ] C:\Windows\System32\winhttp.dll
07:44:43.0830 0x18d8 C:\Windows\System32\winhttp.dll - ok
07:44:43.0830 0x18d8 [ 603EBD34E216C5654A2D774EAC98D278, ACE0171BB780DB2C1B1A8BF6FA8CF51C529D7E09141FA504C7199AF764FD9A36 ] C:\Windows\System32\webio.dll
07:44:43.0830 0x18d8 C:\Windows\System32\webio.dll - ok
07:44:43.0830 0x18d8 [ 8CCDE014A4CDF84564E03ACE064CA753, DD663029B2EB7B12FDB00FCE403D8326141E540E3B9CE84CD5871473D3E2E2CF ] C:\Windows\System32\duser.dll
07:44:43.0830 0x18d8 C:\Windows\System32\duser.dll - ok
07:44:43.0830 0x18d8 [ DE4BCD4F7BEA7E654812049B86B87837, 972CD913A072943AAFD20C81B05220854F4B2868ABFA927D3D903F0329737433 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
07:44:43.0830 0x18d8 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
07:44:43.0840 0x18d8 [ D7F1EF374A90709B31591823B002F918, 05FD2837C9B03D14BB2A969C1AD77CAEF047D93DC5D0F6C2ACBF0888E8F7B359 ] C:\Windows\System32\SndVolSSO.dll
07:44:43.0840 0x18d8 C:\Windows\System32\SndVolSSO.dll - ok
07:44:43.0840 0x18d8 [ 8CBEA4AABFA48C69832B299E23607029, D8ACD3DE8E86D79A9DDF4BF3492C8F8D85B7F141C77516BBB3BE4BC035F4FCA4 ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
07:44:43.0840 0x18d8 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
07:44:43.0840 0x18d8 [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] C:\Windows\System32\drivers\MpFilter.sys
07:44:43.0840 0x18d8 C:\Windows\System32\drivers\MpFilter.sys - ok
07:44:43.0840 0x18d8 [ F3D202F53A222D5F6944D459B73CF967, E9F1D48EB333D32331BCFD0348FE07BEE7D5352292E6020571DA395F596AFFE7 ] C:\Windows\System32\fltLib.dll
07:44:43.0840 0x18d8 C:\Windows\System32\fltLib.dll - ok
07:44:43.0850 0x18d8 [ 896F15A6434D93EDB42519D5E18E6B50, 9263F0CEC58D45EBE3FB9C3061FB9392C55A7933B84B4592E6EE13CFC86D5A50 ] C:\Windows\System32\hid.dll
07:44:43.0850 0x18d8 C:\Windows\System32\hid.dll - ok
07:44:43.0850 0x18d8 [ 227E2C382A1E02F8D4965E664D3BBE43, 1CFF20A8BF87ACE4FA4935EBEED72BFB1A1FE902A754899E2F50798D67DF5642 ] C:\Windows\System32\MMDevAPI.dll
07:44:43.0850 0x18d8 C:\Windows\System32\MMDevAPI.dll - ok
07:44:43.0850 0x18d8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] C:\Windows\System32\audiosrv.dll
07:44:43.0850 0x18d8 C:\Windows\System32\audiosrv.dll - ok
07:44:43.0850 0x18d8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] C:\Windows\System32\netprofm.dll
07:44:43.0850 0x18d8 C:\Windows\System32\netprofm.dll - ok
07:44:43.0860 0x18d8 [ 78A1E65207484B7F8D3217507745F47C, 35F413ADB9D157F3666DD15DD58104D629CD9143198A1AB914B73A4A3C9903DD ] C:\Windows\System32\avrt.dll
07:44:43.0860 0x18d8 C:\Windows\System32\avrt.dll - ok
07:44:43.0860 0x18d8 [ DA1B7075260F3872585BFCDD668C648B, 3E10EF6E1A5C341B478322CB78A0AB7BFC70AD8023779B8B4542A7CB4CA756AB ] C:\Windows\System32\dwmapi.dll
07:44:43.0860 0x18d8 C:\Windows\System32\dwmapi.dll - ok
07:44:43.0860 0x18d8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] C:\Windows\System32\FntCache.dll
07:44:43.0860 0x18d8 C:\Windows\System32\FntCache.dll - ok
07:44:43.0860 0x18d8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] C:\Windows\System32\mmcss.dll
07:44:43.0860 0x18d8 C:\Windows\System32\mmcss.dll - ok
07:44:43.0870 0x18d8 [ 6F8B48F3D343E4B186AB6A9E302B7E16, 54DB52FC56509E61DF68BD251B3286E6CBE1A91D9BC4D950940A61FE2DA04DF8 ] C:\Windows\System32\xmllite.dll
07:44:43.0870 0x18d8 C:\Windows\System32\xmllite.dll - ok
07:44:43.0870 0x18d8 [ AFCA5C1ECEAF948FC815178BC077680E, D052C18EF455E1A272332F2E11FD4F36DA071FAB3B81CA312FB75BF8702ED72D ] C:\Windows\System32\WindowsCodecs.dll
07:44:43.0870 0x18d8 C:\Windows\System32\WindowsCodecs.dll - ok
07:44:43.0870 0x18d8 [ 159116B914ADA81E2C071E00C9183DED, CCFEEC40FB6602BB9256C8CAB051589BD298CC8CD8100CD052E75D156DBB96C5 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
07:44:43.0870 0x18d8 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
07:44:43.0870 0x18d8 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D, 19959D18601712901F03B83150D15E34EBCAB355BB4692C9A28511A72F57FC66 ] C:\Windows\System32\winbrand.dll
07:44:43.0870 0x18d8 C:\Windows\System32\winbrand.dll - ok
07:44:43.0880 0x18d8 [ C2762A57DF0EE85E63CE4893C5215313, DDE22212D78353633CEDE27D7210469DE674563991105563CF64CCCE2D0743BD ] C:\Windows\System32\VaultCredProvider.dll
07:44:43.0880 0x18d8 C:\Windows\System32\VaultCredProvider.dll - ok
07:44:43.0880 0x18d8 [ 8563BA40DF4F1E93A61B70E2C8B60CF8, E5CAA520CBE61FAF3EAA784A51ED30E0CB2FD78EFD8AE1D5C6B0FE43A1009F39 ] C:\Windows\System32\SmartcardCredentialProvider.dll
07:44:43.0880 0x18d8 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
07:44:43.0880 0x18d8 [ 509B7B27A6495374AF80A215EC190175, 77F9CE18BE8E33F0090E1345B72805895E86D2D1FE3D61BE37011ED8F29530A9 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC4AD9BD-E645-4879-A3A5-E15F53C5604C}\mpengine.dll
07:44:43.0880 0x18d8 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC4AD9BD-E645-4879-A3A5-E15F53C5604C}\mpengine.dll - ok
07:44:43.0880 0x18d8 [ BF352E73615F5461AA6884472435A544, 4B059E79325C5F08CD6FBBE6352E17ADB64B9608CC9EDB36A2DF4D148060C309 ] C:\Windows\System32\BioCredProv.dll
07:44:43.0880 0x18d8 C:\Windows\System32\BioCredProv.dll - ok
07:44:43.0890 0x18d8 [ 4403D5ECE7D8323CAF1207D1AA38FA01, BD0B34DCF658D3CB91C1B55E9E730C5F7C571AFC2BFA09270C377B72B6830D48 ] C:\Windows\System32\credui.dll
07:44:43.0890 0x18d8 C:\Windows\System32\credui.dll - ok
07:44:43.0890 0x18d8 [ 796B8123A7859AFD3A4AE10514DBAEB5, E76F69FAFEC3D66263ED95F3FA9EE309BDDACB287E30583A147DC97F6EEB8844 ] C:\Windows\System32\winbio.dll
07:44:43.0890 0x18d8 C:\Windows\System32\winbio.dll - ok
07:44:43.0890 0x18d8 [ D5CCA1453B98A5801E6D5FF0FF89DC6C, 85F2C2480AAC31B6092187B431A562D79D4CFB1324F925C85055ABAB2483264B ] C:\Windows\System32\audiodg.exe
07:44:43.0890 0x18d8 C:\Windows\System32\audiodg.exe - ok
07:44:43.0890 0x18d8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] C:\Windows\System32\gpsvc.dll
07:44:43.0890 0x18d8 C:\Windows\System32\gpsvc.dll - ok
07:44:43.0900 0x18d8 [ EEEA40F0EDB0A6E5359E539E15D0BC77, BFCBF777239C29C6AC4BC5B59591308571647B7C7FDB5571903F7403DD241E8E ] C:\Windows\System32\netapi32.dll
07:44:43.0900 0x18d8 C:\Windows\System32\netapi32.dll - ok
07:44:43.0900 0x18d8 [ 44B9C66177651F3F53C87B665D58D17A, 3FC426115FF87570889DB28D71970B82B525D2A4B9A00EDD273BF083B77A05CE ] C:\Windows\System32\vaultcli.dll
07:44:43.0900 0x18d8 C:\Windows\System32\vaultcli.dll - ok
07:44:43.0900 0x18d8 [ 6CECA4C6A489C9B2E6073AFDAAE3F607, 127506D1DB38275614CBEB047C133718EF9D03266BA9C98BE55EC7847CFC9C3D ] C:\Windows\System32\netutils.dll
07:44:43.0900 0x18d8 C:\Windows\System32\netutils.dll - ok
07:44:43.0900 0x18d8 [ 3C91392D448F6E5D525A85B7550D8BA9, 6FD0DC73DBE7519E2C643554C2A7F8FBE4F9A678C4241BB54B3C6E65D2ABCF3A ] C:\Windows\System32\wkscli.dll
07:44:43.0900 0x18d8 C:\Windows\System32\wkscli.dll - ok
07:44:43.0910 0x18d8 [ 972C3301DB3DA91AE06A95F6B4160B1B, 678B533A06C306295FE97DC26CE9BAFFC8EAF1FB7405ACB040719099717744D5 ] C:\Windows\System32\certCredProvider.dll
07:44:43.0910 0x18d8 C:\Windows\System32\certCredProvider.dll - ok
07:44:43.0910 0x18d8 [ FC51229C7D4AFA0D6F186133728B95AB, 37E58C8E1C8437D1981725A5DCDACA7316CEFBB570370CEFC8D122F523B96AC0 ] C:\Windows\System32\samcli.dll
07:44:43.0910 0x18d8 C:\Windows\System32\samcli.dll - ok
07:44:43.0910 0x18d8 [ EF2AE43BCD46ABB13FC3E5B2B1935C73, 81FC06F306F620845D7DD8D06E706309E70BC89B589C81F3478302A3F5F73431 ] C:\Windows\System32\winmm.dll
07:44:43.0910 0x18d8 C:\Windows\System32\winmm.dll - ok
07:44:43.0920 0x18d8 [ 7097425051CE67B450EBF2B1390AE492, 45354BA04E383B65D13A073F63EA5EA185D8B0C1E208B6671ED8EBC64711D109 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
07:44:43.0920 0x18d8 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
07:44:43.0920 0x18d8 [ 46BB91A169B9B31FF44EB04C48EC1D41, 8115B533D3A5BE07633FA54FA8847E3DEC00C5BEB193CF2FBE88428D23E2B3D6 ] C:\Windows\System32\nlaapi.dll
07:44:43.0920 0x18d8 C:\Windows\System32\nlaapi.dll - ok
07:44:43.0920 0x18d8 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] C:\Windows\System32\profsvc.dll
07:44:43.0920 0x18d8 C:\Windows\System32\profsvc.dll - ok
07:44:43.0920 0x18d8 [ 58775492FFD419248B08325E583C527F, DBB013971F5894F25C222C2D4D50A29DB6DF3C413792EE9CCC1A9E6D85469093 ] C:\Windows\System32\atl.dll
07:44:43.0920 0x18d8 C:\Windows\System32\atl.dll - ok
07:44:43.0930 0x18d8 [ A77BE7CB3222B4FB0AC6C71D1C2698D4, 73566223914BF670DF6B5931FA213E546713531B10391ED65B5256BBD7ABDE7F ] C:\Windows\System32\dsrole.dll
07:44:43.0930 0x18d8 C:\Windows\System32\dsrole.dll - ok
07:44:43.0930 0x18d8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] C:\Windows\System32\es.dll
07:44:43.0930 0x18d8 C:\Windows\System32\es.dll - ok
07:44:43.0930 0x18d8 [ BE097F5BB10F9079FCEB2DC4E7E20F02, 90A88986C8C5F30FB153EC803FEDA6572B2C2630A6C9578FCC017800692694D5 ] C:\Windows\System32\slc.dll
07:44:43.0930 0x18d8 C:\Windows\System32\slc.dll - ok
07:44:43.0930 0x18d8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] C:\Windows\System32\themeservice.dll
07:44:43.0930 0x18d8 C:\Windows\System32\themeservice.dll - ok
07:44:43.0940 0x18d8 [ 87FA0C48C3B2E9FEE518818FE26B15B5, DA4042DE9897397AEDCEFF9F69746726237305DDE64464309B6DCC45E05E42F4 ] C:\Windows\System32\rasplap.dll
07:44:43.0940 0x18d8 C:\Windows\System32\rasplap.dll - ok
07:44:43.0940 0x18d8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] C:\Windows\System32\Sens.dll
07:44:43.0940 0x18d8 C:\Windows\System32\Sens.dll - ok
07:44:43.0940 0x18d8 [ 019CD868461B646E09BDF04474C19341, 01837EFACB02E52BC6E90C90C4CB01B11D56E449A37EA4FC2695507FF85EA9FE ] C:\Windows\System32\rasapi32.dll
07:44:43.0940 0x18d8 C:\Windows\System32\rasapi32.dll - ok
07:44:43.0940 0x18d8 [ B28DEEC597C8DEB70C744C7CF9210E3E, E777F192D822990CA6301B3FEA2AEA213FA7901438EB3328914ADF02B6C39DB9 ] C:\Windows\System32\rasman.dll
07:44:43.0940 0x18d8 C:\Windows\System32\rasman.dll - ok
07:44:43.0950 0x18d8 [ 8560FFFC8EB3A806DCD4F82252CFC8C6, CC27BC092369A89D6147B16568FEDEB68B584D5738CD686C31F7FAE22ED17B3B ] C:\Windows\System32\ksuser.dll
07:44:43.0950 0x18d8 C:\Windows\System32\ksuser.dll - ok
07:44:43.0950 0x18d8 [ B53C4B69B695EDA1B7E41D35CA4244E2, 3D98E9B263CADA576E4057E059AFC867F6E3F1001F3B73C8BCF9066763A45D9D ] C:\Windows\System32\rtutils.dll
07:44:43.0950 0x18d8 C:\Windows\System32\rtutils.dll - ok
07:44:43.0950 0x18d8 [ 1473768973453DE50DC738C2955FC4DD, 14BC5DA2442CB726ACC1F277DDBECCF5D61E3A0A3E083A55A0BB610191E35220 ] C:\Windows\System32\wdmaud.drv
07:44:43.0950 0x18d8 C:\Windows\System32\wdmaud.drv - ok
07:44:43.0950 0x18d8 [ 9BC8610C32C96A2983A65DC21CAFA921, 2A4195F663C9D55939E3D8FEAA208090FDB0B8801A60164A7325B53104797CBC ] C:\Windows\System32\UXInit.dll
07:44:43.0950 0x18d8 C:\Windows\System32\UXInit.dll - ok
07:44:43.0960 0x18d8 [ DC220AE6F64819099F7EBD6F137E32E7, B8FE13B859FA83500DD95637FA6D4A5B8392C2A363E41D014D3B5374F636E1DE ] C:\Windows\System32\AudioSes.dll
07:44:43.0960 0x18d8 C:\Windows\System32\AudioSes.dll - ok
07:44:43.0960 0x18d8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] C:\Windows\System32\uxsms.dll
07:44:43.0960 0x18d8 C:\Windows\System32\uxsms.dll - ok
07:44:43.0960 0x18d8 [ F468220F60F311C867DA0D710F4FCE94, A688FE9C05E4DE6ED5EFAA2D5F812D71AC208684BF573A121CEC4E1358D49861 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC4AD9BD-E645-4879-A3A5-E15F53C5604C}\mpasbase.vdm
07:44:43.0960 0x18d8 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC4AD9BD-E645-4879-A3A5-E15F53C5604C}\mpasbase.vdm - ok
07:44:43.0960 0x18d8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] C:\Windows\System32\drivers\lltdio.sys
07:44:43.0960 0x18d8 C:\Windows\System32\drivers\lltdio.sys - ok
07:44:43.0970 0x18d8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] C:\Windows\System32\drivers\nwifi.sys
07:44:43.0970 0x18d8 C:\Windows\System32\drivers\nwifi.sys - ok
07:44:43.0970 0x18d8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] C:\Windows\System32\drivers\ndisuio.sys
07:44:43.0970 0x18d8 C:\Windows\System32\drivers\ndisuio.sys - ok
07:44:43.0970 0x18d8 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A, 72288C0A88916D3C3828DBD948DBDB0928F26106319F8E60102D6C9004514D60 ] C:\Windows\System32\msacm32.dll
07:44:43.0970 0x18d8 C:\Windows\System32\msacm32.dll - ok
07:44:43.0980 0x18d8 [ 1B7C3A37362C7B2890168C5FC61C8D9B, 03727930E5BB5F9D91BAB901FC9A2E3B795D68E2AEE6A2CC3477F356C45A9C54 ] C:\Windows\System32\msacm32.drv
07:44:43.0980 0x18d8 C:\Windows\System32\msacm32.drv - ok
07:44:43.0980 0x18d8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] C:\Windows\System32\drivers\rspndr.sys
07:44:43.0980 0x18d8 C:\Windows\System32\drivers\rspndr.sys - ok
07:44:43.0980 0x18d8 [ 2B81776DA02017A37FE26C662827470E, A656353C50EE08422145D00DB9CFD9F6D3E664753B3C454B171E2A56A8AA94DC ] C:\Windows\System32\IPHLPAPI.DLL
07:44:43.0980 0x18d8 C:\Windows\System32\IPHLPAPI.DLL - ok
07:44:43.0980 0x18d8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] C:\Windows\System32\lmhsvc.dll
07:44:43.0980 0x18d8 C:\Windows\System32\lmhsvc.dll - ok
07:44:43.0990 0x18d8 [ CA2A0750ED830678997695FF61B04C30, E84860CD97AA3C4565ABB2D5D406A5C42B1AD2D8BA1B8CF81FE564D91F15F976 ] C:\Windows\System32\midimap.dll
07:44:43.0990 0x18d8 C:\Windows\System32\midimap.dll - ok
07:44:43.0990 0x18d8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] C:\Windows\System32\nsisvc.dll
07:44:43.0990 0x18d8 C:\Windows\System32\nsisvc.dll - ok
07:44:43.0990 0x18d8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] C:\Windows\System32\dhcpcore.dll
07:44:43.0990 0x18d8 C:\Windows\System32\dhcpcore.dll - ok
07:44:43.0990 0x18d8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] C:\Windows\System32\dnsrslvr.dll
07:44:43.0990 0x18d8 C:\Windows\System32\dnsrslvr.dll - ok
07:44:44.0000 0x18d8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] C:\Windows\System32\eapsvc.dll
07:44:44.0000 0x18d8 C:\Windows\System32\eapsvc.dll - ok
07:44:44.0000 0x18d8 [ F9EC845C5EECF20E9A67F9F805F2EF1F, C3DBA8CF93DBF50954B1BF6D7EF3F6F5DD1A56DC62B7EB2749C54D9B65D9BB43 ] C:\Windows\System32\keyiso.dll
07:44:44.0000 0x18d8 C:\Windows\System32\keyiso.dll - ok
07:44:44.0000 0x18d8 [ B73A6E4B319AFFE64582AC5C1801BB3F, 274EEA0743DC659180E691654CBB17136E9E9D83B07E302B47EA5B103EA57710 ] C:\Windows\System32\nrpsrv.dll
07:44:44.0000 0x18d8 C:\Windows\System32\nrpsrv.dll - ok
07:44:44.0000 0x18d8 [ 4C9210E8F4E052F6A4EB87716DA0C24C, 460F7990BDADB7D58D6DC95B094D30A2EFDC4CEED444B18A2F36E8D9076FB8B9 ] C:\Windows\System32\winnsi.dll
07:44:44.0000 0x18d8 C:\Windows\System32\winnsi.dll - ok
07:44:44.0010 0x18d8 [ 3CC16A849E6092E43909F48EF0E60306, 610B576654A69415E4F2FEDB6BA384C77715944E4F89BD2821B311968CA8D810 ] C:\Windows\System32\dhcpcore6.dll
07:44:44.0010 0x18d8 C:\Windows\System32\dhcpcore6.dll - ok
07:44:44.0010 0x18d8 [ 5EDBB34736DD7AC1A73CF8792A835E10, 15E87C449AAF2095273341DD9355D8DF2690340D1DEFAF0DFF034F1CDF4316F8 ] C:\Windows\System32\AudioEng.dll
07:44:44.0010 0x18d8 C:\Windows\System32\AudioEng.dll - ok
07:44:44.0010 0x18d8 [ D07EB640618F96490DB88C3CE58DB608, 0C553971259632031E6856A94EEB937D571627FC7CF061CCFC040F4BF0CFF259 ] C:\Windows\System32\FWPUCLNT.DLL
07:44:44.0010 0x18d8 C:\Windows\System32\FWPUCLNT.DLL - ok
07:44:44.0020 0x18d8 [ A97840727B027DC6EEDCD633FE902191, 0F7BDF4CFC2034EFD9F7557BC3DE8553D035D88BE2F8BA4D43C2064232FF2048 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC4AD9BD-E645-4879-A3A5-E15F53C5604C}\mpasdlta.vdm
07:44:44.0020 0x18d8 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC4AD9BD-E645-4879-A3A5-E15F53C5604C}\mpasdlta.vdm - ok
07:44:44.0020 0x18d8 [ C1395286B822E306B4FE1568A8A77813, 0642B6C793BE0EED5E7D1D2533FC5A01417C50040FC60A8E89BD97CE4A119388 ] C:\Windows\System32\AUDIOKSE.dll
07:44:44.0020 0x18d8 C:\Windows\System32\AUDIOKSE.dll - ok
07:44:44.0020 0x18d8 [ 3C06D5A929B798D0B13F6481242A0FD2, CE6127A31AB09E21A912CA16E4BDF663E9D05C254CCF9090A8B5A9A2E055EFF3 ] C:\Windows\System32\dhcpcsvc6.dll
07:44:44.0020 0x18d8 C:\Windows\System32\dhcpcsvc6.dll - ok
07:44:44.0020 0x18d8 [ 885D0942E0F28DB90919BE3129ECF279, 5A10D90EE656ECE3DCA174D6F924641509819FC20CB6EF46B5E1723E52DE85BE ] C:\Windows\System32\dnsext.dll
07:44:44.0020 0x18d8 C:\Windows\System32\dnsext.dll - ok
07:44:44.0030 0x18d8 [ 00000000000000000000000000000000, 0000000000000000000000000000000000000000000000000000000000000000 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC4AD9BD-E645-4879-A3A5-E15F53C5604C}\mpavbase.vdm
07:44:44.0030 0x18d8 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC4AD9BD-E645-4879-A3A5-E15F53C5604C}\mpavbase.vdm - ok
07:44:44.0030 0x18d8 [ 893A6A90F68EA31F8167AFDE8A9699D8, 8060A9B9F36EF11B82B13BCCD3FCCEFF5DF65ACBA97733BF2F67A45DCBC65F1D ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC4AD9BD-E645-4879-A3A5-E15F53C5604C}\mpavdlta.vdm
07:44:44.0030 0x18d8 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC4AD9BD-E645-4879-A3A5-E15F53C5604C}\mpavdlta.vdm - ok
07:44:44.0030 0x18d8 [ 87356377F31DA5F20A833811CD59499C, 4FEC1FD3AC4E4E34DCBC0109B248952604F438C84B1604EB9E2359FA721E23C4 ] C:\Windows\System32\eapphost.dll
07:44:44.0030 0x18d8 C:\Windows\System32\eapphost.dll - ok
07:44:44.0030 0x18d8 [ 56803B20D168C1B740D12CE0BE4588F5, E41664384998E4A6E30D38AD349B958F10D0FB86C650354C0F26F333F221DE8E ] C:\Windows\System32\mshtml.dll
07:44:44.0030 0x18d8 C:\Windows\System32\mshtml.dll - ok
07:44:44.0040 0x18d8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] C:\Windows\System32\wlansvc.dll
07:44:44.0040 0x18d8 C:\Windows\System32\wlansvc.dll - ok
07:44:44.0040 0x18d8 [ 9FCA3A84338ADEF2AFF67CDA46EF8539, 087DF72096852AE98C56990EE6E68835BE95E7E49ECDDE8B54DAC11C9E07FE94 ] C:\Windows\System32\umb.dll
07:44:44.0040 0x18d8 C:\Windows\System32\umb.dll - ok
07:44:44.0040 0x18d8 [ F568F7C08458D69E4FCD8675BBB107E4, A5FA25ECF248999A68CCECFBB508BFA1ADD18A23E20A9A9081A87C41CAAA36C0 ] C:\Windows\System32\dhcpcsvc.dll
07:44:44.0040 0x18d8 C:\Windows\System32\dhcpcsvc.dll - ok
07:44:44.0040 0x18d8 [ 1A47D52E303B7543E4E6026595B95422, C577CD3837546A7CED5D2E8E97FA2EDACA133B4A8595770EF96CAE519BFE280F ] C:\Windows\System32\comres.dll
07:44:44.0040 0x18d8 C:\Windows\System32\comres.dll - ok
07:44:44.0050 0x18d8 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67, E957E4463D318A44BA5109EE3428624DE901C5FF2BA358986DF6C6F059DDBCC2 ] C:\Windows\System32\adtschema.dll
07:44:44.0050 0x18d8 C:\Windows\System32\adtschema.dll - ok
07:44:44.0050 0x18d8 [ A648C4A06DE367065B24056D067B4460, 2412487D65A833DDD9AB17D039515CC08DA22D006259EC4B03E42475FAFFD2AD ] C:\Windows\System32\wlanmsm.dll
07:44:44.0050 0x18d8 C:\Windows\System32\wlanmsm.dll - ok
07:44:44.0050 0x18d8 [ 06A1386B6E3A0CBC368665C1840906F4, C10BCA5092A0B3F9435CE4D65C7449528C89F5C5243B410878D2EBF516DA2FB2 ] C:\Windows\System32\wlansec.dll
07:44:44.0050 0x18d8 C:\Windows\System32\wlansec.dll - ok
07:44:44.0050 0x18d8 [ 65522E77A1360DBC8D199DA3BF5EFFE4, E9D748070FA478A3D37F15049F998D340885C0DC5FCE03BFCE5D521C9EBA7350 ] C:\Windows\System32\eappprxy.dll
07:44:44.0050 0x18d8 C:\Windows\System32\eappprxy.dll - ok
07:44:44.0060 0x18d8 [ 73FCB7919DEE80EE556F2E498594EBAE, D0F7A0AD3BC33263E9C2CF9787DD326436F9E0C9F5031D769F8A43C64C08A762 ] C:\Windows\System32\onex.dll
07:44:44.0060 0x18d8 C:\Windows\System32\onex.dll - ok
07:44:44.0060 0x18d8 [ 0D753307D274F3688BD21C377B616700, 5DD08E77A11F2561FB96BA212FDDFE21D4394C69C34C3EB88F7F5CD068EE55BF ] C:\Windows\System32\eappcfg.dll
07:44:44.0060 0x18d8 C:\Windows\System32\eappcfg.dll - ok
07:44:44.0060 0x18d8 [ 97E43F324BE1503CB2FFB058534688DA, 50C781DF38D0D38C9A5420AB1FFF8672DC13FD1ED8E9F5432B4BA3077A7435D5 ] C:\Windows\System32\l2gpstore.dll
07:44:44.0060 0x18d8 C:\Windows\System32\l2gpstore.dll - ok
07:44:44.0070 0x18d8 [ 7F1B4C6FF3B85F9ADF74055187B8A22C, CC95DA5662638AACBE9643DCB236464C2C2095A8D5CDC8A747045870BE9D0E7D ] C:\Windows\System32\wlanutil.dll
07:44:44.0070 0x18d8 C:\Windows\System32\wlanutil.dll - ok
07:44:44.0070 0x18d8 [ 730BF204A595D5B6D7DC57A247CC741C, 264C6901F4A49B738BBD04BCA1783DEE892885BADE9085B0AEA40BAE7CC0A218 ] C:\Windows\System32\wlgpclnt.dll
07:44:44.0070 0x18d8 C:\Windows\System32\wlgpclnt.dll - ok
07:44:44.0070 0x18d8 [ AA0B1A7B4750F655936F2F82B5E84428, 443A3822D3BD776922402353C7E8C1257DB2A3D8EE335265934C52BB5820A972 ] C:\Windows\System32\CX64AP40.dll
07:44:44.0070 0x18d8 C:\Windows\System32\CX64AP40.dll - ok
07:44:44.0070 0x18d8 [ 7D5645EE0EA77D539828433D9B95F5EB, EEF81E9B2205FC456DB6095AD0AEAB38BB131D3BCD090EA6CD91D5568ACAFB7F ] C:\Windows\System32\WinSCard.dll
07:44:44.0070 0x18d8 C:\Windows\System32\WinSCard.dll - ok
07:44:44.0080 0x18d8 [ 0E3A7EC2B9590EA7767BBB1823630DEA, 6858B7050465DB8505CF9E932868B123B925376C05363EA5A9198B2AE15CF728 ] C:\Windows\System32\msxml6.dll
07:44:44.0080 0x18d8 C:\Windows\System32\msxml6.dll - ok
07:44:44.0080 0x18d8 [ 5AA945234E9D4CCE4F715276B9AA712C, 65165BD131056816F009D987FC78AC86FFE0C3C38A27E73F873586B7FF4D59CF ] C:\Windows\System32\imageres.dll
07:44:44.0080 0x18d8 C:\Windows\System32\imageres.dll - ok
07:44:44.0080 0x18d8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] C:\Windows\System32\MPSSVC.dll
07:44:44.0080 0x18d8 C:\Windows\System32\MPSSVC.dll - ok
07:44:44.0080 0x18d8 [ 6F3C559B82F2912354BE5B098744CC8C, EB64E5C02C81588921A65194E1256E80699A1317E7D9A57395CD38C2639C8B08 ] C:\Windows\System32\WMALFXGFXDSP.dll
07:44:44.0080 0x18d8 C:\Windows\System32\WMALFXGFXDSP.dll - ok
07:44:44.0090 0x18d8 [ 54B5DCD55B223BC5DF50B82E1E9E86B1, 025294DD69A421FE4EACAA463F8CB797610D8F3A7A3C61656AE83D0CEE07A9BF ] C:\Windows\System32\mfplat.dll
07:44:44.0090 0x18d8 C:\Windows\System32\mfplat.dll - ok
07:44:44.0090 0x18d8 [ 50544D04AD845C43130B70212EC05CCD, B2E6B558DE7D273512226685FF53ED17C9B4BF81B739FBCA5D3FC82DF8D2BCF7 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
07:44:44.0090 0x18d8 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
07:44:44.0090 0x18d8 [ B1DF2D87DC8BF6072699AC8301B37796, D5A6FD1EDB627324DFA1A0555F1777A3313EF29DDE29982C3CE59DAF1ED0D105 ] C:\Windows\System32\WUDFPlatform.dll
07:44:44.0090 0x18d8 C:\Windows\System32\WUDFPlatform.dll - ok
07:44:44.0090 0x18d8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] C:\Windows\System32\drivers\fltMgr.sys
07:44:44.0090 0x18d8 C:\Windows\System32\drivers\fltMgr.sys - ok
07:44:44.0100 0x18d8 [ A3DB3C17EE6CAE65D53602B4E80BCCBC, D802A7C6161F937DC42A6E45FE1BB2C8272819F92C294C180EBCDF8FF72CBFDC ] C:\Windows\System32\PSHED.DLL
07:44:44.0100 0x18d8 C:\Windows\System32\PSHED.DLL - ok
07:44:44.0100 0x18d8 [ B0945E538CF906BBDDC5A11C8EE868CC, 5F3459F6512918835F7C9400905EC7C1FAEAA7114E0D28C522040C359E3B93F7 ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
07:44:44.0100 0x18d8 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
07:44:44.0100 0x18d8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] C:\Windows\System32\shsvcs.dll
07:44:44.0100 0x18d8 C:\Windows\System32\shsvcs.dll - ok
07:44:44.0100 0x18d8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] C:\Windows\System32\schedsvc.dll
07:44:44.0100 0x18d8 C:\Windows\System32\schedsvc.dll - ok
07:44:44.0110 0x18d8 [ BC414631876B2F28B8DAB08E849C12C5, 5973654AA3E90E6B699B0A43F645B893D95BAA803129B6967D746C8239AB26E3 ] C:\Windows\System32\ktmw32.dll
07:44:44.0110 0x18d8 C:\Windows\System32\ktmw32.dll - ok
07:44:44.0110 0x18d8 [ 945E54F23C72D37B8CD1987AF0DB63BF, C2B217C94DBCA0A31ED834B9D492B53B25B235DDD02B1D1200E76609D32772EA ] C:\Windows\System32\fveapi.dll
07:44:44.0110 0x18d8 C:\Windows\System32\fveapi.dll - ok
07:44:44.0110 0x18d8 [ 891ECFD08E2C538B7948CBC45106D697, 628D0D618FF3A70E9FBE3B2C7206C9365ED2297784A5F10FFA05BD2C56657013 ] C:\Windows\System32\fvecerts.dll
07:44:44.0110 0x18d8 C:\Windows\System32\fvecerts.dll - ok
07:44:44.0120 0x18d8 [ 694865362F0965779F92BCFE97712323, 825EB75E37AFE9B738869FB5D95020D4F44AD419C2F6C5A658F82A5242FDEF6C ] C:\Windows\System32\tbs.dll
07:44:44.0120 0x18d8 C:\Windows\System32\tbs.dll - ok
07:44:44.0120 0x18d8 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7, 4BC5A1279885EEFBEB27333AF719622A5FCDD9606697692C1978E434CE264D80 ] C:\Windows\System32\taskcomp.dll
07:44:44.0120 0x18d8 C:\Windows\System32\taskcomp.dll - ok
07:44:44.0120 0x18d8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] C:\Windows\System32\drivers\http.sys
07:44:44.0120 0x18d8 C:\Windows\System32\drivers\http.sys - ok
07:44:44.0130 0x18d8 [ 8269210DAF3B12BC8300631B28A2A442, EABEB792C2EA8D4A1A7B13281CF557C194D5667AE0BA2A2D5664908D8269113D ] C:\Windows\System32\wiarpc.dll
07:44:44.0130 0x18d8 C:\Windows\System32\wiarpc.dll - ok
07:44:44.0130 0x18d8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] C:\Windows\System32\spoolsv.exe
07:44:44.0130 0x18d8 C:\Windows\System32\spoolsv.exe - ok
07:44:44.0130 0x18d8 [ 03706015DB44368375AEBE6339490E66, 02EB28B5156E320C1EBABC03D37E94EB770A721B99E1DD276F8DC2A50D76C381 ] C:\Windows\System32\netcfgx.dll
07:44:44.0130 0x18d8 C:\Windows\System32\netcfgx.dll - ok
07:44:44.0140 0x18d8 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] C:\Windows\System32\drivers\vwifimp.sys
07:44:44.0140 0x18d8 C:\Windows\System32\drivers\vwifimp.sys - ok
07:44:44.0140 0x18d8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] C:\Windows\System32\BFE.DLL
07:44:44.0140 0x18d8 C:\Windows\System32\BFE.DLL - ok
07:44:44.0140 0x18d8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] C:\Windows\System32\drivers\bowser.sys
07:44:44.0140 0x18d8 C:\Windows\System32\drivers\bowser.sys - ok
07:44:44.0140 0x18d8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] C:\Windows\System32\drivers\mpsdrv.sys
07:44:44.0140 0x18d8 C:\Windows\System32\drivers\mpsdrv.sys - ok
07:44:44.0150 0x18d8 [ C67F8A962B2534224D5908D16D2AD3CE, CAC1821F5E867285638AEE7AE33CE574BCCF16277AC5AD805650B48F7759B4B4 ] C:\Windows\System32\wfapigp.dll
07:44:44.0150 0x18d8 C:\Windows\System32\wfapigp.dll - ok
07:44:44.0150 0x18d8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] C:\Windows\System32\drivers\mrxsmb.sys
07:44:44.0150 0x18d8 C:\Windows\System32\drivers\mrxsmb.sys - ok
07:44:44.0150 0x18d8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] C:\Windows\System32\drivers\mrxsmb10.sys
07:44:44.0150 0x18d8 C:\Windows\System32\drivers\mrxsmb10.sys - ok
07:44:44.0150 0x18d8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] C:\Windows\System32\drivers\mrxsmb20.sys
07:44:44.0150 0x18d8 C:\Windows\System32\drivers\mrxsmb20.sys - ok
07:44:44.0160 0x18d8 [ 1834B31C749B86DAC233BBBA1C03BC48, 27FCA9196842C0BB53CCAD895870A0EB10D2F8ED67E5486A4437067BD4BC4448 ] C:\Windows\System32\mscms.dll
07:44:44.0160 0x18d8 C:\Windows\System32\mscms.dll - ok
07:44:44.0160 0x18d8 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] C:\Windows\System32\pcasvc.dll
07:44:44.0160 0x18d8 C:\Windows\System32\pcasvc.dll - ok
07:44:44.0160 0x18d8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] C:\Windows\System32\snmptrap.exe
07:44:44.0170 0x18d8 C:\Windows\System32\snmptrap.exe - ok
07:44:44.0170 0x18d8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] C:\Windows\System32\wkssvc.dll
07:44:44.0170 0x18d8 C:\Windows\System32\wkssvc.dll - ok
07:44:44.0170 0x18d8 [ 10EAB90C1AE8271B5FE5A8930987EE5C, 53E72964AA75526B161F859A509CB046809AE47C65DC998F0E49AC8AED9066EA ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll
07:44:44.0170 0x18d8 C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok
07:44:44.0170 0x18d8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] C:\Windows\System32\iphlpsvc.dll
07:44:44.0170 0x18d8 C:\Windows\System32\iphlpsvc.dll - ok
07:44:44.0180 0x18d8 [ 4004299B7AF4CBFF6540F1798899A11F, 5DD3AE149B7228A769F2FE95355795AC98ACD8CDFB78954A423A357F717203C3 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
07:44:44.0180 0x18d8 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll - ok
07:44:44.0180 0x18d8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] C:\Windows\System32\sstpsvc.dll
07:44:44.0180 0x18d8 C:\Windows\System32\sstpsvc.dll - ok
07:44:44.0180 0x18d8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] C:\Windows\System32\provsvc.dll
07:44:44.0180 0x18d8 C:\Windows\System32\provsvc.dll - ok
07:44:44.0190 0x18d8 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:44:44.0190 0x18d8 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
07:44:44.0190 0x18d8 [ A2B0924D50F4435FD389499047CE553A, 8D16D5CAAD71AAAAA1479F8477D2928B66581C79932A49A21EDF93DB2803AB9C ] C:\Windows\SysWOW64\ntdll.dll
07:44:44.0190 0x18d8 C:\Windows\SysWOW64\ntdll.dll - ok
07:44:44.0190 0x18d8 [ 2A107B611C91CD256466C58C0D776E9D, 58EA4F6E0FE7EFB8D3024AE71EE16848C2A00BA5224C8054C80134F99D9A72AB ] C:\Windows\System32\wow64.dll
07:44:44.0190 0x18d8 C:\Windows\System32\wow64.dll - ok
07:44:44.0190 0x18d8 [ 7434E01FBCA3CB86539C39412A31D5E1, E40D5AEBB3A5D8F53C76E3FBF0C07B9C0227914C869F57622EA44A212383EE6D ] C:\Windows\System32\wow64win.dll
07:44:44.0190 0x18d8 C:\Windows\System32\wow64win.dll - ok
07:44:44.0200 0x18d8 [ 0F090A77E664CB0F70AB8D3B230B760C, A08EA0409B3BF88AB12792F721FA3A692BBE640DF2A06641E142843A7044EC5E ] C:\Windows\System32\wow64cpu.dll
07:44:44.0200 0x18d8 C:\Windows\System32\wow64cpu.dll - ok
07:44:44.0200 0x18d8 [ 76161B9D78A275F8F28DD67436013110, E4AE9648BDED9035D39DF20C3A6F453F67D49D7899038B21D88FFD4EFFCC4C08 ] C:\Windows\SysWOW64\kernel32.dll
07:44:44.0200 0x18d8 C:\Windows\SysWOW64\kernel32.dll - ok
07:44:44.0200 0x18d8 [ 461B713DE7F353C6447B744F1A049930, 3551C57128DAFA009C9DB3EE0D798D94B269D1605F74897566D7E79E5FDD437B ] C:\Windows\SysWOW64\KernelBase.dll
07:44:44.0200 0x18d8 C:\Windows\SysWOW64\KernelBase.dll - ok
07:44:44.0200 0x18d8 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3, 01EB95FA3943CF3C6B1A21E473A5C3CB9FCBCE46913B15C96CAC14E4F04075B4 ] C:\Windows\SysWOW64\user32.dll
07:44:44.0200 0x18d8 C:\Windows\SysWOW64\user32.dll - ok
07:44:44.0200 0x18d8 [ 56E3313690866F99CD17AA1342F64AE1, 4AD4E105C1A6E9BAB9568CA21B15A38C59702EF605AA9058490C56DA070CF846 ] C:\Windows\SysWOW64\gdi32.dll
07:44:44.0200 0x18d8 C:\Windows\SysWOW64\gdi32.dll - ok
07:44:44.0210 0x18d8 [ CC23295DA8F7B5C53F93804D2F5D30EB, B290D96C40FBA934DE6CFF82D9BBA6780922CC5012C61599BD5006DAEDC82DDB ] C:\Windows\SysWOW64\lpk.dll
07:44:44.0210 0x18d8 C:\Windows\SysWOW64\lpk.dll - ok
07:44:44.0210 0x18d8 [ A5F833506BF6A1B5D693E1499DEE2444, 045874B7D37F49216E37D551076FF440E29DB5196564E714207DF753DF7FDDEE ] C:\Windows\SysWOW64\usp10.dll
07:44:44.0210 0x18d8 C:\Windows\SysWOW64\usp10.dll - ok
07:44:44.0210 0x18d8 [ 9DC80A8AAAAAC397BDAB3C67165A824E, 051636BFDFF7AB0E4191354E846BD0DACCA1A01FCC13C1AFED91D8DBFE17127A ] C:\Windows\SysWOW64\msvcrt.dll
07:44:44.0210 0x18d8 C:\Windows\SysWOW64\msvcrt.dll - ok
07:44:44.0220 0x18d8 [ D67472125471784DE7147946EDA25FEB, F41960118F412B6CA5E80AE5E8DB9AECDD043A7DB34388FF57C6F9C5A0056F91 ] C:\Windows\SysWOW64\advapi32.dll
07:44:44.0220 0x18d8 C:\Windows\SysWOW64\advapi32.dll - ok
07:44:44.0220 0x18d8 [ 4DC999CED9429939D75682EBD7D48901, 4E2DB6E4C500980488010AF1125A73D0F958889379F05DB304A220B4BB2D1834 ] C:\Windows\SysWOW64\rpcrt4.dll
07:44:44.0220 0x18d8 C:\Windows\SysWOW64\rpcrt4.dll - ok
07:44:44.0220 0x18d8 [ CFC97F07904067A1E5FAE195D534DA3A, EB4D2D127312EB09E2ACCA3276779E80F90FAF77322684BABF72B8EC6E1F906C ] C:\Windows\SysWOW64\sechost.dll
07:44:44.0220 0x18d8 C:\Windows\SysWOW64\sechost.dll - ok
07:44:44.0220 0x18d8 [ F08F6FCD09F9BE94C37ACC1B344685FF, DE48D766258B46EFEAB16579421C4BD97ACC6883F782D00E9857F4A0CE7E8A34 ] C:\Windows\SysWOW64\cryptbase.dll
07:44:44.0220 0x18d8 C:\Windows\SysWOW64\cryptbase.dll - ok
07:44:44.0230 0x18d8 [ E9D88493FBDB36D4B65C6F2F7F122C95, 226B05B57C1F509A48C7EC22B71E60202AC34995ECA50075EE16B87EAC366BF5 ] C:\Windows\SysWOW64\shell32.dll
07:44:44.0230 0x18d8 C:\Windows\SysWOW64\shell32.dll - ok
07:44:44.0230 0x18d8 [ 75878492F2B33405EEF900F8C16C6D08, E38B3B58C3C6895F9CBA28E8BD4C6497D07342FD9CA4BBAE6AFC48D40DC11FA1 ] C:\Windows\SysWOW64\sspicli.dll
07:44:44.0230 0x18d8 C:\Windows\SysWOW64\sspicli.dll - ok
07:44:44.0230 0x18d8 [ 8CC3C111D653E96F3EA1590891491D71, 1D326D7D116D76876EE2B14A5BFB7B4328E21DB9B5AAAB9CB67F8EFB93924230 ] C:\Windows\SysWOW64\shlwapi.dll
07:44:44.0230 0x18d8 C:\Windows\SysWOW64\shlwapi.dll - ok
07:44:44.0230 0x18d8 [ 928CF7268086631F54C3D8E17238C6DD, F058FAFB04E7EBD5CADE9B48195B7AA7C3508F332A89F5E6E5F3F071E8CADD4A ] C:\Windows\SysWOW64\ole32.dll
07:44:44.0230 0x18d8 C:\Windows\SysWOW64\ole32.dll - ok
07:44:44.0240 0x18d8 [ 6C765E82B57F2E66CE9C54AC238471D9, 97F410023F5C08B4BC5DBF89A642200E76F4025ADD9707C24FD89D673675BB43 ] C:\Windows\SysWOW64\oleaut32.dll
07:44:44.0240 0x18d8 C:\Windows\SysWOW64\oleaut32.dll - ok
07:44:44.0240 0x18d8 [ CC09E0C9A2D89C6E71D093DC8BD121B7, 5F92457E27D817541EBA92FED984D2E6C1E35AD4E4E4CAE0F0778B795C260FAA ] C:\Windows\SysWOW64\crypt32.dll
07:44:44.0240 0x18d8 C:\Windows\SysWOW64\crypt32.dll - ok
07:44:44.0240 0x18d8 [ 938F39B50BAFE13D6F58C7790682C010, 902000EE51EFEABAF6A4B30F880AA37083D2232C6FC622CA513C4A823390FEDA ] C:\Windows\SysWOW64\msasn1.dll
07:44:44.0240 0x18d8 C:\Windows\SysWOW64\msasn1.dll - ok
07:44:44.0240 0x18d8 [ 68EAAEDF0365168B804E8728368FA946, 1FA25087E8B247B099B729F780DBF24F77FD34F58186A1C94329261CF3D18B8E ] C:\Windows\SysWOW64\wintrust.dll
