ACPI Faked - ad.extendmedia.com

[DarkAllMan]

Hi,

I have a computer that randomly freezes for 30 seconds or so.... Can you please help me fix the problem?

 

attach.txt

dds.txt

[Maniac]

Hello DarkAllMan and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

• Download on the desktop RogueKiller
• Quit all programs
• Start RogueKiller.exe
• Wait until Prescan has finished ...
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
• RogueKiller log

[DarkAllMan]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.02.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
nailk :: NLEKF-PLOEGCHEF [administrator]

02/08/13 8:24:55
mbam-log-2013-08-02 (08-24-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 389913
Time elapsed: 10 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

_______________________________________________________________________________________________________________________________

 

RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : nailk [Admin rights]
Mode : Scan -- Date : 08/02/2013 08:50:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] HelpDeskinfo.exe -- C:\Windows\HelpDeskinfo.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[70] : NtCreateKey @ 0x82E3DFFB -> HOOKED (Unknown @ 0x86CCB5E4)
[Address] SSDT[74] : NtCreateMutant @ 0x82E4D34C -> HOOKED (Unknown @ 0x86CCB29C)
[Address] SSDT[79] : NtCreateProcess @ 0x82F191D1 -> HOOKED (Unknown @ 0x87B8739C)
[Address] SSDT[80] : NtCreateProcessEx @ 0x82F1921C -> HOOKED (Unknown @ 0x87B8735C)
[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E3E9C6 -> HOOKED (Unknown @ 0x86CCB21C)
[Address] SSDT[87] : NtCreateThread @ 0x82F18FDA -> HOOKED (Unknown @ 0x86CCB35C)
[Address] SSDT[88] : NtCreateThreadEx @ 0x82EAD49B -> HOOKED (Unknown @ 0x86CCB31C)
[Address] SSDT[93] : NtCreateUserProcess @ 0x82EAB3CD -> HOOKED (Unknown @ 0x86CCB00C)
[Address] SSDT[96] : NtDebugActiveProcess @ 0x82EEAEAA -> HOOKED (Unknown @ 0x86CCB19C)
[Address] SSDT[103] : NtDeleteKey @ 0x82E28A4A -> HOOKED (Unknown @ 0x86CCB564)
[Address] SSDT[106] : NtDeleteValueKey @ 0x82E1A453 -> HOOKED (Unknown @ 0x86CCB4A4)
[Address] SSDT[111] : NtDuplicateObject @ 0x82E6E761 -> HOOKED (Unknown @ 0x86CCB1DC)
[Address] SSDT[155] : NtLoadDriver @ 0x82E02C32 -> HOOKED (Unknown @ 0x86CCB2DC)
[Address] SSDT[190] : NtOpenProcess @ 0x82E4EB93 -> HOOKED (Unknown @ 0x86CCB6E4)
[Address] SSDT[194] : NtOpenSection @ 0x82EA69EB -> HOOKED (Unknown @ 0x86CCB464)
[Address] SSDT[198] : NtOpenThread @ 0x82E9B0EE -> HOOKED (Unknown @ 0x86CCB624)
[Address] SSDT[290] : NtRenameKey @ 0x82ED90BB -> HOOKED (Unknown @ 0x86CCB524)
[Address] SSDT[302] : NtRestoreKey @ 0x82ECEC72 -> HOOKED (Unknown @ 0x86CCB4E4)
[Address] SSDT[350] : NtSetSystemInformation @ 0x82E8B37A -> HOOKED (Unknown @ 0x86CCB25C)
[Address] SSDT[358] : NtSetValueKey @ 0x82E475F8 -> HOOKED (Unknown @ 0x86CCB5A4)
[Address] SSDT[370] : NtTerminateProcess @ 0x82E97D86 -> HOOKED (Unknown @ 0x86CCB6A4)
[Address] SSDT[371] : NtTerminateThread @ 0x82EB569B -> HOOKED (Unknown @ 0x86CCB664)
[Address] SSDT[399] : NtWriteVirtualMemory @ 0x82E9CA83 -> HOOKED (Unknown @ 0x86CCB424)
[inline] SSDT[304] : NtResumeThread @ 0x82EAD6C2 -> HOOKED (Unknown @ 0x000000CC)
[Address] Shadow SSDT[584] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x85B3D2EC)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x85B45AC4)
[inline] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\CI.dll -> HOOKED ([inline] \SystemRoot\system32\drivers\ataport.SYS @ 0x000000CC)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
172.16.16.251   grip.jardinweb.nl