07:44:44.0240 0x18d8 C:\Windows\SysWOW64\wintrust.dll - ok
07:44:44.0250 0x18d8 [ CDBE9690CF2B8409FACAD94FAC9479C9, 8E7FE1A1F3550C479FFD86A77BC9D10686D47F8727025BB891D8F4F0259354C8 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
07:44:44.0250 0x18d8 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
07:44:44.0250 0x18d8 [ A6F09E5669D9A19035F6D942CAA15882, 68C8AF0CC1923E3A7245392F2480EE665D265DF300A609D2540BF7C6D9C1A1BE ] C:\Windows\SysWOW64\imm32.dll
07:44:44.0250 0x18d8 C:\Windows\SysWOW64\imm32.dll - ok
07:44:44.0250 0x18d8 [ C9618BC9B2B0FD7C1138D8774795A79B, 0AC170669C2626519FA7A745C56BFBA6B83B8537488F5B9EB7BA72448E5E7A43 ] C:\Windows\SysWOW64\msctf.dll
07:44:44.0250 0x18d8 C:\Windows\SysWOW64\msctf.dll - ok
07:44:44.0250 0x18d8 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:44:44.0250 0x18d8 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
07:44:44.0260 0x18d8 [ E3C817F7FE44CC870ECDBCBC3EA36132, D769FAFA2B3232DE9FA7153212BA287F68E745257F1C00FAFB511E7A02DE7ADF ] C:\Windows\SysWOW64\msvcp100.dll
07:44:44.0260 0x18d8 C:\Windows\SysWOW64\msvcp100.dll - ok
07:44:44.0260 0x18d8 [ BF38660A9125935658CFA3E53FDC7D65, 60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA ] C:\Windows\SysWOW64\msvcr100.dll
07:44:44.0260 0x18d8 C:\Windows\SysWOW64\msvcr100.dll - ok
07:44:44.0260 0x18d8 [ 29158B1DC3F86D4B0D6A127FE586ADFF, 03C17FA518200CE5C53AED55C5AF22D0A2D483110FB1E7EA6F990C56936570E6 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
07:44:44.0260 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
07:44:44.0270 0x18d8 [ E26E6A97B94304F78B3A2D85C6056CC2, A4D678729145E9A9E561564B4E15AA67DD8103153BCAA2DD38084E43E33D0D00 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll
07:44:44.0270 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
07:44:44.0270 0x18d8 [ 702254574E7E52052DE39408457B7149, 645CA9E88DA21C63710A04A0F54421018DF415A3D612112C71A255C49325C082 ] C:\Windows\SysWOW64\version.dll
07:44:44.0270 0x18d8 C:\Windows\SysWOW64\version.dll - ok
07:44:44.0270 0x18d8 [ 6CCB62D4A9764C6410D34DFCF082ADD6, 13C57E4BE590619F02085C9305F8F87246A0AB9B722116E36E93E13E2A55FAB7 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
07:44:44.0270 0x18d8 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
07:44:44.0270 0x18d8 [ 461299398E15909598B7002B3FAABCE8, 1965E672088268C91848A100D77A6CD6E689589185B528DD9E0907ED1AD60771 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
07:44:44.0270 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
07:44:44.0280 0x18d8 [ 218A400108F280428FA22282D3268BBC, 7712687ABAEF6616E90AE5A321044C102E79EC23F4A1EAFB4278C93724873CB3 ] C:\Windows\System32\wscapi.dll
07:44:44.0280 0x18d8 C:\Windows\System32\wscapi.dll - ok
07:44:44.0280 0x18d8 [ 7FF15A4F092CD4A96055BA69F903E3E9, 1B594E6D057C632ABB3A8CF838157369024BD6B9F515CA8E774B22FE71A11627 ] C:\Windows\SysWOW64\ws2_32.dll
07:44:44.0280 0x18d8 C:\Windows\SysWOW64\ws2_32.dll - ok
07:44:44.0280 0x18d8 [ EA6C35EBF9F3ED65724E1D65F09E6E7F, D39DD2D98277B0136C47E3C762E76EB12D6BDB79151F673E681B7EA49EBC6A6F ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
07:44:44.0280 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok
07:44:44.0280 0x18d8 [ 6377051C63D5552A311935C67E9FDFDC, 3FB82988AAB66813567E8DB951D4EE87F156201070F005FDBF52EF998A323E65 ] C:\Windows\SysWOW64\nsi.dll
07:44:44.0280 0x18d8 C:\Windows\SysWOW64\nsi.dll - ok
07:44:44.0290 0x18d8 [ 8EAEB0ED23A98DE0F0C812D756E47CE9, D49AB526C0B0356AB1F778E3B6AFC4D148742942F8561C9C4C2183A649661A86 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
07:44:44.0290 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok
07:44:44.0290 0x18d8 [ 5760B2B5BAA3449C045B6FA222205F60, AC566245868530F6A8F80BEA9C6AB532DB2280F280CA4889C09BCCA9D057C1D4 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
07:44:44.0290 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
07:44:44.0290 0x18d8 [ D5AEFAD57C08349A4393D987DF7C715D, C36A45BC2448DF30CD17BD2F8A17FC196FAFB685612CACCEB22DC7B58515C201 ] C:\Windows\SysWOW64\winmm.dll
07:44:44.0290 0x18d8 C:\Windows\SysWOW64\winmm.dll - ok
07:44:44.0300 0x18d8 [ BCE7DD8098CE6DD28EE2B0D5D5028B47, C48E1E455A0C6FC351CA2A8938C78D6D278B753FA7A621628B4E843C3A8F02FE ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
07:44:44.0300 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll - ok
07:44:44.0300 0x18d8 [ 922563953E405AA9762F90778B711F77, 3DD35372DFC79F309BF419E9BF0043D1B1E00EDC47DCFF4D669416BDD5B094C5 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
07:44:44.0300 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
07:44:44.0300 0x18d8 [ 54023DF1A9A7D481B4762B09ECCA330F, 271B46804B2E944B7ABF707939CB498AE78B0EE6DDCE318E26BE0C7BA826DFA3 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt49.dll
07:44:44.0300 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt49.dll - ok
07:44:44.0310 0x18d8 [ F5CEF064C7E6D95DA86B9D064A56A969, F118CD4364690F37A07AE458E043E8CFBA98F332DC9E7228C83409CF26F6EF6D ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
07:44:44.0310 0x18d8 C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
07:44:44.0310 0x18d8 [ C733D233B623B7FFCE5031E4B756EE26, 33CC8B140B0E4A9B702E3468BE2646AEE4273F20C6EA5BAC6C3D8FC8EDEF0881 ] C:\Windows\SysWOW64\profapi.dll
07:44:44.0310 0x18d8 C:\Windows\SysWOW64\profapi.dll - ok
07:44:44.0310 0x18d8 [ 3E40BD88F9C0919E7A73D5E070688666, E1441368E4A76D4031D9373ED3F196101080D4E36F14C9B51783E84EEF8C7073 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
07:44:44.0310 0x18d8 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
07:44:44.0310 0x18d8 [ 2EC5693E2EE393F3A97BBB6C46D67779, 68CCECB20B55247B0DC2EF720FA8905CD039D91002D7450293BE585DF926462B ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
07:44:44.0310 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
07:44:44.0320 0x18d8 [ 10FB16B50AFFDA6D44588F3C445DC273, 6CDA17DA9B44D11E69F7C6682FA633EA75731623BB21B429A0FE2086ED4495A7 ] C:\Windows\SysWOW64\setupapi.dll
07:44:44.0320 0x18d8 C:\Windows\SysWOW64\setupapi.dll - ok
07:44:44.0320 0x18d8 [ F436E847FA799ECD75AD8C313673F450, 3C8BF3F0C08C7FA8DE5CD9C60AD9D00B742E84EB1FEBEEBA0F7159844BAAA471 ] C:\Windows\SysWOW64\cfgmgr32.dll
07:44:44.0320 0x18d8 C:\Windows\SysWOW64\cfgmgr32.dll - ok
07:44:44.0320 0x18d8 [ 2EEFF4502F5E13B1BED4A04CCAD64C08, 209FF1B6D46D1AC99518FCF54F2F726143B2DBF2C5FDA90212FBEF7526F7CBF5 ] C:\Windows\SysWOW64\devobj.dll
07:44:44.0320 0x18d8 C:\Windows\SysWOW64\devobj.dll - ok
07:44:44.0320 0x18d8 [ D15618A0FF8DBC2C5BF3726BACC75A0B, ADD81EA1D208907D67802F0E96EC0327BA89021F870BA22B9C7E3A19013A6AE7 ] C:\Windows\SysWOW64\userenv.dll
07:44:44.0320 0x18d8 C:\Windows\SysWOW64\userenv.dll - ok
07:44:44.0330 0x18d8 [ 062373995EAE5F0EAC9EAA9192136BFB, 0392D5656BD677C4C5CB74C96E7B85B0867F2535A37950AEC7F5C4A1A70D19AE ] C:\Windows\SysWOW64\dnssd.dll
07:44:44.0330 0x18d8 C:\Windows\SysWOW64\dnssd.dll - ok
07:44:44.0330 0x18d8 [ DF13A51A5C591887D2EC6AE64CEED0FA, DFD503AEBCAA056B2B0E669ACA52F6D26F4E6892F2DCFCCD902752C23A621653 ] C:\Windows\SysWOW64\wsock32.dll
07:44:44.0330 0x18d8 C:\Windows\SysWOW64\wsock32.dll - ok
07:44:44.0330 0x18d8 [ 6A6B2EE4565A178035BE2A4FF6F2C968, E2E231F1C2E2CE19583483ACC53318651FA7CA2DE46BCB89B4CBF97CA0525122 ] C:\Windows\SysWOW64\wtsapi32.dll
07:44:44.0330 0x18d8 C:\Windows\SysWOW64\wtsapi32.dll - ok
07:44:44.0330 0x18d8 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] C:\Program Files\Bonjour\mDNSResponder.exe
07:44:44.0340 0x18d8 C:\Program Files\Bonjour\mDNSResponder.exe - ok
07:44:44.0340 0x18d8 [ E94C583CDE2348950155F2AF2876F34D, D00C7E0D665E467B712C68A446CC5BE14FDA743A2301878B3CEB72CDD0A8B8E7 ] C:\Windows\SysWOW64\mswsock.dll
07:44:44.0340 0x18d8 C:\Windows\SysWOW64\mswsock.dll - ok
07:44:44.0340 0x18d8 [ 304A778141AFAA9AD2A5F91AD691A159, 6255518284CB09658072353048E12CAE1C8102126A19ECA2D9CA5D395C6970CF ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
07:44:44.0340 0x18d8 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
07:44:44.0340 0x18d8 [ 1075AB2C077B415760C0E948856B5126, D67804B4A038FC06BD84CBF9C047DD4C13073622027F825371DB98867EF4E9B9 ] C:\Windows\System32\wer.dll
07:44:44.0340 0x18d8 C:\Windows\System32\wer.dll - ok
07:44:44.0350 0x18d8 [ EE5C8E27C37B79CB54A2FCEEED2DC262, 0A5E200FD65A491756B951A4A0ED39B88B7B313E97C2BBF3C91AC4C290772BB7 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
07:44:44.0350 0x18d8 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
07:44:44.0350 0x18d8 [ B837D1528CE2E3CB79F09496BC08DDC6, ACD54CE61CFE94F23DC283537AD8FFBEB3D6041BD30317B60BA7A10FCB240A27 ] C:\Windows\System32\SensApi.dll
07:44:44.0350 0x18d8 C:\Windows\System32\SensApi.dll - ok
07:44:44.0350 0x18d8 [ 6FBAED1D15BF7FE648CE0888F8DA034D, B593937DF1A00306816D19D4CBE8F253D6C24E22FF0AE1B88784CB7CC9AA6AB7 ] C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
07:44:44.0350 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe - ok
07:44:44.0350 0x18d8 [ 771CDBC3D62437D6DB070820BB1EDCCF, 4A894C1ED6AC16B2BD85A964ABE2BE952F8DE2C3D2F8BBBE3D40918D2CD64A7A ] C:\Windows\SysWOW64\wininet.dll
07:44:44.0350 0x18d8 C:\Windows\SysWOW64\wininet.dll - ok
07:44:44.0360 0x18d8 [ 41DF7355A5A907E2C1D7804EC028965D, 207BFEC939E7C017C4704BA76172EE2C954F485BA593BC1BC8C7666E78251861 ] C:\Windows\System32\wermgr.exe
07:44:44.0360 0x18d8 C:\Windows\System32\wermgr.exe - ok
07:44:44.0360 0x18d8 [ 2E33DFD10F28F86C3FC40EE123CC3904, 57C65671A04EFCA437A69E8E97B2FCA17897EE4608C7DB69F77D44FBD3490B50 ] C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
07:44:44.0360 0x18d8 C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
07:44:44.0360 0x18d8 [ 6951562DC4625EEFC6EACD52AD165866, 44A0B3EA0232D613A5B4115492DF2A7CEF25B35300E6A3E3E50C9544C5D1049E ] C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
07:44:44.0360 0x18d8 C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
07:44:44.0360 0x18d8 [ 589CBC4989F750E1DA35625AB481CF43, B93E1B8C3775F9C995FD5451C685A06DEFD24AE1DF0DD99D19D5E4B9AC0010F9 ] C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
07:44:44.0360 0x18d8 C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll - ok
07:44:44.0370 0x18d8 [ 3BE0D923AA45A4DBE091C2D84F0B4FE7, 603EEC55D6F646150FC3F0F2C939CFE434C02FC7A7AB23B1FEC8B5C77E4C8381 ] C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
07:44:44.0370 0x18d8 C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll - ok
07:44:44.0370 0x18d8 [ DF3CA8D16BDED6A54977B30E66864D33, 1D1A1AE540BA132F998D60D3622F0297B6E86AE399332C3B47462D7C0F560A36 ] C:\Program Files\Microsoft Office 15\ClientX64\msvcr100.dll
07:44:44.0370 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\msvcr100.dll - ok
07:44:44.0370 0x18d8 [ 9EAAB4305536829D6B7D9C3A47E92861, 803AAA890148F818B9E1390E2B0FAAA48050A300474F932D56DF11E1A6D0D9AD ] C:\Windows\SysWOW64\iertutil.dll
07:44:44.0370 0x18d8 C:\Windows\SysWOW64\iertutil.dll - ok
07:44:44.0370 0x18d8 [ 4F096D96285E06CD51AEF7D2D3DE04DA, 5BB420FBE28315F2117376052BB8488CE84A3398DDA65005B8AE1F792017E9A8 ] C:\Program Files\Microsoft Office 15\ClientX64\msvcp100.dll
07:44:44.0370 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\msvcp100.dll - ok
07:44:44.0380 0x18d8 [ F0189C731CBF3AA23DC2144CC8C64759, 6662E3F946C513A19E8A24D34588D7F76F2E11812F7B38553F9F4969FDC2004A ] C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
07:44:44.0380 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll - ok
07:44:44.0380 0x18d8 [ 725AB72D5DD462F2EDAF1A6C59C8CFB5, 2420B0D7D132444E79B646787B1B6D89F45C6188E03FC1A4467B154D4774EFC3 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
07:44:44.0380 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll - ok
07:44:44.0380 0x18d8 [ A7D4E2C269301BEA243676ED56F8B4FF, 1A86FEAA2DA6FCF8F0011A4B4A5DCB722BFF03F3B29C9FC4D25A2B0F621E9416 ] C:\Windows\System32\RstrtMgr.dll
07:44:44.0380 0x18d8 C:\Windows\System32\RstrtMgr.dll - ok
07:44:44.0380 0x18d8 [ 6A13B4F3B3F575F1E24B877B9359AABA, 676AD5F8F709D4A9DCE9938D82DEEE329C9A385A6969C169B3DF37AA75F1E4C7 ] C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
07:44:44.0380 0x18d8 C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
07:44:44.0390 0x18d8 [ 7F5061210C2B7A91F4B58602DFE32E6C, 9F7BDFD6CAA9B24C166C12799C8D9650C219F2DDE52A84745CFED6177B595E40 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
07:44:44.0390 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
07:44:44.0390 0x18d8 [ 6BCE0135F33741B9C8DCF7E47BAA8AE9, 7D2E944A54CED2D81AD87435A29F554E37C9982F0340F4D8A4A883421178D093 ] C:\Program Files\Microsoft Office 15\ClientX64\apiclient.dll
07:44:44.0390 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\apiclient.dll - ok
07:44:44.0390 0x18d8 [ FA43D418BC945D27D0625B697B8442B5, 035DE0FEA440D2E3AD255EE84B388DDA538E778877033FDB54B8A61BB0AADE56 ] C:\Windows\System32\cabinet.dll
07:44:44.0390 0x18d8 C:\Windows\System32\cabinet.dll - ok
07:44:44.0400 0x18d8 [ C57C7B08FD86FBC6A77EE32604D7DAA1, C206A6C6357AC69325AE139BE2A54B6F44E82830C47C6E0E99096B28AB310994 ] C:\Program Files\Microsoft Office 15\ClientX64\streamserver.dll
07:44:44.0400 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\streamserver.dll - ok
07:44:44.0400 0x18d8 [ A6B726DCA228F7878E38368A1BDC68BE, 30E8300B09B876E3D4B2A9215C9CC070EADF915E1268F425B6F8E0596A0D3539 ] C:\Windows\System32\cryptnet.dll
07:44:44.0400 0x18d8 C:\Windows\System32\cryptnet.dll - ok
07:44:44.0400 0x18d8 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] C:\Windows\System32\cryptsvc.dll
07:44:44.0400 0x18d8 C:\Windows\System32\cryptsvc.dll - ok
07:44:44.0400 0x18d8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] C:\Windows\System32\dps.dll
07:44:44.0400 0x18d8 C:\Windows\System32\dps.dll - ok
07:44:44.0400 0x18d8 [ A35679E56E78091E1042A2D7ADBF2958, F2282B697DCDD5767F65D99FEA374D3757C6133D42BD5A9C582C217619213290 ] C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
07:44:44.0410 0x18d8 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe - ok
07:44:44.0410 0x18d8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] C:\Windows\System32\FDResPub.dll
07:44:44.0410 0x18d8 C:\Windows\System32\FDResPub.dll - ok
07:44:44.0410 0x18d8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] C:\Windows\System32\IKEEXT.DLL
07:44:44.0410 0x18d8 C:\Windows\System32\IKEEXT.DLL - ok
07:44:44.0410 0x18d8 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567, 426FB40A065FEF61980C803EF72D0D326C623340C3AE99CA8AFFDEFB81E8D49D ] C:\Windows\System32\vssapi.dll
07:44:44.0410 0x18d8 C:\Windows\System32\vssapi.dll - ok
07:44:44.0410 0x18d8 [ F1B205F932F62F94506A5F332C895DAF, F02F01F20F655DD919C71AE814E4C3DD43330AAD1425FC5B1497F1613917CCDE ] C:\Windows\System32\WSDApi.dll
07:44:44.0420 0x18d8 C:\Windows\System32\WSDApi.dll - ok
07:44:44.0420 0x18d8 [ 54A47F6B5E09A77E61649109C6A08866, 121118A0F5E0E8C933EFD28C9901E54E42792619A8A3A6D11E1F0025A7324BC2 ] C:\Windows\SysWOW64\svchost.exe
07:44:44.0420 0x18d8 C:\Windows\SysWOW64\svchost.exe - ok
07:44:44.0420 0x18d8 [ E1095A89EB4BFCA2AB2F4E1F2BA56612, B332A1DE75AC793B7D2AC80FDDA9FF770808301B66053A0326281F6C7DA22410 ] C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
07:44:44.0420 0x18d8 C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe - ok
07:44:44.0420 0x18d8 [ D86A39BF100069444D026D22D9A6E555, 7B24D48D5BA67704C88697FADB64364E0E64D26259408E3C219820C5404C5EEC ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
07:44:44.0420 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll - ok
07:44:44.0430 0x18d8 [ C55516D98DD5D8F0153C2A9B4227DA86, DBC62B776CF06D0873A4C7CFCDF5B6F5C6E6C41917C326C090BCE58DC66EE09C ] C:\Windows\System32\webservices.dll
07:44:44.0430 0x18d8 C:\Windows\System32\webservices.dll - ok
07:44:44.0430 0x18d8 [ 2A6B16AAD88A449B9E124FBF2D308E07, 0320AC1DD22095E56ED53D25262E5E80F11877D7C40EB33A8C07DFD8BDC02F7E ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll
07:44:44.0430 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll - ok
07:44:44.0430 0x18d8 [ C3E0696C3B42F694C5822776AA6FFFDF, 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B ] C:\Windows\System32\drivers\NisDrvWFP.sys
07:44:44.0430 0x18d8 C:\Windows\System32\drivers\NisDrvWFP.sys - ok
07:44:44.0430 0x18d8 [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] C:\Windows\System32\HPZinw12.dll
07:44:44.0430 0x18d8 C:\Windows\System32\HPZinw12.dll - ok
07:44:44.0430 0x18d8 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB, 018CB95A43CEA2063EA24691C71D51EF60D522C21502ABA8AD93876363D4B857 ] C:\Windows\System32\taskschd.dll
07:44:44.0440 0x18d8 C:\Windows\System32\taskschd.dll - ok
07:44:44.0440 0x18d8 [ E36112A8A6C7F840169A7E92C12F4203, 52795B2E6ECCE751EEF5074AF52FDE376A382D0A1C43B90DD4F77A397C00FBC5 ] C:\Windows\System32\wsock32.dll
07:44:44.0440 0x18d8 C:\Windows\System32\wsock32.dll - ok
07:44:44.0440 0x18d8 [ FF5688D309347F2720911D8796912834, 3B0D73C50D40A6F42629B7750F99F656BF5C1C50237D5F98B6C0F2CE5E2DA359 ] C:\Windows\SysWOW64\clbcatq.dll
07:44:44.0440 0x18d8 C:\Windows\SysWOW64\clbcatq.dll - ok
07:44:44.0440 0x18d8 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8, B1A9B2EF000917214C0198958CBD239D1D91B1720EC40DF041262A34D302AD74 ] C:\Windows\SysWOW64\winspool.drv
07:44:44.0440 0x18d8 C:\Windows\SysWOW64\winspool.drv - ok
07:44:44.0450 0x18d8 [ D9A5B279A8D2F8775FA254927F33DA6D, 9B57D563AD6535ADF6A83DA33B3391BB80AC3266F5663077CFF0CEE43700EF47 ] C:\Windows\System32\msdelta.dll
07:44:44.0450 0x18d8 C:\Windows\System32\msdelta.dll - ok
07:44:44.0450 0x18d8 [ 4C39358EBDD2FFCD9132A30E1EC31E16, 06918CF99AD26CD6CF106881C0D5BDB212DC0BAC4549805C9F5906E3D03D152C ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
07:44:44.0450 0x18d8 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
07:44:44.0450 0x18d8 [ 7321F18D1F820612ED0E9F2D4B578A7E, 612BD7DE1DFBD100BD6ACB37A38565D88C39842D990D296B9B8E1FB75C3A94E7 ] C:\Windows\SysWOW64\cryptsp.dll
07:44:44.0450 0x18d8 C:\Windows\SysWOW64\cryptsp.dll - ok
07:44:44.0450 0x18d8 [ B5055B51BAA0FD0A736A88653DA3C1C0, A3BD057C7E8C926930BA7E9D11427D26FB37267026A0B72AB4021101EE424F74 ] C:\Windows\System32\fundisc.dll
07:44:44.0450 0x18d8 C:\Windows\System32\fundisc.dll - ok
07:44:44.0460 0x18d8 [ 77B5035BC6EDF4D1B6265391AECEE4C0, FE69B715F04446BD42AF1B672E6AC54E954CFE0C847BFD2056CB11CF017B1844 ] C:\Windows\System32\vpnikeapi.dll
07:44:44.0460 0x18d8 C:\Windows\System32\vpnikeapi.dll - ok
07:44:44.0460 0x18d8 [ 5997D769CDB108390DCFAEBF442BF816, 0E25CA984C0EEB629184423FAA9BC6D4356DF9A93F281E06DC83B4AC638AEC4A ] C:\Windows\SysWOW64\RpcRtRemote.dll
07:44:44.0460 0x18d8 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
07:44:44.0460 0x18d8 [ ED8EC63F7522DF4852147C84EC62C36A, 75633011CD28DCBD4834211A9D415F17DE15BFCD80FB9FF6CE25CBBD4E9899AF ] C:\Windows\SysWOW64\rsaenh.dll
07:44:44.0460 0x18d8 C:\Windows\SysWOW64\rsaenh.dll - ok
07:44:44.0460 0x18d8 [ 287923557447D7E4BDD7E65B1F0F5428, 14D85A0F036F28D77AA9723C3D7E8C4DA9BDFF8A1AD9BEA6FE5756DBF5D00F08 ] C:\Windows\System32\vsstrace.dll
07:44:44.0460 0x18d8 C:\Windows\System32\vsstrace.dll - ok
07:44:44.0470 0x18d8 [ 9BD433A6A3E422B8B8CF948B2B394D62, D1F2EDC9304755698AB71A3E78F578042672F98D4AD5C7527AF7603A9D62D2B4 ] C:\Program Files\Microsoft Office 15\ClientX64\AppVIsvApi.dll
07:44:44.0470 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\AppVIsvApi.dll - ok
07:44:44.0470 0x18d8 [ B9B72FAAAA41D59B73B88FE3DD737ED1, 050E741FB5313523340B19C9C168611222C4AE9A6084FE3E2F908A49EA909A29 ] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
07:44:44.0470 0x18d8 C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe - ok
07:44:44.0470 0x18d8 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] C:\Windows\System32\nlasvc.dll
07:44:44.0470 0x18d8 C:\Windows\System32\nlasvc.dll - ok
07:44:44.0470 0x18d8 [ B7D8ED350D1D5140724D9C429D6473DD, 8C2D65B1FC95A1BA617CF3F0BD3002B8820DF17E9F44CB7F2D238B233A74E0A5 ] C:\Program Files\Microsoft Office 15\ClientX64\AppVPolicy.dll
07:44:44.0470 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\AppVPolicy.dll - ok
07:44:44.0480 0x18d8 [ D4FAC263861BAE06971C7F7D0A8EBF15, D494DEF0024288B9CC56EC6B500FF5828144BE9B8E7033340509EC5E68F8DED0 ] C:\Windows\System32\ncsi.dll
07:44:44.0480 0x18d8 C:\Windows\System32\ncsi.dll - ok
07:44:44.0480 0x18d8 [ 919001D2BB17DF06CA3F8AC16AD039F6, 5169ACFBE9E9D4C4012773ECDD28231C952675EF0C272A40F226E7B5D671B18B ] C:\Windows\SysWOW64\sxs.dll
07:44:44.0480 0x18d8 C:\Windows\SysWOW64\sxs.dll - ok
07:44:44.0480 0x18d8 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE, 4EFA41765E46E90C6CBDB0DC1E0CD375D7AB3307C477171EBAA6A16AC32E5211 ] C:\Windows\System32\ssdpapi.dll
07:44:44.0480 0x18d8 C:\Windows\System32\ssdpapi.dll - ok
07:44:44.0480 0x18d8 [ A90DC9ABD65DB1A8902F361103029952, 26798758976CE53251AC342B966BE0363AE1794BD965C452F5DEBC33E18969F0 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
07:44:44.0480 0x18d8 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
07:44:44.0490 0x18d8 [ 4EDB186C455CDEADA24A708AAB884AE3, 836B3176A4A1B57F89D5B950BDA2F6C6F785899ED54632D8CF35DF55B364DB81 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
07:44:44.0490 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll - ok
07:44:44.0490 0x18d8 [ CFF35B879D1618D42C86644C717BA947, 1837275202628D3320867A3BF8CFDA15491730C4B74215F7C0D7E140BF01AC3C ] C:\Windows\SysWOW64\winnsi.dll
07:44:44.0490 0x18d8 C:\Windows\SysWOW64\winnsi.dll - ok
07:44:44.0490 0x18d8 [ D583E0321E16E22B8DA7226186685CF4, AF54F2190686BBA231C196CA9D894FF5A01B0D01E370825555FC511BC7B68803 ] C:\Program Files\Microsoft Office 15\ClientX64\AppVOrchestration.dll
07:44:44.0490 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\AppVOrchestration.dll - ok
07:44:44.0500 0x18d8 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF, 868DEFB78767E91694E83F931725257DF3FF79A4BFED3B914D27F3493EB7A8D0 ] C:\Windows\System32\httpapi.dll
07:44:44.0500 0x18d8 C:\Windows\System32\httpapi.dll - ok
07:44:44.0500 0x18d8 [ 57A6362D71B5003C48EE21F2DBB624B1, E6480D1F219BF3F8E7AC8347A8C50E48632B7BBC9618EEB36DAEA1079AA770B5 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
07:44:44.0500 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
07:44:44.0510 0x18d8 [ 35E4E154620498F9A68319E01A7D2865, 3E96F907740D42D878CA5D1C80370345D7B6DD50A96966CA77C77600BF9849FA ] C:\Program Files\Microsoft Office 15\ClientX64\AppVIsvStreamingManager.dll
07:44:44.0510 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\AppVIsvStreamingManager.dll - ok
07:44:44.0510 0x18d8 [ 63AAEB874E58781D31D675EBCF30D433, A78E5DE8386ABD117C9565318077D152EFD269F90C5D0E578C93CDF1775B9D3C ] C:\Program Files\Microsoft Office 15\ClientX64\AppVManifest.dll
07:44:44.0510 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\AppVManifest.dll - ok
07:44:44.0520 0x18d8 [ 5672C775FAB584EB5BABBB79C74C530E, 832C6D0FDFCB388CDFD1A75EA22E807B13DE7C68D246FFFA7C2E117921B29006 ] C:\Program Files (x86)\Dell\Dell Datasafe Online\BuEng.dll
07:44:44.0520 0x18d8 C:\Program Files (x86)\Dell\Dell Datasafe Online\BuEng.dll - ok
07:44:44.0520 0x18d8 [ 4FA8540972959B1882733C5974EBDA95, C53178528AE9578B4B3314BD62CA812BA175E6CEA11CAF38A5E5168C1077B22A ] C:\Program Files\Microsoft Office 15\ClientX64\AppVCatalog.dll
07:44:44.0520 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\AppVCatalog.dll - ok
07:44:44.0530 0x18d8 [ 6DBB52F29523C006C38766FD2B2294C3, D499C331317A4DA5026DF9305271649F3D9FEE2E3368F184AC9B2C66E6856359 ] C:\Program Files\Microsoft Office 15\ClientX64\AppVIsvVirtualization.dll
07:44:44.0530 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\AppVIsvVirtualization.dll - ok
07:44:44.0530 0x18d8 [ 22D78D29A440C29051CE4F9695D7AD41, 8299920F15B2E5E74205D813BFEB6FB0BDB7637EF403C9434A30C89E510164A2 ] C:\Program Files\Microsoft Office 15\ClientX64\AppVIntegration.dll
07:44:44.0530 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\AppVIntegration.dll - ok
07:44:44.0530 0x18d8 [ 1727B2A2F379A32B864C096FA794AADC, 87B77A5DF95F3A1C5ED6DEF820C7E384BEFCBAA2FE1BB4781AC6F777A081E5CC ] C:\Windows\System32\aepic.dll
07:44:44.0530 0x18d8 C:\Windows\System32\aepic.dll - ok
07:44:44.0540 0x18d8 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] C:\Windows\System32\drivers\PEAuth.sys
07:44:44.0540 0x18d8 C:\Windows\System32\drivers\PEAuth.sys - ok
07:44:44.0540 0x18d8 [ 2C8AB62186F47F916E965DB9E4809E14, 8C05BF19D68AAD4868CB2B4DC1BB241627A5276E3F0B6FDC3CE7570D320CDC9B ] C:\Program Files\Microsoft Office 15\ClientX64\AppVIsvSubsystemController.dll
07:44:44.0540 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\AppVIsvSubsystemController.dll - ok
07:44:44.0540 0x18d8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] C:\Windows\System32\drivers\secdrv.sys
07:44:44.0540 0x18d8 C:\Windows\System32\drivers\secdrv.sys - ok
07:44:44.0540 0x18d8 [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] C:\Windows\System32\HPZipm12.dll
07:44:44.0540 0x18d8 C:\Windows\System32\HPZipm12.dll - ok
07:44:44.0550 0x18d8 [ C6DCD1D11ED6827F05C00773C3E7053C, EA23BE261C9C04F44215D254D7A80FD0AEE84C6F192D0FEE49A7CF74ED3CB1A6 ] C:\Windows\System32\sfc.dll
07:44:44.0550 0x18d8 C:\Windows\System32\sfc.dll - ok
07:44:44.0550 0x18d8 [ 895C9AB0A855547445C4181195230757, 89BDA385D8CCB75C3D7B1BDFA567AC441A931F4E499C0835FEE9D010343FABB6 ] C:\Windows\System32\sfc_os.dll
07:44:44.0550 0x18d8 C:\Windows\System32\sfc_os.dll - ok
07:44:44.0550 0x18d8 [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] C:\Windows\System32\drivers\Sftfslh.sys
07:44:44.0550 0x18d8 C:\Windows\System32\drivers\Sftfslh.sys - ok
07:44:44.0550 0x18d8 [ 2C64925F8569860EEA8D087533E533B6, E2F6DB25A065654560F68C1733DD52AB5B4124C2B806CE918402436BA53131B0 ] C:\Program Files\Microsoft Office 15\ClientX64\AppVFileSystemMetadata.dll
07:44:44.0550 0x18d8 C:\Program Files\Microsoft Office 15\ClientX64\AppVFileSystemMetadata.dll - ok
07:44:44.0560 0x18d8 [ 74EC60E20516AAA573BE74F31175270F, 35A68231368DEE46FEF2A4E30BFAAC38F093FC5A362A7491ED38BDE11F0FC356 ] C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
07:44:44.0560 0x18d8 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe - ok
07:44:44.0560 0x18d8 [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] C:\Windows\System32\drivers\Sftplaylh.sys
07:44:44.0560 0x18d8 C:\Windows\System32\drivers\Sftplaylh.sys - ok
07:44:44.0560 0x18d8 [ A543AC1F7138376D778D630A35FCBC4C, 2D824C66A97FC8C39DAFA397CC47495B712D175EEF393486946DA8936BDD466A ] C:\Windows\SysWOW64\psapi.dll
07:44:44.0560 0x18d8 C:\Windows\SysWOW64\psapi.dll - ok
07:44:44.0560 0x18d8 [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
07:44:44.0560 0x18d8 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe - ok
07:44:44.0570 0x18d8 [ E14EC69620F1924A3318C3D7CA9A02B6, DBC7A44BFF3A9A8CCD4ECCED5DF0C2447A4869553A2FB6585AC8595E9072E7E0 ] C:\Program Files (x86)\Dell DataSafe Local Backup\SDSSmartRepairTools.dll
07:44:44.0570 0x18d8 C:\Program Files (x86)\Dell DataSafe Local Backup\SDSSmartRepairTools.dll - ok
07:44:44.0570 0x18d8 [ 1E8D06AAE74FED674C1156B3FEA911C2, C1999BA9E436F9E0B9302DC82DF8B214E66372899FD4C0C60C56EE5340BADB9F ] C:\Windows\SysWOW64\Faultrep.dll
07:44:44.0570 0x18d8 C:\Windows\SysWOW64\Faultrep.dll - ok
07:44:44.0570 0x18d8 [ C5B0324DB461559ADD070E632A6919FA, AB09CACB5B7DD372B27921A5E01220552A611CECA27EF87961001FA467FDED45 ] C:\Windows\SysWOW64\wbem\wbemprox.dll
07:44:44.0570 0x18d8 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
07:44:44.0580 0x18d8 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] C:\Program Files (x86)\Skype\Updater\Updater.exe
07:44:44.0580 0x18d8 C:\Program Files (x86)\Skype\Updater\Updater.exe - ok
07:44:44.0580 0x18d8 [ 2A86C18CE6869C77FCEB62F3B47D4D5B, 6E282C56A208E26C8921CC396F4AF9D1681D26E3B22126FAEF3640400864B29F ] C:\Windows\SysWOW64\credssp.dll
07:44:44.0580 0x18d8 C:\Windows\SysWOW64\credssp.dll - ok
07:44:44.0580 0x18d8 [ C94CE65AE7701E9FDBA889045543E27C, E6D75322BE3076EB3AB4622C29A0765C05465BE355C9AA3A9DE7431F020BC176 ] C:\Windows\SysWOW64\secur32.dll
07:44:44.0580 0x18d8 C:\Windows\SysWOW64\secur32.dll - ok
07:44:44.0580 0x18d8 [ 704314FD398C81D5F342CAA5DF7B7F21, CDA660E1E8AAE0789780B6B9604B138E67B2BDD1404A5E4C2354B35879D43085 ] C:\Windows\SysWOW64\wbemcomn.dll
07:44:44.0580 0x18d8 C:\Windows\SysWOW64\wbemcomn.dll - ok
07:44:44.0580 0x18d8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] C:\Windows\System32\drivers\srvnet.sys
07:44:44.0590 0x18d8 C:\Windows\System32\drivers\srvnet.sys - ok
07:44:44.0590 0x18d8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] C:\Windows\System32\drivers\tcpipreg.sys
07:44:44.0590 0x18d8 C:\Windows\System32\drivers\tcpipreg.sys - ok
07:44:44.0590 0x18d8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] C:\Windows\System32\sysmain.dll
07:44:44.0590 0x18d8 C:\Windows\System32\sysmain.dll - ok
07:44:44.0590 0x18d8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] C:\Windows\System32\wiaservc.dll
07:44:44.0590 0x18d8 C:\Windows\System32\wiaservc.dll - ok
07:44:44.0590 0x18d8 [ 8B8D1CEF498678CAB9DF17145D34BC64, B833545CC592BBF77F4F3E6BA9961D10673AA3F4E2CF6369F6A3BDAF1BC02026 ] C:\Windows\SysWOW64\msxml3.dll
07:44:44.0590 0x18d8 C:\Windows\SysWOW64\msxml3.dll - ok
07:44:44.0600 0x18d8 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5, BDA403E6CACC249C467671FB1FAF7B77FB019326BC18F9F6CF377104520E2654 ] C:\Windows\System32\wiatrace.dll
07:44:44.0600 0x18d8 C:\Windows\System32\wiatrace.dll - ok
07:44:44.0600 0x18d8 [ 418E881201583A3039D81F43E39E6C78, C96AAC161E09BE12815A4E931E65F66DB1A456C03253EF1111AE66F44B1515FF ] C:\Windows\SysWOW64\winsta.dll
07:44:44.0600 0x18d8 C:\Windows\SysWOW64\winsta.dll - ok
07:44:44.0600 0x18d8 [ 4581716B4BF76ACFD8E167EB0B26D82A, 39D822527114EEED68044CCE4D542767F53978D9E0A7F72638F1CA9A016DE13B ] C:\Windows\System32\fdPnp.dll
07:44:44.0600 0x18d8 C:\Windows\System32\fdPnp.dll - ok
07:44:44.0600 0x18d8 [ 4C1244FEF74C60A4B1B151C76609CBE2, 3E500204A9232D5B332BE16C281A32B957D03BBA836851BE7754F030872FAC83 ] C:\Windows\System32\wsdchngr.dll
07:44:44.0600 0x18d8 C:\Windows\System32\wsdchngr.dll - ok
07:44:44.0610 0x18d8 [ AE7F79B2040DDE54DB86B2D4FDCC2E7F, D9EDD0DF648FDCD68BFC035E666DF7322AB3B8E443BC76AA432EFBF5C612EB43 ] C:\Windows\System32\hposwia_p02b.dll
07:44:44.0610 0x18d8 C:\Windows\System32\hposwia_p02b.dll - ok
07:44:44.0610 0x18d8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] C:\Windows\System32\wbem\WMIsvc.dll
07:44:44.0610 0x18d8 C:\Windows\System32\wbem\WMIsvc.dll - ok
07:44:44.0610 0x18d8 [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:44:44.0610 0x18d8 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
07:44:44.0620 0x18d8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] C:\Windows\System32\trkwks.dll
07:44:44.0620 0x18d8 C:\Windows\System32\trkwks.dll - ok
07:44:44.0620 0x18d8 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE, A734A20357026C42950394682A52CBC3AF956D09F1949E1B4E95467E999BC428 ] C:\Windows\System32\wbemcomn.dll
07:44:44.0620 0x18d8 C:\Windows\System32\wbemcomn.dll - ok
07:44:44.0620 0x18d8 [ 0255C22D99602534F15CBB8D9B6F152F, 43CD89D6CA56E0B633142F7C86DA9E072EE0723B5EBC4CE8CCBCA58C396ECF54 ] C:\Windows\System32\wbem\WinMgmtR.dll
07:44:44.0620 0x18d8 C:\Windows\System32\wbem\WinMgmtR.dll - ok
07:44:44.0620 0x18d8 [ 0C52762C606BCF6A377D5E4688191A6B, C58C9A73AD07E3B93AB186D0D47C5F1CB7197771DBEE40646C3B801645BB388F ] C:\Windows\System32\wbem\WmiDcPrv.dll
07:44:44.0620 0x18d8 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
07:44:44.0630 0x18d8 [ A3F5E8EC1316C3E2562B82694A251C9E, F3DC6AA6A9D3B5BBC730668FC52C1D4BB5D515D404578BDDD3D4869A7ED58822 ] C:\Windows\System32\wbem\fastprox.dll
07:44:44.0630 0x18d8 C:\Windows\System32\wbem\fastprox.dll - ok
07:44:44.0630 0x18d8 [ 5EB55F661DEBF156E126160BCD4D89F8, 948D1F627AA55D55FB3B558BA61B8366C5481A6041820631F24408F75EA5D2CC ] C:\Windows\System32\wbem\wbemcore.dll
07:44:44.0630 0x18d8 C:\Windows\System32\wbem\wbemcore.dll - ok
07:44:44.0630 0x18d8 [ 93812FDC01AA864195816CD814445F95, E5CB2576DA2905177AFD342DBE63E17CF626F93F430DEBC55155C18C60166BEE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
07:44:44.0630 0x18d8 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
07:44:44.0640 0x18d8 [ 3FD15B4611D9BDA3F8013548C0ECAECA, B47A8D9985D9B71EB870816A0AB2B6403D394CCBDF7DE5378D5721D58D68D28D ] C:\Windows\SysWOW64\ntmarta.dll
07:44:44.0640 0x18d8 C:\Windows\SysWOW64\ntmarta.dll - ok
07:44:44.0640 0x18d8 [ A8BB45F9ECAD993461E0FEF8E2A99152, ACB756EA54E71F124D928829666B5B439785593877FF7C0C76ADCF954F4E6C94 ] C:\Windows\SysWOW64\Wldap32.dll
07:44:44.0640 0x18d8 C:\Windows\SysWOW64\Wldap32.dll - ok
07:44:44.0650 0x18d8 [ DC1BBA01FFB5745B8862931E7DE7304A, BE128A621B074FEB0EFEFD5642314E911C4D1EB07B175A502006CC9F53BB1CB4 ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
07:44:44.0650 0x18d8 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
07:44:44.0650 0x18d8 [ EE26D130808D16C0E417BBBED0451B34, 4886DCE4FAEF146A40BABD492A8000A2022FEA542A6135A9BAFD4CD09297B4E5 ] C:\Windows\System32\ntdsapi.dll
07:44:44.0650 0x18d8 C:\Windows\System32\ntdsapi.dll - ok
07:44:44.0650 0x18d8 [ 666A60F6F5E719856FF6254E0966EFF7, 58C072E7E215991E19C1CA062C476081982F7B9F039714539AE7FEB4981C200F ] C:\Windows\System32\wbem\wbemprox.dll
07:44:44.0650 0x18d8 C:\Windows\System32\wbem\wbemprox.dll - ok
07:44:44.0660 0x18d8 [ 087D8668C71634A3A3761135ABF16EEE, B7348A63299CFF4FFBF375E645A4850AE0F108D48D13AB25434CFAE7CF3D61FD ] C:\Windows\System32\wbem\esscli.dll
07:44:44.0660 0x18d8 C:\Windows\System32\wbem\esscli.dll - ok
07:44:44.0660 0x18d8 [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
07:44:44.0660 0x18d8 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe - ok
07:44:44.0660 0x18d8 [ A8EDB86FC2A4D6D1285E4C70384AC35A, 61B8955CE0A2AA9D0719920B30216717B349B6FBE11C697C31CFA84F859CC1AE ] C:\Windows\System32\dllhost.exe
07:44:44.0660 0x18d8 C:\Windows\System32\dllhost.exe - ok
07:44:44.0660 0x18d8 [ ECA6AC33BD9E441F7B47D173D715D268, 5B9017F80BD8C7823CFE1AB4C21D91388E1B31BF0D77058A98791D2FACA11EB6 ] C:\Windows\System32\msxml3.dll
07:44:44.0660 0x18d8 C:\Windows\System32\msxml3.dll - ok
07:44:44.0670 0x18d8 [ 27B9E163740A226B65E4B9E186117911, 17411C6A6C1E699BC4B0C04D782FD9AA09CF577DBA41E743F7588904D489CB9F ] C:\Windows\System32\sqmapi.dll
07:44:44.0670 0x18d8 C:\Windows\System32\sqmapi.dll - ok
07:44:44.0670 0x18d8 [ 3F1D0820E8F8A3E4F99333A6DCC2B95A, 61238B92EABA8175CDD1944CEB985128736B2515BFCF65B94108DC72747E9AA6 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftsync.dll
07:44:44.0670 0x18d8 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftsync.dll - ok
07:44:44.0670 0x18d8 [ 9028D1621C43DF8DFBD1C76860412A11, A1D48D9B33180BDE50D2FA9BB07E9520B7B7788C39B3AABB4A06AE4B1AACA755 ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
07:44:44.0670 0x18d8 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll - ok
07:44:44.0680 0x18d8 [ 7B38D7916A7CD058C16A0A6CA5077901, 3F6DD990E2DA5D3BD6D65A72CBFB0FE79EB30B118A8AD71B6C9BB5581A622DCE ] C:\Windows\System32\wdscore.dll
07:44:44.0680 0x18d8 C:\Windows\System32\wdscore.dll - ok
07:44:44.0680 0x18d8 [ E70E7C2EEC214FB2FE50DBFC8E98CB85, 3884117DB6B9CAEC669DAF4D2B2068CEE31298967C7EEC9DF5379D1A6A800659 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftuser.dll
07:44:44.0680 0x18d8 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftuser.dll - ok
07:44:44.0680 0x18d8 [ B9A8CBCFCD3EC9D2EA4740AF347BF108, 97FA304E3880BC863D999F441AE47CB8ADF00D2DEC2A52ACD8FBD02CC096786A ] C:\Windows\SysWOW64\mpr.dll
07:44:44.0680 0x18d8 C:\Windows\SysWOW64\mpr.dll - ok
07:44:44.0690 0x18d8 [ 85181D316D88082CF39D2F33FD47C6B5, F92AEA12F662BDCE7EE950B41B06454797996E596CBF3482F9A406B21782E28C ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcore.dll
07:44:44.0690 0x18d8 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcore.dll - ok
07:44:44.0690 0x18d8 [ 3B367397320C26DBA890B260F80D1B1B, 50BBE71B4380B5E86E197AF86F5C08266DD6B12344BA4ABDEA604B8C774C4147 ] C:\Windows\System32\hnetcfg.dll
07:44:44.0690 0x18d8 C:\Windows\System32\hnetcfg.dll - ok
07:44:44.0690 0x18d8 [ 718B6F51AB7F6FE2988A36868F9AD3AB, 76141B4E94C2766E2C34CEF523092948771A7893212EFADBE88D2171B85FF012 ] C:\Windows\System32\wbem\wbemsvc.dll
07:44:44.0690 0x18d8 C:\Windows\System32\wbem\wbemsvc.dll - ok
07:44:44.0700 0x18d8 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A, 61B4D669C692775EF361445293163E84FAD8636AC49C8047BE806DB4E4093291 ] C:\Windows\SysWOW64\wbem\fastprox.dll
07:44:44.0700 0x18d8 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
07:44:44.0700 0x18d8 [ 776AE0564F8B1C282E331FD95A1BDC5F, 601CFCA3922FFEA46A54AD323845A76A12FC6AF9FF64E9B0AE294FBB1AFCF4CB ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
07:44:44.0700 0x18d8 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
07:44:44.0700 0x18d8 [ 0143DB80DACFB7C2B5B7009ED9063353, 252885CF7C1BAB89B86908373546E5F5D674BEF7AACBDDCF321AD877CB9150A9 ] C:\Windows\System32\wbem\wmiutils.dll
07:44:44.0700 0x18d8 C:\Windows\System32\wbem\wmiutils.dll - ok
07:44:44.0700 0x18d8 [ 0AB34456654C283DAA13B8D2BA21439B, 4B70FC5195DE39564E951C8542020BA3D4257E3D4488F69825F67A6099CB7549 ] C:\Windows\System32\wbem\repdrvfs.dll
07:44:44.0700 0x18d8 C:\Windows\System32\wbem\repdrvfs.dll - ok
07:44:44.0710 0x18d8 [ E3E811471DE781900FF21C1FD84E941E, 2A47FF52D1D6480AAD1919382E783EA184BF926311F8C7E466FEBE9F6FB88FD6 ] C:\Windows\SysWOW64\ntdsapi.dll
07:44:44.0710 0x18d8 C:\Windows\SysWOW64\ntdsapi.dll - ok
07:44:44.0710 0x18d8 [ 210FCACAF902B2CD47CF9FD17D846146, 3F77AC721E084864C5966FF5337A90185F62203DC19C685328675500D629CB87 ] C:\Windows\System32\aeevts.dll
07:44:44.0710 0x18d8 C:\Windows\System32\aeevts.dll - ok
07:44:44.0710 0x18d8 [ 9D79C992E1607D2CD7B13A0F97557858, 4D2DFF755C54E93ECEDD12F3A4DB856BA9AA4375DB06F5D8DB8D15C26347D361 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftpsr.dll
07:44:44.0710 0x18d8 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftpsr.dll - ok
07:44:44.0720 0x18d8 [ FEB91B4DA0D540865260A33838654FA3, 8636B008BA329D3E6CC235D08BA4C914EFF45DBFCB9297C893CCDA8D907BA946 ] C:\Windows\System32\nci.dll
07:44:44.0720 0x18d8 C:\Windows\System32\nci.dll - ok
07:44:44.0720 0x18d8 [ 2FCA0D2C59A855C54BAFA22AA329DF0F, ED9D26F539065D62FCCEDEEC8E509B30F4D15F8DA586C1F657ACEFE9DABAACD0 ] C:\Windows\SysWOW64\netapi32.dll
07:44:44.0720 0x18d8 C:\Windows\SysWOW64\netapi32.dll - ok
07:44:44.0720 0x18d8 [ 20B3934DB73EABA2B49B7177873CB81F, 492EAC5C51472B43DE11825358AEC4B9E3A081DACFD7513C696D6FE40F302EE5 ] C:\Windows\SysWOW64\netutils.dll
07:44:44.0720 0x18d8 C:\Windows\SysWOW64\netutils.dll - ok
07:44:44.0720 0x18d8 [ 5CCDCD40E732D54E0F7451AC66AC1C87, 66F4DA105BD72E41250CD59E2B3CD931B47AC9FDB6C784B9E33C5EE1AC29841F ] C:\Windows\SysWOW64\srvcli.dll
07:44:44.0720 0x18d8 C:\Windows\SysWOW64\srvcli.dll - ok
07:44:44.0730 0x18d8 [ E5A4A1326A02F8E7B59E6C3270CE7202, DCB76016F9AC47E631540874DA208A089F9D529DA9628705A2869B954526BFE0 ] C:\Windows\SysWOW64\wkscli.dll
07:44:44.0730 0x18d8 C:\Windows\SysWOW64\wkscli.dll - ok
07:44:44.0730 0x18d8 [ 8AA502B025916688E71E55BB59BED6F9, EB527CFF2C45753C580C30ACCB8BCE0961383994F1BDDF8A1B6138C220D7AD03 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftfsi_wow64.dll
07:44:44.0730 0x18d8 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftfsi_wow64.dll - ok
07:44:44.0730 0x18d8 [ 28AD5E311996A34025CFB07E131058DD, 89C8B29105DE5917A33A7682C8A62CB543609F1227A4890D7130646A0F54D946 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
07:44:44.0730 0x18d8 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
07:44:44.0740 0x18d8 [ A0A2C1D812C231C9BFE119FDC68E341B, F94446594EE17505956A715DFB28B51D09F00A7A65E56950661B889A57DE8FA8 ] C:\Windows\System32\IDStore.dll
07:44:44.0740 0x18d8 C:\Windows\System32\IDStore.dll - ok
07:44:44.0740 0x18d8 [ 70A176BF2ED362862944C371838262F8, 7F54164AB73160826991B565D1B1804BA9F6223830503B5A4F84B7E8AEFAF6A1 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
07:44:44.0740 0x18d8 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
07:44:44.0740 0x18d8 [ F9D908DE6B166DAC9B89BF62FA291CE8, D0A918AD60221623BB0278EA94CD6938744617FDBB2054968AFAFC2940648F02 ] C:\Program Files\Bonjour\mdnsNSP.dll
07:44:44.0740 0x18d8 C:\Program Files\Bonjour\mdnsNSP.dll - ok
07:44:44.0740 0x18d8 [ DDD0357A92FA843EFF8915ED17253D6C, 0C78B1D41F0A7821186ADF653504F2BFF067CB512CB0E932047C301378BBADB6 ] C:\Windows\System32\wbem\WmiPrvSD.dll
07:44:44.0740 0x18d8 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
07:44:44.0750 0x18d8 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051, 8EFD0A6DE6F4E335D342782190008FB5AC84A6ADE49170B310DEC9AC48E623E8 ] C:\Windows\System32\localspl.dll
07:44:44.0750 0x18d8 C:\Windows\System32\localspl.dll - ok
07:44:44.0750 0x18d8 [ 88351B29B622B30962D2FEB6CA8D860B, A16CAD7D94C1C9807083BB36E9B4C3C14E6482C4CA2BDFACBCC86E737DDCE42E ] C:\Windows\System32\rasadhlp.dll
07:44:44.0750 0x18d8 C:\Windows\System32\rasadhlp.dll - ok
07:44:44.0750 0x18d8 [ D41FEBD098234F02485A4EA98D4730A4, 462DC8168C444F35B43BA3B8F7D77734665D84F1C6D25CAD7391C0145961628F ] C:\Windows\System32\ncobjapi.dll
07:44:44.0750 0x18d8 C:\Windows\System32\ncobjapi.dll - ok
07:44:44.0760 0x18d8 [ 6F8E3B7B70E1BBA871212940C1FBDF60, 3F9D4EE64E4210340C6FEE0DE81BFE3C613DDBE608EC09D63817D24CE24BFC5E ] C:\Windows\SysWOW64\SensApi.dll
07:44:44.0760 0x18d8 C:\Windows\SysWOW64\SensApi.dll - ok
07:44:44.0760 0x18d8 [ 66E073D8D83833DB525B4174C060E840, E8FD9A0A7E166DCEA3717CF184EB4D86600F837DE55CF9C036440BCEFBC09508 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcomp.dll
07:44:44.0760 0x18d8 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftcomp.dll - ok
07:44:44.0760 0x18d8 [ 639774C9ACD063F028F6084ABF5593AD, 9DFD80610CBBC9188F6C6BC85C87016B0AE42254FC289C2B578E85282BDD9C23 ] C:\Windows\System32\taskhost.exe
07:44:44.0760 0x18d8 C:\Windows\System32\taskhost.exe - ok
07:44:44.0770 0x18d8 [ 6F40D6FB05E0C1E5402812B426971AF0, E41F138F0F2DB057F8DBB1587237C6FA8A2059B3D64EC894D1DC492A18DBBDED ] C:\Windows\System32\wbem\wbemess.dll
07:44:44.0770 0x18d8 C:\Windows\System32\wbem\wbemess.dll - ok
07:44:44.0770 0x18d8 [ CA9F7888B524D8100B977C81F44C3234, 57F3353F89724147D8AC8B69B12C1303DF26978309776F5F8CCF074526A915D3 ] C:\Windows\SysWOW64\winhttp.dll
07:44:44.0770 0x18d8 C:\Windows\SysWOW64\winhttp.dll - ok
07:44:44.0770 0x18d8 [ 3285481F5C12305CA104A6C493CA5A0B, ADB39B15D26A954B0F347C7BAFCC76DE5E3CF3CF05736E8987E0832AA7F8563C ] C:\Windows\System32\spoolss.dll
07:44:44.0770 0x18d8 C:\Windows\System32\spoolss.dll - ok
07:44:44.0770 0x18d8 [ 0015ACFBBDD164A8A730009908868CA7, E1FF243AD2CF959FAB81EFE701592414991C03416FF296ADC93906E76B707C4D ] C:\Windows\System32\winspool.drv
07:44:44.0770 0x18d8 C:\Windows\System32\winspool.drv - ok
07:44:44.0780 0x18d8 [ FB19FC5951A88F3C523E35C2C98D23C0, FF0DB8BF0C68DA0D09272E8181D2B5409C8850BB2F31AEA3AC4CD14C5A420A59 ] C:\Windows\SysWOW64\webio.dll
07:44:44.0780 0x18d8 C:\Windows\SysWOW64\webio.dll - ok
07:44:44.0780 0x18d8 [ 23566F9723771108D2E6CD768AC27407, FAC0293DD1061B151E779BF4B245E6652C951FEDEBC602A166156DFBD38B5D67 ] C:\Windows\System32\AtBroker.exe
07:44:44.0780 0x18d8 C:\Windows\System32\AtBroker.exe - ok
07:44:44.0780 0x18d8 [ 94EEAC26F57811BD1AEFC164412F7FCE, 7390BCD7709D48DE75D7D6E06AA7356D1C58EE63F3CC2E07ABCD2E2FF6CC81CF ] C:\Windows\System32\PlaySndSrv.dll
07:44:44.0780 0x18d8 C:\Windows\System32\PlaySndSrv.dll - ok
07:44:44.0790 0x18d8 [ 65EA57712340C09B1B0C427B4848AE05, 5FDCF73191BFF9DBB03886755FFCF0BC15849F0E216884A5A8B9BB375FA7C1A5 ] C:\Windows\System32\taskeng.exe
07:44:44.0790 0x18d8 C:\Windows\System32\taskeng.exe - ok
07:44:44.0790 0x18d8 [ 619A67C9F617B7E69315BB28ECD5E1DF, F34F231D117CCDFEBB9CB35C8D6FDFA7051DA27FDC1204FCCFF361FC0B13A0FF ] C:\Windows\System32\wbem\WmiPrvSE.exe
07:44:44.0790 0x18d8 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
07:44:44.0790 0x18d8 [ 1830828B9F8B6E800C9CB915B26D7D2D, 01EB2F0F62BD4E5266D42F3DBF13507EF963D0917FCBEEF157E3BDE2B2B92891 ] C:\Windows\System32\hpf3l083.dll
07:44:44.0790 0x18d8 C:\Windows\System32\hpf3l083.dll - ok
07:44:44.0790 0x18d8 [ 6CEF7856A3EFAC59470F6208F0F585CE, 0F7A80DB821FDE6580E9481B6DA44844F717DDB4983B0E3D562BE43726153951 ] C:\Windows\System32\mpr.dll
07:44:44.0790 0x18d8 C:\Windows\System32\mpr.dll - ok
07:44:44.0800 0x18d8 [ C5AC93CF3BA30D367FB49148A2B673B9, 07B556039BBA841BC9F28979C3AD5D238B55391F921C9C805F3AFC9EFB437766 ] C:\Windows\System32\PrintIsolationProxy.dll
07:44:44.0800 0x18d8 C:\Windows\System32\PrintIsolationProxy.dll - ok
07:44:44.0800 0x18d8 [ 8EA53101FF2B15BDFF934B62A8FB326D, E28536A4AC6764C2480EF047AF2312AE2600819899C3E33B486CFE19F25AC464 ] C:\Windows\SysWOW64\logoncli.dll
07:44:44.0800 0x18d8 C:\Windows\SysWOW64\logoncli.dll - ok
07:44:44.0800 0x18d8 [ 19E41CCCEE697CC9465396B370929792, A9FC4C33C71C3677FE57779380E55FDE2AC0B0C70A9DBCBA0D0B6FA92C709A7F ] C:\Windows\System32\FXSMON.dll
07:44:44.0800 0x18d8 C:\Windows\System32\FXSMON.dll - ok
07:44:44.0810 0x18d8 [ 32A3C8600AF124CBAAD845F13CFAE3CB, F36FE9E57D5C509FEECE890F9F8717F9CC6F762E32AE0B7DB7E0153370CE0B9D ] C:\Windows\System32\tcpmon.dll
07:44:44.0810 0x18d8 C:\Windows\System32\tcpmon.dll - ok
07:44:44.0810 0x18d8 [ A6C29DB53ECA94FA8591C5388D604B82, F25E95BA669422286A8FA3A68E0C639A2F06319B6DC8FA641C965CFB27A50BD6 ] C:\Windows\SysWOW64\msi.dll
07:44:44.0810 0x18d8 C:\Windows\SysWOW64\msi.dll - ok
07:44:44.0810 0x18d8 [ F162D5F5E845B9DC352DD1BAD8CEF1BC, 8A7B7528DB30AB123B060D8E41954D95913C07BB40CDAE32E97F9EDB0BAF79C7 ] C:\Windows\System32\dwm.exe
07:44:44.0810 0x18d8 C:\Windows\System32\dwm.exe - ok
07:44:44.0810 0x18d8 [ BAFE84E637BF7388C96EF48D4D3FDD53, 11C194D9ADCE90027272C627D7FBF3BA5025FF0F7B26A8333F764E11E1382CF9 ] C:\Windows\System32\userinit.exe
07:44:44.0810 0x18d8 C:\Windows\System32\userinit.exe - ok
07:44:44.0820 0x18d8 [ FCFCD1101C5DA23B4B95F93D02B2C169, 040A086875B6C5475490A2F8B0CF4FF20DDB4FEDFE5FCABBA49692AA05F40527 ] C:\Windows\System32\dwmredir.dll
07:44:44.0820 0x18d8 C:\Windows\System32\dwmredir.dll - ok
07:44:44.0820 0x18d8 [ 4BA77A5EF71C14C764B0ED4701683E3E, 066A064CDBE09BF8BE1DF5B259F30FF6C124A1C3D637800D3E19E8E25EDB950E ] C:\Windows\System32\dwmcore.dll
07:44:44.0820 0x18d8 C:\Windows\System32\dwmcore.dll - ok
07:44:44.0820 0x18d8 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA, 8A6ACEFAB95E5275CBFBE6CCB5A6C3A6A471260B279B9063E86B9C7765E18656 ] C:\Windows\System32\MsCtfMonitor.dll
07:44:44.0820 0x18d8 C:\Windows\System32\MsCtfMonitor.dll - ok
07:44:44.0830 0x18d8 [ F09A9A1AD21FE618C4C8B0A0D830C886, 29831DDAB2AB105358FBC067CDF96428220B6743CD6019F6FE74BAC7AF325E7E ] C:\Windows\System32\msutb.dll
07:44:44.0830 0x18d8 C:\Windows\System32\msutb.dll - ok
07:44:44.0830 0x18d8 [ 93518C6EDE0B61BCBD02BDB02BD05FEE, 3637F5E5F15093AFB501EE910368CF900B422AC22669391FFA4198BBAE6F8FCB ] C:\Windows\System32\snmpapi.dll
07:44:44.0830 0x18d8 C:\Windows\System32\snmpapi.dll - ok
07:44:44.0830 0x18d8 [ 0A473BEFD39B78EDD82C2BDA84529ADA, C356134E36CC05FD835CE14CD1406D057DBA87C0765E31E3FB610C6F7925A2DA ] C:\Windows\System32\wbem\Win32_EncryptableVolume.dll
07:44:44.0830 0x18d8 C:\Windows\System32\wbem\Win32_EncryptableVolume.dll - ok
07:44:44.0840 0x18d8 [ FFF9D00CF16397C64317F213484F94BD, 94D0584E14BDB27F61F59A7BCEA529A1594261BE0CE74502C13E8865843BA414 ] C:\Windows\System32\wsnmp32.dll
07:44:44.0840 0x18d8 C:\Windows\System32\wsnmp32.dll - ok
07:44:44.0840 0x18d8 [ DF72A9936D0C3F517083119648814B09, 6BA4DCAC2F55A393A266ED0B2AF92B38141654D1666E3E143D85BBAF21663E1E ] C:\Windows\System32\usbmon.dll
07:44:44.0840 0x18d8 C:\Windows\System32\usbmon.dll - ok
07:44:44.0840 0x18d8 [ A1D7E3ADCDB07DDB6F423862DCB1A52B, 6191C33D2AE090F6F055D6AE211096CE8F003EC5518A5333EE1E376052176BAB ] C:\Windows\System32\WSDMon.dll
07:44:44.0840 0x18d8 C:\Windows\System32\WSDMon.dll - ok
07:44:44.0840 0x18d8 [ 522B0466ED967A0762E9AF5B37D8F40A, B14C62D059BC7CF430E1B0F6E18E31EFD1959EFB3025A2B0EBB11751F38DD6D4 ] C:\Windows\System32\esent.dll
07:44:44.0840 0x18d8 C:\Windows\System32\esent.dll - ok
07:44:44.0850 0x18d8 [ 9BB99503D6A4DD62569EDE9E5E2672A5, 6F4EA5BC50B1F929735246485263078BEF1B3BEB33F78CB1F483F13AA226C27E ] C:\Windows\System32\HotStartUserAgent.dll
07:44:44.0850 0x18d8 C:\Windows\System32\HotStartUserAgent.dll - ok
07:44:44.0850 0x18d8 [ AFDE12C926996FCC41C1F3A1F13A86E6, FB42BD4DC86A62CB1191018518F224C0B9AEA31183A2BBFD4BD363021901F9D6 ] C:\Windows\System32\spool\prtprocs\x64\hpfpp083.dll
07:44:44.0850 0x18d8 C:\Windows\System32\spool\prtprocs\x64\hpfpp083.dll - ok
07:44:44.0850 0x18d8 [ 1D626FE2E13C1CE49CA0136CFF214E93, 4F02DD92045CF244979FFD074B2BDE6925A909227A474C60DCABE4384D916218 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
07:44:44.0850 0x18d8 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
07:44:44.0860 0x18d8 [ 6607C2182C6A53ED983813AFE2F85768, FC9E718ABC4E0FBC7B0DD145F9C377A1800A7776AD832AB645796E13B1E15A1F ] C:\Windows\System32\wbem\cimwin32.dll
07:44:44.0860 0x18d8 C:\Windows\System32\wbem\cimwin32.dll - ok
07:44:44.0860 0x18d8 [ 67CF11E00D026A5C0C88EA5F84D501E5, 5081A87466116232CF07F58229967B6C0CD3738B64A56EFC6BB3EBDA62E378F6 ] C:\Windows\System32\win32spl.dll
07:44:44.0860 0x18d8 C:\Windows\System32\win32spl.dll - ok
07:44:44.0860 0x18d8 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:44:44.0860 0x18d8 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
07:44:44.0870 0x18d8 [ 805A52C5AE26C28E88FDD9BCCFE6F312, 4FF28D3658C31722B7DD036DED9D544B14841C0E0B94D31A8EC5AB92128DA020 ] C:\Windows\System32\TSChannel.dll
07:44:44.0870 0x18d8 C:\Windows\System32\TSChannel.dll - ok
07:44:44.0870 0x18d8 [ DA24EDFC1D6C1B67C010D34652B7052F, 0499E99F7B794C1FE8E8C03658F0DCDFC3B0FF5315A1871FCB0C33D612A15BD1 ] C:\Program Files (x86)\Google\Update\1.3.24.7\goopdate.dll
07:44:44.0870 0x18d8 C:\Program Files (x86)\Google\Update\1.3.24.7\goopdate.dll - ok
07:44:44.0870 0x18d8 [ 9AE80F6A66B30E3ED8CDF858CF28B11B, A93E470DC54E3C74C10979D49CABB9A34893F9E847F88491F935DB44EEC3541A ] C:\Windows\System32\d3d10_1.dll
07:44:44.0870 0x18d8 C:\Windows\System32\d3d10_1.dll - ok
07:44:44.0880 0x18d8 [ 63F72417CA38D8FC8F53709649B589E3, 39AE8AFFCFB8A9E345FC4C6F11926F25552C464380F88CDECD299FD27AF7866B ] C:\Windows\System32\d3d10_1core.dll
07:44:44.0880 0x18d8 C:\Windows\System32\d3d10_1core.dll - ok
07:44:44.0880 0x18d8 [ 507D5567A0A4EE86C4B0CE2CE1777025, 408770B00CED498BF7782054F17A5CB361CF65429B0C816403D70E416E0EEF23 ] C:\Windows\System32\inetpp.dll
07:44:44.0880 0x18d8 C:\Windows\System32\inetpp.dll - ok
07:44:44.0880 0x18d8 [ 332FEAB1435662FC6C672E25BEB37BE3, 6BED1A3A956A859EF4420FEB2466C040800EAF01EF53214EF9DAB53AEFF1CFF0 ] C:\Windows\explorer.exe
07:44:44.0880 0x18d8 C:\Windows\explorer.exe - ok
07:44:44.0890 0x18d8 [ 1BF0CB861A48FEB1638228760750F3CB, 37C781A8C546EAD8B4D28BD7D730B9AC78EB799599AD69DAD9054B6F9F1DD6BD ] C:\Windows\System32\cscapi.dll
07:44:44.0890 0x18d8 C:\Windows\System32\cscapi.dll - ok
07:44:44.0890 0x18d8 [ EED05D42D91835064703E2318552ED25, E9EE1E2253445B207B76F5D3073C612ED979A982522C1515E0FE8FA9641AE568 ] C:\Windows\System32\ExplorerFrame.dll
07:44:44.0890 0x18d8 C:\Windows\System32\ExplorerFrame.dll - ok
07:44:44.0890 0x18d8 [ 8DFB5752FCE145A6B295093C0A8BE131, F38029C8B36EFD46B1F6CCA0089FF4EFB0AB246497E38EDFF6A67FAC804D4A97 ] C:\Windows\System32\dxgi.dll
07:44:44.0890 0x18d8 C:\Windows\System32\dxgi.dll - ok
07:44:44.0890 0x18d8 [ 4C92EB7535CAA1681A77D928FBF9771F, 7D02B2357CA02393CA711C3C499AAD86B792EEFFDC67F2CE52F7F7BB8A28DE79 ] C:\Windows\System32\d3d11.dll
07:44:44.0890 0x18d8 C:\Windows\System32\d3d11.dll - ok
07:44:44.0900 0x18d8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] C:\Windows\System32\drivers\srv2.sys
07:44:44.0900 0x18d8 C:\Windows\System32\drivers\srv2.sys - ok
07:44:44.0900 0x18d8 [ 1484B9EBF567346582DE571B0E164AE0, 9862BF22B2E32DABE7A82ACEE5B4EA1F0A93BDC3C71B20A6A4E568CCCD76A7A6 ] C:\Windows\System32\framedynos.dll
07:44:44.0900 0x18d8 C:\Windows\System32\framedynos.dll - ok
07:44:44.0900 0x18d8 [ 352B3DC62A0D259A82A052238425C872, 393B24E0D6007C74AEE2FB2EE2C18623D37DF64E279B6767952DCFEE0EACBB10 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
07:44:44.0900 0x18d8 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
07:44:44.0910 0x18d8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] C:\Windows\System32\drivers\srv.sys
07:44:44.0910 0x18d8 C:\Windows\System32\drivers\srv.sys - ok
07:44:44.0910 0x18d8 [ 1261A900CF73B8E3DC05EF8220282D8E, E9C4F5E83D1F06FB87B3B344A9F6FF98E1552FF66E507A9540735D0674E9B4D8 ] C:\Windows\System32\igd10umd64.dll
07:44:44.0910 0x18d8 C:\Windows\System32\igd10umd64.dll - ok
07:44:44.0910 0x18d8 [ D1CDB6862B85B610D9275DE21CDCFB3D, 87B5DFF5BFF66D07D2A459A2EF22B66D983495232B29416ED70F1C5D8BBC779B ] C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
07:44:44.0910 0x18d8 C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL - ok
07:44:44.0920 0x18d8 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] C:\Windows\SysWOW64\netprofm.dll
07:44:44.0920 0x18d8 C:\Windows\SysWOW64\netprofm.dll - ok
07:44:44.0920 0x18d8 [ C00DB14550E4BD49737F311C644E45FF, 7085C47DADEED82B6F98ED3903197D76B648E9D6CC67D40C789E236264D9A0DC ] C:\Windows\System32\wmi.dll
07:44:44.0920 0x18d8 C:\Windows\System32\wmi.dll - ok
07:44:44.0920 0x18d8 [ E7B9D5FF20FFDD4AAE2EF1D1B8C27A37, 689D126B1B42140D5049015E3E324268E6542D4BC6CC14E31D8B89A25B94BAA5 ] C:\Windows\SysWOW64\imagehlp.dll
07:44:44.0920 0x18d8 C:\Windows\SysWOW64\imagehlp.dll - ok
07:44:44.0920 0x18d8 [ 0BA65122FFA7E37564EE86422DBF7AE8, 3A37FC503D3228D021473AECA285427382518CC36C197E4C9912745BDF3AB757 ] C:\Windows\SysWOW64\nlaapi.dll
07:44:44.0920 0x18d8 C:\Windows\SysWOW64\nlaapi.dll - ok
07:44:44.0930 0x18d8 [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] C:\Windows\System32\drivers\Sftredirlh.sys
07:44:44.0930 0x18d8 C:\Windows\System32\drivers\Sftredirlh.sys - ok
07:44:44.0930 0x18d8 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC, 78AF098E270EDE62466557091F14B2D37BDAB488F02E7CC769251FD17C02BA4A ] C:\Windows\SysWOW64\fltLib.dll
07:44:44.0930 0x18d8 C:\Windows\SysWOW64\fltLib.dll - ok
07:44:44.0930 0x18d8 [ 18AB2E5A40064ED5F7791AC5946A90F3, B7536CE56702C23B1CEC3E1B6C78866E0A76808B85A92AF3733D9ED9429E004C ] C:\Windows\SysWOW64\msimg32.dll
07:44:44.0930 0x18d8 C:\Windows\SysWOW64\msimg32.dll - ok
07:44:44.0930 0x18d8 [ 43964FA89CCF97BA6BE34D69455AC65F, 10E3B89A5470E1BB6F73382135DD2352F5073C1EE8485D7476CFB5122D4AAA2F ] C:\Windows\SysWOW64\uxtheme.dll
07:44:44.0930 0x18d8 C:\Windows\SysWOW64\uxtheme.dll - ok
07:44:44.0940 0x18d8 [ 465BEA35F7ED4A4A57686DEA7EA10F47, 7F1B3CA09AB045F805DA5765BE7DD270F5DDACE3073017F7386FF1E2FA82D6FB ] C:\Windows\SysWOW64\cscapi.dll
07:44:44.0940 0x18d8 C:\Windows\SysWOW64\cscapi.dll - ok
07:44:44.0940 0x18d8 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8, B07A12E3ECD5E418A3F99F00C56E7F482F68CADE330E7C079DCCDFFAD2E21299 ] C:\Windows\SysWOW64\dbghelp.dll
07:44:44.0940 0x18d8 C:\Windows\SysWOW64\dbghelp.dll - ok
07:44:44.0940 0x18d8 [ DF3CA8D16BDED6A54977B30E66864D33, 1D1A1AE540BA132F998D60D3622F0297B6E86AE399332C3B47462D7C0F560A36 ] C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\msvcr100.dll
07:44:44.0940 0x18d8 C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\msvcr100.dll - ok
07:44:44.0950 0x18d8 [ FDC385A0F7D7DD880C4622D1DF08ABE9, D9596264D98B09A5C44DD63B69B7253377B5FF237B6F2C4F97258E86FFAD055A ] C:\Windows\System32\ntprint.dll
07:44:44.0950 0x18d8 C:\Windows\System32\ntprint.dll - ok
07:44:44.0950 0x18d8 [ 828185688FDAAE6C7959B884ABED1766, 98A1F5DFDD517CDC7C20F0F64137D2A796E6E25EB82F7128F01B5DBCFF4C6587 ] C:\Windows\SysWOW64\schannel.dll
07:44:44.0950 0x18d8 C:\Windows\SysWOW64\schannel.dll - ok
07:44:44.0950 0x18d8 [ F11A57E91FDAECFB41A5CB21EB1EBC8E, 904DA963F2274ADF521660E3131DAC781E59C6FAEB393E57802A3B5638C09283 ] C:\Windows\System32\dssenh.dll
07:44:44.0950 0x18d8 C:\Windows\System32\dssenh.dll - ok
07:44:44.0960 0x18d8 [ 4F096D96285E06CD51AEF7D2D3DE04DA, 5BB420FBE28315F2117376052BB8488CE84A3398DDA65005B8AE1F792017E9A8 ] C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\msvcp100.dll
07:44:44.0960 0x18d8 C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\msvcp100.dll - ok
07:44:44.0960 0x18d8 [ 863F793D15B4026B1A5FDECA873D4D84, AF7ABD95BB5467551562F129F03C7AC9D52A021F7E547609F40A80E66932C942 ] C:\Windows\SysWOW64\apphelp.dll
07:44:44.0960 0x18d8 C:\Windows\SysWOW64\apphelp.dll - ok
07:44:44.0960 0x18d8 [ D5A444B63637EC0932172C6719A10252, 5B2F51B102EB3FE551A5D727D5280BA9417C3AC62E224997A3549F19677EAEE0 ] C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
07:44:44.0960 0x18d8 C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe - ok
07:44:44.0970 0x18d8 [ 720546B84ED5229E1584C8F3533A2F12, AB3C09C7F4B34D82786484439BCF78E7D7D202D1A75120ECFD140A74B8D36E86 ] C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
07:44:44.0970 0x18d8 C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe - ok
07:44:44.0970 0x18d8 [ C5A99A4C0DC9F0F5A95BA0C83D30A549, F99CCCE303F0FC07D82D3BBA223E8CCE41FB7FA8FB5C2A9214C161826537C7C9 ] C:\Windows\SysWOW64\mstask.dll
07:44:44.0970 0x18d8 C:\Windows\SysWOW64\mstask.dll - ok
07:44:44.0970 0x18d8 [ 5A55E3E6F53592F8170623DEFA2B7954, B524543192E78A2C97D3EC9AA0CFCBBAA308439D3A33F9A1F4EDFBD3181D7919 ] C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\atl100.dll
07:44:44.0970 0x18d8 C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\atl100.dll - ok
07:44:44.0980 0x18d8 [ A7A8CA53D9C9FD90C07AB0EB38E5316B, B98722E76601A98F038F40703C4B8BD21B5EC3B65DC1B07B7C367C06448F8A0E ] C:\Windows\System32\dbghelp.dll
07:44:44.0980 0x18d8 C:\Windows\System32\dbghelp.dll - ok
07:44:44.0980 0x18d8 [ 5EB6E9C8BE1ACC5830780E0F9A846255, AC5EDC6DBC9CA204584E35878E18F6524DE002CE3D90657C37599790A5DDD1F1 ] C:\Windows\System32\msi.dll
07:44:44.0980 0x18d8 C:\Windows\System32\msi.dll - ok
07:44:44.0980 0x18d8 [ B3DC2359FA6E58C753ABE9D6F13B3608, B21984C2C1111698B9C1067EEBCAFAD6F78BAEF5D9487550BB814B3A5257555C ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe
07:44:44.0980 0x18d8 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe - ok
07:44:44.0990 0x18d8 [ EBDD3032297EF6832A1D6D3AA6DC3537, 9B637CFF4C3E0B4621C911F57E17024BD47FC96F26F320FED72694414EB145F7 ] C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
07:44:44.0990 0x18d8 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe - ok
07:44:44.0990 0x18d8 [ 12C45E3CB6D65F73209549E2D02ECA7A, 9DFD9C58B90257C34D52B7156C1D2566BE32EE7BD4699DDE164A5F190EC4D44A ] C:\Windows\SysWOW64\propsys.dll
07:44:44.0990 0x18d8 C:\Windows\SysWOW64\propsys.dll - ok
07:44:44.0990 0x18d8 [ 9839C4217EBD9A6B84B60FF2FBD9B1A5, C1299764B7284F7B6490A51FB6BDE515E3F380D7B3BA9343E7100D9EBB776177 ] C:\Program Files (x86)\Dell DataSafe Local Backup\RPLauncher.exe
07:44:44.0990 0x18d8 C:\Program Files (x86)\Dell DataSafe Local Backup\RPLauncher.exe - ok
07:44:45.0000 0x18d8 [ D83947A58613E9091B4C9CC0F1546A8D, C71DF6E18E2099FC462717B8658D39C607A62C7E7A1E5CD0E258C17434535AD0 ] C:\Windows\SysWOW64\mscoree.dll
07:44:45.0000 0x18d8 C:\Windows\SysWOW64\mscoree.dll - ok
07:44:45.0000 0x18d8 [ 5E3C0E5FFDA48C5DA35BBFB8EFFF8066, E2BBCC111DB1CE6072CB796F21677E4529029CE66DDC471EC793278F81F1FCF6 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
07:44:45.0000 0x18d8 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
07:44:45.0000 0x18d8 [ CE38536E05E23FE796C11AFFAB6FA842, C513ECE5B70D433C7D97009307C3CCFDD0E5ED77423AD57319EC8390DAEFD0BC ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
07:44:45.0000 0x18d8 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
07:44:45.0000 0x18d8 [ 688227D38A6FF6403B293D0C50B454B9, B0947C0707007FE5BDD0B6BF2FCB3AFB99712519ED82A7475204DB37E69CF08A ] C:\Windows\SysWOW64\ieframe.dll
07:44:45.0000 0x18d8 C:\Windows\SysWOW64\ieframe.dll - ok
07:44:45.0010 0x18d8 [ 49E5753D923F1AC63B22D3DCB0B47E00, 14CEC0BF5F625FF839A8D79B4A6B7C4AC0CBB705FD197C6B7FF8617C6C3E34FE ] C:\Windows\System32\uDWM.dll
07:44:45.0010 0x18d8 C:\Windows\System32\uDWM.dll - ok
07:44:45.0010 0x18d8 [ A627F04CF1B67A3F0C1542C3C82994BE, 4E1EA66E0D16AAFC045C25A32BBB5DDAA8CAE0A5E71B0308D6765EEC5491A2FF ] C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\Cultures\OFFICE.ODF
07:44:45.0010 0x18d8 C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\Cultures\OFFICE.ODF - ok
07:44:45.0010 0x18d8 [ D1DE1EAFDE97BE41CF6585027FF3E732, 76F17D4DF440D6734DC8157092D94EB18C2A73A0A49BEEA289E7B3EDE30E86A2 ] C:\Windows\SysWOW64\comdlg32.dll
07:44:45.0010 0x18d8 C:\Windows\SysWOW64\comdlg32.dll - ok
07:44:45.0020 0x18d8 [ CD4F7B90CB09831BCDEDE0A206CCDB35, 938FCE84B91950D557CD9381210D282FDEB30F2E9A73BCDEF170CC5A59F47E8C ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
07:44:45.0020 0x18d8 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe - ok
07:44:45.0020 0x18d8 [ E227B810296AA27E6C69307A7B6456E5, 0FBF1C90362EA0D12B4B0E18A2FB3E3AC90E116C30BE4CBE95F12EB4882FB985 ] C:\Windows\SysWOW64\msxml6.dll
07:44:45.0020 0x18d8 C:\Windows\SysWOW64\msxml6.dll - ok
07:44:45.0020 0x18d8 [ 75F5E1FE8D55CF8E577E0EC5F2290D3F, F4E2C81F0834018052A481AE8D7DF4780302A6844160CCDC09F7D82D3B992BDE ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll
07:44:45.0020 0x18d8 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll - ok
07:44:45.0020 0x18d8 [ EE19C85CA685A275BE346EC41F1870F9, F071D88C38C62E9D88DDE29F451B2B581499758A7E60BDA6DED3376280C5A635 ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\GdiPlus.dll
07:44:45.0020 0x18d8 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\GdiPlus.dll - ok
07:44:45.0030 0x18d8 [ 8E01332CC4B68BC6B5B7EFFE374442AA, A4AD1D2FD3EC2F26949DBBC388F9FFF3713AD7EB4E9220AF817EBB5223E467C6 ] C:\Windows\SysWOW64\oleacc.dll
07:44:45.0030 0x18d8 C:\Windows\SysWOW64\oleacc.dll - ok
07:44:45.0030 0x18d8 [ 0AFCE8EEF3751810FE2101FD608FB8B3, B015D780C38BB282DBA7B16325D03B0869D68B93DFBED3D40D97AB3F774C587A ] C:\Windows\SysWOW64\urlmon.dll
07:44:45.0030 0x18d8 C:\Windows\SysWOW64\urlmon.dll - ok
07:44:45.0030 0x18d8 [ 96C70BD48D49B87475F4572DEDC62EB9, DA841CEBDFF2C5821D4D3396BD9299940A4A2927C161554B66AB8F58CBF04467 ] C:\Windows\AppPatch\AcLayers.dll
07:44:45.0030 0x18d8 C:\Windows\AppPatch\AcLayers.dll - ok
07:44:45.0030 0x18d8 [ 1C60E09CA1C3A045BC4D367F67C915B7, DF1ED88CB57DA1AB1A4245AE0D5B42AFA3396EBF67B99411FFFB0DD06DE1AEAF ] C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
07:44:45.0030 0x18d8 C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
07:44:45.0040 0x18d8 [ 007863E45F25AA47A4C30D0930BBFD85, 60F2ABA40D520FCA2C57FA2DB72E111C14F21821DA17F662837506B80C269634 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
07:44:45.0040 0x18d8 C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
07:44:45.0040 0x18d8 [ 936F728E04ACCF3F38801CFFCF1E3F40, 59CA86096F4B928E364B6A3C0408615F068BB8BC02DCFC5EAF4873EC6D6E0797 ] C:\Windows\SysWOW64\oledlg.dll
07:44:45.0040 0x18d8 C:\Windows\SysWOW64\oledlg.dll - ok
07:44:45.0040 0x18d8 [ C9564CF4976E7E96B4052737AA2492B4, C3AC989C8489A23BB96400B1856F5325FFC67E844F04651EA5D61BC20A991C6D ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
07:44:45.0040 0x18d8 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
07:44:45.0050 0x18d8 [ 39C5F32747B3414D1BB216FDB1DEFC58, 6FAE64CB9748304090113903A5AE9E7154BE16BA2EEA7AB3EF04AB9D79B81380 ] C:\Windows\SysWOW64\dwmapi.dll
07:44:45.0050 0x18d8 C:\Windows\SysWOW64\dwmapi.dll - ok
07:44:45.0050 0x18d8 [ 49ACA548B2423F1C67898E6AC719A9A6, 23D84137EAB9AFDD31CBB6776B6B25AD135A120AF7F7885EB5BBF9E0A2CCC4C1 ] C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
07:44:45.0050 0x18d8 C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
07:44:45.0050 0x18d8 [ 42EBC2ECBB81A0FFE720601500760C7E, 29960175ECB7459AB8EE9E238B66CF592255F333A63E9B6653C32091D73A830D ] C:\Program Files (x86)\Dell DataSafe Local Backup\SetMUILanguage.exe
07:44:45.0050 0x18d8 C:\Program Files (x86)\Dell DataSafe Local Backup\SetMUILanguage.exe - ok
07:44:45.0050 0x18d8 [ 47AC56BC5FA5D41F73940A02686627CB, D703882213C0B2972AA4A0D3608C4632477D4797961395158141FE8F6CF6EF2A ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STSCheduler.dll
07:44:45.0050 0x18d8 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STSCheduler.dll - ok
07:44:45.0060 0x18d8 [ BF85366B209DFC11BAB31380C7C47E31, FCF733B04994664B17CD988B430D5C01AD9A02DF645342D0B8E387D49970D7FB ] C:\Program Files (x86)\Dell DataSafe Local Backup\RPLaunch.exe
07:44:45.0060 0x18d8 C:\Program Files (x86)\Dell DataSafe Local Backup\RPLaunch.exe - ok
07:44:45.0060 0x18d8 [ 93C2D166F5C3C14B32B15184254049C3, 397879F4974CD03FBEE3DC3EA859F1BE3B9E3269603F053CE17DCBC384B83B34 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
07:44:45.0060 0x18d8 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll - ok
07:44:45.0060 0x18d8 [ 780836BB63852990382DF27DE7FEFD20, 3BBBF787D5B383146AFDA55514A28764AE0CCD42C7F1298C94F0804DAE61D377 ] C:\Windows\System32\bcdedit.exe
07:44:45.0060 0x18d8 C:\Windows\System32\bcdedit.exe - ok
07:44:45.0060 0x18d8 [ BF95EA5809E3BBF55370F7CB309FEBD0, 62ADBA6E1A7DDDEFA971580161F30896DFFC27EB4EB82E3CC72062D57DA66500 ] C:\Windows\System32\conhost.exe
07:44:45.0060 0x18d8 C:\Windows\System32\conhost.exe - ok
07:44:45.0070 0x18d8 [ BEC6424855779064551A7F15472F8DAF, 0C6C35AF8F41ADBD2BDAFF35869025EF9098553D8263D49AE8B37B2AA3CCDDAD ] C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
07:44:45.0070 0x18d8 C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll - ok
07:44:45.0070 0x18d8 [ 60F4AEFA103D421EA4A40E31409B4756, 037A8605CA504A4FF43E9D4DE9017CEA1E26D3556C975872C747E24D8B0835EF ] C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
07:44:45.0070 0x18d8 C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
07:44:45.0070 0x18d8 [ 6E9E439517D89EDC9A6CB1E94489620A, 2E56936B6780C7377DDF468EA5F4115BBBFE7B43E5813710621003F401E1F7ED ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
07:44:45.0070 0x18d8 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok
07:44:45.0070 0x18d8 [ 102CF6879887BBE846A00C459E6D4ABC, A4C51C79CF95D5C79DCEFB02946A09A987FEAF83CE2EE1BA7677EBA90869AC80 ] C:\Windows\SysWOW64\riched20.dll
07:44:45.0070 0x18d8 C:\Windows\SysWOW64\riched20.dll - ok