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAKX-753CA1 ATA Device +++++
--- User ---
[MBR] 2c78f151de571da00b0e2fc0f6628180
[bSP] 7e93fb82420baa3ee535c3ecef09c40b : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 149 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 307200 | Size: 750 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1843200 | Size: 237574 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08022013_085051.txt >>

mbam-log-2013-08-02 (08-24-55).txt

RKreport0_S_08022013_085051.txt

[Maniac]

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

• Once you've read the article and are ready to use the program you can download it directly from the link below.
• Important! - Please make sure you save combofix to your desktop and do not run it from your browser
• Direct download link for: ComboFix.exe
• Please make sure you disable your security applications before running ComboFix.
• Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
• Please copy/paste the contents or attach that log file to your next reply.
• If needed the file can be located here: C:\combofix.txt
• NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

[DarkAllMan]

ComboFix 13-08-01.01 - nailk 02/08/13  11:48:16.4.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.31.1033.18.3292.2237 [GMT 2:00]
Gestart vanuit: c:\users\nailk\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Antivirus *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
FW: Trend Micro Personal Firewall *Disabled* {49A8346C-6900-54B6-B1B3-5F678736DDE9}
SP: Trend Micro OfficeScan Anti-spyware *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-07-02 to 2013-08-02  ))))))))))))))))))))))))))))))
.
.
2013-08-02 09:57 . 2013-08-02 09:57    --------    d-----w-    c:\users\yuksels\AppData\Local\temp
2013-08-02 09:57 . 2013-08-02 09:57    --------    d-----w-    c:\users\robs\AppData\Local\temp
2013-08-02 09:57 . 2013-08-02 09:57    --------    d-----w-    c:\users\randall\AppData\Local\temp
2013-08-02 09:57 . 2013-08-02 09:57    --------    d-----w-    c:\users\randall.KETER\AppData\Local\temp
2013-08-02 09:57 . 2013-08-02 09:57    --------    d-----w-    c:\users\marcor\AppData\Local\temp
2013-08-02 09:57 . 2013-08-02 09:57    --------    d-----w-    c:\users\manuelr\AppData\Local\temp
2013-08-02 09:57 . 2013-08-02 09:57    --------    d-----w-    c:\users\jans\AppData\Local\temp
2013-08-02 09:57 . 2013-08-02 09:57    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-01 11:51 . 2013-08-01 11:51    --------    d-----w-    c:\windows\snack
2013-08-01 06:24 . 2013-08-01 06:38    --------    d-----w-    c:\programdata\HitmanPro
2013-07-31 12:07 . 2013-07-31 12:07    --------    d-----w-    c:\users\nailk\AppData\Roaming\Malwarebytes
2013-07-31 11:34 . 2013-07-31 11:34    --------    d-----w-    c:\program files\Enigma Software Group
2013-07-31 11:34 . 2013-07-31 12:06    --------    d-----w-    c:\windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-07-31 11:34 . 2013-07-31 11:34    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2013-07-31 10:33 . 2013-07-31 10:33    --------    d-----w-    c:\program files\Common Files\Java
2013-07-31 10:33 . 2013-07-31 10:33    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-07-31 10:33 . 2013-07-31 10:33    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-31 09:58 . 2013-07-31 09:58    --------    d-----w-    c:\users\nailk\AppData\Local\Downloaded Installations
2013-07-31 06:43 . 2013-08-02 09:57    --------    d-----w-    c:\users\nailk\AppData\Local\temp
2013-07-30 13:51 . 2013-07-02 06:54    7143960    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6DD6CB-B939-4009-8B37-25D33B44F233}\mpengine.dll
2013-07-29 08:59 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-29 08:59 . 2013-04-17 07:02    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-07-29 06:41 . 2013-07-29 06:43    --------    d-----w-    c:\windows\system32\MRT
2013-07-29 06:40 . 2013-01-13 19:53    187392    ----a-w-    c:\windows\system32\UIAnimation.dll
2013-07-18 09:20 . 2013-07-30 14:30    --------    d-----w-    c:\users\nailk\AppData\Local\Deployment
2013-07-18 09:20 . 2013-07-18 09:20    --------    d-----w-    c:\users\nailk\AppData\Local\Apps
2013-07-16 14:11 . 2013-04-25 23:30    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2013-07-16 14:10 . 2013-05-10 03:20    24576    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-07-16 14:10 . 2013-04-26 04:55    492544    ----a-w-    c:\windows\system32\win32spl.dll
2013-07-16 14:10 . 2013-05-13 04:45    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-07-16 14:10 . 2013-05-13 04:45    1160192    ----a-w-    c:\windows\system32\crypt32.dll
2013-07-16 14:10 . 2013-05-13 04:45    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-07-16 14:10 . 2013-05-13 03:08    903168    ----a-w-    c:\windows\system32\certutil.exe
2013-07-16 14:10 . 2013-05-13 03:08    43008    ----a-w-    c:\windows\system32\certenc.dll
2013-07-16 14:10 . 2013-05-06 04:56    1620480    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-16 14:04 . 2013-05-06 05:06    3968872    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-07-16 14:04 . 2013-05-06 05:06    3913576    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-16 14:04 . 2013-04-10 05:04    1221632    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2013-07-16 14:04 . 2013-04-10 05:03    936448    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-16 14:04 . 2013-04-10 05:03    988672    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2013-07-16 14:04 . 2013-04-10 05:03    969216    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2013-07-16 14:04 . 2013-05-08 05:38    1293672    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-07-16 14:01 . 2013-05-27 04:57    680960    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-07-16 14:01 . 2013-05-27 04:57    392704    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2013-07-16 14:01 . 2013-05-27 04:57    224768    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