07:44:45.0080 0x18d8 [ 09890A2F032B138A74B5DF2C1233FB1D, 41444DE5D883F252E343E0B980F1D0C6AAF43C4EBC146E8C1A6E87F3A173E526 ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
07:44:45.0080 0x18d8 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe - ok
07:44:45.0080 0x18d8 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9, E18D66455D00A6D2A2D7CC0833C233FE8A6DD910B59D6B5B5F82EF91450858DF ] C:\Windows\SysWOW64\sfc.dll
07:44:45.0080 0x18d8 C:\Windows\SysWOW64\sfc.dll - ok
07:44:45.0080 0x18d8 [ 84799328D87B3091A3BDD251E1AD31F9, F85521215924388830DBB13580688DB70B46AF4C7D82D549D09086438F8D237B ] C:\Windows\SysWOW64\sfc_os.dll
07:44:45.0080 0x18d8 C:\Windows\SysWOW64\sfc_os.dll - ok
07:44:45.0080 0x18d8 [ 162D247E995EAEBF3EF4289069E1111C, 19E858E9902E2D570FFD24AE2CB4165273F5BAB1FF7B04758B11AB5CD41FD752 ] C:\Windows\SysWOW64\devrtl.dll
07:44:45.0080 0x18d8 C:\Windows\SysWOW64\devrtl.dll - ok
07:44:45.0090 0x18d8 [ 2DF29664ED261F0FC448E58F338F0671, 4EFE79C383D0AF126FC4EE668D822563F8F037B1E61D73747A35FE11AAFDB8CE ] C:\Windows\System32\mprapi.dll
07:44:45.0090 0x18d8 C:\Windows\System32\mprapi.dll - ok
07:44:45.0090 0x18d8 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C, 78889511D6F471009674CC958F8BB77B4A79C952634B18E8AFF4A75AA6A60E87 ] C:\Windows\System32\ndiscapCfg.dll
07:44:45.0090 0x18d8 C:\Windows\System32\ndiscapCfg.dll - ok
07:44:45.0090 0x18d8 [ 3D6AF45673C4B31CDECD7F80AF09D443, 7D711D138C107816155AFA5E5FDC6892734074BEFF604B5904177B5D9ACE4670 ] C:\Windows\System32\rascfg.dll
07:44:45.0090 0x18d8 C:\Windows\System32\rascfg.dll - ok
07:44:45.0090 0x18d8 [ AD7FB087A238883D1618F29F7BBBD584, D9541CA4D2AADFEEEC195863133B16C2EC94CA63F842F5646F7834F2D0E85FF3 ] C:\Windows\SysWOW64\ncrypt.dll
07:44:45.0090 0x18d8 C:\Windows\SysWOW64\ncrypt.dll - ok
07:44:45.0100 0x18d8 [ CE71B9119A258EDD0A05B37D7B0F92E3, D9310C5BBFE089B8C81E259C462EC1E6D7A7A87FA59FC1F174ED5C58D409AE7A ] C:\Windows\SysWOW64\bcrypt.dll
07:44:45.0100 0x18d8 C:\Windows\SysWOW64\bcrypt.dll - ok
07:44:45.0100 0x18d8 [ E8449FE262D7406BCB2AC2A45C53EC5F, 6C118C9FB26404D1943824CF3990F36E12986547FFACB7CC0DF975A913065D78 ] C:\Windows\SysWOW64\bcryptprimitives.dll
07:44:45.0100 0x18d8 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
07:44:45.0100 0x18d8 [ 1CF21800E337F4039AAD4C94B4280EE4, EF434CEF6E62A202B85E8EC7916EB998E20B10675437CDE90084CDA938C0AA3F ] C:\Windows\System32\mprmsg.dll
07:44:45.0100 0x18d8 C:\Windows\System32\mprmsg.dll - ok
07:44:45.0100 0x18d8 [ 1097F3035BAF46CED8B332B3564C5108, C69781683CA963A1335780DABBBC60E2C3CEF0888738D3425D358D12E8D0AF58 ] C:\Windows\SysWOW64\gpapi.dll
07:44:45.0100 0x18d8 C:\Windows\SysWOW64\gpapi.dll - ok
07:44:45.0110 0x18d8 [ 55DE45B116711881C852D2841E4C84DD, 18E5021530BB44042C85087BAE4FEDA633E01CDCBA09C90A5941B74C75133A35 ] C:\Windows\System32\tcpipcfg.dll
07:44:45.0110 0x18d8 C:\Windows\System32\tcpipcfg.dll - ok
07:44:45.0110 0x18d8 [ 7B851A8018B1EA00A69707A390004884, DAE654713EF1DC66C8C2D27752B659081794063A7D522D1F680AA9A6E7FBA9FD ] C:\Windows\SysWOW64\cryptnet.dll
07:44:45.0110 0x18d8 C:\Windows\SysWOW64\cryptnet.dll - ok
07:44:45.0110 0x18d8 [ 0F42F3605AB5C3679765FF1081275EF3, 50BD23EC2590C1083EA33E3D1E3448244A3D8995672DFB4DBC409E20FA9BF2FF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
07:44:45.0110 0x18d8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll - ok
07:44:45.0120 0x18d8 [ 09A116FB06C5E362EF8938D29CDAB27B, 887B39388C39FF262FBBE3047FA1F5F47EB649AF3D760865AFE614DE64160D33 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
07:44:45.0120 0x18d8 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
07:44:45.0120 0x18d8 [ 024352FEEC9042260BB4CFB4D79A206B, 60CB39086E10C5B66EBC15E4DF219620B344B4358D2918AB6BB3448A0AC8BE36 ] C:\Windows\System32\EhStorShell.dll
07:44:45.0120 0x18d8 C:\Windows\System32\EhStorShell.dll - ok
07:44:45.0120 0x18d8 [ 037A719DAD50603202C978CD802623E4, BD4C222913D32D7CF5FE0201FEBE7BD67FC39DF47A7A672C2D6C228A6E13B5DE ] C:\Windows\System32\ntshrui.dll
07:44:45.0120 0x18d8 C:\Windows\System32\ntshrui.dll - ok
07:44:45.0120 0x18d8 [ 1D63F4366288B8A7595397E27010FD44, 99EA4DDD88D9C4A4CC9B238F533CB4D2C062D46239173997E8594D8A75811A01 ] C:\Windows\System32\IconCodecService.dll
07:44:45.0120 0x18d8 C:\Windows\System32\IconCodecService.dll - ok
07:44:45.0130 0x18d8 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
07:44:45.0130 0x18d8 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE - ok
07:44:45.0130 0x18d8 [ A7E746F7E13542ED4A9BFC2D34043E82, 65BAA624D01CAF1C883141502E37384DDFDFDBC6E053F2B7DC996D1D9407081A ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSHARED.DLL
07:44:45.0130 0x18d8 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSHARED.DLL - ok
07:44:45.0130 0x18d8 [ 8CC33F757E817C7C03C6A5F7FDF85F09, C120CA09A37CAD9DD39B59B9C99476B38E666B32A907D68495F9E568DA5CE694 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
07:44:45.0130 0x18d8 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll - ok
07:44:45.0130 0x18d8 [ 3D232BA8915FEA0694B07E535FC8D03A, 7995028113425BC802A77F5529D49E9EBC3012117585AE079F694D969AA05EEF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
07:44:45.0130 0x18d8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll - ok
07:44:45.0140 0x18d8 [ E9BB0CD09DA17C71FD1B9954D75AEEF7, FF5E2F04F1FD56FDD19368150B5750275F0A44E9EA9820C8087E84ECBBF45286 ] C:\Windows\SysWOW64\credui.dll
07:44:45.0140 0x18d8 C:\Windows\SysWOW64\credui.dll - ok
07:44:45.0140 0x18d8 [ 565A30B70BE8A9B171839003F2D69683, 808BFBF2A0EC54417A254FDA0B22472CEA4A50F4C0952A6AB0ADF1119BD2543E ] C:\Windows\SysWOW64\hlink.dll
07:44:45.0140 0x18d8 C:\Windows\SysWOW64\hlink.dll - ok
07:44:45.0140 0x18d8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] C:\Windows\System32\srvsvc.dll
07:44:45.0140 0x18d8 C:\Windows\System32\srvsvc.dll - ok
07:44:45.0140 0x18d8 [ 74AF1FFCAFD60DA88A386AE161F56438, FFDAC2829D384EEF04E4B756E25971C03B446A96A0CBE879801FB796AA79E7CA ] C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\en-us\CVHIntl.dll
07:44:45.0140 0x18d8 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\en-us\CVHIntl.dll - ok
07:44:45.0150 0x18d8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] C:\Windows\System32\browser.dll
07:44:45.0150 0x18d8 C:\Windows\System32\browser.dll - ok
07:44:45.0150 0x18d8 [ 739AFF76CF8D1280EB3E10DD02748DDF, 6917FDD9C3CB48F550550A1BC4670C919FCD05D55AB91DE8A4BB025BFCAB918C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
07:44:45.0150 0x18d8 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll - ok
07:44:45.0150 0x18d8 [ 81749E073AC5857B044A686B406E5244, 3884EE705CA34235B29942FEDA8FEA654A21139B8C2A1D5E009C7D07D6E6ADF1 ] C:\Windows\System32\clusapi.dll
07:44:45.0150 0x18d8 C:\Windows\System32\clusapi.dll - ok
07:44:45.0150 0x18d8 [ CFEFA40DDE34659BE5211966EAD86437, AC0A3AD8AA47012C40785013E2273FC571F416BC9C9FFDA418FE72B3123C1FB0 ] C:\Windows\System32\netmsg.dll
07:44:45.0150 0x18d8 C:\Windows\System32\netmsg.dll - ok
07:44:45.0160 0x18d8 [ FF80CAD87555E8E4D2CFD7B9058343F8, 07653773FBEC1996408B8507B08E0E1E812830063F932F897F4B39EE63DDCDC4 ] C:\Windows\System32\sscore.dll
07:44:45.0160 0x18d8 C:\Windows\System32\sscore.dll - ok
07:44:45.0160 0x18d8 [ 344FCC9850C3A8A3B4D3C65151AF8E4C, C38853454E153B1AB4AEAE1AAFB7CB4B2E6234208CF24C09F3B2AFE25E271C5C ] C:\Windows\System32\resutils.dll
07:44:45.0160 0x18d8 C:\Windows\System32\resutils.dll - ok
07:44:45.0160 0x18d8 [ D835EDB2FC3368F3366C07493DFF2B41, CAFEB1DB1D8AFEAC5E0981E37C04B558D351D638CB1C9D91D7693E2C428BA074 ] C:\Program Files (x86)\Microsoft Application Virtualization Client\sftintf.dll
07:44:45.0160 0x18d8 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftintf.dll - ok
07:44:45.0170 0x18d8 [ ED195AC76E10F17F6DD60C49666F2A83, 724935F1B0E700843D3850D70E8EA9FB6D838147B25426A03D462F1526D39112 ] C:\Windows\SysWOW64\msv1_0.dll
07:44:45.0170 0x18d8 C:\Windows\SysWOW64\msv1_0.dll - ok
07:44:45.0170 0x18d8 [ 1128637CAD49A8E3C8B5FA5D0A061525, 6B80E50D8296F9E2C978CC6BC002B964ACFD8F4BCF623F4770513792845B5278 ] C:\Windows\SysWOW64\cryptdll.dll
07:44:45.0170 0x18d8 C:\Windows\SysWOW64\cryptdll.dll - ok
07:44:45.0170 0x18d8 [ 0EF6ADCF0AEC1EB8B758A72FBA757A95, D374559A2F0CA85AD5CC2562A4EA9F2FAF7B29185E817E8AF0B671B7D0939D3B ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
07:44:45.0170 0x18d8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll - ok
07:44:45.0170 0x18d8 [ A0617B5753E31126AD29C03154F4F329, 3BC10C0A54D1D60B0C670D901944D3F115E2EBB406C989409145E7151AA55EFE ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
07:44:45.0170 0x18d8 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
07:44:45.0180 0x18d8 [ 3D7D2E825C63FF501E896CF008C70D75, 037FC52B8FC6089338EB456F2B45638ED36C42A4DCA7ACE391D166B2329838A1 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
07:44:45.0180 0x18d8 C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe - ok
07:44:45.0180 0x18d8 [ C1B5307377C98F87E0152C44E9FF8DEE, E4B8CACDD50A9A6457708E3D15DDFA3CF23B444582FD37BA50444B53802FF0C7 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
07:44:45.0180 0x18d8 C:\Windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll - ok
07:44:45.0180 0x18d8 [ DED333DBDBBCC3555A6E6244522E2F1A, 6909875090A9013685BA16EAAC666C173F138F0AF7172A40E746E6EFDE02D133 ] C:\Windows\System32\drivers\LVPr2M64.sys
07:44:45.0180 0x18d8 C:\Windows\System32\drivers\LVPr2M64.sys - ok
07:44:45.0180 0x18d8 [ E0B340996A41C9A75DFA3B99BBA9C500, D029AD8ABBD2267B1E44DF5172B93C3F832B4C21F930F5512C24E800F5CE4F8B ] C:\Windows\System32\SearchIndexer.exe
07:44:45.0180 0x18d8 C:\Windows\System32\SearchIndexer.exe - ok
07:44:45.0190 0x18d8 [ 589DF683A6C81424A6CECE52ABF98A50, 8CE0D07B2FC1F1BF8C07434FAFCDC63FDD3B75007C3B2EED130DB69D2D16E90A ] C:\Windows\System32\tquery.dll
07:44:45.0190 0x18d8 C:\Windows\System32\tquery.dll - ok
07:44:45.0190 0x18d8 [ 24FCC3CDAE327F632CB8696E1E40F772, 1EA38207DE7DCBB6199708E5043A7D2DB290933BF963910206E2576566442003 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
07:44:45.0190 0x18d8 C:\Windows\Microsoft.NET\Framework\v2.0.50727\alink.dll - ok
07:44:45.0190 0x18d8 [ E955300DF949977878C705EC8681009A, 8DF0532317D5A00DF1A1CED769D1944EA5C29FED35C1038C5C9E5486EDA6CCBC ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
07:44:45.0190 0x18d8 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll - ok
07:44:45.0200 0x18d8 [ ED797D8DC2C92401985D162E42FFA450, B746362010A101CB5931BC066F0F4D3FC740C02A68C1F37FC3C8E6C87FD7CB1E ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
07:44:45.0200 0x18d8 C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe - ok
07:44:45.0200 0x18d8 [ 9C966C4709D38BD6C9E624BE424F2486, BD654BC22E1B8282FA43459F7FA3DAD4AC311D7DE50BEBB1CF8892E9B02C26E0 ] C:\Windows\Temp\logishrd\LVPrcInj02.dll
07:44:45.0200 0x18d8 C:\Windows\Temp\logishrd\LVPrcInj02.dll - ok
07:44:45.0200 0x18d8 [ 7568CC720ACE4D03B84AF97817E745EF, 7155144CB0B260B969C398A36BC277C97BEADB5DB137D19A4F7E5AF61C3E24D4 ] C:\Windows\System32\mssrch.dll
07:44:45.0200 0x18d8 C:\Windows\System32\mssrch.dll - ok
07:44:45.0200 0x18d8 [ F7073C962C4FB7C415565DDE109DE49F, 781E7088DCEFBC34A808C3E7DA41A56112B3F23ABE9F54B5EF4D5CD9CD016B1D ] C:\Windows\System32\npmproxy.dll
07:44:45.0200 0x18d8 C:\Windows\System32\npmproxy.dll - ok
07:44:45.0200 0x18d8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] C:\Windows\System32\wdi.dll
07:44:45.0200 0x18d8 C:\Windows\System32\wdi.dll - ok
07:44:45.0210 0x18d8 [ DCEE3592299B2229A0DB98CB415059A2, 709AAA095DF44DDCB6159CE1635AB05EC666D845445790E569F56B297DC64AC3 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
07:44:45.0210 0x18d8 C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
07:44:45.0210 0x18d8 [ 3121A79D13A61562BE9CC902CD46B542, 00A5833A48338A4A9A5530844924AF4F1FAB618DA46D7EBBC6E2165C32ED376C ] C:\Windows\System32\msidle.dll
07:44:45.0210 0x18d8 C:\Windows\System32\msidle.dll - ok
07:44:45.0210 0x18d8 [ ACE1BB07E0377E37A2C514CD2EC119B1, A9AFA4774DFA875496764D6E541A6333A3ACD3C5D2BBEF753C2D80BA83B4AC15 ] C:\Windows\System32\mssprxy.dll
07:44:45.0210 0x18d8 C:\Windows\System32\mssprxy.dll - ok
07:44:45.0220 0x18d8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] C:\Windows\System32\appinfo.dll
07:44:45.0220 0x18d8 C:\Windows\System32\appinfo.dll - ok
07:44:45.0220 0x18d8 [ 1CBF15FDB0310345A68972EB5C5B948F, E1EDCE6216B24037B243AC68CEEBD510646B2EFD70BC118E68303F9ED85D1973 ] C:\Windows\SysWOW64\mssprxy.dll
07:44:45.0220 0x18d8 C:\Windows\SysWOW64\mssprxy.dll - ok
07:44:45.0220 0x18d8 [ B6D3C63C07085941446AA90BD77AC07F, F4E1144DFC8A6A5F81F7326BA3E6E1A6A6CE419C3FAA9513835FB17BFEE73842 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
07:44:45.0220 0x18d8 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll - ok
07:44:45.0220 0x18d8 [ B7762D1AEAAE5C4AAA5F1677EC3B1512, DC075848BC8F74B583354320BFC87E231CB39F6470A2FC3307ECCDFB13751BF9 ] C:\Program Files\Microsoft Security Client\NisLog.dll
07:44:45.0220 0x18d8 C:\Program Files\Microsoft Security Client\NisLog.dll - ok
07:44:45.0230 0x18d8 [ C9FB9038B15036CA28CF0B4BE2BED9BD, 0F56384E798B3F725FFEFC6E31A980DA31F620DB847F601273EF19E8CE74A226 ] C:\Windows\System32\en-US\tquery.dll.mui
07:44:45.0230 0x18d8 C:\Windows\System32\en-US\tquery.dll.mui - ok
07:44:45.0230 0x18d8 [ 5DA42D24712E00728CEA2342A65009B2, 73EC5250DCFD556525B24B3CA66C64AC7747E77652A2AD6119936A59A9E8562A ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
07:44:45.0230 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll - ok
07:44:45.0230 0x18d8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] C:\Windows\System32\wpdbusenum.dll
07:44:45.0230 0x18d8 C:\Windows\System32\wpdbusenum.dll - ok
07:44:45.0230 0x18d8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] C:\Windows\System32\IPSECSVC.DLL
07:44:45.0230 0x18d8 C:\Windows\System32\IPSECSVC.DLL - ok
07:44:45.0240 0x18d8 [ 58A0CDABEA255616827B1C22C9994466, 4FE1140AA8D3995579DE8CDF4ECAD1978804D05351EABB4079A63B303EF1B451 ] C:\Windows\System32\NapiNSP.dll
07:44:45.0240 0x18d8 C:\Windows\System32\NapiNSP.dll - ok
07:44:45.0240 0x18d8 [ 539C49CEBB3C50957AC8A09D95ECD880, 49E75CDB556FBCE72C44648F8930CF2209C1360F9311C5B4CEB19E13B11E6B75 ] C:\Windows\SysWOW64\shfolder.dll
07:44:45.0240 0x18d8 C:\Windows\SysWOW64\shfolder.dll - ok
07:44:45.0240 0x18d8 [ 613C8CE10A5FDE582BA5FA64C4D56AAA, 30507B6BA79E1A271B07BBA58B4FF463678BE0960266A1D5E88031E932D768B6 ] C:\Windows\System32\pnrpnsp.dll
07:44:45.0240 0x18d8 C:\Windows\System32\pnrpnsp.dll - ok
07:44:45.0240 0x18d8 [ 2E2072EB48238FCA8FBB7A9F5FABAC45, AC70B9FC24847EEC2E18008F2894DCDAC19A9C90D5D88729326E493CA524F5C3 ] C:\Windows\System32\winrnr.dll
07:44:45.0240 0x18d8 C:\Windows\System32\winrnr.dll - ok
07:44:45.0250 0x18d8 [ 4449D23E8F197862F1B16F1E6C89C36C, 93AF52BF8E870C0381F027D3BB8F6829E449242074472F1593EB8172D7EB6559 ] C:\Windows\System32\diagperf.dll
07:44:45.0250 0x18d8 C:\Windows\System32\diagperf.dll - ok
07:44:45.0250 0x18d8 [ BF4AC709BE5BF64F331F5D67773A0C82, 96E5A2A12D386B8A7976FEC76FD350E6A3EEBDF5763F4BBF4AB18880E9F269E0 ] C:\Windows\System32\perftrack.dll
07:44:45.0250 0x18d8 C:\Windows\System32\perftrack.dll - ok
07:44:45.0250 0x18d8 [ E64D9EC8018C55873B40FDEE9DBEF5B3, 2DB11E7C631A9887CB75AFEAD2C79EC65F82C51F5F073CEFC8CDDF664EFF29C1 ] C:\Windows\System32\PortableDeviceApi.dll
07:44:45.0250 0x18d8 C:\Windows\System32\PortableDeviceApi.dll - ok
07:44:45.0250 0x18d8 [ 9BC93C9ACFA34DB5A41B89357B31E4ED, C3B9DDCB31970F91F8CAF85D2431903DB1738872775EEFD6712B7646BDE1250C ] C:\Windows\System32\FwRemoteSvr.dll
07:44:45.0250 0x18d8 C:\Windows\System32\FwRemoteSvr.dll - ok
07:44:45.0260 0x18d8 [ C8E8B8239FCF17BEA10E751BE5854631, CB869195E78AB613CEF50AE3B247F0E4E42F233A7AAF5B2BFC5ADEA2C45C5F8D ] C:\Windows\System32\FXSRESM.dll
07:44:45.0260 0x18d8 C:\Windows\System32\FXSRESM.dll - ok
07:44:45.0260 0x18d8 [ E1B22739C933BE33F53DB58C5393ADD3, 26EE0DD091D2E00DECC774DC1EEDFFDE69AF74B0C769CCBE091AFC32C66E4207 ] C:\Windows\System32\Apphlpdm.dll
07:44:45.0260 0x18d8 C:\Windows\System32\Apphlpdm.dll - ok
07:44:45.0260 0x18d8 [ AFA79C343F9D1555F7E5D5FA70BB2A14, 440EF3ADC1F5C7A5ED3E872C8D8DFA61B039454C3CA67F8A51CA8BDCFDC4BA4A ] C:\Windows\System32\PortableDeviceConnectApi.dll
07:44:45.0260 0x18d8 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
07:44:45.0260 0x18d8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] C:\Windows\System32\drivers\WUDFRd.sys
07:44:45.0260 0x18d8 C:\Windows\System32\drivers\WUDFRd.sys - ok
07:44:45.0270 0x18d8 [ 025E7DBDB98866ED3CB2D4DDA70B364D, 78962F23F066E362AF1A4B98FA7D5E30AF30C561307438503031D30C944B6A6E ] C:\Windows\System32\runonce.exe
07:44:45.0270 0x18d8 C:\Windows\System32\runonce.exe - ok
07:44:45.0270 0x18d8 [ E629F1A051C82795DDFFD3E8D4855811, 6E4DFFEAB2795C98EA6DCAF10EA6D97413D0F8CA0C04869CB20B74FF4D6FE679 ] C:\Windows\System32\dimsjob.dll
07:44:45.0270 0x18d8 C:\Windows\System32\dimsjob.dll - ok
07:44:45.0270 0x18d8 [ 35CB97CBC3EDC463418ED4997AAB29B6, EE60EABE2D87CEDD68FB8985B6C5D70930015FB2B8DB9FDCB4044587BC6ECA4C ] C:\Windows\System32\pautoenr.dll
07:44:45.0270 0x18d8 C:\Windows\System32\pautoenr.dll - ok
07:44:45.0270 0x18d8 [ 94DFBB481BF51158B216E23C5C1C9D6E, 0199086A70B9B63E48A7A15C8AE5442E9C6BC0173BD80A104DE1BE6A6C25F202 ] C:\Windows\System32\certcli.dll
07:44:45.0270 0x18d8 C:\Windows\System32\certcli.dll - ok
07:44:45.0280 0x18d8 [ D44741F65A1D71F65814A12CF6E2400A, C6721F830675ADC7E7FDE2B5E822E56F6A063146F5066F1E25EBFE86F0A87136 ] C:\Windows\SysWOW64\runonce.exe
07:44:45.0280 0x18d8 C:\Windows\SysWOW64\runonce.exe - ok
07:44:45.0280 0x18d8 [ 9719E3D834F5C8C43F56A93DFA497023, 4D78D4BD4835C0A237821967156C19DF4B90384A6BCB1F48CEAF35D003A0099A ] C:\Windows\System32\pnpts.dll
07:44:45.0280 0x18d8 C:\Windows\System32\pnpts.dll - ok
07:44:45.0280 0x18d8 [ 46863C4CC5B68EB09EA2D5EEF0F1193A, 9B5593E1F484AC8F96F89A5995FB1FE9C51CB2F0F545607F6850751191150CFE ] C:\Windows\System32\radardt.dll
07:44:45.0280 0x18d8 C:\Windows\System32\radardt.dll - ok
07:44:45.0280 0x18d8 [ 263B26106606A010CF877472B535E4BB, 43ECE89E428D2BB34244894BEBA1B946B0767649D15B1C715223E4E471A9E504 ] C:\Windows\System32\CertEnroll.dll
07:44:45.0280 0x18d8 C:\Windows\System32\CertEnroll.dll - ok
07:44:45.0290 0x18d8 [ E811F8510B133E70CF6E509FB809824F, 82541F2B15748250462B67B6C77530D4F7C45A1482237EC49B28F9FA5A414108 ] C:\Windows\System32\wdiasqmmodule.dll
07:44:45.0290 0x18d8 C:\Windows\System32\wdiasqmmodule.dll - ok
07:44:45.0290 0x18d8 [ AD7B9C14083B52BC532FBA5948342B98, 17F746D82695FA9B35493B41859D39D786D32B23A9D2E00F4011DEC7A02402AE ] C:\Windows\SysWOW64\cmd.exe
07:44:45.0290 0x18d8 C:\Windows\SysWOW64\cmd.exe - ok
07:44:45.0290 0x18d8 [ 326C7F76A29897A892AA7726E91C1C67, 64305346B06EC14976130B0B80F14B4D5AB63E5B2A6A7B872EC9CE2BF8FADCD2 ] C:\Windows\SysWOW64\winbrand.dll
07:44:45.0290 0x18d8 C:\Windows\SysWOW64\winbrand.dll - ok
07:44:45.0290 0x18d8 [ 2C4A87CA8C00E98EFDCFA2E8EC9A3503, DA59CE662E98E56D89E2894D2AC8B9F324C16DA23C860640EDC2C82E0AD06097 ] C:\Windows\SysWOW64\shdocvw.dll
07:44:45.0290 0x18d8 C:\Windows\SysWOW64\shdocvw.dll - ok
07:44:45.0300 0x18d8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] C:\Windows\System32\drivers\WUDFPf.sys
07:44:45.0300 0x18d8 C:\Windows\System32\drivers\WUDFPf.sys - ok
07:44:45.0300 0x18d8 [ 9556649383B375E4D871F994F8E1A328, 34A96798D0AF9A03EE3FCFBF94799A037E682ED212E3F58E2A67762FD0858800 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5C29DE9-F4B6-4BE1-B2FB-876BDD32CD36}\gapaengine.dll
07:44:45.0300 0x18d8 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5C29DE9-F4B6-4BE1-B2FB-876BDD32CD36}\gapaengine.dll - ok
07:44:45.0300 0x18d8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] C:\Windows\System32\aelupsvc.dll
07:44:45.0300 0x18d8 C:\Windows\System32\aelupsvc.dll - ok
07:44:45.0300 0x18d8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] C:\Windows\System32\WUDFSvc.dll
07:44:45.0300 0x18d8 C:\Windows\System32\WUDFSvc.dll - ok
07:44:45.0310 0x18d8 [ 18A7083E41D9131407754DB8534811B3, 63E7D70718678AC3D160539E1F0CB5CCE301B464FC806B76FF29C2DBFE136C0A ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5C29DE9-F4B6-4BE1-B2FB-876BDD32CD36}\nisfull.vdm
07:44:45.0310 0x18d8 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5C29DE9-F4B6-4BE1-B2FB-876BDD32CD36}\nisfull.vdm - ok
07:44:45.0310 0x18d8 [ 92E0508D924512F63FFEEFE498CBD11F, 1158011E4A1298DEC79133B40888AA87B06F5B64BA2AB461B58C22F5F9211D0C ] C:\Windows\System32\p2pcollab.dll
07:44:45.0310 0x18d8 C:\Windows\System32\p2pcollab.dll - ok
07:44:45.0310 0x18d8 [ 8ABFE00F213F2571498F1B8FD7939A98, B557EC9EFD33612BAFE01FFD304B50EFB8C3C19763470560DA950B5AB4A9AC9C ] C:\Windows\System32\WUDFHost.exe
07:44:45.0310 0x18d8 C:\Windows\System32\WUDFHost.exe - ok
07:44:45.0310 0x18d8 [ 25AE683DCB4AE7E6F1B193A0CB9DB35F, 9DC4BE1A51A3E94DB05369222CFCBA2125DA519EAAC46823EAECD738974463EF ] C:\Windows\System32\WUDFx.dll
07:44:45.0310 0x18d8 C:\Windows\System32\WUDFx.dll - ok
07:44:45.0320 0x18d8 [ 91D6F0AB79AA36FFB932157865206F35, 5C20EA92737A4409DF4601D6D256DBC7A8D0AE4C31A32F20054E873473B27781 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
07:44:45.0320 0x18d8 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
07:44:45.0320 0x18d8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] C:\Windows\System32\QAGENTRT.DLL
07:44:45.0320 0x18d8 C:\Windows\System32\QAGENTRT.DLL - ok
07:44:45.0320 0x18d8 [ 9864D52F15AD32094A636C6B5281D9E7, 2DBECE721AA11509F6D5005C5FB965EB0DF28729D0B6C524BB35603C1243BA42 ] C:\Windows\System32\WMVCORE.DLL
07:44:45.0320 0x18d8 C:\Windows\System32\WMVCORE.DLL - ok
07:44:45.0320 0x18d8 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B, 2DFBD792B68F3EBEF0843183CAE5D52B6FA04163808AFACF6C0D738455898C36 ] C:\Windows\System32\fveui.dll
07:44:45.0320 0x18d8 C:\Windows\System32\fveui.dll - ok
07:44:45.0330 0x18d8 [ AACC48FE239F0DF126DA2F28930A5B83, D55E7D9AA79B1875E9074CFFBBCD484024902566B49806A8639B5C04847DFF89 ] C:\Windows\System32\WMASF.DLL
07:44:45.0330 0x18d8 C:\Windows\System32\WMASF.DLL - ok
07:44:45.0330 0x18d8 [ 8DFB5078508924FA725C203CE179B10C, A26A42B331C75D455074B597B982D4CB734B57F1F527C7B2EDBCD0746C38CD52 ] C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
07:44:45.0330 0x18d8 C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
07:44:45.0330 0x18d8 [ 389CA818132C1D7DCF0C791E8D9035DE, 5E54799F92CC604FABEF2F97AFD97F9CAD70D01BCDBC41FAC408D60821927C12 ] C:\Windows\System32\PortableDeviceClassExtension.dll
07:44:45.0330 0x18d8 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
07:44:45.0330 0x18d8 [ 4F3CD1C59EA71401E155C432BCECE180, 6D4118A627CAE509E43D0CC0062EECAA0990C955BB15AE24834460551B2F51A2 ] C:\Windows\System32\PortableDeviceTypes.dll
07:44:45.0330 0x18d8 C:\Windows\System32\PortableDeviceTypes.dll - ok
07:44:45.0340 0x18d8 [ E0E5BB58A4C43F7DBB83352785F32DEF, 03000DF8B9C6D1E13F85730643797413EEE8221653A761FFBECB0AE64457F9E4 ] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
07:44:45.0340 0x18d8 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll - ok
07:44:45.0340 0x18d8 [ DD6F9A0B7E9C2172A9388050684524C9, 09C08C5332FE51497558CC6779D93BB0936F2EBE62C797B5DF74D191541347DC ] C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
07:44:45.0340 0x18d8 C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll - ok
07:44:45.0340 0x18d8 [ 94E3A2D6251A35ED69DB3221329E8584, EE55890F58C13E5A2540196ECFC0789EE027FCD4819B2040162D76F7AE2C6A68 ] C:\Users\The Arnolds\AppData\Local\Temp\{6D6DBBBB-1C5C-41F7-9BB7-F56DD785689F}.exe
07:44:45.0340 0x18d8 C:\Users\The Arnolds\AppData\Local\Temp\{6D6DBBBB-1C5C-41F7-9BB7-F56DD785689F}.exe - ok
07:44:45.0350 0x18d8 [ 662BA98309818AF2C17D4E48BF4021C4, 57B3FFAECE3DF5E22B6764A95D2B8523AA02CCCB4BD0779025C11D02EEBF4B1E ] C:\Program Files\Windows Defender\MpClient.dll
07:44:45.0350 0x18d8 C:\Program Files\Windows Defender\MpClient.dll - ok
07:44:45.0350 0x18d8 [ F705A150AC0E691FA866FD0947229CB5, 0CCC940BFF034AF369C86239E39A2E78E287F78A0FF50627F1F3EA0DF02DD237 ] C:\Program Files (x86)\Dell DataSafe Local Backup\DsProtectionIndex.dll
07:44:45.0350 0x18d8 C:\Program Files (x86)\Dell DataSafe Local Backup\DsProtectionIndex.dll - ok
07:44:45.0350 0x18d8 [ 6EF5F3F18413C367195F06E503AB86A6, 6F8B87FB4D67F9E76A51EF759B58A95D903C4AAC9C789A65A3FA1FC4F253D978 ] C:\Windows\SysWOW64\d3d9.dll
07:44:45.0350 0x18d8 C:\Windows\SysWOW64\d3d9.dll - ok
07:44:45.0350 0x18d8 [ 77B1471A490B53B24EFE136F09F76550, A650C3A244306F8E605BDA8E74BFE438356BA4403B0CB61E980D3183E3F0A7C7 ] C:\Windows\SysWOW64\d3d8thk.dll
07:44:45.0350 0x18d8 C:\Windows\SysWOW64\d3d8thk.dll - ok
07:44:45.0360 0x18d8 [ 4C90F8648B1D83651BF1430C199D95DA, F944A5E790D5181F5D66FD92290B7507D265A71E5D410D98BD596B8089B7994B ] C:\Windows\SysWOW64\igdumd32.dll
07:44:45.0360 0x18d8 C:\Windows\SysWOW64\igdumd32.dll - ok
07:44:45.0360 0x18d8 [ 12DDA8027618DE959EB6FD0A4FAB2DE8, 9566E57D0DC73E2B5F4432EC96196DCEE8B392DFBB2C529B1192CCCD4F1DAA1D ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
07:44:45.0360 0x18d8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll - ok
07:44:45.0360 0x18d8 [ BF49381D79D5257BF7579AF367E1719F, 4C01ECC13D25798179ED06FC82A2A659A687A4E4DA5867F9899FAE72767E07A8 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
07:44:45.0360 0x18d8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll - ok
07:44:45.0360 0x18d8 [ C277FAB73175C5D37D35DE0DEB05D213, AB0DE2DCCA2133C2AF8C7F1154B4A7DE5FE3E20B3088084205CE1FA24777CD97 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
07:44:45.0360 0x18d8 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll - ok
07:44:45.0370 0x18d8 [ A054EA8FBE16D4D34F06D81A4F0088E2, 1CD4EECFDA374C8A7B8AD4E664DC057B9C75813AF776A616DC6D845905567CBD ] C:\Windows\SysWOW64\WindowsCodecs.dll
07:44:45.0370 0x18d8 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
07:44:45.0370 0x18d8 [ 846D0E4DB261CFAF363902E41498E961, D7E5591B7604FD583AF7FDA19E30928B24A6145318A3944E7D207F0CCEEB30D0 ] C:\Windows\SysWOW64\EhStorShell.dll
07:44:45.0370 0x18d8 C:\Windows\SysWOW64\EhStorShell.dll - ok
07:44:45.0370 0x18d8 [ 03F3B770DFBED6131653CEDA8CA780F0, 77373919DCA647F09851E7E460AE78FBD89F21516B961F84AC4446304E51E09C ] C:\Windows\SysWOW64\ntshrui.dll
07:44:45.0370 0x18d8 C:\Windows\SysWOW64\ntshrui.dll - ok
07:44:45.0370 0x18d8 [ 827CB0D6C3F8057EA037FF271F8E9795, 82760DBDDD38D2A31CAAF51D065DF4E7E1D0F0C22733A0AF653776EBF7B79470 ] C:\Windows\SysWOW64\imageres.dll
07:44:45.0370 0x18d8 C:\Windows\SysWOW64\imageres.dll - ok
07:44:45.0380 0x18d8 [ 8B74CEC6980D4816B0037AE9A27E538F, 8721EDB4C51BF6020002FA5DDB1987C68590F9F433A2F18D9756B2DAC7542CB6 ] C:\Windows\SysWOW64\slc.dll
07:44:45.0380 0x18d8 C:\Windows\SysWOW64\slc.dll - ok
07:44:45.0380 0x18d8 [ 5E5BAFFB6E2ECEC1BE96ACFAA099F42F, 76CAEBE0BCC49AED4D44CE333EA1DB31E1AD302EB7E09CD4F6F623DCBAC68C14 ] C:\Program Files (x86)\Dell DataSafe Local Backup\STUICore.dll
07:44:45.0380 0x18d8 C:\Program Files (x86)\Dell DataSafe Local Backup\STUICore.dll - ok
07:44:45.0380 0x18d8 [ 4647D64626D110E4CDF2C0343E855784, 1C5BA92D207422D963793E091F2DBC358FD8F54D4CA22A65D178F53D3721C086 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll
07:44:45.0380 0x18d8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll - ok
07:44:45.0390 0x18d8 [ D9E21CBF9E6A87847AFFD39EA3FA28EE, B2AE0BBF907D4108DE3485E6059DF8D10C39707CD508A55A2D9627A66D01AE78 ] C:\Windows\System32\SearchProtocolHost.exe
07:44:45.0390 0x18d8 C:\Windows\System32\SearchProtocolHost.exe - ok
07:44:45.0390 0x18d8 [ D2A5B2B09F2AF5ED13BF494508B09788, 3FA04E84EC5A575E7804E44BA3BF1C4143E53C4ACF6C823CD029711529B0BE2C ] C:\Windows\System32\msshooks.dll
07:44:45.0390 0x18d8 C:\Windows\System32\msshooks.dll - ok
07:44:45.0390 0x18d8 [ 49A3AD5CE578CD77F445F3D244AEAB2D, 1D200547C6277C4A878A9ADD94045F7ACCC583609985C592AAE9B9B9CA7B812A ] C:\Windows\System32\SearchFilterHost.exe
07:44:45.0390 0x18d8 C:\Windows\System32\SearchFilterHost.exe - ok
07:44:45.0390 0x18d8 [ A08C010D859F8EB42BDD7E1D55B8CA27, F86EAFBF7AA41D8425156C07398EDC3BD42F1690BD3E15D27AEF2EDA86549F15 ] C:\Windows\System32\mscoree.dll
07:44:45.0390 0x18d8 C:\Windows\System32\mscoree.dll - ok
07:44:45.0400 0x18d8 [ D44067027714CC58B8AB0AC38FDA1A0B, 56E96A58B5A53A68485F8D2F7BA286F2B174AB910BD45145258D48251F489F02 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
07:44:45.0400 0x18d8 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
07:44:45.0400 0x18d8 [ 2DBB9127794BC30BC31D26FA088F8BAB, E65D9EC796048046CA786C772A7766AA62B21C704D3B3554E328FFCF947070D0 ] C:\Windows\System32\ieframe.dll
07:44:45.0400 0x18d8 C:\Windows\System32\ieframe.dll - ok
07:44:45.0400 0x18d8 [ 9108540E866F75C7AF2B91DD921A8091, 7208C8E05E818781D7F2703B86848FC90651E0D8BE10362863250F2283CEC511 ] C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
07:44:45.0400 0x18d8 C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
07:44:45.0400 0x18d8 [ FB4045578F5180BDB1963AB352B78548, 8E645A63436EE6CDDB78E6064AEB04ECE39208F760A3EF13A3F49FDF41505E21 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
07:44:45.0400 0x18d8 C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
07:44:45.0410 0x18d8 [ 8494E126F0B10180F3293AF861CE1F7A, 538B1F30423DB2398E611BC46C80150C090698E633BABF7362F7060DBF0C3064 ] C:\Windows\System32\mlang.dll
07:44:45.0410 0x18d8 C:\Windows\System32\mlang.dll - ok
07:44:45.0410 0x18d8 [ ABF9479CAC7FF37591AF723490A753AD, C683EB53ABCC03F7552AE1D09E43E4CFB1201CDE241B432BFBE7BE30CFF62AF6 ] C:\Program Files\Internet Explorer\sqmapi.dll
07:44:45.0410 0x18d8 C:\Program Files\Internet Explorer\sqmapi.dll - ok
07:44:45.0410 0x18d8 [ C47F35CC6FA4F1BDBEF8F87AC1A46537, 82EC7041317666D5370690BD2176CF00F5957036C29429319F45045BFFAE9EC2 ] C:\Windows\System32\wuapi.dll
07:44:45.0410 0x18d8 C:\Windows\System32\wuapi.dll - ok
07:44:45.0410 0x18d8 [ E746ED90132C6B6313CE9179F56BD31D, CCE0367148E54AA1413C52CCE752CC75EA9E3A8232ECFC263C62A634B8CAEF5F ] C:\Windows\System32\wups.dll
07:44:45.0410 0x18d8 C:\Windows\System32\wups.dll - ok
07:44:45.0420 0x18d8 [ FB10715E4099AF9FA389C71873245226, 6A4CB43880B822A0C4714D6E52EB3EB2CE1E69C3AA9CA65EAAD6B131AE43F274 ] C:\Windows\System32\timedate.cpl
07:44:45.0420 0x18d8 C:\Windows\System32\timedate.cpl - ok
07:44:45.0420 0x18d8 [ E6F0F82788E8BD0F7A616350EFA0761C, 13091DCB3E3F4F52C3FF210E93AAF1DCE142CFC09F671AEAC5B922393B23E67B ] C:\Windows\System32\actxprxy.dll
07:44:45.0420 0x18d8 C:\Windows\System32\actxprxy.dll - ok
07:44:45.0420 0x18d8 [ 23B001185B7C3CB1F4BDEB143E6B45B7, AB3A5AB346F6353B43B06FBE20B7785DA988975E2C8B73A6588F107FFAAACC47 ] C:\Windows\System32\shdocvw.dll
07:44:45.0420 0x18d8 C:\Windows\System32\shdocvw.dll - ok
07:44:45.0420 0x18d8 [ A0A65D306A5490D2EB8E7DE66898ECFD, CE5DA408F4EDD5E81CE0925867F03C9A35172CF1571FE4C4C052E45AB69822BB ] C:\Windows\System32\linkinfo.dll
07:44:45.0420 0x18d8 C:\Windows\System32\linkinfo.dll - ok
07:44:45.0430 0x18d8 [ 2BCBA6052374959A30BD7948444DBB79, 46224A2B729026FEEBC3C6A09E69919D477097848DB2CA0C2F5B166CDF379660 ] C:\Windows\System32\gameux.dll
07:44:45.0430 0x18d8 C:\Windows\System32\gameux.dll - ok
07:44:45.0430 0x18d8 [ FA752544EE1EE59E8AD938CBB43CAC93, EA633416EF79F5FC1C841D46F3AAEC6A56BD09D2FD8B9CD8584E4AF65B890974 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
07:44:45.0430 0x18d8 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
07:44:45.0430 0x18d8 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86, E15ED4FEFC3010C213694331DDFDC03767682325C898D773AB243E2DC8B08461 ] C:\Windows\System32\msftedit.dll
07:44:45.0430 0x18d8 C:\Windows\System32\msftedit.dll - ok
07:44:45.0430 0x18d8 [ 73E8667A19FEEDD856DF2695E9E511D4, 68D66C36D1F293D10ADCC6A33C870F989A29743537592CF172F02E794BEAFD1C ] C:\Windows\SysWOW64\wship6.dll
07:44:45.0430 0x18d8 C:\Windows\SysWOW64\wship6.dll - ok
07:44:45.0440 0x18d8 [ B40420876B9288E0A1C8CCA8A84E5DC9, 0D3C73B45BC708D7B1E26DFB6D4F64031A998548FEA0FB5CE198ED716F7DC9A0 ] C:\Windows\SysWOW64\dnsapi.dll
07:44:45.0440 0x18d8 C:\Windows\SysWOW64\dnsapi.dll - ok
07:44:45.0440 0x18d8 [ 40947436A70E0034E41123DF5A0A7702, 5D40FD92DA5CA59C1BADB58AD509DB6A6D613F18660A9A270A53ECA85D34C3A9 ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll
07:44:45.0440 0x18d8 C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok
07:44:45.0440 0x18d8 [ 9D4A1690AF93F233E15380398BEC7431, 8CC99491880DBC444651EB7D245EEE46FE77F4FA74FECFCD29E734AA21AF9D75 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
07:44:45.0440 0x18d8 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
07:44:45.0440 0x18d8 [ E62FF21F5B5F69CFA5BB2F97C03C0A5B, D6FA68843D34B2C99FFA69BD4506CB1DCE4953AB2F0DB10CE5C536494878F279 ] C:\PROGRA~2\Dell\VIDEOS~1\MUITRA~1\STMTEN~1.DLL
07:44:45.0440 0x18d8 C:\PROGRA~2\Dell\VIDEOS~1\MUITRA~1\STMTEN~1.DLL - ok
07:44:45.0450 0x18d8 [ ED6EE83D61EBC683C2CD8E899EA6FEBE, F82592908D038C44D9F2E5C5B7BC663A2D370FC565F40420E1138A9E55F0E7EB ] C:\Windows\SysWOW64\rasadhlp.dll
07:44:45.0450 0x18d8 C:\Windows\SysWOW64\rasadhlp.dll - ok
07:44:45.0450 0x18d8 [ F0D0E883EBBDC7615DC9EDEA0FFB2817, 58F1395445018CB16ED4D3710443FB5B0E087043F6A69F7B10D72D0455958954 ] C:\Windows\SysWOW64\FWPUCLNT.DLL