2013-07-10 08:46 . 2009-12-14 10:33    53248    ----a-w-    c:\windows\system32\CSVer.dll
2013-07-10 08:40 . 2013-07-10 08:40    --------    d-----w-    c:\program files\SystemRequirementsLab
2013-07-10 07:58 . 2013-07-10 07:58    --------    d-----w-    c:\program files\CPUID
2013-07-09 15:27 . 2013-07-09 15:27    --------    d-----w-    c:\windows\{69093D49-3DD1-4FB5-A378-0D4DB4CF86EA}
2013-07-09 13:29 . 2013-07-09 14:21    --------    d-----w-    c:\users\nailk\AppData\Local\Dell
2013-07-09 12:06 . 2013-07-09 12:06    --------    d-----w-    c:\users\nailk\AppData\Local\Programs
2013-07-09 12:01 . 2013-07-09 12:01    --------    d-----w-    c:\users\nailk\AppData\Local\NokiaAccount
2013-07-09 11:41 . 2013-07-09 11:41    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-07-05 19:14 . 2013-07-05 19:14    --------    d-----w-    c:\users\randall.KETER\AppData\Local\Google
2013-07-05 14:15 . 2013-07-05 14:15    --------    d-----w-    c:\users\randall.KETER\AppData\Roaming\Malwarebytes
2013-07-05 14:14 . 2013-07-05 14:14    --------    d-----w-    c:\programdata\Malwarebytes
2013-07-05 14:13 . 2013-07-05 14:13    --------    d-----w-    c:\users\randall.KETER\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-01 11:51 . 2013-08-01 11:51    274304    ----a-w-    c:\windows\system32\drivers\acpi.sys.dump
2013-07-31 10:47 . 2012-04-02 05:53    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-31 10:47 . 2011-07-01 11:18    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-31 10:33 . 2011-05-24 21:31    789416    ----a-w-    c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-10-16 14:10    119664    ----a-w-    c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-10-16 14:10    119664    ----a-w-    c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl.exe" [2009-08-26 2691072]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2012-12-07 1497176]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HelpDeskinfolnk.lnk - c:\windows\HelpDeskinfo.exe /timer:0 /iq %windir%\HelpDeskinfo.bgi /taskbar [2011-6-30 943488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2010-09-15 09:11    1971536    ----a-w-    c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages    REG_MULTI_SZ       msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1196368360-3271040469-418439646-12663\Scripts\Logon\0\0]
"Script"=CTX-SSO.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1196368360-3271040469-418439646-12663\Scripts\Logon\0\1]
"Script"=Bginfo.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1196368360-3271040469-418439646-33291\Scripts\Logon\0\0]
"Script"=CTX-SSO.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1196368360-3271040469-418439646-33291\Scripts\Logon\0\1]
"Script"=Bginfo.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1196368360-3271040469-418439646-33293\Scripts\Logon\0\0]
"Script"=CTX-SSO.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1196368360-3271040469-418439646-33293\Scripts\Logon\0\1]
"Script"=Bginfo.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1196368360-3271040469-418439646-33294\Scripts\Logon\0\0]
"Script"=CTX-SSO.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1196368360-3271040469-418439646-33294\Scripts\Logon\0\1]
"Script"=Bginfo.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1196368360-3271040469-418439646-36559\Scripts\Logon\0\0]
"Script"=CTX-SSO.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1196368360-3271040469-418439646-36559\Scripts\Logon\0\1]
"Script"=Bginfo.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1196368360-3271040469-418439646-36560\Scripts\Logon\0\0]
"Script"=CTX-SSO.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1196368360-3271040469-418439646-36560\Scripts\Logon\0\1]
"Script"=Bginfo.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1196368360-3271040469-418439646-36561\Scripts\Logon\0\0]
"Script"=CTX-SSO.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1196368360-3271040469-418439646-36561\Scripts\Logon\0\1]
"Script"=Bginfo.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-08-29 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-10-30 62728]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2012-07-17 264504]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\TmPreFlt.sys [2012-07-17 36664]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2011-06-02 11336]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-08-29 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [2011-04-15 497272]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [2012-08-08 689712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-30 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 TmLwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2012-06-21 146232]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 127488]
S2 tmWfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2012-06-21 282936]
S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2010-12-02 349224]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - MBAMSwissArmy
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 19:26    1173456    ----a-w-    c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 10:47]
.
2013-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-29 12:44]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-29 12:44]
.
.
------- Bijkomende Scan -------
.

Trusted Zone: dell.com
Trusted Zone: keter.co.il\sts
Trusted Zone: pgene.com
Trusted Zone: pgene.com\www
TCP: DhcpNameServer = 172.16.16.1 172.16.16.7 172.30.254.202 172.30.254.203
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(5448)
c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
Voltooingstijd: 2013-08-02  11:59:52
ComboFix-quarantined-files.txt  2013-08-02 09:59
ComboFix2.txt  2013-08-01 12:11
ComboFix3.txt  2013-07-31 06:42
.
Pre-Run: 203.575.275.520 bytes free
Post-Run: 203.524.435.968 bytes free
.
- - End Of File - - 2D57234210EE038DE7C9683266B9A83A
A36C5E4F47E84449FF07ED3517B43A31
 

ComboFix.txt

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[DarkAllMan]

C:\Windows\snack\acpi.sys    Win32/Simda.AF trojan    deleted - quarantined

eset_log.txt

[Maniac]

How are things now?

[DarkAllMan]

I awaited your answer. Rebooting and testing. Will come back to you shortly!

[DarkAllMan]

Sadly it didnt help. The computer still has freezes and ads....

[Maniac]

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

[DarkAllMan]

No threats detected!

[DarkAllMan]

... But the issue is not resolved.....

[Maniac]

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

[DarkAllMan]

Files Attached!

OTL.Txt

Extras.Txt

[Maniac]

In my first post in this thread you could find the following line:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

In my last post you could find similiar l ine:

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

[DarkAllMan]

OTL logfile created on: 8/7/2013 8:19:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\nailk\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Netherlands | Language: NLD | Date Format: dd/MM/yy
 
3.21 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 62.58% Memory free
6.43 Gb Paging File | 5.23 Gb Available in Paging File | 81.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.01 Gb Total Space | 188.11 Gb Free Space | 81.08% Space Free | Partition Type: NTFS
 