07:44:45.0450 0x18d8 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
07:44:45.0450 0x18d8 [ 2EBD0C5B090125AECF017C57344C45AB, 4FF8F2460115C60AD164EE0DC2079E1601B8AA21A1BA8033B7B731FAF85411B6 ] C:\Windows\System32\msls31.dll
07:44:45.0450 0x18d8 C:\Windows\System32\msls31.dll - ok
07:44:45.0450 0x18d8 [ 7DBA84667DC18877AEF693E3543DFAD7, 499306CE72EB8B873C547C600FD1093B7A79122D656407E69879041690AE588F ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
07:44:45.0450 0x18d8 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
07:44:45.0460 0x18d8 [ 027675ED9B34EE1B91505C3B8752649F, 78EF98AFB0EE1B680EC8B7BE40ABD87979F09534A49CDA576258BDB4CB4E29C0 ] C:\Windows\System32\Wpc.dll
07:44:45.0460 0x18d8 C:\Windows\System32\Wpc.dll - ok
07:44:45.0460 0x18d8 [ 4C2C4640BF23AAFCF90519E0F34436CE, 8ACCDA77C2DC5BE2DAED05134310122AFECC872A8D118612E55DD229BFE4D844 ] C:\Windows\System32\DeviceCenter.dll
07:44:45.0460 0x18d8 C:\Windows\System32\DeviceCenter.dll - ok
07:44:45.0460 0x18d8 [ 04DC919865A7CF29CF9F19F00D1EB646, D9EEA61EB625A1833813C7D61A7D095A161830E6B27BCA4B4157D6502DE137EA ] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
07:44:45.0460 0x18d8 C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe - ok
07:44:45.0460 0x18d8 [ 569AC1376B12D4083FC66CC7A304F234, DD209F09573F10A77D710E30EF3D0461D2E8F4E5F18106B18EFB587C88393460 ] C:\Program Files\Microsoft Security Client\msseces.exe
07:44:45.0460 0x18d8 C:\Program Files\Microsoft Security Client\msseces.exe - ok
07:44:45.0470 0x18d8 [ ABAEEE966953092F013902849495E588, C1760F10AFCDF9F510A35508DD7DFB52FAE4BEB1C2F422C714E2587917CB8312 ] C:\Windows\System32\igfxtray.exe
07:44:45.0470 0x18d8 C:\Windows\System32\igfxtray.exe - ok
07:44:45.0470 0x18d8 [ 69754747274B76E7FAF287239333D7E6, A0BAEC1E56E4B1A17C0D41B317526AF5BB11E7E488C7016067A6229346A23B16 ] C:\Windows\System32\msiltcfg.dll
07:44:45.0470 0x18d8 C:\Windows\System32\msiltcfg.dll - ok
07:44:45.0470 0x18d8 [ 24F4B480F335A6C724AF352253C5D98B, 011413B236CAD7B78CE0A0EEC3E3085D48C7576A3205D025BA6EBFDF590538E4 ] C:\Windows\System32\thumbcache.dll
07:44:45.0470 0x18d8 C:\Windows\System32\thumbcache.dll - ok
07:44:45.0470 0x18d8 [ 405F4D32D2185F1F1BD753D8EEAFFB3A, CAC42C3E09C43BE96592B670D70821386014DB22D8239A9CFB9E33E54FB5C3D5 ] C:\Windows\System32\networkexplorer.dll
07:44:45.0480 0x18d8 C:\Windows\System32\networkexplorer.dll - ok
07:44:45.0480 0x18d8 [ 6200A37004340CBC2BA7BD585285513D, 44102F31F0223DA8633A9E44C4C15780D0CFDD9FD7D33F23F128C523087AB330 ] C:\Windows\System32\hkcmd.exe
07:44:45.0480 0x18d8 C:\Windows\System32\hkcmd.exe - ok
07:44:45.0480 0x18d8 [ 9DD06F00898AA5CA7E24186EFC8E5E25, 51141D0D07DBC955B63281351D3F17163ACE9A5B08628EA1C82F33FD2913970E ] C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{FDE2E1A4-D4DF-4971-AD07-20DA5838B051}.tmp
07:44:45.0480 0x18d8 C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{FDE2E1A4-D4DF-4971-AD07-20DA5838B051}.tmp - ok
07:44:45.0480 0x18d8 [ C4D30FAB57F1D68DE13DA93FDB5CA719, 5A9E65BC44785D421F33F3A36DD5461E3001D4BFD5DE4AB5CC783CD4F16A46F4 ] C:\Windows\System32\hccutils.dll
07:44:45.0480 0x18d8 C:\Windows\System32\hccutils.dll - ok
07:44:45.0490 0x18d8 [ 47CBC23DBA11B96DEB11288549FBA66F, 0A7BA6328DCA6B759E5C8135BF381E09502B131C8A4A8B0C0D0E164583A67322 ] C:\Windows\System32\igfxsrvc.exe
07:44:45.0490 0x18d8 C:\Windows\System32\igfxsrvc.exe - ok
07:44:45.0490 0x18d8 [ B64F4CC4C2172D401CA63967311D20B6, 071A381154B4CE3B3327481363DEC83DDAB00EFE03A4F150CDAC85F77CFF30FA ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
07:44:45.0490 0x18d8 C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
07:44:45.0490 0x18d8 [ 91A7771934C0D9D2DA7699D25BB5B348, 154A6EB866AF22B38AEE8DB5A864653FEB15DED69DE26E5B602B7C5056CDDF72 ] C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{491862BA-8B71-474B-8FBE-37E314EB288F}.tmp
07:44:45.0490 0x18d8 C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{491862BA-8B71-474B-8FBE-37E314EB288F}.tmp - ok
07:44:45.0490 0x18d8 [ 80808656078CFCC32CF8BFEB0DD66279, 383F37599ABF16EEDEB2A60242DB7EDCC3D210A2A59DD61169047059F7041C5C ] C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{22AA8528-6863-488F-8A91-124B8209A7B7}.tmp
07:44:45.0490 0x18d8 C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{22AA8528-6863-488F-8A91-124B8209A7B7}.tmp - ok
07:44:45.0500 0x18d8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] C:\Windows\System32\drivers\fastfat.sys
07:44:45.0500 0x18d8 C:\Windows\System32\drivers\fastfat.sys - ok
07:44:45.0500 0x18d8 [ BB8E454BEA6FC5DE0B4723CFDC13AEEE, 4F6B9F84A0B93AC08A9CC9D52C4A87F0664DB46D08529F9F9D28A26734A3E410 ] C:\Program Files (x86)\Dell Stage\Dell Stage\libumajin.dll
07:44:45.0500 0x18d8 C:\Program Files (x86)\Dell Stage\Dell Stage\libumajin.dll - ok
07:44:45.0500 0x18d8 [ 96155A8E11B042FF2CA75B67C3B561FD, 389633FD7567CF344449891F136F20412DB0F7FB4E7A32DC4175AD057FC079E7 ] C:\Windows\System32\igfxsrvc.dll
07:44:45.0500 0x18d8 C:\Windows\System32\igfxsrvc.dll - ok
07:44:45.0500 0x18d8 [ 9B0F7C94A71E4C781900B6C8F923682F, DD9DCFF4010875BA48C2B009764D7E19C2DA0A96F7706D6F0C95AA58791828CF ] C:\Windows\System32\igfxdev.dll
07:44:45.0500 0x18d8 C:\Windows\System32\igfxdev.dll - ok
07:44:45.0510 0x18d8 [ DF471F11CC78BE02FE6BA15F2D94F65B, 9AC230DE58CE40E78AE6872BCF4778B69EEBF17E0E41B1301FF364ABD4737A78 ] C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{EA0D682D-6F75-4F01-B912-92C36B17F5E6}.tmp
07:44:45.0510 0x18d8 C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{EA0D682D-6F75-4F01-B912-92C36B17F5E6}.tmp - ok
07:44:45.0510 0x18d8 [ A5CB3D0F6A96136D2C96EB62A9BE47B1, 1774D980A0DB576204347DBB9E910BDD0119935D111E6CEC74CCDDFE5F79705C ] C:\Windows\System32\igfxrenu.lrc
07:44:45.0510 0x18d8 C:\Windows\System32\igfxrenu.lrc - ok
07:44:45.0510 0x18d8 [ 0FD19BDDD2513874FF6903F717367795, DFAF9C33F993BA26FC84EF66ABC7C483E62762F7E1FC763605A75ACC2E8AA4EE ] C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{A9DAD6C7-5DA6-4347-BF58-A25EA6A1F5DE}.tmp
07:44:45.0510 0x18d8 C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{A9DAD6C7-5DA6-4347-BF58-A25EA6A1F5DE}.tmp - ok
07:44:45.0520 0x18d8 [ DD88BBF87A43331A4E99E37F7BF59FDB, 872190F559FA0DD1F711E9FA101BA1AB6E6DE5ED0CCCE1AB7AFE45BC3B78A0F1 ] C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{99EFEE24-0CDD-4F2A-AE1C-5CC5743EB91B}.tmp
07:44:45.0520 0x18d8 C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{99EFEE24-0CDD-4F2A-AE1C-5CC5743EB91B}.tmp - ok
07:44:45.0520 0x18d8 [ 93812FDC01AA864195816CD814445F95, E5CB2576DA2905177AFD342DBE63E17CF626F93F430DEBC55155C18C60166BEE ] C:\Program Files\Microsoft Security Client\sqmapi.dll
07:44:45.0520 0x18d8 C:\Program Files\Microsoft Security Client\sqmapi.dll - ok
07:44:45.0520 0x18d8 [ C0798E90F54A10E37001CE26E51D3793, 58FCA9D3562138CF177E000DB1839FAF479F3A40139ABD366F4328F8D51FB917 ] C:\Windows\System32\igfxpers.exe
07:44:45.0520 0x18d8 C:\Windows\System32\igfxpers.exe - ok
07:44:45.0520 0x18d8 [ 390679F7A217A5E73D756276C40AE887, 3EDFB645B2F58864E653C66516D6D48C4F9D691CFD51D91D4D88E316EE7B7177 ] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
07:44:45.0520 0x18d8 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe - ok
07:44:45.0530 0x18d8 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
07:44:45.0530 0x18d8 C:\Program Files\Windows Sidebar\sidebar.exe - ok
07:44:45.0530 0x18d8 [ 449E6CD914920B84DDDF0F12880411EE, 0BC8E916EE2936B85FC5E4E7A48995E4EEA1AB7E2032E2E759A538F9838FBC72 ] C:\Program Files (x86)\Skype\Phone\Skype.exe
07:44:45.0530 0x18d8 C:\Program Files (x86)\Skype\Phone\Skype.exe - ok
07:44:45.0530 0x18d8 [ 5046E55184021406C27E8D48A1B2C9D2, DA592E05F2BA21A540B409FD2156A5BDF253EB3B50B30EEDCAE325DD026993D7 ] C:\Windows\System32\l3codeca.acm
07:44:45.0530 0x18d8 C:\Windows\System32\l3codeca.acm - ok
07:44:45.0540 0x18d8 [ EAA666E9DD8DCDA6E075087091CB85EE, 045BA25D6491123D1F54C6838F42771051BCEB3ACE1F8FD6C2BD8E886404F82C ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
07:44:45.0540 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - ok
07:44:45.0540 0x18d8 [ 4261449C1CADA6B007E5C27522946D2B, 11E79D1C529E816CCCAC9266089C77A4DB44676CAEEE25C66D6DB420B18D3ACB ] C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{7E9AA06C-C405-41BD-A6B2-C0CB3F61C49F}.tmp
07:44:45.0540 0x18d8 C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{7E9AA06C-C405-41BD-A6B2-C0CB3F61C49F}.tmp - ok
07:44:45.0540 0x18d8 [ E00DE20F0F6BED5CD2160247DDC9443B, DBE12149FA6558C23F0D5280C54224C3AEE25F7FD30074021524C2F1FA3C27ED ] C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
07:44:45.0540 0x18d8 C:\Program Files (x86)\ERUNT\AUTOBACK.EXE - ok
07:44:45.0540 0x18d8 [ EBE1962DC5EEFC13D20543013A891ABC, E6E993B38267D17EF4FFAD8870817DA0D65405C920177D077FA3FD7B98DB4C3D ] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
07:44:45.0540 0x18d8 C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe - ok
07:44:45.0550 0x18d8 [ 6BA03B5AF0B49BFEFC5DF84C8DBE5209, C1C77823C4E97F70CCA10777C213A70E74FD372B74C96AA6D00D147A8B9656F4 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
07:44:45.0550 0x18d8 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe - ok
07:44:45.0550 0x18d8 [ 105CFE016CCB20175BEACEC146F175AB, BA21F40CDBF159EE4EACCBFB2A7D20EB9E1C2758883AF089A8E53EE478002E83 ] C:\Windows\System32\IccLibDll_x64.dll
07:44:45.0550 0x18d8 C:\Windows\System32\IccLibDll_x64.dll - ok
07:44:45.0550 0x18d8 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
07:44:45.0550 0x18d8 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
07:44:45.0550 0x18d8 [ 6627AA675A5C1B0330487A02E23F0560, 256AE9BA4273D4247FFAD6099D5A4FC8E98EDB27293AC8CAF7A571EB3890FAA7 ] C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{57936A9F-08DE-4EDE-965C-8C902107671F}.tmp
07:44:45.0550 0x18d8 C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{57936A9F-08DE-4EDE-965C-8C902107671F}.tmp - ok
07:44:45.0562 0x18d8 [ A7749965A3923D024922A86BAAECAFF4, 70CC52E58881F405B334EDE68913EAB1B7FADBFB19B92F42B40E4737C6F073F7 ] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
07:44:45.0562 0x18d8 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe - ok
07:44:45.0562 0x18d8 [ 4164A47F3A2DA7EA44572904C3DF44A4, 192097A694949269CD642C4F832715F48F4448669951D027DBECE9D873E9DA94 ] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
07:44:45.0562 0x18d8 C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe - ok
07:44:45.0562 0x18d8 [ 53E81C75B3C260C8FE9FD9ED4D8DB8F0, FFAC65ECFEAD6673A2586B08034FA4E16361CE6854175D86E597C7949A4CB366 ] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\AS_Storage_w32.dll
07:44:45.0562 0x18d8 C:\Program Files (x86)\Roxio\OEM\Roxio Burn\AS_Storage_w32.dll - ok
07:44:45.0562 0x18d8 [ 918850CDD168605454665D160B034837, 1D2E61C72DD8854837281A618A7DD7F47054EFF912DF4736690304B3794918A3 ] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
07:44:45.0562 0x18d8 C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe - ok
07:44:45.0572 0x18d8 [ 0771B5F987FDCF35B7B218C6AE7AA868, F68240A0291160A97950EFB92A5B2F7B4798E4E9F643D452E0C9DA9DC6A3F3BF ] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
07:44:45.0572 0x18d8 C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe - ok
07:44:45.0572 0x18d8 [ 2589FFE360BED8F824CBC6171CB5B874, 4C532EE4707F9B4314AF7FC88C86B48AFCDE03A2097919F9801BE47EB5CC61EB ] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
07:44:45.0572 0x18d8 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe - ok
07:44:45.0572 0x18d8 [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
07:44:45.0572 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
07:44:45.0582 0x18d8 [ BB8E454BEA6FC5DE0B4723CFDC13AEEE, 4F6B9F84A0B93AC08A9CC9D52C4A87F0664DB46D08529F9F9D28A26734A3E410 ] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libumajin.dll
07:44:45.0582 0x18d8 C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libumajin.dll - ok
07:44:45.0582 0x18d8 [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
07:44:45.0582 0x18d8 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe - ok
07:44:45.0582 0x18d8 [ 9130CCE19B5DB3D2E31F9F789263FC4A, 61450BD6BC6590236B1DF56E1594B12AE174496357A49B5963C41D0D1465D66F ] C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2\Lib\X86\capicom.dll
07:44:45.0582 0x18d8 C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2\Lib\X86\capicom.dll - ok
07:44:45.0592 0x18d8 [ 723B834A07F7DF7DE4CEB637D57ACEA3, B42867045DD3FB7682CDBD133970421010F0F14125E4992C73657CABA4659250 ] C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{D31A7D7F-F193-405E-B85B-7656860FC161}.tmp
07:44:45.0592 0x18d8 C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{D31A7D7F-F193-405E-B85B-7656860FC161}.tmp - ok
07:44:45.0592 0x18d8 [ D2E3E6D94A9E1CFA1561D9C748136FD0, C8CD851F1872086D18A329B47C7DEFAD2CE2E3A8F4321411247D06D07B2DB1D3 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
07:44:45.0592 0x18d8 C:\Program Files (x86)\iTunes\iTunesHelper.exe - ok
07:44:45.0592 0x18d8 [ A0534DAE1A855B2CFB761042D35E9152, ECE2187A7762BEAC381589E90A1914C756DF4D242656AD937D565D774BB0B6AB ] C:\Program Files (x86)\iTunes\iTunesHelper.dll
07:44:45.0592 0x18d8 C:\Program Files (x86)\iTunes\iTunesHelper.dll - ok
07:44:45.0592 0x18d8 [ F1278B3514EA6FA9BC39B20D26139AAC, 7FA1B8CCBB4771F3105EEACE2C13F949FA65C7F53817C783BDF9770F94FF12B5 ] C:\Windows\SysWOW64\msiltcfg.dll
07:44:45.0592 0x18d8 C:\Windows\SysWOW64\msiltcfg.dll - ok
07:44:45.0602 0x18d8 [ 6CD92194F84F6F0CE0D0088DBFC97262, 7F21753528FC3695885E8B3FEB6EA42AE4D47452BA96507BED0C55F99BBC119B ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll
07:44:45.0602 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll - ok
07:44:45.0602 0x18d8 [ C66376234C25D1FB4F5F376CE2923DBF, EF0750C97B432BFBF17E1692145218AB77D0B216A32AEF77A9F6659F168D7E61 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
07:44:45.0602 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc - ok
07:44:45.0602 0x18d8 [ 6DAECF849C44CE3F3C01AFDB7C587849, 0C79A5E78D3AB15A5404756E9A09191DFB17E2CF2FABD2EBF25BD5BBC6C50FFF ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll
07:44:45.0602 0x18d8 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
07:44:45.0612 0x18d8 [ 11AAEC8BB512262F07C191ACCEE205D8, AF9A3AF0A098EF919E9C610940303DD251D17860B6715FCF9A349CB11E69E704 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll
07:44:45.0612 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll - ok
07:44:45.0612 0x18d8 [ B3CE0951E3C1EA3C733573C472EE85F9, F7D81435BA1B85A6B105480B8BF484255CB74B2E31CEA927D8F3546DB6549293 ] C:\Windows\System32\msimtf.dll
07:44:45.0612 0x18d8 C:\Windows\System32\msimtf.dll - ok
07:44:45.0612 0x18d8 [ C1DE893FAF6D7F6CFB479A1F61835482, AD5FA3CE73777704C67C933691F1F068E1A7FF545F728B97574F9C33AC4BBC01 ] C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{DEECD958-A118-402F-B370-FFE0EBBB208C}.tmp
07:44:45.0612 0x18d8 C:\Users\THEARN~1\AppData\Local\Temp\{38ED9144-D051-4C03-8BED-9B60C69C0FB9}\{DEECD958-A118-402F-B370-FFE0EBBB208C}.tmp - ok
07:44:45.0612 0x18d8 [ A4C6C8D17BF59ED17E24D0403E0CEF59, 9EEF41B0C7D26BDCFEA3AEBF436CA69F41EA305BCD00F3FE9B8BF86FD7A13D06 ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
07:44:45.0612 0x18d8 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
07:44:45.0622 0x18d8 [ BB50B21FEE2A6F3E5FC92B330ECCF050, FD8A126C7F19267821C5FFC6C8341BBF2E11ADB241C49371BFB8CA00218A5754 ] C:\Windows\SysWOW64\hhctrl.ocx
07:44:45.0622 0x18d8 C:\Windows\SysWOW64\hhctrl.ocx - ok
07:44:45.0622 0x18d8 [ E1946CF6A39ACDE3A62AB2053FBE3EB7, F9C9A7EB63C8E740A43198E7863D42BA80B9CEF5AC5CFCCC38EDC684864C3F46 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
07:44:45.0622 0x18d8 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
07:44:45.0622 0x18d8 [ 561FA2ABB31DFA8FAB762145F81667C2, DF96156F6A548FD6FE5672918DE5AE4509D3C810A57BFFD2A91DE45A3ED5B23B ] C:\Windows\SysWOW64\msvcp71.dll
07:44:45.0622 0x18d8 C:\Windows\SysWOW64\msvcp71.dll - ok
07:44:45.0622 0x18d8 [ 5C832661F6AF6FBC7EDD5778294F6576, B96A4CBD37B2FE10845E7BF3875871C02AB44270475A5A7DE6FFB4E1AC058BF9 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
07:44:45.0622 0x18d8 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
07:44:45.0632 0x18d8 [ FA579B5272957DAF6CFD0E10EEFBF5AC, C793A4208103D3676C6713C5E351B9FEFD11E632C54BD794F7D59B9551466F79 ] C:\Windows\SysWOW64\mssign32.dll
07:44:45.0632 0x18d8 C:\Windows\SysWOW64\mssign32.dll - ok
07:44:45.0632 0x18d8 [ A25A46E0813B36797D7F31234764E17A, 136F1E4E8D8845E3242800C166B6E708AE0D62E2B18822B0E5ADABF628571960 ] C:\Windows\Temp\logishrd\LVPrcInj01.dll
07:44:45.0632 0x18d8 C:\Windows\Temp\logishrd\LVPrcInj01.dll - ok
07:44:45.0632 0x18d8 [ 86F1895AE8C5E8B17D99ECE768A70732, 8094AF5EE310714CAEBCCAEEE7769FFB08048503BA478B879EDFEF5F1A24FEFE ] C:\Windows\SysWOW64\msvcr71.dll
07:44:45.0632 0x18d8 C:\Windows\SysWOW64\msvcr71.dll - ok
07:44:45.0642 0x18d8 [ B9E362680ADB83F0E0134F4567DBF656, 8C113097A86C3BCBC46F2B1801730F5D6C24C4871C9609F16195ECC1BF5A0621 ] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\LayoutDLL12OEM.dll
07:44:45.0642 0x18d8 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\LayoutDLL12OEM.dll - ok
07:44:45.0642 0x18d8 [ E0EA58834CD19FDFCD1BC37B22E1D3D8, F8082A45CFFB86B51BA84797451F90C5533E5B0CD9E6B5162F205147F2030A5A ] C:\Windows\SysWOW64\jsproxy.dll
07:44:45.0642 0x18d8 C:\Windows\SysWOW64\jsproxy.dll - ok
07:44:45.0642 0x18d8 [ 9C67F6BBDA3881CFD02095160CF91576, 6CE97C6F0AD8BE183DE935A7AAB7D46821E8DE9E55A4BFF54ACB49D056826A94 ] C:\Windows\SysWOW64\ksuser.dll
07:44:45.0642 0x18d8 C:\Windows\SysWOW64\ksuser.dll - ok
07:44:45.0642 0x18d8 [ 243974EC02F7AE49E4179C54624143AB, 755FA67F7BF10E3C6336788D297FBAA70F28F630852A43A78D3F7D7E3A7ECED0 ] C:\Windows\SysWOW64\MMDevAPI.dll
07:44:45.0642 0x18d8 C:\Windows\SysWOW64\MMDevAPI.dll - ok
07:44:45.0652 0x18d8 [ 98D472ECFBC0E8ED25A0483E765F42B6, 4FEFFC45B66271DE978779A8C0017FCC53AAA50B98107A3B7CAE1EBE5EF5FCC2 ] C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
07:44:45.0652 0x18d8 C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe - ok
07:44:45.0652 0x18d8 [ E2A17BCC08D92F42E08AF6BA2F93ABA7, 5FC9D47BF4B1094BECC0C0DDCD5CD4318DD3E4495D982F8785331616D5B82599 ] C:\Windows\SysWOW64\ExplorerFrame.dll
07:44:45.0652 0x18d8 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
07:44:45.0652 0x18d8 [ A51A7D0C82C93827532DF3B8FE7804EA, AB4755CBAC471E6C69665EFB2620BF8320F9D72DD8DDE9377D4E296BAE96EB1B ] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\CPSCommonTools12OEM.dll
07:44:45.0652 0x18d8 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\CPSCommonTools12OEM.dll - ok
07:44:45.0652 0x18d8 [ C11EC54689F776C1731E084E1649974C, 0AB7B2C9997D6137597F34A438F8E66E4C558C1BF9CAE57978FB43075110C612 ] C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManagerPS.dll
07:44:45.0652 0x18d8 C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManagerPS.dll - ok
07:44:45.0662 0x18d8 [ D205C24A9D069049FE2DF2A1B38726A7, B98F420B57A34FDA24F9A655319245EEF86EF4A952014FFA018070A01D5CBC4C ] C:\Windows\SysWOW64\wdmaud.drv
07:44:45.0662 0x18d8 C:\Windows\SysWOW64\wdmaud.drv - ok
07:44:45.0662 0x18d8 [ 139D3AB6AA920C34C50CBFFB9EB7D222, 5A5D205E16E6AFDCC965E4144FE6E104157DE7541D31727520363F2670513940 ] C:\Windows\SysWOW64\avrt.dll
07:44:45.0662 0x18d8 C:\Windows\SysWOW64\avrt.dll - ok
07:44:45.0662 0x18d8 [ C940F2F5C60B3727C5F18840735B229C, EFC3F465FD6C570505C214A92644357ACD01B1843ED25B5FCCCE10533403485C ] C:\Windows\SysWOW64\AudioSes.dll
07:44:45.0662 0x18d8 C:\Windows\SysWOW64\AudioSes.dll - ok
07:44:45.0662 0x18d8 [ 3B1247FC09F82A1ECD1294EA13C79C3E, 92F22F1ED61E09D4FC8324BC7B810F310B5979CDD1995BE2CA36F352FED16323 ] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\roxippEMC12.dll
07:44:45.0662 0x18d8 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\DLLShared\roxippEMC12.dll - ok
07:44:45.0672 0x18d8 [ 5A12C364AD1D4FCC0AD0E56DBBC34462, 5FDF434BE4E15311AC83754CF85B5451F5A219D768A5DE3DC4FD9AE0B57B0AD9 ] C:\Windows\SysWOW64\midimap.dll
07:44:45.0672 0x18d8 C:\Windows\SysWOW64\midimap.dll - ok
07:44:45.0672 0x18d8 [ 85683DF1F917E4D7F6BE1A04986BF1C8, D68D9F525D31C1843B6EC8FA950166FA1F34DB71222716E7B22DD33981C152B6 ] C:\Windows\SysWOW64\msacm32.dll
07:44:45.0672 0x18d8 C:\Windows\SysWOW64\msacm32.dll - ok
07:44:45.0672 0x18d8 [ 07393A09C46083588E751B63B03C8301, 36E2351CF5FA05FEAAEB340B5E04B107B53C8174F8333559D8AEA40BEB94F678 ] C:\Windows\SysWOW64\msacm32.drv
07:44:45.0672 0x18d8 C:\Windows\SysWOW64\msacm32.drv - ok
07:44:45.0682 0x18d8 [ 6E1F8165C365D35C8E3C045AF0CDD481, B861360D0A014265A0BEB4CC2FE31EA05AE95120E8B07820C13A044D64C00E2B ] C:\Windows\SysWOW64\duser.dll
07:44:45.0682 0x18d8 C:\Windows\SysWOW64\duser.dll - ok
07:44:45.0682 0x18d8 [ EE06B85BC69F18826302348A2AD089E0, 417205797CC9F6C986A863A61179784D9ADCAF1961EF8A4D9042D73C5A86509A ] C:\Windows\SysWOW64\dui70.dll
07:44:45.0682 0x18d8 C:\Windows\SysWOW64\dui70.dll - ok
07:44:45.0682 0x18d8 [ AB3FA3D9B1F1D0571CBC43D1487CCD6F, AA3A661F8C907D430E9D430852B1608AFEEA848607A428C58CE1BF0C871E0453 ] C:\Windows\System32\jscript9.dll
07:44:45.0682 0x18d8 C:\Windows\System32\jscript9.dll - ok
07:44:45.0682 0x18d8 [ 04CB7C8FDC6D9640DD82A527208F72C4, 0F8A327B0234A29EAB1F03D9102A3DF7DB4515BF580163198C5A8C174C98DE4F ] C:\Windows\System32\UIAnimation.dll
07:44:45.0682 0x18d8 C:\Windows\System32\UIAnimation.dll - ok
07:44:45.0692 0x18d8 [ C676E5EA388AF7C4C031F56F9B42E362, 7686AF56DF7D8A333C7F741DEA06D0577E88B69F648CEC94C1D6BEFAAE6B4135 ] C:\Windows\System32\d2d1.dll
07:44:45.0692 0x18d8 C:\Windows\System32\d2d1.dll - ok
07:44:45.0692 0x18d8 [ 1BC8A289BFDE02DF0DA6C06689FA89C3, C97E9F8892FFA2E663DB261C36901C71DF0AF434569FFCF999FF07ABA7A6676D ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\homepermitsconfig13.dll
07:44:45.0692 0x18d8 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\homepermitsconfig13.dll - ok
07:44:45.0692 0x18d8 [ 837115C004022C7C9317848645D714FD, 57FDE05ECF6502618FFF41E12BFA01D6E6E9E52F7E41EEC27B2473257C4FCFC9 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\rsl.dll
07:44:45.0692 0x18d8 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\rsl.dll - ok
07:44:45.0702 0x18d8 [ 6046C98205A35C2CEC330B15F88D4443, DBE59F6BD1F48942EAB19D8DAA8DD70CB0A7FE286E3B857DEAA19687480F0D63 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
07:44:45.0702 0x18d8 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll - ok
07:44:45.0702 0x18d8 [ 1220595CABA75AB91A6B3FA3B89483CC, 313DFE385336D00DAFBC8DF30F001859C77DEB214BB3F874CE42F22734FFAE4E ] C:\Windows\SysWOW64\snmpapi.dll
07:44:45.0702 0x18d8 C:\Windows\SysWOW64\snmpapi.dll - ok
07:44:45.0702 0x18d8 [ 5BD85ABB12E057257D9D93C0838ABC0B, EC7C3A71123524C6ACEC22BA1802B42D84BB53571A044EC2776027420A5C1A60 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\rcsl.dll
07:44:45.0702 0x18d8 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\rcsl.dll - ok
07:44:45.0702 0x18d8 [ E325D1DB76B13B33692D6318F67DC4EC, BBBD2609BF2BCCF9698B236A1ADD0553CE426AFC6670302902C22166DB6AAFEA ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicHTTPClient13.dll
07:44:45.0702 0x18d8 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicHTTPClient13.dll - ok
07:44:45.0712 0x18d8 [ 8F17CA7CD61AF4602FC88647BAEA9F54, 4355A601FC9BB2E98921979F4C2015557A1AE5701C2FABA942C464BDC3796919 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicLicenseManager13.dll
07:44:45.0712 0x18d8 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicLicenseManager13.dll - ok
07:44:45.0712 0x18d8 [ C3761661C17C2248A9379A8FB89E3DE1, CE3477FA2B4058EB80739E0161FE957545F13CF86D313F6422732901D35F75F2 ] C:\Windows\System32\stobject.dll
07:44:45.0712 0x18d8 C:\Windows\System32\stobject.dll - ok
07:44:45.0712 0x18d8 [ F832EEEA97CDDA1AF577E721F652A0D1, EBBB7CA199BA4DF231123922BD310D43DE0104C6185B70FE0281B938D5336F2E ] C:\Windows\System32\batmeter.dll
07:44:45.0712 0x18d8 C:\Windows\System32\batmeter.dll - ok
07:44:45.0722 0x18d8 [ 487F44B08EFEAF5AD087878357B9403D, B02C99850940588D52B3E6DB30DB64582F294E0BD62101067BECFEA1483010C6 ] C:\Windows\SysWOW64\pdh.dll
07:44:45.0722 0x18d8 C:\Windows\SysWOW64\pdh.dll - ok
07:44:45.0722 0x18d8 [ AC6EE4B07B9A78B155DEE7529ACCE355, 2A09A60B38DC714396C7E606B33D974A0727365BC7B0BB5FCB88413DAD51B0BF ] C:\Program Files (x86)\Dell Stage\Dell Stage\libmmd.dll
07:44:45.0722 0x18d8 C:\Program Files (x86)\Dell Stage\Dell Stage\libmmd.dll - ok
07:44:45.0722 0x18d8 [ 08DFDBD2FD4EA951DC46B1C7661ED35A, D926530C659DDAF80770663F46F1EFD94FFB4AAB475C4E3367CB531AF4A734E1 ] C:\Windows\SysWOW64\powrprof.dll
07:44:45.0722 0x18d8 C:\Windows\SysWOW64\powrprof.dll - ok
07:44:45.0722 0x18d8 [ 3B961948665558C20EDBEF74F547D872, 74F119C2E671B5A5EC79EDF14A068A63885920999F5F6792F893151582854B19 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
07:44:45.0722 0x18d8 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
07:44:45.0732 0x18d8 [ CF8D43B5CE132414CC0667E9C5EB5574, 901E3C967295B3E288043BD0BFC1810C505824F9D73C5E7FF22963E49279DB2D ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\homepermitsconfig12OEM.dll
07:44:45.0732 0x18d8 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\homepermitsconfig12OEM.dll - ok
07:44:45.0732 0x18d8 [ 012787CEB35505EB78DF82E0A0072888, FE082EF9F8462589F8C8BEEFB1D10AB06E1E3D6F4494CABF34097328C109C03E ] C:\Windows\System32\browcli.dll
07:44:45.0732 0x18d8 C:\Windows\System32\browcli.dll - ok
07:44:45.0732 0x18d8 [ DD85F00EC31F77315AE992B7B0411D65, 54C7A699252AAC3210BD1B8047292F5BE004FA72B8B5338D9772EF800C7EAED0 ] C:\Windows\System32\DWrite.dll
07:44:45.0732 0x18d8 C:\Windows\System32\DWrite.dll - ok
07:44:45.0732 0x18d8 [ C4BFE4B61086416B0529212F92BCE081, A5EE6FB81229885C7A4A4EF0A9C3E9EE9E7F85C1EDE9BEEE236EB0503093D8F3 ] C:\Windows\System32\schedcli.dll
07:44:45.0732 0x18d8 C:\Windows\System32\schedcli.dll - ok
07:44:45.0742 0x18d8 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC, 372AF797353F9335915CD06D4076BAB8410775DCAF2DAC0593197D7C41BBFFB2 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
07:44:45.0742 0x18d8 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
07:44:45.0742 0x18d8 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122, E7EA375A3BDE8FC764CB09524344370B9EE25F98AD6C83E6F37A569EB8D277D6 ] C:\Windows\System32\prnfldr.dll
07:44:45.0742 0x18d8 C:\Windows\System32\prnfldr.dll - ok
07:44:45.0742 0x18d8 [ 807B6562009E5858C93E1C0F435C0382, 7E523EC452BEDBDA6164B28F43B6210E07F32EC5A8663609B59FD75B8529BABB ] C:\Windows\SysWOW64\netbios.dll
07:44:45.0742 0x18d8 C:\Windows\SysWOW64\netbios.dll - ok
07:44:45.0742 0x18d8 [ 72E6BB97A33137004FAC46CA43938F6C, 1BC791C471FA5E16C21B56D0858DB5C65BBB8DF72ACC934CB86389B376CAAB13 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicHTTPClient12OEM.dll
07:44:45.0742 0x18d8 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicHTTPClient12OEM.dll - ok
07:44:45.0752 0x18d8 [ 132AB9DB9A673FC20EE2D786E8CEC447, 75819DFA2BD772C69F6631A47CCEDA250F643CEE0EC9A70651BE2A33568FD730 ] C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicLicenseManager12OEM.dll
07:44:45.0752 0x18d8 C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SonicLicenseManager12OEM.dll - ok
07:44:45.0752 0x18d8 [ B010CF886420EE29C2C276646721D255, CBCD032D679ADE3A9942A1D116648D6A9ECC71F66F8630629E724E5EE23F9F73 ] C:\Windows\SysWOW64\wlanapi.dll
07:44:45.0752 0x18d8 C:\Windows\SysWOW64\wlanapi.dll - ok
07:44:45.0752 0x18d8 [ 1D6A771D1D702AE07919DB52C889A249, E5F3378AC40AEE6114EEAF3BF11DC1059466891CAE353E80C08622A60485C954 ] C:\Windows\SysWOW64\wlanutil.dll
07:44:45.0752 0x18d8 C:\Windows\SysWOW64\wlanutil.dll - ok
07:44:45.0752 0x18d8 [ 703FFD301AB900B047337C5D40FD6F96, C09909B89183B89BA87CAC8C5BEBD0E995C5CB08CC9B9D1E88352103EE958857 ] C:\Windows\SysWOW64\olepro32.dll
07:44:45.0752 0x18d8 C:\Windows\SysWOW64\olepro32.dll - ok
07:44:45.0762 0x18d8 [ 28CA821606669BB9215CE010767720FA, C8A1F0D6704F8F37CF8AADDFAD511FF27E56E8BCFFD4AC948DFA0329DB1F3A1E ] C:\Windows\SysWOW64\cryptui.dll
07:44:45.0762 0x18d8 C:\Windows\SysWOW64\cryptui.dll - ok
07:44:45.0762 0x18d8 [ 835FC2EA0631B734BB06C12B0665F01D, B8A8B0148C6C3AFC40835B44E3D6508CB9EEE8AC430A7904711C8B51C2116A8D ] C:\Program Files\iPod\bin\iPodService.exe
07:44:45.0762 0x18d8 C:\Program Files\iPod\bin\iPodService.exe - ok
07:44:45.0762 0x18d8 [ E8710B5DDA963E6BA198DF5FB209E72A, 87C8E2467C42BB4AAF53481DD3D27D4B3E06A738630DDA140AC359F0839B907F ] C:\Windows\System32\d3d10warp.dll
07:44:45.0762 0x18d8 C:\Windows\System32\d3d10warp.dll - ok
07:44:45.0772 0x18d8 [ C2A1A7BFDD7993EEF81DEE55501AB79D, C51B06F171BD547B3B3A6D179ECB83CCB2F27B09A50003138E8F88F846814406 ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
07:44:45.0772 0x18d8 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
07:44:45.0772 0x18d8 [ 2FFB602054C5F12682A2A75624DDBE90, 776DB8CBFD4ABE906D960152D0AB7A9B456FC568696EF9E4699C5889A66597F7 ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
07:44:45.0772 0x18d8 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
07:44:45.0772 0x18d8 [ 42A9CB6906D9A8BEDC83B57163E62924, E18522D3137653140757829EFBFCE624A5BAA5842E2BBA10B9E5AB6C84BE49E1 ] C:\Windows\System32\DXP.dll
07:44:45.0772 0x18d8 C:\Windows\System32\DXP.dll - ok
07:44:45.0782 0x18d8 [ 8BC9DB92C4B2F3BE89185BEAB2AFC1F6, 4F40D5CCE264290C8DD73A5766062A55ED4CF77D8F6B59D453DDB6F88B640D7E ] C:\Windows\SysWOW64\mapi32.dll
07:44:45.0782 0x18d8 C:\Windows\SysWOW64\mapi32.dll - ok
07:44:45.0782 0x18d8 [ 4C312A09E91A48C26317AAF6EFF93310, F42E970986D7EC8F2528CCDDCB8B2FAB79A4BF0008A6BD43FDAD56767C317A42 ] C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
07:44:45.0782 0x18d8 C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll - ok
07:44:45.0782 0x18d8 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891, 0A82A475301202791A7C10F978F952EAB7DB146A702D4EA67E24E2C98BC19638 ] C:\Windows\System32\Syncreg.dll
07:44:45.0782 0x18d8 C:\Windows\System32\Syncreg.dll - ok
07:44:45.0782 0x18d8 [ 50F9394F53CF8015C703EBD2EF3BABC6, 3B57FB98D7FAE4FF1450729425343A81CF37C9C5A8D0C1AFC279D62495833C4F ] C:\Windows\System32\LocationApi.dll
07:44:45.0782 0x18d8 C:\Windows\System32\LocationApi.dll - ok
07:44:45.0792 0x18d8 [ 9111354A308612483F8DA995A1DD1835, C5933496302BFF9E323F024747705397C70CE5728DED0BB55E257E5D5EF78C8C ] C:\Windows\System32\SensorsApi.dll
07:44:45.0792 0x18d8 C:\Windows\System32\SensorsApi.dll - ok
07:44:45.0792 0x18d8 [ 5FD67F205773EC80674DBBD609DB5315, 59F2F01B8ACFD4D6217C277C739C833FB54EF7DDAD66D977A474073F2862DFE6 ] C:\Windows\System32\tzres.dll
07:44:45.0792 0x18d8 C:\Windows\System32\tzres.dll - ok
07:44:45.0792 0x18d8 [ C836175870E00ACC546066632E15BD10, 4347F3319C26DA1C38F395C74DBD67AF886149C8F29EDE765DD96C8480A3054A ] C:\Windows\ehome\ehSSO.dll
07:44:45.0792 0x18d8 C:\Windows\ehome\ehSSO.dll - ok
07:44:45.0802 0x18d8 [ 2F474D40626B0C694400589F3FBB9AA9, 4A0E47E6BECB9BA3A52F415CCBA03C3FD1091ACB0F731C82D08FCABBFB3F74B7 ] C:\Windows\System32\vbscript.dll
07:44:45.0802 0x18d8 C:\Windows\System32\vbscript.dll - ok
07:44:45.0802 0x18d8 [ 2E76FF14C5987BE45AB65A91332E3C58, 46B0DF6685993D8B4D33D2CBC7757F560C424925129E07EE98781D58C2008E04 ] C:\Program Files\Windows Sidebar\wlsrvc.dll
07:44:45.0802 0x18d8 C:\Program Files\Windows Sidebar\wlsrvc.dll - ok
07:44:45.0802 0x18d8 [ A6C09924C6730DE8DEED9890A12AA691, 46EACBC27D15FD43431812D6CA770982178C07246AF3A1C2E0D40D745A1D5758 ] C:\Windows\System32\ddraw.dll
07:44:45.0802 0x18d8 C:\Windows\System32\ddraw.dll - ok
07:44:45.0802 0x18d8 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D, A63836DB3B01835DC1311526A95198D6EBCCB1DC9DDAFBC38EC36C128CDB98B9 ] C:\Windows\System32\netshell.dll
07:44:45.0802 0x18d8 C:\Windows\System32\netshell.dll - ok
07:44:45.0812 0x18d8 [ AD1EA59C74D873AC22FB839B8E3E97F7, F9035C69F93FF9AA513DDB13177511CA131F86BDB05791FD2F98B64B94FE3762 ] C:\Program Files (x86)\Spybot - Search & Destroy\advcheck.dll
07:44:45.0812 0x18d8 C:\Program Files (x86)\Spybot - Search & Destroy\advcheck.dll - ok
07:44:45.0812 0x18d8 [ 304AEF86D74CC76FF803876C95890507, E5B3DD2797FC679A6531FFD6D2BBA07030F28B626D9F230C7D0A06BC75CF8C2E ] C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
07:44:45.0812 0x18d8 C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll - ok
07:44:45.0812 0x18d8 [ A5ED9421B8D09ED4F57CDA386307713E, EC2EE043E94A53302A9721220AA42D29BE72AF3448B7AA01F7EB911ECF7DC6AE ] C:\Windows\System32\dciman32.dll
07:44:45.0812 0x18d8 C:\Windows\System32\dciman32.dll - ok
07:44:45.0822 0x18d8 [ 1135B6BFB6F47240736A38FF1721F267, 2909CB394DE5F997436FA4383497F659CBE29623072178F91D40BCBC6B25973D ] C:\Windows\System32\igdumd64.dll
07:44:45.0822 0x18d8 C:\Windows\System32\igdumd64.dll - ok
07:44:45.0822 0x18d8 [ AC6EE4B07B9A78B155DEE7529ACCE355, 2A09A60B38DC714396C7E606B33D974A0727365BC7B0BB5FCB88413DAD51B0BF ] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libmmd.dll
07:44:45.0822 0x18d8 C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libmmd.dll - ok
07:44:45.0822 0x18d8 [ D1BBE227367ED791D5FCF08E132D2956, 34349B7FB46BB89D59CC9CC6CD3F790870AB96642254C0374D97AFAC6121B945 ] C:\Windows\SysWOW64\opengl32.dll