Computer Name: NLEKF-PLOEGCHEF | User Name: nailk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/07 08:19:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nailk\Desktop\OTL.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/04 15:50:28 | 002,050,016 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
PRC - [2012/12/07 20:23:30 | 001,497,176 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
PRC - [2012/12/06 18:55:40 | 002,069,856 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
PRC - [2012/11/30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/30 11:18:18 | 000,345,648 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2012/10/01 18:01:08 | 000,458,936 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2011/04/15 12:26:56 | 000,497,272 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/16 16:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
PRC - [2010/09/15 11:14:36 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2010/06/29 16:11:50 | 000,127,488 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2009/08/26 19:49:00 | 002,691,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
PRC - [2009/07/06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2007/03/15 14:26:30 | 000,943,488 | ---- | M] (Sysinternals) -- C:\Windows\HelpDeskinfo.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/04/04 01:09:40 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013/07/31 12:47:42 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/09 00:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/01/04 15:50:28 | 002,050,016 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2012/12/06 18:55:40 | 002,069,856 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2012/10/30 11:18:18 | 000,345,648 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2012/08/08 18:30:10 | 000,689,712 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2011/06/30 14:40:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/15 12:26:56 | 000,497,272 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/03 16:12:58 | 001,477,632 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2010/10/16 16:10:52 | 002,336,104 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2010/07/13 14:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/06/29 16:11:50 | 000,127,488 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\nailk\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/11/13 19:33:20 | 000,258,976 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012/10/30 11:08:58 | 000,074,600 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012/10/30 11:08:08 | 000,062,728 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012/08/23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/17 12:40:38 | 000,264,504 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2012/07/17 12:40:18 | 000,036,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2012/07/17 12:09:50 | 001,515,232 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\vsapint.sys -- (VSApiNt)
DRV - [2012/06/21 16:50:26 | 000,146,232 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (TmLwf)
DRV - [2012/06/21 15:51:26 | 000,282,936 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmWfp)
DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2010/12/02 23:35:58 | 000,349,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2010/11/20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/08 19:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/09/03 10:39:22 | 000,088,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2009/11/17 01:21:24 | 002,748,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService)
DRV - [2009/07/14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Unknown] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2005/08/17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USREL/12
IE - HKLM\..\SearchScopes,DefaultScope = {96D6B1C3-C742-43B0-8227-7B86E6AB02DA}
IE - HKLM\..\SearchScopes\{96D6B1C3-C742-43B0-8227-7B86E6AB02DA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intra.jardin.nl/
IE - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.71\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
 