07:44:45.0822 0x18d8 C:\Windows\SysWOW64\opengl32.dll - ok
07:44:45.0822 0x18d8 [ 198552AEFECA69D646867EC8D792DE95, 6978D5205387391748EE7E9FACF1AE607C37FBFD83B77CB632DD772F8D71A165 ] C:\Windows\SysWOW64\ddraw.dll
07:44:45.0822 0x18d8 C:\Windows\SysWOW64\ddraw.dll - ok
07:44:45.0832 0x18d8 [ DE3897365B04C4DA1CF8FF725577C082, 44703E2D6C7219714C929D8ED096C8E044A3EDCA73198870A5CC4EF5CE16C397 ] C:\Windows\SysWOW64\glu32.dll
07:44:45.0832 0x18d8 C:\Windows\SysWOW64\glu32.dll - ok
07:44:45.0832 0x18d8 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB, CF9082360E32A7C3E13A67AC2C6192F4A76870D43DA9FF2936993A637F712761 ] C:\Windows\System32\AltTab.dll
07:44:45.0832 0x18d8 C:\Windows\System32\AltTab.dll - ok
07:44:45.0832 0x18d8 [ C8FDF0FA9E97E2FAAF3F814716AAA881, DD24A1CAB44D943B0E1A795A347AD25D9305FC7F012A2566A6A14BD47221831F ] C:\Windows\System32\WPDShServiceObj.dll
07:44:45.0842 0x18d8 C:\Windows\System32\WPDShServiceObj.dll - ok
07:44:45.0842 0x18d8 [ 2342EC9254F4C60CA98441BD65C89E12, 7FDCAEB5D021E291A1C9B94DD4D49913CE363BF94D37518E466DB3DD72C41D05 ] C:\Windows\SysWOW64\dciman32.dll
07:44:45.0842 0x18d8 C:\Windows\SysWOW64\dciman32.dll - ok
07:44:45.0842 0x18d8 [ 10F815BE90A66AAFC6C713D1BD626064, 01139FC04BC53594296F6A0E16B8D20B940F64BC8119FE7705C03C4947958F39 ] C:\Windows\System32\pnidui.dll
07:44:45.0842 0x18d8 C:\Windows\System32\pnidui.dll - ok
07:44:45.0842 0x18d8 [ 4C312A09E91A48C26317AAF6EFF93310, F42E970986D7EC8F2528CCDDCB8B2FAB79A4BF0008A6BD43FDAD56767C317A42 ] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
07:44:45.0842 0x18d8 C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll - ok
07:44:45.0852 0x18d8 [ 8504944851DF6175CC489A8F3328459E, DDC2F6DBA537E188DE53EBFDC5CC943F1468EAFC9FB3000929CE75072454BF9E ] C:\Windows\SysWOW64\d3d10.dll
07:44:45.0852 0x18d8 C:\Windows\SysWOW64\d3d10.dll - ok
07:44:45.0852 0x18d8 [ 1F27643C4C626457FCE8F047AE1CD7E1, 68E2367B9AA21C1BDE7FEA566D5F0DBDF1E246CB53E949622F8EDC810AA95956 ] C:\Windows\SysWOW64\dxva2.dll
07:44:45.0852 0x18d8 C:\Windows\SysWOW64\dxva2.dll - ok
07:44:45.0852 0x18d8 [ E24FE90E9DE8D8AE70E59F7B01675DEF, DDB0691488DB424CC203505E27364B24E4410E599A972CF2C1AFF4E2F3E3C04F ] C:\Windows\SysWOW64\avicap32.dll
07:44:45.0852 0x18d8 C:\Windows\SysWOW64\avicap32.dll - ok
07:44:45.0852 0x18d8 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25, 019E9274DE2F5BAB16B4632B8A2E93DFC8DF0C08EC4EEA947B337FD29EB2E0CC ] C:\Windows\SysWOW64\devenum.dll
07:44:45.0852 0x18d8 C:\Windows\SysWOW64\devenum.dll - ok
07:44:45.0862 0x18d8 [ 7069AAB8536F29ED7323140973A2894B, 04B7FB6C64BFA3B80549F35CEF36D5DAE5D19A40E42444B3665B6BEFDF98EB5F ] C:\Windows\SysWOW64\msdmo.dll
07:44:45.0862 0x18d8 C:\Windows\SysWOW64\msdmo.dll - ok
07:44:45.0862 0x18d8 [ C335EC1182AC10B188705554E0BC1186, 963CD11CEF7A79559361134FDF9C07B8EA829A40D3996D77E95C291DD17AAD2B ] C:\Windows\SysWOW64\msvfw32.dll
07:44:45.0862 0x18d8 C:\Windows\SysWOW64\msvfw32.dll - ok
07:44:45.0862 0x18d8 [ 24498D084FAA7A459C91066EC241E1CE, 5214A26D8B441F7A55414DC2935AF6C76DB8C8D55F8677DA97D19943C69D765E ] C:\Windows\SysWOW64\vfwwdm32.dll
07:44:45.0862 0x18d8 C:\Windows\SysWOW64\vfwwdm32.dll - ok
07:44:45.0862 0x18d8 [ 81F6C1AE23B1C493D9E996C3103915D7, E22408B4D2EDE2F89E686A4FDCD4057BE27B86D050E9CB489F0FFB39C72AEC1D ] C:\Windows\SysWOW64\dhcpcsvc6.dll
07:44:45.0862 0x18d8 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
07:44:45.0872 0x18d8 [ C140F86932B5B61F54A4D836E2D34AB2, 94821597EC70F27BF11A747D5EED474C57F389F20A2E0C3F1D0CB3F00974A53B ] C:\Windows\SysWOW64\ksproxy.ax
07:44:45.0872 0x18d8 C:\Windows\SysWOW64\ksproxy.ax - ok
07:44:45.0872 0x18d8 [ FB3F036EF6A467F7AF46C821FF5D198D, 1291C3E5CCDE87C813DD8AEF8703667BE0DDD9FF485148CC43B23CA328984D3D ] C:\Windows\SysWOW64\d3d10core.dll
07:44:45.0872 0x18d8 C:\Windows\SysWOW64\d3d10core.dll - ok
07:44:45.0872 0x18d8 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3, 2A610BEB16610FE2F2E9A50477A62A05481E8A5843A814955A0EDFF45D0304B3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
07:44:45.0872 0x18d8 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
07:44:45.0882 0x18d8 [ 630A31F277349109299E590856A4B004, E686938BE16163976BA048C19E0F23F27CFFBDEB044C0C038176BA3435C67C0B ] C:\Windows\SysWOW64\Kswdmcap.ax
07:44:45.0882 0x18d8 C:\Windows\SysWOW64\Kswdmcap.ax - ok
07:44:45.0882 0x18d8 [ 4DDACA8A66B95ABA02812FF3C13DE198, FC14FA85367B29A5DA6479D198B9FA1D9A41C965685F51D5F0166D72A9F4668E ] C:\Windows\SysWOW64\vidcap.ax
07:44:45.0882 0x18d8 C:\Windows\SysWOW64\vidcap.ax - ok
07:44:45.0882 0x18d8 [ DC6612A9EE015A36BA2A27BC9CC12537, F4456A3E4028BE3BDE46363290CCC1E8420034A122596D86272CE4B554C78DB5 ] C:\Windows\SysWOW64\mfc42.dll
07:44:45.0882 0x18d8 C:\Windows\SysWOW64\mfc42.dll - ok
07:44:45.0882 0x18d8 [ D4F264FE23F8953D840904418220C15E, 72EAF30265A0CC88DEC0FCA7869734D8C93572457C61A2BF1BDFFB20C061DBCD ] C:\Windows\SysWOW64\dxgi.dll
07:44:45.0882 0x18d8 C:\Windows\SysWOW64\dxgi.dll - ok
07:44:45.0892 0x18d8 [ 6DE66FE7C526637E74CD066461C7C871, 7E8980A3751762180D795EAC38458303BEAF8D1F85AB5F2D10D9CE7013090CBE ] C:\Windows\SysWOW64\d3d11.dll
07:44:45.0892 0x18d8 C:\Windows\SysWOW64\d3d11.dll - ok
07:44:45.0892 0x18d8 [ B9F0A4020AA98B7A20287BF7FE99A1FD, 21138F161EEEA46198890C7A2D073F2C82829E15676131BDAD9F237EDC7477CD ] C:\Windows\System32\QUTIL.DLL
07:44:45.0892 0x18d8 C:\Windows\System32\QUTIL.DLL - ok
07:44:45.0892 0x18d8 [ 8569E35D00F45972E506502EEE622BA4, 01FE851C03DB88C8373099C279F995A559D962B08932E193032FA3EAD522FB01 ] C:\Windows\System32\srchadmin.dll
07:44:45.0892 0x18d8 C:\Windows\System32\srchadmin.dll - ok
07:44:45.0892 0x18d8 [ 92DBF0A4C9239169010FC6E07859C82E, 00FB2CF4420F0FFEF519AFE732A708CF249640121E2A891CAA164313ABD7F804 ] C:\Windows\System32\ActionCenter.dll
07:44:45.0892 0x18d8 C:\Windows\System32\ActionCenter.dll - ok
07:44:45.0902 0x18d8 [ 7D34AF98A706230CC2DEDFE0CABF87AB, 93237B839C2BC6E84C2C675BB211CA0FB781B348A033EF648A9AA5BDAC1EFDAE ] C:\Windows\SysWOW64\odbc32.dll
07:44:45.0902 0x18d8 C:\Windows\SysWOW64\odbc32.dll - ok
07:44:45.0902 0x18d8 [ 1E2C0AA71E7777423D2CA83FE82C44D4, 881DE1808F799378374C0B22FEA8FAAD9C30F8D7B62B683AE801CBEFDAA32CAF ] C:\Windows\SysWOW64\igd10umd32.dll
07:44:45.0902 0x18d8 C:\Windows\SysWOW64\igd10umd32.dll - ok
07:44:45.0902 0x18d8 [ F7A256EC899C72B4ECDD2C02CB592EFD, 9C1AA9322E83CABB94AEA4375EAEB0C44700E1F33B8BE98649BA1DF4DDFAD326 ] C:\Windows\System32\bthprops.cpl
07:44:45.0902 0x18d8 C:\Windows\System32\bthprops.cpl - ok
07:44:45.0912 0x18d8 [ ABA457BFC7EC0B5E130B2F1E0F549DFF, C944C75C351A276952D0A869F9ED3DF8674E9479797EE7B03D13E8FDCDEB2DC4 ] C:\Windows\SysWOW64\odbcint.dll
07:44:45.0912 0x18d8 C:\Windows\SysWOW64\odbcint.dll - ok
07:44:45.0912 0x18d8 [ 15E298B5EC5B89C5994A59863969D9FF, 8D38B2E023462D0804F72E907D11FF72CE84540EA3B8D83F411C602C3F6A1177 ] C:\Windows\SysWOW64\npmproxy.dll
07:44:45.0912 0x18d8 C:\Windows\SysWOW64\npmproxy.dll - ok
07:44:45.0912 0x18d8 [ F00AE7B953ABEF1B53FBBA187DFC8238, 6FFA160FB6821A725A7D81E1BECE1DE89E3E022B33E56A7468E2E0B4C8B2AE31 ] C:\Windows\System32\webcheck.dll
07:44:45.0912 0x18d8 C:\Windows\System32\webcheck.dll - ok
07:44:45.0912 0x18d8 [ 101797BA603D227946B4B5109867EB19, EBF2B48D1A4FE148F455EA32023ABC0D479215D48C7CE76E765F199CD3C80AF8 ] C:\Windows\System32\SyncCenter.dll
07:44:45.0912 0x18d8 C:\Windows\System32\SyncCenter.dll - ok
07:44:45.0922 0x18d8 [ 304AEF86D74CC76FF803876C95890507, E5B3DD2797FC679A6531FFD6D2BBA07030F28B626D9F230C7D0A06BC75CF8C2E ] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
07:44:45.0922 0x18d8 C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll - ok
07:44:45.0922 0x18d8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] C:\Windows\System32\netman.dll
07:44:45.0922 0x18d8 C:\Windows\System32\netman.dll - ok
07:44:45.0922 0x18d8 [ A027A414E637637C81EBC928D9F4025D, 7DC66271D178E93678CDDCE52FE8789CF58861CE8649FD4EB45F7C9A80215B78 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll
07:44:45.0922 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll - ok
07:44:45.0922 0x18d8 [ 8130391F82D52D36C0441F714136957F, 1FD4FEE7CAF63E450F27729E07EA2A2F09288629FD872DBB6E8710B16D8DBD5D ] C:\Windows\System32\imapi2.dll
07:44:45.0922 0x18d8 C:\Windows\System32\imapi2.dll - ok
07:44:45.0932 0x18d8 [ AC80AF09C7131FBC518BD8069096CA85, D28DAECC0229384F7BE694E54AD7B69B90D08923924799C7DC852F0C384082CF ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll
07:44:45.0932 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll - ok
07:44:45.0932 0x18d8 [ 6BE0D00C71645E1381B2BEB58B970DE5, AD2A4A165EC4A9BE8E395C1039CF23F12F0A1952E7C04A79A138DD4004143EE1 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
07:44:45.0932 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc - ok
07:44:45.0932 0x18d8 [ B3ABED774AD943368FE513666413CACE, 665E6DC5ED3ADD544AB793FB10637F9DC007388EB0E27CEB844C601A075697A8 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll
07:44:45.0932 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll - ok
07:44:45.0932 0x18d8 [ 81F08948A0F1475894C99D4D19A158A8, 93334DA369BF976E498265E432CAF63D898D378C6B32947DF355366ABE2A0FAC ] C:\Windows\SysWOW64\wshqos.dll
07:44:45.0932 0x18d8 C:\Windows\SysWOW64\wshqos.dll - ok
07:44:45.0942 0x18d8 [ D2155709E336C3BC15729EB87FEC6064, 682A84C0F2D892E7A6CEE4E5937B4799E352AAE3B71E7037F2A343373467443C ] C:\Windows\System32\rasdlg.dll
07:44:45.0942 0x18d8 C:\Windows\System32\rasdlg.dll - ok
07:44:45.0942 0x18d8 [ 7CDFC5DEB2D68AA412D5DF540D6E77C8, A304B7C71CB88331A32EEC8D06630120197456501AC5156184270F3C712701F9 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll
07:44:45.0942 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll - ok
07:44:45.0942 0x18d8 [ 6A5C1A8AC0B572679361026D0E900420, B5E693B48B462E97738A3D4E58B60846159649EB15F4D11074B4BC107CC88562 ] C:\Windows\System32\hgcpl.dll
07:44:45.0942 0x18d8 C:\Windows\System32\hgcpl.dll - ok
07:44:45.0952 0x18d8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] C:\Windows\System32\fdPHost.dll
07:44:45.0952 0x18d8 C:\Windows\System32\fdPHost.dll - ok
07:44:45.0952 0x18d8 [ 171D7DB433314A868507C4326E8209DC, 254E0D9F99CE47104CF21D8E968D89D6A09B9CE47168E760BAB28AD5A1E9E6A3 ] C:\Windows\System32\fdWSD.dll
07:44:45.0952 0x18d8 C:\Windows\System32\fdWSD.dll - ok
07:44:45.0952 0x18d8 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2, E8ACB693B1A78FAEF292111BE3F9B10BA95C76833C06C931A08EAAAE39A21334 ] C:\Windows\System32\dot3api.dll
07:44:45.0952 0x18d8 C:\Windows\System32\dot3api.dll - ok
07:44:45.0962 0x18d8 [ A2E5B2D20954210DCE1A75A1FC8CC36D, 1EA240AC37ECA4EC3E542F9E6DF72753EBA1DF76CBA8691EC61ABCC51EE6FCB2 ] C:\Windows\System32\fdSSDP.dll
07:44:45.0962 0x18d8 C:\Windows\System32\fdSSDP.dll - ok
07:44:45.0962 0x18d8 [ 357BE883C5236BFC7341CB9E82308908, 4DDB697FD9B7C516CF99D73C8799EA35BB97E2431216CD7C1045F17B06109FBF ] C:\Windows\System32\wlanapi.dll
07:44:45.0962 0x18d8 C:\Windows\System32\wlanapi.dll - ok
07:44:45.0962 0x18d8 [ E4FCA0F99A41E460C84016DEFD31E6EF, 8EB14AF2025EADC7C86280E8417D8F286E8271B4F88B31696E33DFD72B3A0EF2 ] C:\Windows\System32\wlanhlp.dll
07:44:45.0962 0x18d8 C:\Windows\System32\wlanhlp.dll - ok
07:44:45.0962 0x18d8 [ 523CF74A52C9A1762DA8B83AEE734498, 5A739182B916738B611E1BBA9098F8BCC8C4E2CC2CFEFD1BC5CE7941D11CEDFD ] C:\Windows\SysWOW64\IconCodecService.dll
07:44:45.0962 0x18d8 C:\Windows\SysWOW64\IconCodecService.dll - ok
07:44:45.0972 0x18d8 [ 2A436796758BF2555A26C770FE8A6FEE, 9E42AF3A3CB05E323CBB7F93FE7C454CD251672C5D9F5E94909131A5D8F9204A ] C:\Windows\System32\fdProxy.dll
07:44:45.0972 0x18d8 C:\Windows\System32\fdProxy.dll - ok
07:44:45.0972 0x18d8 [ 6699A112A3BDC9B52338512894EBA9D6, 10888BB9C3799E1E8B010C0F9088CED376AAD63A509FCE1727C457B022CDC717 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
07:44:45.0972 0x18d8 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
07:44:45.0972 0x18d8 [ 5DA219F57A9076FB6FBD3C9C3713A672, 274FE616625B336D81841FDC752C8053D4CD6926565B899760D298D145CBA1A3 ] C:\Windows\System32\WWanAPI.dll
07:44:45.0972 0x18d8 C:\Windows\System32\WWanAPI.dll - ok
07:44:45.0982 0x18d8 [ C7494C67A6BF6FE914808E42F8265FEF, 3A3871983F2D9A57739C70365DC3F417D9BF02F5C0C4CC3272EA9F3D380EF962 ] C:\Program Files\Windows Media Player\wmpnssci.dll
07:44:45.0982 0x18d8 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
07:44:45.0982 0x18d8 [ 62C7AACC746C9723468A8F2169ED3E85, 40E901F3EAFE52DF11D6BC4EF0E79F666EBDACE0B3C090CAD2358076E893EA47 ] C:\Windows\System32\wwapi.dll
07:44:45.0982 0x18d8 C:\Windows\System32\wwapi.dll - ok
07:44:45.0982 0x18d8 [ 6B851E682A36453E1B1EE297FFB6E2AB, A641D3FD9463C4788B45B8B5584EA4489C1F63A71B4B595AE85FF3482CD5EDA6 ] C:\Windows\System32\QAGENT.DLL
07:44:45.0982 0x18d8 C:\Windows\System32\QAGENT.DLL - ok
07:44:45.0982 0x18d8 [ A9F3BFC9345F49614D5859EC95B9E994, 306467D280E99D0616E839278A4DB5BED684F002AE284C3678CABB5251459CB3 ] C:\Program Files\Windows Media Player\wmpnetwk.exe
07:44:45.0982 0x18d8 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
07:44:45.0992 0x18d8 [ AD844CB51BEAE104D17ACCE79F53B0A4, 32FAB0939DCD9AD8216E512B33C087FA3D4047D835BBF3E7BD5DDD07E6659985 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll
07:44:45.0992 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll - ok
07:44:45.0992 0x18d8 [ 24BB4B3F7F639B41CA1B694BC9357097, 2D8520E9E0934C8D08A88D48AD16F39B737EBF3B8F7A053BAADFB3E5922AE509 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll
07:44:45.0992 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll - ok
07:44:45.0992 0x18d8 [ 7896EFFDEE215C172BE724A64931EF1C, 10F9D73B85853FD6D7B54DCB9BC0FA5EC9FAECFB01E3AD4DAE4CC2FE2E68EE6D ] C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
07:44:45.0992 0x18d8 C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll - ok
07:44:45.0992 0x18d8 [ 17220E5B51A033453142E0B4052E9551, A6E6FCBD58EC9031C587C4A76BB45C536D081F8EFC34BA076DE02156AC9E1959 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpodio08.dll
07:44:46.0002 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpodio08.dll - ok
07:44:46.0002 0x18d8 [ 4DB8C3E9A5D6EB99F21B199C28EDE8D1, ADC2820225BD02F40310701176073714271FB4C9F838C9E3DE6BB3C21BFD3623 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
07:44:46.0002 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe - ok
07:44:46.0002 0x18d8 [ 58A14C45A5CD2528F10A889E7B0C3FC2, 81521B27F6DE4F2451C5441DFA93781B6687EE8F9AE62A8FE76D61DE7965E6EF ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll
07:44:46.0002 0x18d8 C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll - ok
07:44:46.0002 0x18d8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] C:\Windows\System32\ListSvc.dll
07:44:46.0002 0x18d8 C:\Windows\System32\ListSvc.dll - ok
07:44:46.0012 0x18d8 [ B6411CED931AFD059E48C52DBFBA95B4, 4E275A691E6A1C07D72DC8DA16B58B6634286A5058C3F4AC0ABD92B9A57FB5D5 ] C:\Windows\System32\P2P.dll
07:44:46.0012 0x18d8 C:\Windows\System32\P2P.dll - ok
07:44:46.0012 0x18d8 [ 423982DD851406A52B6399DDB196C606, 5FFBA6D1E9398E7C5D18553EE1C485F59174013622332F7BD8D461F707F1EC93 ] C:\Windows\System32\wmdrmdev.dll
07:44:46.0012 0x18d8 C:\Windows\System32\wmdrmdev.dll - ok
07:44:46.0012 0x18d8 [ 469533CC7F16566BE9D3436860E12013, 6B303EEEC1BCF9AD61EBC0A8B8F3CCE605308E6F6B13D993AF5C86851129704A ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
07:44:46.0012 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe - ok
07:44:46.0022 0x18d8 [ 2C1055E2C6D42753241FB2A129136994, A8E858B4CB8E1E13C7574330C703E0060AEE8B7B19B682F9AE5B4A02BDC659E2 ] C:\Windows\System32\drmv2clt.dll
07:44:46.0022 0x18d8 C:\Windows\System32\drmv2clt.dll - ok
07:44:46.0022 0x18d8 [ 8D55738E2D4656AAC3E9A6E92434DC7C, 32B9CE8B07449B53E11709CA2A91EBA84B6F78B1830B651B0F9E56C17F1B8950 ] C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key
07:44:46.0022 0x18d8 C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key - ok
07:44:46.0022 0x18d8 [ 4A82EA2807B16FF577AEAF8ADB8779FF, C7F9A45FF80DFDE804D81BEE23C748A465AEB729DF2C9E327374CDD94E300547 ] C:\Windows\System32\IdListen.dll
07:44:46.0022 0x18d8 C:\Windows\System32\IdListen.dll - ok
07:44:46.0032 0x18d8 [ 96DB78C9C50CEED9DA5050EFFEE272A2, 51CF3E1F96555A4E4B5BC0DE2598CE5A0199F495644A91C2105F25A5A4CF10E3 ] C:\Windows\System32\upnp.dll
07:44:46.0032 0x18d8 C:\Windows\System32\upnp.dll - ok
07:44:46.0032 0x18d8 [ A0524499F4C63CADA7E1529FC77F5DC1, DCAF3C89B7363139EB128C6240CA2B301090BF18C57688B0990FC2BBF680752F ] C:\Windows\System32\hgprint.dll
07:44:46.0032 0x18d8 C:\Windows\System32\hgprint.dll - ok
07:44:46.0032 0x18d8 [ C746F3BF98E92FB137B5BD2B8B5925BD, 67A8990F3D491D149E65C90042909259793C65E671DC953FDA1F7590FAC23D9E ] C:\Windows\System32\FXSST.dll
07:44:46.0032 0x18d8 C:\Windows\System32\FXSST.dll - ok
07:44:46.0032 0x18d8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] C:\Windows\System32\pnrpsvc.dll
07:44:46.0032 0x18d8 C:\Windows\System32\pnrpsvc.dll - ok
07:44:46.0042 0x18d8 [ 650CAEA856943E29F25A25D31E004B18, DCA63D2AF4C6F14B27EA006F200E58A5C13AC940A51947A40F668908A446CC4E ] C:\Windows\System32\FXSAPI.dll
07:44:46.0042 0x18d8 C:\Windows\System32\FXSAPI.dll - ok
07:44:46.0042 0x18d8 [ D38E9160EFA8C0ACA39F3F3A7F4E9A6E, 9C05FE888600F4E19520936EB27506EAEA943C23CC83C7C8B005C129AAD5BB3C ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwso08.dll
07:44:46.0042 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwso08.dll - ok
07:44:46.0042 0x18d8 [ 1CD5C2DFD2A5BF6DA720386679F3C449, DF2CA61C4F235371324CDF7AADE3A6FC3DC7FD2918006FA6D0682E6EE5D19A30 ] C:\Windows\SysWOW64\HPZipr12.dll
07:44:46.0042 0x18d8 C:\Windows\SysWOW64\HPZipr12.dll - ok
07:44:46.0052 0x18d8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] C:\Windows\System32\p2psvc.dll
07:44:46.0052 0x18d8 C:\Windows\System32\p2psvc.dll - ok
07:44:46.0052 0x18d8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] C:\Windows\System32\FXSSVC.exe
07:44:46.0052 0x18d8 C:\Windows\System32\FXSSVC.exe - ok
07:44:46.0052 0x18d8 [ 637847DA8D2AD592E4075F5E666E4179, 884B7871AD4E0B0F68C013010A820444FFE6C5675F94B0714C5E27F9585555E1 ] C:\Program Files\Internet Explorer\ieproxy.dll
07:44:46.0052 0x18d8 C:\Program Files\Internet Explorer\ieproxy.dll - ok
07:44:46.0062 0x18d8 [ 65D9C9A258BC78D13E6D949F1DC06109, C5773D911D42C5288FC95ACB78C6E941D69A81B3B8A827D7EAE964831B9A428A ] C:\Windows\System32\HPZidr12.dll
07:44:46.0062 0x18d8 C:\Windows\System32\HPZidr12.dll - ok
07:44:46.0062 0x18d8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] C:\Windows\System32\ssdpsrv.dll
07:44:46.0062 0x18d8 C:\Windows\System32\ssdpsrv.dll - ok
07:44:46.0062 0x18d8 [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1, 13E0350F82C61ED03E9A09FF991610EEDA214B2EBAF042396F29D3D49A6298A9 ] C:\Windows\System32\P2PGraph.dll
07:44:46.0062 0x18d8 C:\Windows\System32\P2PGraph.dll - ok
07:44:46.0072 0x18d8 [ 8CBBB27369F9F07BC5E874E750EAF9D0, 4C4BEA5AD454692E0A56ACFC83C495CA44B7BB2393388A5582CE3EBE5D81E2E1 ] C:\Windows\System32\wmp.dll
07:44:46.0072 0x18d8 C:\Windows\System32\wmp.dll - ok
07:44:46.0072 0x18d8 [ D5ECBB3BFDC73A59440D9CA79AB3A342, 62EAD6C33C4F2D000932837FCF977FC14901627F0971CF261D41A45565262D5C ] C:\Windows\SysWOW64\mshtml.dll
07:44:46.0072 0x18d8 C:\Windows\SysWOW64\mshtml.dll - ok
07:44:46.0072 0x18d8 [ AB272BBFB05A8585C3405EFA9F605774, 2E019FB20769BDBAAC5C55B0055602A5AAEC4F93494F4B2A686756ADA3B3D4E2 ] C:\Windows\System32\wmploc.DLL
07:44:46.0072 0x18d8 C:\Windows\System32\wmploc.DLL - ok
07:44:46.0072 0x18d8 [ 5D54AF105F6F2EF70DF85AB8093806D9, D7712EE36B0EF3E8DB7F77E44A7389C393D2DF0359A4D48A0260182F59491A7F ] C:\Program Files (x86)\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
07:44:46.0072 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll - ok
07:44:46.0082 0x18d8 [ 0090E29D69D9DD96A24A48A1BB3DDE4C, 84534F4BFE253C203EF6AACA87B1D223C16200121D9048945E3EEDA888CC20BE ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxm08.dll
07:44:46.0082 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxm08.dll - ok
07:44:46.0082 0x18d8 [ 5A871FEAFC697198C8961C792EBF6B48, 955C837B1B020F33176BA613E8136BCF19D80679BD9E0BC300FB070FC0DFC2B4 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll
07:44:46.0082 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll - ok
07:44:46.0082 0x18d8 [ E49ED3AA10FB8A5EEAC8FB926BA73FCC, 15AADF96E945B717A82D43C2411D16DE32CF1178AB28081431F8203EED34A7CD ] C:\Program Files (x86)\Skype\Updater\Updater.dll
07:44:46.0082 0x18d8 C:\Program Files (x86)\Skype\Updater\Updater.dll - ok
07:44:46.0092 0x18d8 [ 5987EA8A82C53359BCD2C29D6588583E, 59E2DF91F8DA9E33DE65FA67A6A49A7C3F524618A87EAEFC8A28C5304E7FAB85 ] C:\Windows\SysWOW64\linkinfo.dll
07:44:46.0092 0x18d8 C:\Windows\SysWOW64\linkinfo.dll - ok
07:44:46.0092 0x18d8 [ 0B7E85364CB878E2AD531DB7B601A9E5, F5AD3018427F1CD68450EE5CB55AA9572546322580E0FB1E7888702A291C2380 ] C:\Windows\SysWOW64\NapiNSP.dll
07:44:46.0092 0x18d8 C:\Windows\SysWOW64\NapiNSP.dll - ok
07:44:46.0092 0x18d8 [ 5CF640EDDB1E40A5AB1BB743BCDEC610, 0313AA3F713C9F5B84DBB0B4DE78A96B173E9F7B4CF61C10FDC7DAE952DB04E5 ] C:\Windows\SysWOW64\pnrpnsp.dll
07:44:46.0092 0x18d8 C:\Windows\SysWOW64\pnrpnsp.dll - ok
07:44:46.0092 0x18d8 [ 5DF5D8CFD9B9573FA3B2C89D9061A240, 990EA273B640DF2D7E800C0CFF18550259C605A4951CD82CD9F1E7B6FF0C9533 ] C:\Windows\SysWOW64\winrnr.dll
07:44:46.0092 0x18d8 C:\Windows\SysWOW64\winrnr.dll - ok
07:44:46.0102 0x18d8 [ 355A138ABDFD43FBABCAE3A1B06AB93D, 26015CE72D27E2F7FA7322203CDF236896A079F8325F1B24975CA12C57FD4B7B ] C:\Windows\System32\wmpps.dll
07:44:46.0102 0x18d8 C:\Windows\System32\wmpps.dll - ok
07:44:46.0102 0x18d8 [ F149E8CAE538DBF7059B00326673F602, 8B576A68AE43B506D0C7E91C63E8EF1DB9E73F0E87E48CF57086BCE51E5F8C36 ] C:\Windows\System32\wmpmde.dll
07:44:46.0102 0x18d8 C:\Windows\System32\wmpmde.dll - ok
07:44:46.0102 0x18d8 [ 73A08D01DB0687364E08FB1B2EC4661C, 08B91FC571CD581BA93AC942C3C8A03A9F5F6769ADC4091A0BFCC8C0FE4ED390 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsti08.dll
07:44:46.0102 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsti08.dll - ok
07:44:46.0112 0x18d8 [ 0B601EEB05F9DEF5A8A101C1CD8A69EE, 2D544EB2B0E907D6592954D4E220EFC5CAF9AACC6BCAC8A16F2E644CBCF6B945 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpb01.dll
07:44:46.0112 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpb01.dll - ok
07:44:46.0112 0x18d8 [ 021287C2050FD5DB4A8B084E2C38139C, EA27C640FE0F1E8BAE70BEF98E663E68A35336BB6D52D56B2367297D22C50648 ] C:\Windows\System32\WinSATAPI.dll
07:44:46.0112 0x18d8 C:\Windows\System32\WinSATAPI.dll - ok
07:44:46.0112 0x18d8 [ 28A7D7C7E2FDD1D55F12F750CD6331EC, 0CC0159D3F5682307439D8F3651A080430C7EAB8EFA25BA246AADF4665297E8D ] C:\Windows\System32\MSMPEG2ENC.DLL
07:44:46.0112 0x18d8 C:\Windows\System32\MSMPEG2ENC.DLL - ok
07:44:46.0122 0x18d8 [ 66BB5B07696219FA334452D6F51FD648, CB5D5A0239B88D00A8614D75D484AD781B9E368F6C17F71D45C8CA768E5D44EB ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
07:44:46.0122 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe - ok
07:44:46.0122 0x18d8 [ 46767946E7B559D981C1DC04EC0AB36F, 69137AA9AEF9727FFD1B65AA4D658C6E8AAD3A062717B447260502B4D7DB90C6 ] C:\Windows\System32\devenum.dll
07:44:46.0122 0x18d8 C:\Windows\System32\devenum.dll - ok
07:44:46.0122 0x18d8 [ 558C42D165DB5799B4072DC0A9C27C0B, 2385E16ACF07252D5567EC091C1B39D39BB8199F60854D5A91EDC948C57B3A3F ] C:\Windows\System32\msdmo.dll
07:44:46.0122 0x18d8 C:\Windows\System32\msdmo.dll - ok
07:44:46.0122 0x18d8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] C:\Windows\System32\upnphost.dll
07:44:46.0122 0x18d8 C:\Windows\System32\upnphost.dll - ok
07:44:46.0132 0x18d8 [ 5DA32BA5D9789BA3FEE8A867EC966C5C, 1715F427A6DC06E2CB1581929C795465536D796FD3EF866E9647137074153C5D ] C:\Windows\SysWOW64\HPZidr12.dll
07:44:46.0132 0x18d8 C:\Windows\SysWOW64\HPZidr12.dll - ok
07:44:46.0132 0x18d8 [ CA6ADE4F7761BB15B3325356DC3B82BB, 0EA4CD410DA764916EA201C0C1E16752E0D3DC9D8571510782AF4AAE62509AF7 ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
07:44:46.0132 0x18d8 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll - ok
07:44:46.0132 0x18d8 [ 07AD88DF9EF73215458867EFC1BFFE9E, 8C659B6F31111C09448B68889623886658C96467E7E5C95C1714E18AD3924463 ] C:\Windows\System32\wbem\wmiprov.dll
07:44:46.0132 0x18d8 C:\Windows\System32\wbem\wmiprov.dll - ok
07:44:46.0132 0x18d8 [ FBFCA1A574D47EE575448B719CBBF2E4, B7CAB2D0D95679B05EFC8E1303BAA65C9B3B80527C3FD3AECDC0D2E59919D36E ] C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
07:44:46.0132 0x18d8 C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL - ok
07:44:46.0142 0x18d8 [ 2CB1AD2C2F65B81EC36E6A31978EC1DB, 4455C2D0AA7D344AD6E15356C2E31AF431351B9F97FF239E65CCE735F11CC96D ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.dll
07:44:46.0142 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.dll - ok
07:44:46.0142 0x18d8 [ 251B891B8351BB7634F03ACEFF20BDFF, CA97559E56C12BDCF9452B9285A1CC644B7520E56D92FA025E7EC4D3B40F336B ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
07:44:46.0142 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc - ok
07:44:46.0142 0x18d8 [ C83E91A4059AED39C2C391331436159F, 535120CDFFC2343F9F0D2957645DFB08EDE6AD8D797F903E59867BA1A92E3392 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqssm08.dll
07:44:46.0142 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqssm08.dll - ok
07:44:46.0152 0x18d8 [ F191A4A9D59AA3D32EAC1FDCC2B6D6EB, 28F790D4220FDFD37393DF6D155A293C5631105A0FC14F5B9832EA1102551178 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
07:44:46.0152 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll - ok
07:44:46.0152 0x18d8 [ 5F639198C4137075DA50E61C23963C11, 3D03B3BF62B3469069AD6BE2AAEE152CB6722D36C001B8197FEBC2F3EB9ADBE0 ] C:\Windows\System32\drprov.dll
07:44:46.0152 0x18d8 C:\Windows\System32\drprov.dll - ok
07:44:46.0152 0x18d8 [ BC566D17914B07ABAAB3A5A385CC3300, DCE0A1D26312AA6441FB7122C6EED980AE350D58B2B4B166CB62F983306268E9 ] C:\Windows\System32\ntlanman.dll
07:44:46.0152 0x18d8 C:\Windows\System32\ntlanman.dll - ok
07:44:46.0152 0x18d8 [ B32AB94A432289AC2DF77A3DCAD32EED, B1021C78F940E6FA7A8992B2733B593B89DA57325A0A0D13D2767F193A78D90F ] C:\Windows\System32\davclnt.dll
07:44:46.0152 0x18d8 C:\Windows\System32\davclnt.dll - ok
07:44:46.0152 0x18d8 [ 45B24A357C801CE62052FE0CDC8BD4D2, 00602E41B78473825253F6B2557A5C43FBDDCCF713D806929AE7C039FF8F185C ] C:\Windows\System32\davhlpr.dll
07:44:46.0152 0x18d8 C:\Windows\System32\davhlpr.dll - ok
07:44:46.0162 0x18d8 [ 71E68F2443A80BD4DA89181889C457EA, 8665D3DDF92B05EF287FB6EC43782512C23A1437764CF6F4DE0B00547F3C696B ] C:\Windows\System32\udhisapi.dll
07:44:46.0162 0x18d8 C:\Windows\System32\udhisapi.dll - ok
07:44:46.0162 0x18d8 [ 8480CEF5AA9A19337762F193AB22D4E1, 0BF8A6EC3DF35A49CF6F20B9E315232F7B7771B3B48A39F0B16167C1451C72C7 ] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
07:44:46.0162 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc - ok
07:44:46.0162 0x18d8 [ 27B9E163740A226B65E4B9E186117911, 17411C6A6C1E699BC4B0C04D782FD9AA09CF577DBA41E743F7588904D489CB9F ] C:\Program Files\Windows Portable Devices\sqmapi.dll
07:44:46.0162 0x18d8 C:\Program Files\Windows Portable Devices\sqmapi.dll - ok
07:44:46.0172 0x18d8 [ 177A1CBE1920942B87487D06EF31BA50, 43069BE19DF7BAB9F4D3D04BC453DC7B83A4CF9AB01126BB92EB41FF790A68D6 ] C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSplh08.dll
07:44:46.0172 0x18d8 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSplh08.dll - ok
07:44:46.0172 0x18d8 [ 2E7ADF9B0389CD94605717784D7E416A, A8E478A2FAE9013921B41E8929F92006AC17B7961FA60D807E9BA6C1C66E1DC6 ] C:\Windows\System32\drttransport.dll
07:44:46.0172 0x18d8 C:\Windows\System32\drttransport.dll - ok
07:44:46.0172 0x18d8 [ C57BC99A4467B3E8F1CC2184A3F46729, 5DF1CFE59E597CEC6E6C1C3945D5FA4DE487E811F08D4E1A6ACC83932D5FDB42 ] C:\Windows\System32\drt.dll
07:44:46.0172 0x18d8 C:\Windows\System32\drt.dll - ok
07:44:46.0172 0x18d8 ================ Scan generic autorun ======================
07:44:46.0292 0x18d8 [ 04DC919865A7CF29CF9F19F00D1EB646, D9EEA61EB625A1833813C7D61A7D095A161830E6B27BCA4B4157D6502DE137EA ] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
07:44:46.0322 0x18d8 DellStage - ok
07:44:46.0702 0x18d8 [ 569AC1376B12D4083FC66CC7A304F234, DD209F09573F10A77D710E30EF3D0461D2E8F4E5F18106B18EFB587C88393460 ] c:\Program Files\Microsoft Security Client\msseces.exe
07:44:46.0722 0x18d8 MSC - ok
07:44:46.0772 0x18d8 [ ABAEEE966953092F013902849495E588, C1760F10AFCDF9F510A35508DD7DFB52FAE4BEB1C2F422C714E2587917CB8312 ] C:\Windows\system32\igfxtray.exe
07:44:46.0782 0x18d8 IgfxTray - ok
07:44:46.0872 0x18d8 [ 6200A37004340CBC2BA7BD585285513D, 44102F31F0223DA8633A9E44C4C15780D0CFDD9FD7D33F23F128C523087AB330 ] C:\Windows\system32\hkcmd.exe
07:44:46.0882 0x18d8 HotKeysCmds - ok
07:44:46.0932 0x18d8 [ C0798E90F54A10E37001CE26E51D3793, 58FCA9D3562138CF177E000DB1839FAF479F3A40139ABD366F4328F8D51FB917 ] C:\Windows\system32\igfxpers.exe
07:44:46.0942 0x18d8 Persistence - ok
07:44:47.0242 0x18d8 [ EBE1962DC5EEFC13D20543013A891ABC, E6E993B38267D17EF4FFAD8870817DA0D65405C920177D077FA3FD7B98DB4C3D ] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
07:44:47.0262 0x18d8 Dell DataSafe Online - ok
07:44:47.0492 0x18d8 [ 6BA03B5AF0B49BFEFC5DF84C8DBE5209, C1C77823C4E97F70CCA10777C213A70E74FD372B74C96AA6D00D147A8B9656F4 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
07:44:47.0502 0x18d8 Adobe Reader Speed Launcher - ok
07:44:47.0632 0x18d8 [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
07:44:47.0652 0x18d8 Adobe ARM - ok
07:44:47.0702 0x18d8 [ A7749965A3923D024922A86BAAECAFF4, 70CC52E58881F405B334EDE68913EAB1B7FADBFB19B92F42B40E4737C6F073F7 ] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
07:44:47.0712 0x18d8 RoxWatchTray - ok
07:44:47.0962 0x18d8 [ 4164A47F3A2DA7EA44572904C3DF44A4, 192097A694949269CD642C4F832715F48F4448669951D027DBECE9D873E9DA94 ] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
07:44:47.0972 0x18d8 Desktop Disc Tool - ok
07:44:48.0152 0x18d8 [ 918850CDD168605454665D160B034837, 1D2E61C72DD8854837281A618A7DD7F47054EFF912DF4736690304B3794918A3 ] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
07:44:48.0172 0x18d8 NeroLauncher - ok
07:44:48.0232 0x18d8 [ 0771B5F987FDCF35B7B218C6AE7AA868, F68240A0291160A97950EFB92A5B2F7B4798E4E9F643D452E0C9DA9DC6A3F3BF ] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
07:44:48.0252 0x18d8 AccuWeatherWidget - ok
07:44:48.0682 0x18d8 [ 2589FFE360BED8F824CBC6171CB5B874, 4C532EE4707F9B4314AF7FC88C86B48AFCDE03A2097919F9801BE47EB5CC61EB ] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
07:44:48.0722 0x18d8 LogitechQuickCamRibbon - ok
07:44:48.0872 0x18d8 [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
07:44:48.0872 0x18d8 APSDaemon - ok
07:44:49.0052 0x18d8 [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
07:44:49.0052 0x18d8 HP Software Update - ok
07:44:49.0232 0x18d8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
07:44:49.0292 0x18d8 Sidebar - ok
07:44:49.0312 0x18d8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
07:44:49.0322 0x18d8 mctadmin - ok
07:44:49.0372 0x18d8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
07:44:49.0392 0x18d8 Sidebar - ok
07:44:49.0392 0x18d8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
07:44:49.0402 0x18d8 mctadmin - ok
07:44:50.0002 0x18d8 [ 390679F7A217A5E73D756276C40AE887, 3EDFB645B2F58864E653C66516D6D48C4F9D691CFD51D91D4D88E316EE7B7177 ] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
07:44:50.0032 0x18d8 SpybotSD TeaTimer - ok
07:44:50.0412 0x18d8 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
07:44:50.0432 0x18d8 Sidebar - ok
07:44:50.0482 0x18d8 Skype - ok
07:44:50.0672 0x18d8 [ 48C3EBD6D5E52AFCB1A0FA9B7F9802FA, 4F2E27AA8305FFC94F65C65C5FDB8462C92ED02A7B37627404382C3CAB65AC59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
07:44:50.0702 0x18d8 iCloudServices - ok
07:44:50.0722 0x18d8 [ 799BCC829F48F19C5689478179060435, 495C6E363982F7BE1785A46C12ED4AC99E0AF98F340F1CE3C55D39EBE6FE33AA ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
07:44:50.0722 0x18d8 ApplePhotoStreams - ok
07:44:50.0772 0x18d8 [ DAB55357D9CC9A76052F4472EBD5C729, 6028463D46079D1D8AD564197B54D89035AD85472A80ABA2FD11D3F7A91FCAD4 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
07:44:50.0822 0x18d8 AppleIEDAV - ok
07:44:50.0822 0x18d8 Waiting for KSN requests completion. In queue: 24
07:44:51.0822 0x18d8 Waiting for KSN requests completion. In queue: 24
07:44:52.0822 0x18d8 Waiting for KSN requests completion. In queue: 24
07:44:53.0832 0x18d8 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x61000 ( enabled : updated )
07:44:53.0892 0x18d8 Win FW state via NFP2: enabled
07:44:56.0353 0x18d8 ============================================================
07:44:56.0353 0x18d8 Scan finished
07:44:56.0353 0x18d8 ============================================================
07:44:56.0353 0x18c4 Detected object count: 0
07:44:56.0353 0x18c4 Actual detected object count: 0
LiquidTension
2014-06-20, 15:45
Hi Maureen,
Please attach the TDSSKiller log in your next reply.