O1 HOSTS File: ([2013/07/31 12:41:10 | 000,000,063 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 172.16.16.251   grip.jardinweb.nl
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\..Trusted Domains: keter.co.il ([sts] * in Trusted sites)
O15 - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\..Trusted Domains: keter.co.il ([sts] http in Trusted sites)
O15 - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\..Trusted Domains: keter.co.il ([www] * in Local intranet)
O15 - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\..Trusted Domains: keter.corp ([iLHQKVS] * in Local intranet)
O15 - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\..Trusted Domains: keter.corp ([ilhqtravel] * in Local intranet)
O15 - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\..Trusted Domains: pgene.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1196368360-3271040469-418439646-36559\..Trusted Domains: pgene.com ([www] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.16.1 172.16.16.7 172.30.254.202 172.30.254.203
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = keter.corp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B857326A-CEFC-42B0-903E-BD339EDD3CD4}: DhcpNameServer = 172.16.16.1 172.16.16.7 172.30.254.202 172.30.254.203
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/07 08:19:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\nailk\Desktop\OTL.exe
[2013/08/06 16:19:21 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2013/08/06 16:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2013/08/06 15:36:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/06 15:35:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/06 15:08:15 | 000,000,000 | ---D | C] -- C:\Users\nailk\AppData\Local\VirtualStore
[2013/08/05 11:02:45 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
[2013/08/02 14:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/08/02 08:48:10 | 000,000,000 | ---D | C] -- C:\Users\nailk\Desktop\RK_Quarantine
[2013/08/02 08:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/02 08:23:19 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/08/02 08:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/01 14:03:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/01 14:03:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/01 14:03:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/01 14:03:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/01 14:02:20 | 005,100,695 | R--- | C] (Swearware) -- C:\Users\nailk\Desktop\ComboFix.exe
[2013/08/01 13:51:05 | 000,000,000 | ---D | C] -- C:\Windows\snack
[2013/08/01 08:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/07/31 14:07:41 | 000,000,000 | ---D | C] -- C:\Users\nailk\AppData\Roaming\Malwarebytes
[2013/07/31 13:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/07/31 13:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/07/31 12:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/07/31 11:58:03 | 000,000,000 | ---D | C] -- C:\Users\nailk\AppData\Local\Downloaded Installations
[2013/07/31 08:43:13 | 000,000,000 | ---D | C] -- C:\Users\nailk\AppData\Local\temp
[2013/07/29 08:41:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/26 15:25:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/07/18 11:20:51 | 000,000,000 | ---D | C] -- C:\Users\nailk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/07/18 11:20:40 | 000,000,000 | ---D | C] -- C:\Users\nailk\AppData\Local\Deployment
[2013/07/18 11:20:40 | 000,000,000 | ---D | C] -- C:\Users\nailk\AppData\Local\Apps
[2013/07/10 10:46:31 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2013/07/10 10:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2013/07/10 09:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013/07/10 09:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2013/07/09 17:27:00 | 000,000,000 | ---D | C] -- C:\Windows\{69093D49-3DD1-4FB5-A378-0D4DB4CF86EA}
[2013/07/09 15:29:41 | 000,000,000 | ---D | C] -- C:\Users\nailk\AppData\Local\Dell
[2013/07/09 14:06:49 | 000,000,000 | ---D | C] -- C:\Users\nailk\AppData\Local\Programs
[2013/07/09 14:01:49 | 000,000,000 | ---D | C] -- C:\Users\nailk\AppData\Local\NokiaAccount
[2013/07/09 13:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/07 08:19:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nailk\Desktop\OTL.exe
[2013/08/07 07:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/07 07:26:00 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/07 06:42:12 | 000,009,075 | ---- | M] () -- C:\Windows\cfgall.ini
[2013/08/07 00:26:00 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/06 15:48:26 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/06 15:48:26 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/06 15:38:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/06 15:38:51 | 2588,655,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/06 15:25:11 | 005,100,695 | R--- | M] (Swearware) -- C:\Users\nailk\Desktop\ComboFix.exe
[2013/08/06 15:01:29 | 000,920,576 | ---- | M] () -- C:\Users\nailk\Desktop\RogueKiller.exe
[2013/08/02 08:23:22 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/01 13:40:54 | 368,476,785 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/01 12:44:14 | 000,007,610 | ---- | M] () -- C:\Users\nailk\AppData\Local\Resmon.ResmonCfg
[2013/08/01 12:34:55 | 000,001,107 | ---- | M] () -- C:\Users\nailk\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/07/31 12:41:10 | 000,000,063 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/07/31 12:05:26 | 000,014,822 | ---- | M] () -- C:\Windows\System32\results.xml
[2013/07/17 06:41:06 | 000,000,416 | ---- | M] () -- C:\Users\nailk\Desktop\Smart Client Intern.website
[2013/07/16 22:54:51 | 000,001,408 | RHS- | M] () -- C:\Users\nailk\ntuser.pol
[2013/07/16 16:18:05 | 000,471,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/16 16:13:14 | 000,712,226 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/16 16:13:14 | 000,140,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/12 18:32:18 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2013/07/10 10:50:47 | 000,000,408 | ---- | M] () -- C:\Users\nailk\Desktop\Smart Client Extern.website
[2013/07/10 09:58:56 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/06 15:01:28 | 000,920,576 | ---- | C] () -- C:\Users\nailk\Desktop\RogueKiller.exe
[2013/08/02 08:23:22 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/01 14:03:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/01 14:03:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/01 14:03:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/01 14:03:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/01 14:03:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/31 10:08:39 | 368,476,785 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/07/26 14:59:28 | 000,007,610 | ---- | C] () -- C:\Users\nailk\AppData\Local\Resmon.ResmonCfg
[2013/07/10 10:49:37 | 000,014,822 | ---- | C] () -- C:\Windows\System32\results.xml
[2013/07/10 09:58:56 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2011/10/06 14:34:57 | 000,001,408 | RHS- | C] () -- C:\Users\nailk\ntuser.pol
[2011/10/06 14:24:01 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll
[2011/10/06 14:24:01 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll
[2011/10/06 14:24:01 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll
[2011/10/06 14:24:01 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll
[2011/10/06 14:24:01 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll
[2011/10/06 14:23:57 | 000,015,872 | ---- | C] () -- C:\Windows\System32\vtssm32.dll
[2011/10/06 14:23:57 | 000,001,208 | ---- | C] () -- C:\Windows\saplogon.ini
[2011/06/30 11:45:30 | 000,024,041 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/10/07 16:43:31 | 000,000,000 | ---D | M] -- C:\Users\manuelr\AppData\Roaming\PC Suite
[2012/03/19 09:23:01 | 000,000,000 | ---D | M] -- C:\Users\manuelr\AppData\Roaming\Swyx
[2011/10/07 15:09:58 | 000,000,000 | ---D | M] -- C:\Users\marcor\AppData\Roaming\PC Suite
[2011/10/13 08:50:21 | 000,000,000 | ---D | M] -- C:\Users\marcor\AppData\Roaming\Swyx
[2011/11/10 02:01:41 | 000,000,000 | ---D | M] -- C:\Users\marcor\AppData\Roaming\Windows Live Writer
[2011/10/10 15:44:15 | 000,000,000 | ---D | M] -- C:\Users\nailk\AppData\Roaming\PC Suite
[2011/10/13 15:06:59 | 000,000,000 | ---D | M] -- C:\Users\nailk\AppData\Roaming\Swyx
[2011/10/07 10:45:32 | 000,000,000 | ---D | M] -- C:\Users\robs\AppData\Roaming\Nokia
[2011/10/07 10:45:33 | 000,000,000 | ---D | M] -- C:\Users\robs\AppData\Roaming\Nokia Ovi Suite
[2011/10/07 11:00:56 | 000,000,000 | ---D | M] -- C:\Users\robs\AppData\Roaming\PC Suite
[2011/10/13 22:49:28 | 000,000,000 | ---D | M] -- C:\Users\robs\AppData\Roaming\Swyx
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 3320 bytes -> C:\Users\nailk\Documents\bookmark.htm:Q30lsldxJoudresxAaaqpcawXc