To do this, click the Paper Clip in the first row of BBCode, and follow the prompts to attach the file.
Thank you. :)
Hi, Adam,
After this scans I can click on the report but it does not save anywhere so I just did my own text file save. Just tried to attach and send but the problem remains that the file is too big to send. I am attaching the screen shot with the error msg. Do I compress it?
LiquidTension
2014-06-20, 22:26
Yes, please create a compressed folder, place the text document inside and attach the compressed folder. :)
Here is the compressed TDDSKiller text log
LiquidTension
2014-06-21, 07:41
Hi Maureen,
Thank you for attaching the log. I do not see any signs of Zbot on your computer. The Spybot detection was for a generic threat (Zbot.gen) that may have behaved like Zbot. Your version of Spybot is also outdated, which may impact detection. However, I would still like to see the log created. Please locate the relevant log (that contains the Zbot.gen detection), copy and paste it in your next reply. You may find this link (http://forums.spybot.info/showthread.php?54029-Where-is-the-Spybot-Log-File) helps locate the log.
Considering your version is heavily outdated, I would like to uninstall Spybot for now. We can reinstall the updated version later.
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for Spybot - Search & Destroy, right-click and click Uninstall.
Follow the prompts.
STEP 1
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
Copy the entire contents of the codebox below and paste into the Notepad document.
start
SearchScopes: HKLM-x32 - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://search.chatzum.com/?q={searchTerms}
SearchScopes: HKLM-x32 - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://search.chatzum.com/?q={searchTerms}
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKLM-x32 - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YXxdm003YYus&ptb=D20CA6D2-67BB-4B16-B801-67AC3EF1A618&ind=2012012515&ptnrS=YXxdm003YYus&si=CPTN3LWH7K0CFQnd4AodmlJ97Q&n=77ecdfe3&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL =
SearchScopes: HKLM-x32 - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YO^xdm135^YYA^us&si=314029&ptb=3AF0B5F2-5A43-4A18-8482-542E3287C45C&psa=&ind=2014012022&st=sb&n=780b6276&searchfor={searchTerms}
FF Extension: InboxAce - C:\Users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default\Extensions\1gffxtbr@InboxAce_1g.com [2014-06-05]
HKLM-x32\...\Run: [] => [X]
C:\Users\The Arnolds\AppData\Local\Temp\*.*
Task: {53A49C41-48C3-4636-952A-EE308B1A92AA} - \Security Center Update - 2855993320 No Task File <==== ATTENTION
Task: {587DBF42-2B68-4196-AFB9-1861CA0C7A62} - \Security Center Update - 2142642058 No Task File <==== ATTENTION
Task: {602E62B3-0434-4C3E-A076-AA8C922DF28F} - \Security Center Update - 430648085 No Task File <==== ATTENTION
Task: {DC0BE39B-3027-4087-A94F-8F57D73D9494} - \Security Center Update - 2612136593 No Task File <==== ATTENTION
Task: {F9941DEB-9224-4E7A-ADCE-9F4D3BF50DED} - \Security Center Update - 3780038812 No Task File <==== ATTENTION
Folder: C:\Users\Greg\AppData\Roaming\Ymnaeh
Folder: C:\Users\Greg\AppData\Roaming\Ucoxmeak
Folder: C:\Users\Greg\AppData\Roaming\Ogivxa
Folder: C:\Users\Greg\AppData\Roaming\Diimuvzi
Folder: C:\Users\Greg\AppData\Roaming\Untieci
Folder: C:\Users\Greg\AppData\Roaming\Foikuv
Folder: C:\Users\Greg\AppData\Roaming\Haciew
Folder: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
end
Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST64.exe.
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
Right-Click FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop.Copy the contents of the log and paste in your next reply.
STEP 2
http://i.imgur.com/nSymGHK.png Folder Options
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type Control Folders and click OK.
Click View. Under Hidden files and folders:
Place a checkmark next to Show hidden files, folders and drives.
Remove the checkmark next to Hide extensions for known file types.
Remove the checkmark next to Hide protected operating system Files (Recommended).
Click Apply followed by OK.
STEP 3
http://i.imgur.com/nWhGEI3.png VirusTotal Upload
Please go to VirusTotal.com (https://www.virustotal.com/#file).
Click Choose File and locate the following file:
C:\Windows\system32\Drivers\lvuvc.hs
Click Scan it!.
If you receive the following notification: File already analysed click Reanalyse.
Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply.
Please do the same for the files below:
C:\Windows\system32\drivers\buddqjrj.sys
C:\Windows\system32\drivers\bxdjryrn.sys
C:\Users\Greg\AppData\Local\eagrnepa
======================================================
STEP 4
http://i.imgur.com/pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
Spybot log
Did Spybot uninstall successfully?
Fixlog.txt
VirusTotal results (4 URLs)
Hi, Adam,
Before I read and follow your instructions, I will tell you that Spybot did not pick up the Zbot, it was Microsoft Security Essentials. And even when I ran the scan and removed it, almost immediately, I would get another message from MSE that there was a Zbot. It also picked up Kuluoz.D. Should I run MSE and send you anything from that? Or not worry about that and continue with the "homework" you have sent me?
Here is the screen shot from the last scan I did. Also, a side note, the icon for MSE disappears from the task bar occasionally when I reboot, in addition to some of the other icons. Not sure if that is anything related to any of this.
Thanks.
LiquidTension
2014-06-21, 13:54
Hi Maureen,
Does MSE provide the filename of the various detections? Please have a look, and note down the filenames (along with the associated detection) if available.
Then proceed with the instructions in my previous post. If you cannot find the filenames, please proceed with my instructions anyway.
Hi, Adam,
Uninstalled Spybot ok.
Fixlist log text below.
Changed folder options
Cannot find file for VirusTotal.com - I can find the file if I just go through the menu but when I choose file on the virustotal website, it does not show up. I am attaching the screen shot of what I get. Any suggestions?
I am heading out for the day, possibly overnight so I won't be back until tomorrow night. Don't want you to think I'm ignoring you! I'd rather be sitting here than rebuilding a deck from Superstorm Sandy, believe me! lol
Thanks for all your help. I will wait to see what you need me to do next.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-06-2014 01
Ran by The Arnolds at 2014-06-21 08:04:26 Run:1
Running from C:\Users\The Arnolds\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
SearchScopes: HKLM-x32 - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://search.chatzum.com/?q={searchTerms}
SearchScopes: HKLM-x32 - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://search.chatzum.com/?q={searchTerms}
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKLM-x32 - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YXxdm003YYus&ptb=D20CA6D2-67BB-4B16-B801-67AC3EF1A618&ind=2012012515&ptnrS=YXxdm003YYus&si=CPTN3LWH7K0CFQnd4AodmlJ97Q&n=77ecdfe3&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {38bc6857-67fa-4358-afae-28e0f9ad2128} URL =
SearchScopes: HKLM-x32 - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YO^xdm135^YYA^us&si=314029&ptb=3AF0B5F2-5A43-4A18-8482-542E3287C45C&psa=&ind=2014012022&st=sb&n=780b6276&searchfor={searchTerms}
FF Extension: InboxAce - C:\Users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default\Extensions\1gffxtbr@InboxAce_1g.com [2014-06-05]
HKLM-x32\...\Run: [] => [X]
C:\Users\The Arnolds\AppData\Local\Temp\*.*
Task: {53A49C41-48C3-4636-952A-EE308B1A92AA} - \Security Center Update - 2855993320 No Task File <==== ATTENTION
Task: {587DBF42-2B68-4196-AFB9-1861CA0C7A62} - \Security Center Update - 2142642058 No Task File <==== ATTENTION
Task: {602E62B3-0434-4C3E-A076-AA8C922DF28F} - \Security Center Update - 430648085 No Task File <==== ATTENTION
Task: {DC0BE39B-3027-4087-A94F-8F57D73D9494} - \Security Center Update - 2612136593 No Task File <==== ATTENTION
Task: {F9941DEB-9224-4E7A-ADCE-9F4D3BF50DED} - \Security Center Update - 3780038812 No Task File <==== ATTENTION
Folder: C:\Users\Greg\AppData\Roaming\Ymnaeh
Folder: C:\Users\Greg\AppData\Roaming\Ucoxmeak
Folder: C:\Users\Greg\AppData\Roaming\Ogivxa
Folder: C:\Users\Greg\AppData\Roaming\Diimuvzi
Folder: C:\Users\Greg\AppData\Roaming\Untieci
Folder: C:\Users\Greg\AppData\Roaming\Foikuv
Folder: C:\Users\Greg\AppData\Roaming\Haciew
Folder: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
end
*****************
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}' => Key deleted successfully.
'HKCR\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{38bc6857-67fa-4358-afae-28e0f9ad2128}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{38bc6857-67fa-4358-afae-28e0f9ad2128}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{38bc6857-67fa-4358-afae-28e0f9ad2128}' => Key deleted successfully.
'HKCR\CLSID\{38bc6857-67fa-4358-afae-28e0f9ad2128}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{8fe8d013-c3fd-4802-af48-79274e9f969e}'=> Key not found.
C:\Users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default\Extensions\1gffxtbr@InboxAce_1g.com => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"C:\Users\The Arnolds\AppData\Local\Temp\*.*" directory move:
Could not move "C:\Users\The Arnolds\AppData\Local\Temp\*.*" directory. => Scheduled to move on reboot.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53A49C41-48C3-4636-952A-EE308B1A92AA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53A49C41-48C3-4636-952A-EE308B1A92AA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2855993320' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{587DBF42-2B68-4196-AFB9-1861CA0C7A62}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{587DBF42-2B68-4196-AFB9-1861CA0C7A62}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2142642058' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{602E62B3-0434-4C3E-A076-AA8C922DF28F}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{602E62B3-0434-4C3E-A076-AA8C922DF28F}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 430648085' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC0BE39B-3027-4087-A94F-8F57D73D9494}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC0BE39B-3027-4087-A94F-8F57D73D9494}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2612136593' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9941DEB-9224-4E7A-ADCE-9F4D3BF50DED}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9941DEB-9224-4E7A-ADCE-9F4D3BF50DED}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3780038812' => Key deleted successfully.
========================= Folder: C:\Users\Greg\AppData\Roaming\Ymnaeh ========================
====== End of Folder: ======
========================= Folder: C:\Users\Greg\AppData\Roaming\Ucoxmeak ========================
====== End of Folder: ======
========================= Folder: C:\Users\Greg\AppData\Roaming\Ogivxa ========================
====== End of Folder: ======
========================= Folder: C:\Users\Greg\AppData\Roaming\Diimuvzi ========================
====== End of Folder: ======
========================= Folder: C:\Users\Greg\AppData\Roaming\Untieci ========================
====== End of Folder: ======
========================= Folder: C:\Users\Greg\AppData\Roaming\Foikuv ========================
====== End of Folder: ======
========================= Folder: C:\Users\Greg\AppData\Roaming\Haciew ========================
====== End of Folder: ======
========================= Folder: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 ========================
2012-08-21 13:01 - 2012-08-21 13:01 - 1977816 _____ (GEAR Software, Inc.) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe
2014-06-09 16:18 - 2014-06-09 16:18 - 0000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64
2012-08-21 13:01 - 2012-08-21 13:01 - 0519048 _____ (Microsoft Corporation) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxAPI.dll
2012-08-21 13:01 - 2012-08-21 13:01 - 0131544 _____ (GEAR Software, Inc.) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe
2014-06-09 16:18 - 2014-06-09 16:18 - 0004842 _____ () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxInstallLog.txt
2012-08-21 13:01 - 2012-08-21 13:01 - 0106928 _____ (GEAR Software Inc.) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi.dll
2012-08-21 13:01 - 2012-08-21 13:01 - 0125872 _____ (GEAR Software Inc.) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi64.dll
2012-08-21 13:01 - 2012-08-21 13:01 - 0002561 _____ () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspiWDM.inf
2012-08-21 13:01 - 2012-08-21 13:01 - 0007638 _____ () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\gearaspiwdmx64.cat
2014-06-09 16:18 - 2014-06-09 16:18 - 0000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64
2012-08-21 13:01 - 2012-08-21 13:01 - 0033240 _____ (GEAR Software Inc.) C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64\GEARAspiWDM.sys
====== End of Folder: ======
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-21 08:05:50)<=
"C:\Users\The Arnolds\AppData\Local\Temp\*.*" => Directory could not move.
==== End of Fixlog ====
Forgot to send spybot log....sorry
--- Report generated: 2014-06-14 12:04 ---
Fraud.FedexWord: [SBI $04FDF9E1] User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1003\Software\Microsoft\Sft
Zedo: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)
BurstMedia: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)
CasaleMedia: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)
BurstMedia: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)
BurstMedia: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)
Statcounter: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)
MediaPlex: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)
Zedo: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)
FastClick: Tracking cookie (Internet Explorer: Greg) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-04-14 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-05-27 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-08 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2014-03-03 Includes\Malware-000.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-03-03 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-05-09 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-05-27 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Security.sbi (*)
2014-01-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2014-01-28 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-13 Includes\Spyware.sbi (*)
2014-01-08 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2014-01-15 Includes\Trojans-000.sbi (*)
2014-02-26 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-28 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-03-14 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-02-19 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-01-09 Includes\Trojans-020.sbi (*)
2014-01-09 Includes\Trojans-021.sbi (*)
2014-01-09 Includes\Trojans-022.sbi (*)
2014-01-09 Includes\Trojans-023.sbi (*)
2014-05-27 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-13 Includes\Trojans-VM-025.sbi (*)
2014-01-13 Includes\Trojans-VM-026.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-03-14 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2010-03-10 Includes\TrojansC-01.sbi (*)
2014-01-09 Includes\TrojansC-02.sbi (*)
2014-01-09 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-09 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
LiquidTension
2014-06-21, 17:10
Hello Maureen,
I am heading out for the day, possibly overnight so I won't be back until tomorrow night. Don't want you to think I'm ignoring you! I'd rather be sitting here than rebuilding a deck from Superstorm Sandy, believe me! lol
Rather you than me. ;) Good luck!
Forgot to send spybot log....sorry
Not a problem. Please do not forget to answer my question on the MSE detections as well. Does MSE provide a filename?
Cannot find file for VirusTotal.com - I can find the file if I just go through the menu but when I choose file on the virustotal website, it does not show up. I am attaching the screen shot of what I get. Any suggestions?
Using Windows Explorer, please navigate to the location of the files. Right-click each file and click Copy. Paste the files onto your desktop. You should now have 4 copied files on your desktop.
Please repeat the VirusTotal upload - only this time, scan the files you copied to your desktop.
======================================================
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
Does MSE provide filenames for the detections? If so, what are they?
VirusTotal results for files copied to desktop (4 URLs).
I'm back, Adam, change of plans. No deck work yet, just pitching leftover sheetrock and tossing stuff! Home now and will probably head back out tomorrow morning. For now, I will play catch up on everything.
I do not see any logs or filenames from MSE - the only thing I see is what is on the screen shot I sent to you.
I could only find two of the four files you want me to scan. The other two are not there. Here are the URLs
lvuvc.hs results
https://www.virustotal.com/en/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1403380841/
eagrnepa results
https://www.virustotal.com/en/file/5aa364930614dbe6b0f67a701e7bfd13fa5b6b7ed76dbdc1cfabab4529df5e86/analysis/1403380972/
On another side note, I shut down the computer each time I post to you. When I see on my IPad that you have responded, I turn the computer on again. Sometimes, not each time, I get two error msgs about ERUNT. I am attaching the first error screen shot here. I will copy the second one the next time it happens. Not sure if this is something or nothing to worry about. I mentioned that sometimes the task bar icons don't show up. This time they all did. Not sure what that glitch is all about. Weird too, is that the shade of green for the MSE and Slype icons has changed....strange, huh? I know, very strange.
Thanks so much!
Ok, my bad. :rolleyes: I did just find the file locations of the stuff that was picked up in the MSE scan. So sorry - I'm sure you are tearing your hair out at my ineptness! Here is the info:
TrojanDownloader:Win32/Kuluoz.D
file:C:\Users\Greg\AppData\Local\ugipkiae.exe
regkey:HKCU@S-1-5-21-2307240755-147757143-1248280979-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\rasdxdbw
runkey:HKCU@S-1-5-21-2307240755-147757143-1248280979-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\rasdxdbw
PWS:Win32/Zbot
file:C:\Users\Greg\AppData\Roaming\Ymnaeh\imhoma.exe
regkey:HKCU@S-1-5-21-2307240755-147757143-1248280979-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Arafaqguuh
runkey:HKCU@S-1-5-21-2307240755-147757143-1248280979-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Arafaqguuh
PWS:Win32/Zbot.gen!AP
The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.
Items:
process:pid:3736,ProcessStart:130472358946706584
process:pid:5796,ProcessStart:130472359159246957
PWS:Win32/Zbot.gen!AP
Items:
process:pid:3736,ProcessStart:130472358946706584
process:pid:5796,ProcessStart:130472359159246957
Hope this is what you need. Let me know if not and I will try again. Thanks!
Here is the second error msg I sometimes get when I reboot. I just keep hitting "No" but maybe you can tell me if I should be hitting "Yes" and following up on it.
Also, my MSE icon is here but telling me that it is turned off. I did not turn it off yesterday so not sure what that's about either. When I clicked on the icon to turn program on, it changed back to green and now says I am protected. That's the first time that has happened. Thanks!
LiquidTension
2014-06-22, 15:09
Hello Maureen,
I'm sure you are tearing your hair out at my ineptness!
Not at all. :)
I could only find two of the four files you want me to scan. The other two are not there. Here are the URLs
Not too worry. Thank you for the URLs.
Sometimes, not each time, I get two error msgs about ERUNT.
This error is caused by the UAC (User Account Control) blocking ERUNT. We can stop the error by removing ERUNT from starting up at boot.
I mentioned that sometimes the task bar icons don't show up.
By "task bar", are you referring to the Notification Area (often referred to as the "System Tray")?
http://i.imgur.com/Oc8cARH.png
Weird too, is that the shade of green for the MSE and Slype icons has changed....strange, huh? I know, very strange.
This may be coincidental, related to the issue described above, or something completely different. Difficult to say. I can't really comment on this at the moment.
STEP 1
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
Copy the entire contents of the codebox below and paste into the Notepad document (do not include the word "Quote").
start
S1 buddqjrj; \??\C:\Windows\system32\drivers\buddqjrj.sys [X]
S1 bxdjryrn; \??\C:\Windows\system32\drivers\bxdjryrn.sys [X]
Startup: C:\Users\The Arnolds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
C:\Users\Greg\AppData\Roaming\Ymnaeh
C:\Users\Greg\AppData\Roaming\Ucoxmeak
C:\Users\Greg\AppData\Roaming\Ogivxa
C:\Users\Greg\AppData\Roaming\Diimuvzi
C:\Users\Greg\AppData\Roaming\Untieci
C:\Users\Greg\AppData\Roaming\Foikuv
C:\Users\Greg\AppData\Roaming\Haciew
end
Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST64.exe.
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
Right-Click FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop.Copy the contents of the log and paste in your next reply.
STEP 2
http://i.imgur.com/V5fS8AB.png Windows Explorer
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type Explorer and click OK.
Navigate to the following folder: C:\ProgramData\Microsoft\Microsoft Antimalware\Quarantine
Without double-clicking or opening any files, confirm the presence of the following file in the quarantine: C:\Users\Greg\AppData\Roaming\Ymnaeh\imhoma.exe.
Proceed with STEP 3.
STEP 3
http://i.imgur.com/nWhGEI3.png VirusTotal Upload
Please go to VirusTotal.com (https://www.virustotal.com/#file).
Click Choose File and locate the file you found in STEP 2. Select the file.
Click Scan it!.
If you receive the following notification: File already analysed click Reanalyse.
======================================================
STEP 4
http://i.imgur.com/pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
Were you referring to the Notification Area icons (as shown in the image)?
Fixlog.txt
VirusTotal results
Hi, Adam,
Yes, I was referring to the Notification Area icons.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by The Arnolds at 2014-06-22 19:39:51 Run:2
Running from C:\Users\The Arnolds\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
S1 buddqjrj; \??\C:\Windows\system32\drivers\buddqjrj.sys [X]
S1 bxdjryrn; \??\C:\Windows\system32\drivers\bxdjryrn.sys [X]
Startup: C:\Users\The Arnolds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
C:\Users\Greg\AppData\Roaming\Ymnaeh
C:\Users\Greg\AppData\Roaming\Ucoxmeak
C:\Users\Greg\AppData\Roaming\Ogivxa
C:\Users\Greg\AppData\Roaming\Diimuvzi
C:\Users\Greg\AppData\Roaming\Untieci
C:\Users\Greg\AppData\Roaming\Foikuv
C:\Users\Greg\AppData\Roaming\Haciew
end
*****************
buddqjrj => Service deleted successfully.
bxdjryrn => Service deleted successfully.
C:\Users\The Arnolds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk => Moved successfully.
C:\Program Files (x86)\ERUNT\AUTOBACK.EXE => Moved successfully.
C:\Users\Greg\AppData\Roaming\Ymnaeh => Moved successfully.
C:\Users\Greg\AppData\Roaming\Ucoxmeak => Moved successfully.
C:\Users\Greg\AppData\Roaming\Ogivxa => Moved successfully.
C:\Users\Greg\AppData\Roaming\Diimuvzi => Moved successfully.
C:\Users\Greg\AppData\Roaming\Untieci => Moved successfully.
C:\Users\Greg\AppData\Roaming\Foikuv => Moved successfully.
C:\Users\Greg\AppData\Roaming\Haciew => Moved successfully.
==== End of Fixlog ====
There is nothing in the Quarantine folder in Microsoft. The folder has three folders in it. All three are empty. "Entries", "Resource Data", and "Resources"
Nothing to scan in VirusTotal
Thanks!
LiquidTension
2014-06-24, 14:26
Hello Maureen,
There is nothing in the Quarantine folder in Microsoft. The folder has three folders in it. All three are empty. "Entries", "Resource Data", and "Resources"
Nothing to scan in VirusTotal
Thank you for checking. We will proceed without the VirusTotal scan.
Yes, I was referring to the Notification Area icons.
We will deal with your Notification Area icons towards the end. For now, please proceed with the following tools.
STEP 1
http://i.imgur.com/BY4dvz9.png AdwCleaner
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
STEP 2
http://i.imgur.com/E3feWj5.png Junkware Removal Tool (JRT)
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) and save the file to your desktop.
Note: If you unchecked any items in AdwCleaner, please backup the associated files/folders prior to running JRT.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Right-Click JRT.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts and allow the scan to run uninterrupted.
Upon completion, a log (JRT.txt) will open on your desktop.
Re-enable your anti-virus software.
Copy the contents of JRT.txt and paste in your next reply.
======================================================
STEP 3
http://i.imgur.com/pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
AdwCleaner[S0].txt
JRT.txt
Hi, Adam,
I did the first scan, copied and pasted into the new thread but did not save the txt file on my desktop. Then did the second scan and walked away from the computer. Came back in 10 minutes to see that the computer must have rebooted so the thread is no longer active and the stuff I pasted in there (the AdwCleaner[SO]) is gone. Before realizing this, I copied the JRT file so what I had originally copied was no longer available. Here is the JRT text
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by The Arnolds on Tue 06/24/2014 at 15:40:17.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\The Arnolds\appdata\locallow\minddabble_4p"
~~~ FireFox
Emptied folder: C:\Users\The Arnolds\AppData\Roaming\mozilla\firefox\profiles\3r6yn46d.default\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/24/2014 at 15:44:33.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I am pasting the AdwCleaner[RO] below in hopes that you can glean something from it. So sorry for not paying attention during the second scan. Let me know if there is something I can do to retrieve it for you. Thanks.
# AdwCleaner v3.213 - Report created 24/06/2014 at 15:29:32
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : The Arnolds - 2011
# Running from : C:\Users\The Arnolds\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\chatzum_nt.exe
Folder Found : C:\Program Files (x86)\ChatZum Toolbar
Folder Found : C:\Users\Greg\AppData\LocalLow\iac
Folder Found : C:\Users\Greg\AppData\LocalLow\InboxAce_1g
Folder Found : C:\Users\The Arnolds\AppData\LocalLow\InboxAce_1g
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\ChatZum Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\ChatZum Toolbar
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\Software\ChatZum Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_htc-home-for-windows_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_htc-home-for-windows_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (en-US)
[ File : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\26h841ax.default\prefs.js ]
[ File : C:\Users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [3624 octets] - [24/06/2014 15:29:32]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3684 octets] ##########
LiquidTension
2014-06-25, 20:39
Hello Maureen,
Let me know if there is something I can do to retrieve it for you.
Press the Windows Start button, and type AdwCleaner[S0] in the Search bar. A text file should appear - copy the contents of the file and paste in your next reply.
I would like to get a fresh FRST scan to ensure no adware/malware entries remain in your logs. Please provide an update on your computer's performance as well. Excluding the issue with your Notification Area icons, are you experiencing any issues?
Right-click FRST64.exe and select Run as administrator.
Ensure the Addition box is checked.
Click Scan.
Copy the contents of FRST.txt and Addition.txt and paste in your next reply.
Hi, Adam,
I typed AdwCleaner[SO] but got "no results found". I'm so sorry if I did something to make it disappear. As far as any performance issues, I only saw what MSE picked up on a regular scan and it scared me a lot! There have not been any "quirky" issues that I have noticed. To be fair, however, I have not really spent any time on the computer with the exception of coming here to work with you. Occasionally checking my mail or googling something but that is it.
I just tried to send with both txt files pasted but again, got the error msg so please find Addition.txt pasted in the next submission. Thanks so much!
Below are the txt files you asked for. Thanks so much!
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by The Arnolds (administrator) on 2011 on 25-06-2014 19:27:00
Running from C:\Users\The Arnolds\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2307240755-147757143-1248280979-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default
FF Homepage: hxxp://home.ancestry.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-30]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-30]
==================== Services (Whitelisted) =================
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-24 15:44 - 2014-06-24 15:44 - 00000864 _____ () C:\Users\The Arnolds\Desktop\JRT.txt
2014-06-24 15:40 - 2014-06-24 15:40 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 15:38 - 2014-06-24 15:38 - 01016261 _____ (Thisisu) C:\Users\The Arnolds\Desktop\JRT.exe
2014-06-24 15:31 - 2014-06-24 15:31 - 00003780 _____ () C:\Users\The Arnolds\Desktop\1 AdwCleaner[R0].txt
2014-06-24 15:29 - 2014-06-24 15:58 - 00000000 ____D () C:\AdwCleaner
2014-06-24 15:28 - 2014-06-24 15:28 - 01342659 _____ () C:\Users\The Arnolds\Desktop\AdwCleaner.exe
2014-06-21 15:58 - 2014-06-12 11:34 - 00068609 _____ () C:\Users\The Arnolds\Desktop\eagrnepa
2014-06-21 15:54 - 2014-06-21 15:43 - 00000000 _____ () C:\Users\The Arnolds\Desktop\lvuvc.hs
2014-06-21 08:04 - 2014-06-22 19:39 - 00000000 ____D () C:\Users\The Arnolds\Desktop\FRST-OlderVersion
2014-06-20 16:52 - 2014-06-20 16:52 - 00127045 _____ () C:\Users\The Arnolds\Desktop\TDSSKiller log.zip
2014-06-19 19:58 - 2014-06-19 19:58 - 00000512 _____ () C:\Users\The Arnolds\Desktop\MBR.dat
2014-06-19 17:21 - 2014-06-19 17:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\The Arnolds\Desktop\tdsskiller.exe
2014-06-19 17:16 - 2014-06-19 17:16 - 00029968 _____ () C:\Users\The Arnolds\Desktop\Addition.txt
2014-06-19 17:15 - 2014-06-25 19:27 - 00015194 _____ () C:\Users\The Arnolds\Desktop\FRST.txt
2014-06-19 17:15 - 2014-06-25 19:27 - 00000000 ____D () C:\FRST
2014-06-19 17:14 - 2014-06-22 19:39 - 02082816 _____ (Farbar) C:\Users\The Arnolds\Desktop\FRST64.exe
2014-06-16 19:14 - 2014-06-16 19:14 - 00002728 _____ () C:\Users\The Arnolds\Desktop\aswMBR.zip
2014-06-16 19:06 - 2014-06-19 19:58 - 00002292 _____ () C:\Users\The Arnolds\Desktop\aswMBR.txt
2014-06-16 19:02 - 2014-06-16 19:02 - 04745728 _____ (AVAST Software) C:\Users\The Arnolds\Desktop\aswMBR.exe
2014-06-16 19:01 - 2014-06-16 19:01 - 00023616 _____ () C:\Users\The Arnolds\Desktop\dds.txt
2014-06-16 19:01 - 2014-06-16 19:01 - 00006293 _____ () C:\Users\The Arnolds\Desktop\attach.txt
2014-06-16 18:59 - 2014-06-16 18:59 - 00000000 ____D () C:\Windows\ERDNT
2014-06-16 18:58 - 2014-06-22 19:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-16 18:58 - 2014-06-16 18:58 - 00000907 _____ () C:\Users\The Arnolds\Desktop\ERUNT.lnk
2014-06-16 18:58 - 2014-06-16 18:58 - 00000907 _____ () C:\Users\Greg\Desktop\ERUNT.lnk
2014-06-16 18:58 - 2014-06-16 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-16 18:57 - 2014-06-16 18:57 - 00791393 _____ (Lars Hederer ) C:\Users\The Arnolds\Desktop\erunt-setup.exe
2014-06-16 18:54 - 2014-06-16 18:54 - 00791393 _____ (Lars Hederer ) C:\Users\The Arnolds\Downloads\erunt-setup.exe
2014-06-14 12:14 - 2014-06-14 12:14 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-06-14 09:06 - 2014-06-14 09:06 - 00000000 ___RD () C:\Users\The Arnolds\Desktop\MySyncUPFiles
2014-06-14 08:36 - 2014-06-14 08:36 - 00000000 ____D () C:\Users\The Arnolds\Desktop\Artwork for Kids
2014-06-14 08:24 - 2014-06-14 08:24 - 00000000 ____D () C:\Users\Greg\Desktop\Carolyn
2014-06-12 11:34 - 2014-06-12 11:34 - 00068609 _____ () C:\Users\Greg\AppData\Local\eagrnepa
2014-06-11 04:06 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 04:06 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 04:06 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 04:06 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 04:06 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 04:06 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 04:06 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 04:06 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 04:06 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 04:06 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 04:06 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 04:06 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 04:06 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 04:06 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 04:06 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 04:06 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 04:06 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 04:06 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 04:06 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 04:06 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 04:06 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 04:06 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 04:06 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 04:06 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 04:06 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 04:06 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 04:06 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 04:06 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 04:06 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 04:06 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 04:06 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 04:06 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 04:06 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 04:06 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 04:06 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 04:06 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 04:06 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 04:06 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 04:05 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 04:05 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 04:05 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 04:05 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 04:05 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 04:05 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 04:05 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 04:05 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 04:05 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 04:05 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 04:05 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 04:05 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 04:05 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 04:05 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 04:05 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 04:05 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 04:05 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 04:05 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 04:05 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 04:05 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 04:05 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 04:05 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 04:05 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 04:05 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 04:05 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 04:05 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 04:05 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 04:05 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 15:01 - 2014-06-10 15:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-09 16:18 - 2014-06-09 16:18 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-09 16:18 - 2014-06-09 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-09 16:17 - 2014-06-09 16:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 16:17 - 2014-06-09 16:18 - 00000000 ____D () C:\Program Files\iTunes
2014-06-09 16:17 - 2014-06-09 16:18 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-09 16:17 - 2014-06-09 16:17 - 00000000 ____D () C:\Program Files\iPod
2014-05-27 12:54 - 2014-05-27 12:54 - 00000000 ____D () C:\Users\The Arnolds\AppData\Local\Macromedia
==================== One Month Modified Files and Folders =======
2014-06-25 19:27 - 2014-06-19 17:15 - 00015194 _____ () C:\Users\The Arnolds\Desktop\FRST.txt
2014-06-25 19:27 - 2014-06-19 17:15 - 00000000 ____D () C:\FRST
2014-06-25 19:26 - 2011-10-12 08:12 - 01678567 _____ () C:\Windows\WindowsUpdate.log
2014-06-25 19:24 - 2011-12-09 12:38 - 00000000 ____D () C:\Users\The Arnolds\AppData\Roaming\Skype
2014-06-25 19:22 - 2013-07-10 20:19 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 19:22 - 2011-10-12 08:57 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-06-25 19:22 - 2011-10-12 08:57 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-06-25 19:22 - 2011-10-12 08:26 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-06-25 19:21 - 2011-12-09 13:28 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-06-25 19:21 - 2010-11-20 23:47 - 00412348 _____ () C:\Windows\PFRO.log
2014-06-25 19:21 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-25 19:21 - 2009-07-14 00:51 - 00068906 _____ () C:\Windows\setupact.log
2014-06-25 13:14 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 13:14 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-24 17:17 - 2012-01-14 15:42 - 00000000 ____D () C:\Users\The Arnolds\AppData\Local\Nero
2014-06-24 17:03 - 2013-07-10 20:19 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-24 15:58 - 2014-06-24 15:29 - 00000000 ____D () C:\AdwCleaner
2014-06-24 15:49 - 2013-05-21 16:05 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-06-24 15:49 - 2011-12-09 13:28 - 00046576 _____ () C:\Windows\system32\lvcoinst.log
2014-06-24 15:44 - 2014-06-24 15:44 - 00000864 _____ () C:\Users\The Arnolds\Desktop\JRT.txt
2014-06-24 15:40 - 2014-06-24 15:40 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 15:38 - 2014-06-24 15:38 - 01016261 _____ (Thisisu) C:\Users\The Arnolds\Desktop\JRT.exe
2014-06-24 15:31 - 2014-06-24 15:31 - 00003780 _____ () C:\Users\The Arnolds\Desktop\1 AdwCleaner[R0].txt
2014-06-24 15:31 - 2012-03-30 18:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-24 15:28 - 2014-06-24 15:28 - 01342659 _____ () C:\Users\The Arnolds\Desktop\AdwCleaner.exe
2014-06-22 19:39 - 2014-06-21 08:04 - 00000000 ____D () C:\Users\The Arnolds\Desktop\FRST-OlderVersion
2014-06-22 19:39 - 2014-06-19 17:14 - 02082816 _____ (Farbar) C:\Users\The Arnolds\Desktop\FRST64.exe
2014-06-22 19:39 - 2014-06-16 18:58 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-21 15:43 - 2014-06-21 15:54 - 00000000 _____ () C:\Users\The Arnolds\Desktop\lvuvc.hs
2014-06-21 08:01 - 2012-04-14 18:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-21 08:01 - 2012-04-14 18:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-21 07:58 - 2013-07-10 20:19 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 07:58 - 2013-07-10 20:19 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 16:52 - 2014-06-20 16:52 - 00127045 _____ () C:\Users\The Arnolds\Desktop\TDSSKiller log.zip
2014-06-20 16:12 - 2011-12-13 09:12 - 00000000 ____D () C:\Users\The Arnolds\AppData\Roaming\SoftGrid Client
2014-06-19 19:58 - 2014-06-19 19:58 - 00000512 _____ () C:\Users\The Arnolds\Desktop\MBR.dat
2014-06-19 19:58 - 2014-06-16 19:06 - 00002292 _____ () C:\Users\The Arnolds\Desktop\aswMBR.txt
2014-06-19 17:21 - 2014-06-19 17:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\The Arnolds\Desktop\tdsskiller.exe
2014-06-19 17:16 - 2014-06-19 17:16 - 00029968 _____ () C:\Users\The Arnolds\Desktop\Addition.txt
2014-06-16 19:26 - 2011-12-01 16:16 - 00000000 ____D () C:\Users\The Arnolds\AppData\Local\VirtualStore
2014-06-16 19:14 - 2014-06-16 19:14 - 00002728 _____ () C:\Users\The Arnolds\Desktop\aswMBR.zip
2014-06-16 19:02 - 2014-06-16 19:02 - 04745728 _____ (AVAST Software) C:\Users\The Arnolds\Desktop\aswMBR.exe
2014-06-16 19:01 - 2014-06-16 19:01 - 00023616 _____ () C:\Users\The Arnolds\Desktop\dds.txt
2014-06-16 19:01 - 2014-06-16 19:01 - 00006293 _____ () C:\Users\The Arnolds\Desktop\attach.txt
2014-06-16 18:59 - 2014-06-16 18:59 - 00000000 ____D () C:\Windows\ERDNT
2014-06-16 18:58 - 2014-06-16 18:58 - 00000907 _____ () C:\Users\The Arnolds\Desktop\ERUNT.lnk
2014-06-16 18:58 - 2014-06-16 18:58 - 00000907 _____ () C:\Users\Greg\Desktop\ERUNT.lnk
2014-06-16 18:58 - 2014-06-16 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-16 18:57 - 2014-06-16 18:57 - 00791393 _____ (Lars Hederer ) C:\Users\The Arnolds\Desktop\erunt-setup.exe
2014-06-16 18:54 - 2014-06-16 18:54 - 00791393 _____ (Lars Hederer ) C:\Users\The Arnolds\Downloads\erunt-setup.exe
2014-06-14 12:14 - 2014-06-14 12:14 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-06-14 12:14 - 2014-03-09 12:43 - 00004954 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for 2011-Greg 2011
2014-06-14 12:14 - 2011-10-12 08:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-06-14 09:06 - 2014-06-14 09:06 - 00000000 ___RD () C:\Users\The Arnolds\Desktop\MySyncUPFiles
2014-06-14 08:45 - 2012-03-24 13:21 - 00000000 ____D () C:\Users\The Arnolds\Documents\genealogy
2014-06-14 08:44 - 2012-10-05 10:23 - 00000000 ____D () C:\Users\The Arnolds\Desktop\unused
2014-06-14 08:36 - 2014-06-14 08:36 - 00000000 ____D () C:\Users\The Arnolds\Desktop\Artwork for Kids
2014-06-14 08:24 - 2014-06-14 08:24 - 00000000 ____D () C:\Users\Greg\Desktop\Carolyn
2014-06-14 07:04 - 2012-06-18 15:20 - 00000000 ____D () C:\Users\Greg\AppData\Local\Nero
2014-06-14 06:42 - 2011-10-12 08:28 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-14 06:42 - 2011-10-12 08:28 - 00000000 ____D () C:\ProgramData\Skype
2014-06-12 11:34 - 2014-06-21 15:58 - 00068609 _____ () C:\Users\The Arnolds\Desktop\eagrnepa
2014-06-12 11:34 - 2014-06-12 11:34 - 00068609 _____ () C:\Users\Greg\AppData\Local\eagrnepa
2014-06-12 08:12 - 2013-11-12 18:42 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-12 07:55 - 2011-10-12 08:45 - 00000000 ____D () C:\ProgramData\Sonic
2014-06-12 03:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 03:19 - 2014-01-09 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 03:03 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:02 - 2011-12-09 18:02 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-10 15:01 - 2014-06-10 15:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-09 16:18 - 2014-06-09 16:18 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-09 16:18 - 2014-06-09 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-09 16:18 - 2014-06-09 16:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 16:18 - 2014-06-09 16:17 - 00000000 ____D () C:\Program Files\iTunes
2014-06-09 16:18 - 2014-06-09 16:17 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-06-09 16:17 - 2014-06-09 16:17 - 00000000 ____D () C:\Program Files\iPod
2014-06-08 05:13 - 2014-06-11 04:05 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-11 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 22:28 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 06:21 - 2014-06-11 04:05 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-11 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-11 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-11 04:05 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-11 04:05 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:39 - 2014-06-11 04:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:38 - 2014-06-11 04:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-11 04:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-11 04:05 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-11 04:05 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-11 04:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:21 - 2014-06-11 04:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:20 - 2014-06-11 04:05 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-11 04:06 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-11 04:05 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-11 04:05 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-11 04:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-11 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-11 04:06 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-11 04:05 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-11 04:05 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-11 04:05 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-11 04:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-11 04:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-11 04:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-11 04:06 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-11 04:06 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-11 04:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-11 04:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-11 04:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-11 04:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-11 04:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-11 04:06 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-11 04:05 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-11 04:05 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-11 04:06 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-11 04:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-11 04:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-11 04:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-11 04:06 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-11 04:05 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-11 04:05 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-11 04:06 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-11 04:05 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-11 04:06 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-11 04:05 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-11 04:06 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-11 04:06 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-11 04:05 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-11 04:06 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-11 04:05 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-11 04:05 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 00:12 - 2012-12-06 08:34 - 00000000 ____D () C:\Users\The Arnolds\AppData\Roaming\Apple Computer
2014-05-27 12:54 - 2014-05-27 12:54 - 00000000 ____D () C:\Users\The Arnolds\AppData\Local\Macromedia
2014-05-26 20:12 - 2012-06-22 13:38 - 00000000 ____D () C:\Users\The Arnolds\Documents\Recipes
2014-05-26 18:21 - 2011-12-01 17:29 - 00000000 ____D () C:\Users\The Arnolds\AppData\Local\Adobe
2014-05-26 18:20 - 2012-03-30 18:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-26 18:20 - 2012-03-30 18:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-26 18:20 - 2011-10-12 08:14 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\Users\The Arnolds\jobq.dat
Some content of TEMP:
====================
C:\Users\The Arnolds\AppData\Local\Temp\jqweil5a.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-08 00:18
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014
Ran by The Arnolds at 2014-06-25 19:28:00
Running from C:\Users\The Arnolds\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C4600 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
FamilySearch Indexing 3.11.0 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.11.0 - FamilySearch)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5 (HKLM\...\{1E1746EF-F5BF-4677-8F30-04FE399130DA}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20010 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PS_AIO_05_C4600_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.14900 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
TrustedID IDMonitor Identity Protection (HKLM-x32\...\{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}) (Version: 1.1.0 - TrustedID Inc)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
==================== Restore Points =========================
07-06-2014 19:27:23 Windows Update
10-06-2014 20:21:07 Windows Update
12-06-2014 07:00:11 Windows Update
16-06-2014 22:58:57 Windows Update
20-06-2014 11:54:03 Windows Update
24-06-2014 19:46:09 Windows Update
==================== Hosts content: ==========================
2009-07-13 22:34 - 2012-04-16 09:42 - 00442669 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {49A290FF-113F-44E0-99D4-35CEC754443D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-10] (Google Inc.)
Task: {517241ED-C24A-4BF5-A069-04076654AEEA} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {584CAE2E-A612-40E5-868C-48DD1FD45CC8} - System32\Tasks\{2CD8D41C-8923-4422-A94E-554C67A7733C} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {637A953F-D675-4575-BDB1-8024C78F3AC3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for 2011-Greg 2011 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-12] (Microsoft Corporation)
Task: {783E7ACB-0D10-4E61-90ED-BBDBC22FDB97} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {7D18245B-57A1-4C62-9CE0-78853CC89742} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {8142211D-2FAA-4ACF-BD4C-1A2BAF75182D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-26] (Adobe Systems Incorporated)
Task: {8CC07400-10E3-480A-993C-468828D5C9D0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-12] (Microsoft Corporation)
Task: {A520B0F6-144C-4F22-AD53-11AC95063C43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-10] (Google Inc.)
Task: {A7F8EF9D-4591-426E-A148-5B66C3493DD7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {B4BFD874-B65E-4E6B-A046-E5A039479898} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BB73F895-56A2-4E6C-AA6F-4401989E6989} - System32\Tasks\{C132595D-2BA6-44BE-98C5-8DCBDED0F80C} => C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE [2013-07-23] (Microsoft Corporation)
Task: {C42AE82E-A9C3-41AE-9CB8-686FA2E84F4E} - \Security Center Update - 2120148171 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-03-08 10:24 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-12 08:11 - 2014-06-12 08:11 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-10-12 08:26 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-10-12 09:52 - 2011-01-27 11:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2012-08-21 15:20 - 2012-08-21 15:20 - 00067496 _____ () C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
2009-10-14 14:36 - 2009-10-14 14:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 14:34 - 2009-10-14 14:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18967481.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20358622.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83227107.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18967481.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20358622.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83227107.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/25/2014 07:23:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/25/2014 01:11:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/24/2014 05:34:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/24/2014 05:02:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/24/2014 03:44:46 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
System errors:
=============
Error: (06/25/2014 07:22:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error: (06/25/2014 07:22:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
Error: (06/24/2014 04:20:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (06/24/2014 04:14:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
Error: (06/25/2014 07:23:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/25/2014 01:11:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/24/2014 05:34:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/24/2014 05:02:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/24/2014 03:44:46 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
==================== Memory info ===========================
Percentage of memory in use: 40%
Total physical RAM: 6056.63 MB
Available physical RAM: 3597.21 MB
Total Pagefile: 12111.44 MB
Available Pagefile: 9501.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:802.84 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 31547343)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)
==================== End Of Log ============================
LiquidTension
2014-06-27, 19:44
Hi Maureen,
Before we proceed, I would like you to please run the following programme, and post back the log generated.
http://i.imgur.com/YjhLJro.png SystemLook
Please download SystemLook (x64) (http://jpshortstuff.247fixes.com/SystemLook_x64.exe) and save the file to your desktop.
Right-Click SystemLook_x64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Copy the entire contents of the codebox below and paste into the textfield.
:filefind
*18967481.sys*
*20358622.sys*
*83227107.sys*
*18967481.sys*
*20358622.sys*
*83227107.sys*
::csinfo
Click the http://i.imgur.com/Ji0XpU4.png button to start the scan.
Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.
Click the http://i.imgur.com/OCFv7xc.png button.
Hi, Adam,
Here you go -
SystemLook 30.07.11 by jpshortstuff
Log created at 20:03 on 27/06/2014 by The Arnolds
Administrator - Elevation successful
========== filefind ==========
Searching for " *18967481.sys*"
No files found.
Searching for " *20358622.sys*"
No files found.
Searching for " *83227107.sys*"
No files found.
Searching for " *18967481.sys*"
No files found.
Searching for " *20358622.sys*"
No files found.
Searching for " *83227107.sys*"
No files found.
Searching for " ::csinfo "
No files found.
-= EOF =-
LiquidTension
2014-06-28, 11:29
Hi Maureen,
I typed AdwCleaner[SO] but got "no results found". I'm so sorry if I did something to make it disappear.
Please copy and paste the following text into the search bar: AdwCleaner[S0]
The "0" is in fact the number zero, not the letter "O".
STEP 1
http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
Copy the entire contents of the codebox below and paste into the Notepad document.
start
Task: {C42AE82E-A9C3-41AE-9CB8-686FA2E84F4E} - \Security Center Update - 2120148171 No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18967481.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20358622.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83227107.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18967481.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20358622.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83227107.sys => ""="Driver"
end
Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST64.exe.
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
Right-Click FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop.Copy the contents of the log and paste in your next reply.
STEP 2
http://i.imgur.com/CXrghb6.png Update/Remove Java
Download the latest version of http://i.imgur.com/j8JVMVP.jpg Java from here (http://java.com/en/download/index.jsp).
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for and uninstall the following programmes (if present):
Java 7 Update 51
Java™ 6 Update 27
STEP 3
http://i.imgur.com/GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)
Please download Malwarebytes Anti-Malware Free (http://www.malwarebytes.org/products/) to your desktop (this will update your current version).
Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
Launch the programme and select Update.
Once updated, click the Settings tab and tick Scan for rootkits.
Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click theScan Log.
Click Copy to Clipboard and paste the log in your next reply.
STEP 4
http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan will take a significant amount of time to complete. Please do not browse the Internet whilst your resident protection is disabled.
Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then press Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Click Hide advanced settings. Your settings should match that of the image below.
Ensure Remove found threats is unchecked.
http://i.imgur.com/3Crnyln.png
Allow virus signature database to download and for the scan to finish. Please be patient as this can take some time.
Upon completion, click List of found threats. If no threats were found, skip the next two bullet points.
Click Export to text file... and save the file to your desktop, naming it something unique such as MyEsetScan.
Push the Back button.
Place a checkmark next to Uninstall application on close and click Finish.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.
======================================================
STEP 5
http://i.imgur.com/pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
AdwCleaner[S0]
Fixlog.txt
MBAM Scan log
ESET Online Scan log
Hi, Adam,
I got the same "No results found" when I searched for the AdwCleaner[S0]. I must have screwed this up. So sorry.
I'm sending the first task results now so if the computer has to reboot for the next steps I won't lose this!
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-06-2014 02
Ran by The Arnolds at 2014-06-28 09:32:05 Run:3
Running from C:\Users\The Arnolds\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
Task: {C42AE82E-A9C3-41AE-9CB8-686FA2E84F4E} - \Security Center Update - 2120148171 No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18967481.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20358622.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83227107.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18967481.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20358622.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83227107.sys => ""="Driver"
end
*****************
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C42AE82E-A9C3-41AE-9CB8-686FA2E84F4E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C42AE82E-A9C3-41AE-9CB8-686FA2E84F4E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2120148171' => Key deleted successfully.
'HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\18967481.sys' => Key deleted successfully.
'HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\20358622.sys' => Key deleted successfully.
'HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\83227107.sys' => Key deleted successfully.
'HKLM\System\CurrentControlSet\Control\SafeBoot\Network\18967481.sys' => Key deleted successfully.
'HKLM\System\CurrentControlSet\Control\SafeBoot\Network\20358622.sys' => Key deleted successfully.
'HKLM\System\CurrentControlSet\Control\SafeBoot\Network\83227107.sys' => Key deleted successfully.
==== End of Fixlog ====
Hi, Adam,
Java asked if I wanted to run the program and that it may put my computer at risk. I clicked no and copied this. Should I do something?
Java Plug-in 10.60.2.19
Using JRE version 1.7.0_60-b19 Java HotSpot(TM) Client VM
User home directory = C:\Users\The Arnolds
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: hide console
r: reload policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
----------------------------------------------------
calling downloadEagerorAll
Hi, Adam,
On Malwarebytes scan, do I uncheck Use Advanced Heuristics Engine (Shuriken) and Scan within archives or leave them checked?
Adam,
Just as a side note, when I am sitting here working on the homework you have given me, the computer "ticks" away, as if it is processing stuff, even if I am not running anything or doing anything. Maybe it has always done that but I don't think so. Just thought I would mention it. I don't want to move forward with the rest of the tasks until I hear back from you about the Java and Malwarebytes questions. Thanks!
LiquidTension
2014-06-28, 17:36
Hi Maureen,
Java asked if I wanted to run the program and that it may put my computer at risk. I clicked no and copied this. Should I do something?
Was this during the installation of the updated version, or the uninstalling of the outdated version?
Which versions of Java do you have on your computer? Press the Windows Key + r on your keyboard. Type appwiz.cpl and click Ok. Note down all installed versions of Java in your next reply.
I will answer your other questions once you have responded to the above. :)
Hi, Adam,
It was after I did the install from the link you provided. I have not done any install yet.
Below is what is listed:
Java 7 Update 60
Java(TM) 6 Update 27 (64-bit)
Will wait to hear back from you before doing the Malwarebytes and ESET steps just in case there is something else I should do before those.
Thanks.
It was after I did the install from the link you provided. I have not done any uninstall yet.
LiquidTension
2014-06-29, 11:16
Hi Maureen,
It was after I did the install from the link you provided. I have not done any uninstall yet.
Lets uninstall all versions for now. Please proceed with the uninstall instructions, ensuring you uninstall the version you just installed as well. We can come back to the installation of the latest version at the end.
On Malwarebytes scan, do I uncheck Use Advanced Heuristics Engine (Shuriken) and Scan within archives or leave them checked?
Please leave both options checked.
Just as a side note, when I am sitting here working on the homework you have given me, the computer "ticks" away, as if it is processing stuff, even if I am not running anything or doing anything.
This is not necessarily unusual, but we can look into it later.
For now, please uninstall all versions of Java, and proceed with Malwarebytes and ESET.
Good morning, Adam,
Here is the Malwarebytes log. I will get the ESET scan going and send it to you later when it is finished. Thanks.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6/29/2014
Scan Time: 9:06:58 AM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.29.03
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: The Arnolds
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341446
Time Elapsed: 10 min, 51 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Hi, Adam,
Not sure what to check off here. Enable or Disable?
LiquidTension
2014-06-29, 17:40
Hi Maureen,
Please click Enable, and proceed.*:)
Hi, Adam,
Below is the ESET scan. Another note, the computer seems to be a bit slow booting up each time. Everything loads okay but it takes longer than it used to. Also, in the Notification Area I keep getting a "white flag" that is the Action Center - it still tells me "PWS:Win32/Zbot is found on my PC
Thanks for your help and patience!
C:\AdwCleaner\Quarantine\C\chatzum_nt.exe.vir OSX/ChatZum.C potentially unwanted application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
LiquidTension
2014-06-30, 16:41
Hi Maureen,
C:\AdwCleaner\Quarantine\C\chatzum_nt.exe.vir OSX/ChatZum.C potentially unwanted application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
The first item is already quarantined, and the 4 below do not need to be removed.
Another note, the computer seems to be a bit slow booting up each time.
We can look into this later.
STEP 1
http://i.imgur.com/bQqV3wh.png Temporary File Cleaner (TFC)
Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) and save the file to your desktop.
Close any open windows.
Double-click TFC.exe to run the programme.
Click Start.
Allow TFC to run interrupted.
Upon completion, your computer will reboot automatically. If this does not happen, please manually reboot.
Note: It is not unusual for a computer to reboot slower than usual immediately after running TFC.
STEP 2
http://i.imgur.com/9SN2ePL.png ComboFix
Note: Please read to the end of these instructions before running ComboFix.
Please download ComboFix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe).
Important: Save ComboFix.exe to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Right-Click ComboFix.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Allow ComboFix to complete it's removal routine (please refer to Important Notes:)
Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
Re-enable your anti-virus software.
Important Notes:
Do NOT mouse click ComboFix's window whilst it is running. This may cause it to stall.
Do NOT use your computer whilst ComboFix is running.
Your desktop/taskbar may disappear whilst ComboFix is running; this is normal.
If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
ComboFix will disconnect your machine from the Internet as soon as it starts.
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If you are unable to access the Internet after running ComboFix, please reboot your computer.
Also, in the Notification Area I keep getting a "white flag" that is the Action Center - it still tells me "PWS:Win32/Zbot is found on my PC
After running ComboFix, please ensure you reboot your computer. Proceed by opening Microsoft Security Essentials, and run a scan (as you did earlier). Let me know how you get on.
======================================================
STEP 3
http://i.imgur.com/pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
ComboFix.txt
MSE results
Hi, Adam,
I am sending the Combofix text alone in case it is too big to send along with the MSE scan results.
ComboFix 14-06-30.01 - The Arnolds 06/30/2014 11:19:13.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.3804 [GMT -4:00]
Running from: c:\users\The Arnolds\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0bb0beb6-da93-477d-980d-15bb6e2df09c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\programdata\PCDr\6426\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6426\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6426\AddOnDownloaded\434373b7-17f4-4a5e-9e8f-2c1bb65cd9e5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6426\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6426\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6426\AddOnDownloaded\59be3af2-87f2-4d3a-b380-7509f3d47c40.dll
c:\programdata\PCDr\6426\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\64882123-3c6f-4e15-8579-c6d1ba56c9de.dll
c:\programdata\PCDr\6426\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bd91bf5-79bd-4c68-b85b-3c132cdb258a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8745715d-dc8a-4b32-b6a6-89cd3d0cc3c5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9c07cc30-4011-4e36-a63d-e59077a22429.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ad817bdc-639c-43e8-b06b-897bcb5b8f23.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\aeffdb78-a789-4b6a-b2c2-f85f9b4863e6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc1b45ef-7c18-4b8a-95cd-f77c43d4f7df.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll
c:\programdata\PCDr\6426\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d114d5a6-2ec4-4056-a365-d6281d97c6b6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d460bca3-24f0-49a7-beed-a064fad82750.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e0db530c-27fc-4e55-af38-073796a09e9d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5847967-7dc8-4833-8ca6-09af078c1bcb.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f12de547-df4d-4236-9129-baac054f90ab.dll
c:\programdata\PCDr\6426\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-05-28 to 2014-06-30 )))))))))))))))))))))))))))))))
.
.
2014-06-30 15:32 . 2014-06-30 15:32 -------- d-----w- c:\users\Greg\AppData\Local\temp
2014-06-30 15:32 . 2014-06-30 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-16 22:58 . 2014-06-22 23:39 -------- d-----w- c:\program files (x86)\ERUNT
2014-06-14 10:42 . 2014-06-14 10:42 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-06-11 08:05 . 2014-05-30 09:45 2768384 ----a-w- c:\windows\system32\iertutil.dll
2014-06-09 20:17 . 2014-06-09 20:17 -------- d-----w- c:\program files\iPod
2014-06-09 20:17 . 2014-06-09 20:18 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-09 20:17 . 2014-06-09 20:18 -------- d-----w- c:\program files\iTunes
2014-06-09 20:17 . 2014-06-09 20:18 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-12 12:11 . 2013-11-12 22:48 588496 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-06-12 07:02 . 2011-12-09 22:02 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-26 22:20 . 2012-03-30 22:28 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-26 22:20 . 2011-10-12 12:14 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-12 11:25 . 2012-04-14 23:06 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-02 07:30 . 2012-02-11 02:27 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-12 02:22 . 2014-05-14 17:31 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 17:31 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 17:31 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 17:31 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 17:31 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 17:31 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 17:31 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 17:31 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 17:31 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-05-08 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 22:20]
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 00:19]
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 00:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-12 12:11 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-12 12:11 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-12 12:11 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://forums.spybot.info/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\The Arnolds\AppData\Roaming\Mozilla\Firefox\Profiles\3r6yn46d.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.ancestry.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-30 11:41:55
ComboFix-quarantined-files.txt 2014-06-30 15:41
.
Pre-Run: 864,975,683,584 bytes free
Post-Run: 864,553,349,120 bytes free
.
- - End Of File - - E4A473133DEC4E1E9BFB7C153653FD5B
5C616939100B85E558DA92B899A0FC36
Hi, Adam,
MSE did not find any threats on the computer. According to the history, the last time something was found was on June 16 - PWS:Win32/Zbot and TrojanDownloader:Win32/Kuluoz.D. Both were removed. However I had not run a scan so I'm not sure how it picked those up. I have not run a scan since I started working with you.
Anyway, the computer boots a bit slower than usual and I still find that the icons in the Notification Area are not consistently loading. Not an issue with me, unless it is an issue with you. I just find it odd.
Let me know what my next bit of homework is! Thanks!:)
Hi, Adam,
Ok, so I was looking through my documents to find a medication file for my mother and saw that within My Documents Library folder I have My Pictures, My Videos, and My Music. I now have a shortcut listed for each, along with the original folder, but the original folders are all locked and I am told Access Denied. Help?:confused:
Hi, Adam,
I came onto the computer to check to see if there was something in my email. I get a blank page when I click on the email icon. Nothing. At first I got the
about:Blank Page but now there is nothing in the location bar. Any ideas on this? I can get my email on my IPad but sent myself some pictures from the IPad that I wanted to d/l onto the desktop. I will shut the computer off again and wait to hear from you. It seems things are still strange! Thanks!
LiquidTension
2014-07-01, 16:34
Hi Maureen,
Thank you for the log and report. Does your Action Center still display the warning mentioned earlier?
Anyway, the computer boots a bit slower than usual and I still find that the icons in the Notification Area are not consistently loading. Not an issue with me, unless it is an issue with you. I just find it odd.
Once I have confirmation on the above question, we can look into troubleshoothing these issues.
Ok, so I was looking through my documents to find a medication file for my mother and saw that within My Documents Library folder I have My Pictures, My Videos, and My Music. I now have a shortcut listed for each, along with the original folder, but the original folders are all locked and I am told Access Denied.
Please take a screenshot and post or attach in your next reply.
I came onto the computer to check to see if there was something in my email. I get a blank page when I click on the email icon.
Which browser were you using? Please confirm if you experience the same issue with other browsers on your computer.
Hi, Adam,
* No, there is no warning from the Action Center now.
* I am attaching the screen shot you asked for.
* I am using IE 11 and I can go to some websites but not others. I use Google a lot and I can't get it to open. Also, I use Comcast Xfinity to get my email and I can open the home page but the email page won't open.
* I also use Mozilla Firefox for all my ancestry work and that seems to be working fine. Duh, never thought to check it for my email yesterday!
Thank you! :)
LiquidTension
2014-07-02, 14:30
Hi Maureen,
We will troubleshoot your slow boot after the following issues are resolved. Please carry out the following steps, and answer the 3 questions (in STEP 4) once completed.
STEP 1
http://i.imgur.com/nSymGHK.png Folder Options (Reset)
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type Control Folders and click OK.
Click View. Under Hidden files and folders:
Place a checkmark next to Don't show hidden files, folders and drives.
Place a checkmark next to Hide extensions for known file types.
Place a checkmark next to Hide protected operating system Files (Recommended).
Click Apply followed by OK.
STEP 2
http://i.imgur.com/MgeHyNE.png Rebuilding Icon Cache
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
Copy the entire contents of the quotebox below and paste into the Notepad document.
@echo off
attrib -a -r -h -s %LocalAppData%\IconCache.db
del /a %LocalAppData%\IconCache.db
type NUL > %LocalAppData%\IconCache.db
attrib +r +h %LocalAppData%\IconCache.db
shutdown /r /f /t 10
del %0
Click Format. Ensure Wordwrap is unchecked.
Click File, Save As and name the file icon.bat.
Select All Files as the Save as type.
Save the file to your desktop.
Locate icon.bat http://i.imgur.com/iKKSwsh.png (W8/7/Vista) on your desktop. Right-click the icon and select Run as Administrator.
Your computer will reboot in 10 seconds after the completion of the command.
Once your computer has rebooted, check the situation with your Notification Area icons. You may wish to reboot several times.
STEP 3
http://i.imgur.com/ehzOq95.png Clear Internet Explorer Cache and Cookies
Open Internet Explorer. Click the Settings gear icon in the top right corner.
Click Safety, followed by Delete Browsing History.
Check the following boxes:
Temporary Internet Files
Cookies
History
Download History
Form Data
Uncheck Preserve Favorites.
Click Delete, and wait until complete.
Close Internet Explorer.
Re-open Internet Explorer. Can you access your website?
======================================================
STEP 4
http://i.imgur.com/pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
Are you still experiencing the issue with your My Documents folder?
Are you still experiencing the issue with your Notification Area icons?
Are you still experiencing the issue with Internet Explorer and accessing your website?
Hi, Adam,
There are no logs to post here.
•Are you still experiencing the issue with your My Documents folder?
No, that seems to be cleared up.
•Are you still experiencing the issue with your Notification Area icons?
No, for now the icons seem ok and no "white flag" notification that there is a problem.
•Are you still experiencing the issue with Internet Explorer and accessing your website?
Yes, it seems I am still having issues with IE. I still cannot access Google, Yahoo, or get my email from my Xfinity provider. I can, however, get to these places on Firefox.
How do you do that quote? lol I don't know how so just bulleted each item. Thanks so much!
LiquidTension
2014-07-03, 14:37
Hi Maureen,
How do you do that quote?
Copy and paste the desired quotation into the text field. Highlight the text and press the quotation button http://i.imgur.com/LuXeMOg.png. :)
Yes, it seems I am still having issues with IE.
Please do this, and see if you can access your websites on Internet Explorer.
http://i.imgur.com/MgeHyNE.png Internet Flush
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
Copy the entire contents of the quotebox below and paste into the Notepad document (do not include the word "Quote").
@echo off
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Click Format. Ensure Wordwrap is unchecked.
Click File, Save As and name the file flush.bat.
Select All Files as the Save as type.
Save the file to your desktop.
Locate flush.bat http://i.imgur.com/iKKSwsh.png (W8/7/Vista) on your desktop. Right-click the icon and select Run as Administrator.
Your computer should reboot. If not, please manually reboot.
Try out Internet Explorer.
Hi, Adam,
Let's give this quote thing a whirl! lol
Copy and paste the desired quotation into the text field. Highlight the text and press the quotation button
Ok, so still having issues with IE. IE will not let me access Google, my email on Xfinity by Comcast (my provider) and I can't get into Ancestry.com. Went through a lot of the sites in my Favorites and those are fine.
Firefox seems to be fine.
Any suggestions? Where do you think we are with the bug issue? Do you think the Zbot and other bugs are gone? Do you think this IE issue is caused by a bug or is it something else? Is it safe to use the computer yet?
Thanks so much! :)
One more thing, Adam.
I just noticed that I am getting a msg at the bottom of a webpage that ar.voicefive.com is a pop up being blocked. Have not seen this before. Just did a quick search and after seeing the search results thought I better tell you. MSE has not picked it up and none of the Spybot or Malwarebyte scans have picked it up. Could this be causing a problem?
LiquidTension
2014-07-04, 10:33
Hi Maureen,
Where do you think we are with the bug issue? Do you think the Zbot and other bugs are gone? Do you think this IE issue is caused by a bug or is it something else? Is it safe to use the computer yet?
I do not believe malware is present on your computer. This issue is most likely unrelated to malware.
Please backup your Internet Explorer favourites by following this guide (http://www.sevenforums.com/tutorials/86795-internet-explorer-import-export-favorites.html). Proceed by following this article on how to reset Internet Explorer settings (http://support.microsoft.com/kb/923737). Any Browser Help Objects (BHOs), toolbars, etc will be removed. However, these can be redownloaded later. You may wish to make a note of any custom IE settings or additions prior to resetting the browser.
After resetting Internet Explorer, close and reopen the programme. Check for issues, and let me know.
Hi, Adam,
IE seems to be working fine now. I am able to get into the websites and my email without issue. Do you have any idea how it got messed up? Just curious! You have also provided me with more reading material! I am always up for learning new things!
As far as the ar.voicefive.com pop up - is that something I should keep my eyes open for or is it not anything to worry about?
Thank you for giving me back my computer! I enjoy doing the homework but definitely do not have the knowledge to do it without guidance so thank you for your patience and help! You did a great job walking me through everything!
Got another question that I asked way back when about the old laptop with Windows XP and the old desktop, also with XP. I don't think either are worth upgrading as they are probably 8 yrs old or so but worth keeping around for a bit longer. I uninstalled MSE on the laptop and installed Norton Security Suite Free, available through my provider. It is fine but as part of that, there was a System Check so I ran it. Oh boy, over 600 registry issues, among other things and now I know why the computer is SOOOO slow! However, the fix is not free. It is an ad to sell the fix program. I know there are free registry cleaners out there but am afraid of the consequences, especially since I don't know what I am doing. Any suggestions? Should I try one? Is it not worth the time and brain cells to do it? I have already taken off the documents and pictures that I want and there is nothing else on the computer that I have to have. As for the desktop, I still have a lot of stuff I need to get off. I am going to do the same, uninstalling MSE and installing Norton, then transferring stuff onto an external hard drive. The desktop has had issues for quite some time, including a "low battery" msg that I get, even though I have changed the battery several times. I have not even turned the computer on in months and would like to just get it taken care of.
Sorry for the rambling. Any advice you could share with me would be much appreciated! Thanks again for doing such a great job helping me with the bugs on this computer!:)
Hi, Adam,
I decided to run my regular scans. MSE was fine, Malwarebytes was fine. Spybot is gone! I will download it again but I see there are two to choose from. Which one should I get? Spybot 2.4 or what I had before which was Spybot Search and Destroy 1.6.2?
Also, all the stuff I downloaded to my desktop in this clean up process and all the log/text files - do I delete them all? Do I keep any of the programs? I would not know what to do with any of the results even if I ran any of them! lol
Thanks!:)
LiquidTension
2014-07-04, 18:14
Hi Maureen,
Please hold back with making any changes for now. Remember, we uninstalled Spybot earlier as it was outdated and may interfere with this process.
I will return shortly with instructions. We are almost done.
Ok, Adam, we did so much that I did not remember uninstalling Spybot! I will hold off with anything until I hear from you. Thanks!
LiquidTension
2014-07-05, 17:59
Hi Maureen,
Are you still experiencing a slow boot (or any other issues). Would you like to troubleshoot your boot time?
Do you have any idea how it got messed up?
It's difficult to say. It could be any number of reasons. I take it was resetting Internet Explorer that resolved the issue?
As far as the ar.voicefive.com pop up - is that something I should keep my eyes open for or is it not anything to worry about?
Read about VoiceFive on Wikipedia, here (http://en.wikipedia.org/wiki/VoiceFive) (don't click on any external links to VoiceFive.com). Clearing your Internet Explorer cookies/cache should have stopped this. Please let me know if you are still experiencing this issue.
Thank you for giving me back my computer! I enjoy doing the homework but definitely do not have the knowledge to do it without guidance so thank you for your patience and help! You did a great job walking me through everything!
You are more than welcome. We still have a little left to do, so please don't go just yet!
Oh boy, over 600 registry issues, among other things and now I know why the computer is SOOOO slow!
Slowness on your other computers is unlikely caused by "registry issues". Programmes that purport to optimization or "registry cleaning" are snake oil at best; and will generally do more harm than good. By running a registry cleaner, you may find your computer performs worse... or in some cases, fails to boot. Please read the following article (by quietman7, MVP) on Why you should not use Registry Cleaners (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2853053).
However, the fix is not free. It is an ad to sell the fix program.
This isn't surprising. It is not uncommon for these types of companies to try and sell you software you don't need. I suggest you stay clear of paid AND free registry cleaners.
I am going to do the same, uninstalling MSE and installing Norton
Symantec has certainly improved it's products (Norton 360 being a good example). When suggesting an anti-virus for users without one, I will post the following.
Please download and install ONE of the anti-virus products below.
http://i.imgur.com/8fj6i2U.png avast! Free Anti-Virus (free)
http://i.imgur.com/mjT6qIs.png Avira Free Anti-Virus (free)
http://i.imgur.com/GzlsbnV.png ESET NOD32 Anti-Virus (paid)
http://i.imgur.com/YARWD1t.png Kaspersky Anti-Virus (paid)
http://i.imgur.com/7D2ig3K.png Emsisoft Internet Security (paid)
For a paid solution, my choice of anti-virus is ESET NOD32. For a free solution, my choice of anti-virus is avast!. However, please be aware that there is no universal "one size fits all" solution (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=2316629) that works for everyone and there is no single best anti-virus.
The desktop has had issues for quite some time, including a "low battery" msg that I get, even though I have changed the battery several times.
This sounds like a hardware issue, perhaps caused by the age of the computer.
I will download it again but I see there are two to choose from. Which one should I get? Spybot 2.4 or what I had before which was Spybot Search and Destroy 1.6.2?
I will provide a download link for the version I recommend once we are done here.
Also, all the stuff I downloaded to my desktop in this clean up process and all the log/text files - do I delete them all?
As part of this process, I will also provide instructions on how to remove these files, as well as information on staying safe, and preventative measures you can take to ensure you do not become reinfected.
Please follow the steps in the post below.
LiquidTension
2014-07-05, 18:04
STEP 1
http://i.imgur.com/CXrghb6.png Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.
http://i.imgur.com/xGIhUGR.png Adobe Reader (http://get.adobe.com/reader/) (Uncheck "Yes, install McAfee Security Scan Plus - optional")
http://i.imgur.com/iTeOzi7.png Adobe Air (http://get.adobe.com/air/otherversions/?PID=6146991)
http://i.imgur.com/j8JVMVP.jpg Java (http://java.com/en/download/index.jsp) (Uncheck any additional software offers)
http://i.imgur.com/u9DsAVv.png Follow these instructions to check for and download the latest Windows Updates (http://www.update.microsoft.com/windowsupdate/v6/thanks.aspx?ln=en&&thankspage=5).
STEP 2
http://i.imgur.com/EtQetiM.png Remove Outdated Software
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the following programmes, right-click and click Uninstall one at a time.
Adobe AIR
Adobe Reader X (10.1.10)
Java 7 Update 51
Java™ 6 Update 27
Follow the prompts and reboot if necessary.
STEP 3
http://i.imgur.com/zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser. For information on Java vulnerabilities, please read the following article (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=2316622) (point #7).
Click the Windows Start Button and type Java Control Panel (or javacpl) in the search bar.
Click on the Java Control Panel. Once opened, click the Security tab.
Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes.
Click OK in the Java Plug-in confirmation window.
Restart your browser(s) for changes to take effect.
More information can be found here (http://www.java.com/en/download/help/disable_browser.xml) and here (http://www.techsupportforum.com/forums/f284/disable-java-in-browsers-683721.html).
STEP 4
http://i.imgur.com/oxliOQk.png Security Check
Please download SecurityCheck (http://screen317.spywareinfoforum.org/SecurityCheck.exe) and save the file to your desktop.
Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
A log (checkup.txt) will automatically open on your desktop.
Copy the contents of the log and paste in your next reply.
======================================================
STEP 5
http://i.imgur.com/pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
Confirmation you had no issues with the instructions.
checkup.txt
Confirmation you have no outstanding issues.
Note: There are important steps to follow. Please ensure you continue following this topic until I give you the "All Clean".
Hi, Adam,
* As per your initial reply today, I don't seem to be having any issues with the computer. It is booting up just as it used to, without delays.
* Thanks for the info on VoiceFive. I am not getting that pop up anymore. Thank you.
* I am not going anywhere yet. Lol. I will wait to see about a link you will send me for Spybot when we are done with everything else here.
* Thank you for the registry cleaner info as well. It is just as well I do not try to get into that as I know not what I am doing! I think I will be unloading what I can from both the laptop and old desktop and wiping them clean. Then either recycling them or donating them. Not sure there is a need for such old computers but I will look into it.
* Thank you for the antivirus suggestions. If I use the Norton made available to me for free through my provider, am I assuming correctly that I would not be able to also use avast! as they would be in each other's way?
* As per your second reply with "homework", I did not have any trouble with completing the instructions. I do, however, have some questions. Bear with me while I pick your brain!
STEP 1
Why did I install Adobe Air only to uninstall it in STEP 2? Or am I misunderstanding something?
STEP 3
Java - Why do I need Java on the computer if I have disabled it? I am showing my ignorance but am eager to understand better.
STEP 4
Results of screen317's Security Check version 0.99.85
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 60
Adobe Flash Player 13.0.0.214 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
Thanks again for your help. I am not planning on signing out of this thread until you kick me out! Ha ha! I will wait to hear back from you to see what's next!
LiquidTension
2014-07-06, 14:34
Hi Maureen,
If I use the Norton made available to me for free through my provider, am I assuming correctly that I would not be able to also use avast! as they would be in each other's way?
Correct.
It is inadvisable to have more than one anti-virus software installed on your computer at the same time. Doing so may:
Cause conflicts, negatively impacting the effectiveness of each anti-virus installed.
Trigger false-positives (http://en.wikipedia.org/wiki/Antivirus_software#Problems_caused_by_false_positives).
Cause system instability/performance issues. Your system may lock up or slow down due to both products attempting to access the same file.
Why did I install Adobe Air only to uninstall it in STEP 2? Or am I misunderstanding something?
You had an outdated version of Adobe Air on your system. The steps were to install the latest version and uninstall the outdated version. However, it is possible the outdated version was automatically removed as part of the installation of the latest version. If you find you do not have Adobe Air currently installed, and you use the software, then I suggest visiting the download site and redownloading.
Java - Why do I need Java on the computer if I have disabled it? I am showing my ignorance but am eager to understand better.
Java is mainly used for programming applications. The main purpose of Java does not require the browser plugin enabled.
Judging by your comment, I assume you have no reason for Java. In which case, I would recommend uninstalling the programme. Using Java is an unnecessary security risk; especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.
Java is one of those technologies that you find installed on the majority of computer systems despite the fact that average users do not come across many Java-powered websites or desktop applications. According to W3Techs, only four percent of websites use Java on the server side [...] it is used by 0.2 percent of all websites on the client side. And two tenths of a percent includes sites that do not use it for their core functionality [...] there are sites and applications that require Java, and if you use any of them, you obviously need Java. But that makes you a minority. The majority of Internet users do not need Java. They do not need the Java plugin, nor do they need the Java Runtime Environment installed on their operating system.- You don't need Java (http://betanews.com/2012/09/03/you-dont-need-java/)
Other reading material:
Kaspersky Lab report: Evaluating the threat level of software vulnerabilities (http://www.securelist.com/en/analysis/204792278/Kaspersky_Lab_report_Evaluating_the_threat_level_of_software_vulnerabilities)
Microsoft: Unprecedented Wave of Java Exploitation (https://krebsonsecurity.com/2010/10/microsoft-a-tidal-wave-of-java-exploitation/)
Ghosts of Java Haunt Users (http://blog.washingtonpost.com/securityfix/2008/07/remnant_java_versions_again_po.html)
W3Techs usage statistics and market share data of Java on the web (http://w3techs.com/technologies/details/pl-java/all/all)
To Uninstall Java:
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for Java, right-click any associated programmes and click Uninstall.
Follow the prompts.
Adobe Flash Player 13.0.0.214 Flash Player out of Date!
It appears a new version has recently been released. Please visit the download (http://get.adobe.com/flashplayer/?PID=6146991) site to download and install the latest version. Ensure you uncheck the Optional Offer.
Please visit this page (http://www.safer-networking.org/spybot2-own-mirror-1/) to download and install the latest version of Spybot if you so wish. Click the Download button, and follow the prompts.
LiquidTension
2014-07-06, 14:37
STEP 1
http://i.imgur.com/9SN2ePL.png ComboFix Uninstall
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type the following text into the Run box:
ComboFix /Uninstall
Press OK.
Note: It may appear as if ComboFix is installing. This is not the case; it is uninstalling. Please allow the programme to run its course.
STEP 2
http://i.imgur.com/Z2qgMOy.png OTL
Please download OTL (http://www.bleepingcomputer.com/download/otl/) and save the file to your desktop.
Double-click OTL.exe to run the programme. Ensure all other windows are closed.
Copy the entire contents of the codebox below and paste into the http://i.imgur.com/1wDyQ2v.png textbox.
:OTL
:Commands
[emptytemp]
[emptyjava]
[clearallrestorepoints]
Click the http://i.imgur.com/j7yFJut.png button.
Let the programme run and reboot your computer if prompted.
STEP 3
http://i.imgur.com/AFZxnZc.jpg DelFix
Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Create registry backup
Reset System Settings
Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
LiquidTension
2014-07-06, 14:40
All Clean!
Congratulations, your computer appears clean!
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. Below I have compiled a list of resources you may find useful. The articles document information on computer security/maintenance, common infection vectors and how you can stay safe on the Internet.
Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP
The following security/maintenance programmes come highly recommended in the security community.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) incorporates real-time protection and is designed to run alongside your anti-virus.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/A5RLVbX.png CCleaner (http://www.piriform.com/ccleaner/builds) (portable) is a handy temp file cleaner. Avoid the built-in registry cleaner => see this article (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=2853053) for information.
http://i.imgur.com/DgW1XL2.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/KsUqI5A.png AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
Wary of a particular file/website? Need a second opinion? Scan the file/URL using these free online scanner services:
http://i.imgur.com/nWhGEI3.png Virus Total (https://www.virustotal.com/#file) (File & URL)
http://i.imgur.com/MJUfyKX.png Jotti's Malware Scan (http://virusscan.jotti.org/en-gb) (File)
http://i.imgur.com/XeTvs74.png Dr.Web Online Check (http://online.us.drweb.com/?url=1) (URL)
-- Should you have any questions on the above tools, or computer security in general, please feel free to ask.
======================================================
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread.
Thank you for using Spybot.
Safe Surfing.
Adam (LiquidTension).
Hi, Adam,
Wow, thank you for the indepth information and reading links you have suggested. I will read a bit at a time and hope to understand even a fraction of it!
A few things -
* Do I even need Adobe Air? I will reinstall it if you think I should have it.
* I updated Adobe Flash Player.
* I uninstalled Java. Less to worry about!
* I downloaded the new version of Spybot - Search and Destroy. The "face page" is bit different but I am familiar enough with the program that I'm sure I will figure it out!
* I also sent a donation, just as I did last time I was here. I know the money is much appreciated and goes to a great cause!
As for clean up...please see next reply. I am doing that now. Thanks!
Hi, Adam,
I uninstalled ComboFix, d/l OTL and ran it, d/l Delfix and ran it, rebooted and all the desktop icons are now gone. I can't thank you enough for helping me with all the issues. The computer seems to be fine, sounds like its old self! When you close this thread, will I still have access to it for all the reading material you provided within the replies? I will be digging in a bit to educate myself!
You did a great job walking me through everything and explaining everything along the way. I appreciate it so much! Hope your teachers know that! Thanks again!;)
Hi, Adam,
I just updated and ran the new Spybot and lookie what it found. The first entry is Fraud.FedexWord. Does that mean it is still in there and if so, why, and what do I do with it? Also, after hitting the "Fix" button, all the entries say "Nothing done". So now I am thinking that I don't understand the Spybot program and I'm doing things wrong? I'm sorry to take up more of your time! Thanks so much.
Search results from Spybot - Search & Destroy
7/6/2014 4:06:11 PM
Scan took 00:17:14.
109 items found.
Fraud.FedexWord: [SBI $04FDF9E1] User settings (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1003\Software\Microsoft\Sft
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XX3MLS82\opf.ooyala.com\com.conviva.livePass.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XX3MLS82\player.ooyala.com\auth.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XX3MLS82\player.ooyala.com\auth2.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XX3MLS82\player.ooyala.com\auth_id.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XX3MLS82\player.ooyala.com\ooyala_guid.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XX3MLS82\player.ooyala.com\perf.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XX3MLS82\secure-us.imrworldwide.com\_ggCvar.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XX3MLS82\secure-us.imrworldwide.com\_ggCvar_temp.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XX3MLS82\secure-us.imrworldwide.com\_ggMCvar_1.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\The Arnolds\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KAFF8CFK\static-cdn1.ustream.tv\flash.viewer.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\The Arnolds\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KAFF8CFK\skype.com\#ui\preferences.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Greg\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XX3MLS82\opf.ooyala.com\3rdparty\ESPNAnalytics_comscore_3.48b_omniture_3.42.swf\com.comscore.ESPNAnalytics_comscore_3.48b_omniture_3.42.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (User): The Arnolds) (Browser: Cookie, nothing done)
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (User): The Arnolds) (Browser: Cookie, nothing done)
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
WebTrends live: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
FastClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Right Media: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Right Media: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Right Media: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Right Media: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Right Media: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Right Media: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Right Media: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Right Media: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Right Media: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Right Media: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Right Media: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Right Media: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Right Media: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Zedo: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
BurstMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
CasaleMedia: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_DEFAULT (default)) (Browser: Cookie, nothing done)
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Internet Explorer\TypedURLs
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\PE_C_DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Microsoft Management Console\Recent File List
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1003\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1003\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1003\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $7E93AD81] Open with list - .CSS extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList
Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1003\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1003\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1003\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Browser: Cookie (47) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (722) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (183) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (3072) (Browser: Cookie, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (9) (Browser: Cookie, nothing done)
--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---
2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2013-06-19 spybotsd2-translation-frx.exe
2014-07-06 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2014-04-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-07-02 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-07-02 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-07-02 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-07-02 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
LiquidTension
2014-07-09, 13:12
Hi Maureen,
Many apologies for the delay!
When you close this thread, will I still have access to it for all the reading material you provided within the replies? I will be digging in a bit to educate myself!
You certainly will!
You did a great job walking me through everything and explaining everything along the way. I appreciate it so much!
You are more than welcome. :)
I just updated and ran the new Spybot and lookie what it found.
The entries below the first are of no concern at all. We can take a closer look at the first entry. However, I do not believe your machine is infected.
http://i.imgur.com/MgeHyNE.png Reg Export
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
Copy the entire contents of the quotebox below and paste into the Notepad document.
@echo off
REG EXPORT "HKEY_USERS\S-1-5-21-2307240755-147757143-1248280979-1003\Software\Microsoft\Sft" "%userprofile%\desktop\look.txt"
notepad "%userprofile%\desktop\look.txt"
Click Format. Ensure Wordwrap is unchecked.
Click File, Save As and name the file find.bat.
Select All Files as the Save as type.
Save the file to your desktop.
Locate find.bat http://i.imgur.com/iKKSwsh.png (W8/7/Vista) on your desktop. Right-click the icon and select Run as Administrator.
A file (find.txt) will open on your desktop. Copy the contents of the file and paste in your next reply.
Hi, Adam,
No worries about the delay! Life is constantly getting in the way, isn't it? lol
I am sending you the screen shot of what happens when I follow the instructions. Do I want to say yes to create a new file? I didn't want to chose anything without checking with you!
Thanks!
LiquidTension
2014-07-10, 15:11
Hi Maureen,
I am sending you the screen shot of what happens when I follow the instructions. Do I want to say yes to create a new file? I didn't want to chose anything without checking with you!
Please click the Cancel button if you haven't already done so. From your screenshot I can see the registry key does not exist, so no export file was created. This is why you received the error.
Please run a scan with Spybot (just as you did before) and let me know if you see the same detection.
Hi, Adam,
It seems you were right - the entry is gone with this last Spybot scan. Here you go!
LiquidTension
2014-07-11, 13:52
Hi Maureen,
Thank you for letting me know. Subject to no further problems, I believe we can finish up here.
All the best,
Adam
Hi, Adam,
Thanks again for all of your help and expertise! It is much appreciated!
Take care!
Maureen:)
Dakeyras
2014-07-11, 21:57
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)
Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS log's and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.