< End of report >
 

[DarkAllMan]

OTL Extras logfile created on: 8/7/2013 8:19:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\nailk\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Netherlands | Language: NLD | Date Format: dd/MM/yy
 
3.21 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 62.58% Memory free
6.43 Gb Paging File | 5.23 Gb Available in Paging File | 81.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.01 Gb Total Space | 188.11 Gb Free Space | 81.08% Space Free | Partition Type: NTFS
 
Computer Name: NLEKF-PLOEGCHEF | User Name: nailk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance – Windows Messenger and Voice" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance – Windows Messenger and Voice
"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance
"%WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance" = %WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe " = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
"C:\Windows\System32\Wbem\unsecapp.exe" = C:\Windows\System32\Wbem\unsecapp.exe -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:enabled:epmap" = 135:TCP:*:enabled:epmap
"135:TCP:172.30.0.0/16:enabled:epmap" = 135:TCP:172.30.0.0/16:enabled:epmap
"137:TCP:*:enabled:NB" = 137:TCP:*:enabled:NB
"137:UDP:*:enabled:NB" = 137:UDP:*:enabled:NB
"138:UDP:*:enabled:NB" = 138:UDP:*:enabled:NB
"139:TCP:*:enabled:NB" = 139:TCP:*:enabled:NB
"139:TCP:172.30.0.0/16:enabled:epmap" = 139:TCP:172.30.0.0/16:enabled:epmap
"2701:TCP:*:enabled:SMS General Connection" = 2701:TCP:*:enabled:SMS General Connection
"2701:UDP:*:enabled:SMS General Connection" = 2701:UDP:*:enabled:SMS General Connection
"2702:TCP:*:enabled:SMS Remote Control" = 2702:TCP:*:enabled:SMS Remote Control
"2702:UDP:*:enabled:SMS Remote Control" = 2702:UDP:*:enabled:SMS Remote Control
"2703:TCP:*:enabled:SMS Chat" = 2703:TCP:*:enabled:SMS Chat
"2703:UDP:*:enabled:SMS Chat" = 2703:UDP:*:enabled:SMS Chat
"2704:TCP:*:enabled:SMS File Transfer" = 2704:TCP:*:enabled:SMS File Transfer
"2704:UDP:*:enabled:SMS File Transfer" = 2704:UDP:*:enabled:SMS File Transfer
"43503:TCP:localsubnet:enabled:Port For TrendMicro" = 43503:TCP:localsubnet:enabled:Port For TrendMicro
"445:TCP:*:enabled:NB" = 445:TCP:*:enabled:NB
"445:UDP:*:enabled:NB" = 445:UDP:*:enabled:NB
"49076:TCP:192.168.254.180:enabled:: TrendMicro Server" = 49076:TCP:192.168.254.180:enabled:: TrendMicro Server
"49076:TCP:localsubnet:enabled:Port For New TrendMicro" = 49076:TCP:localsubnet:enabled:Port For New TrendMicro
"6129:TCP:*:enabled:DameWare" = 6129:TCP:*:enabled:DameWare
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]
"LogDroppedPackets" = 1
"LogSuccessfulConnections" = 0
"LogFilePath" = C:\Windows\FW.log
"LogFileSize" = 4096
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = localsubnet,192.168.0.0/16
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = "*"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"RemoteDesktop-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030CBCCE-CF18-412E-80D9-2A10609F48A8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12E40E8E-F3F3-421F-9790-CFC3E76DE1BA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{14FAAB5A-D520-43AD-BC67-9DB50381E9B9}" = lport=138 | protocol=17 | dir=in | app=system |
"{17EFC74E-06CE-458A-ABFD-530A0D92611B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B1E343D-C96A-4C09-A794-A71B6C648B8E}" = rport=138 | protocol=17 | dir=out | app=system |
"{35E36B4D-CAF1-4684-AB3D-9CD75B9C58C7}" = lport=40735 | protocol=6 | dir=in | name=trend micro officescan listener |
"{64FC2F17-2BF4-4967-9A70-9DB4ACE56160}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{727E7603-84F6-4302-9925-49E8EA372805}" = rport=137 | protocol=17 | dir=out | app=system |
"{98648119-FC5D-428F-ADF7-5F09B899935A}" = lport=445 | protocol=6 | dir=in | app=system |
"{9B94BB0C-552E-45EE-A444-C9F89EB72003}" = lport=137 | protocol=17 | dir=in | app=system |
"{A0B42599-B268-43CF-A626-27D889F4D6D9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A0F2E1BE-A3F3-4894-98FB-7D44F9B96C70}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B5446BEF-BED3-4DB5-A792-AEC4485C7ADC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CBED0440-3D0C-4696-A185-E9A1C7184243}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CE8F9EEE-FDF5-416D-861B-06CC235FC086}" = rport=445 | protocol=6 | dir=out | app=system |
"{D841063D-A233-428F-B180-6721E6827FBA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E8F5B107-1435-4F9C-8FA8-4D9EB2A764D4}" = rport=139 | protocol=6 | dir=out | app=system |
"{F6F4E2A2-A771-4B57-8246-E20038CA5F32}" = lport=139 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{274A5D57-5711-4410-BE0C-A1272CD50576}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{2C7000FD-3B40-4F88-9577-B4231AB0BFA9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2D09DC1F-7727-4FA9-9C42-A87CEDBB48C9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3A294D4E-8FAF-49FD-83FA-3193B4ACEB73}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4A8D9CDD-B45F-4B4E-9494-A8B8063F10B6}" = protocol=1 | dir=in | name=all icmp v4 |
"{5062177C-8BE0-4EA3-B6F6-0F8D14F58CB2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{63DD4947-4AB1-4164-A49F-D1EC33E26262}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{7278BC27-D55F-4421-914B-83FA2B7ACD0E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{79BA6502-9F98-4473-A6B0-844F223396D7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{88B7DAC0-74D4-4BA8-9310-6A9F31A2FD2F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{AF6FA523-2902-45D3-B475-A76D1213CA88}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BD80F9BC-D6F0-4F87-8E48-282D3AD02CC7}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{CB37DB4A-5194-4DF9-BA75-8A8E2680C4B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{CC8ABE35-CE83-4150-8B4E-47B7B6D90BA4}" = protocol=6 | dir=in | app=c:\users\nailk\downloads\sweetimsetup.exe |
"{F1FC52A3-CF36-43BF-B529-2BC177F5755E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F2ECC195-99A0-479A-A23A-3A8C71BCBF1E}" = protocol=17 | dir=in | app=c:\users\nailk\downloads\sweetimsetup.exe |
"TCP Query User{566AE762-5B9A-40E9-986E-539F3BCE42F6}C:\users\nailk\appdata\local\temp\7834647\8531154.exe" = protocol=6 | dir=in | app=c:\users\nailk\appdata\local\temp\7834647\8531154.exe |
"UDP Query User{4BC2A09D-2788-4F1F-BB86-B99B3BE76079}C:\users\nailk\appdata\local\temp\7834647\8531154.exe" = protocol=17 | dir=in | app=c:\users\nailk\appdata\local\temp\7834647\8531154.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04566294-A6B6-4462-9721-031073EB3694}" = Dell Client System Update
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CCAF47C-E428-48C2-82B2-5F25CE1D67DA}" = Gemalto
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}" = Dell Data Protection | Access | Drivers
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{75E0B85A-085F-4BA3-B2BF-1995AFD8024D}" = NTRU TCG Software Stack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}" = Dell Data Protection | Access | Middleware
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
"{90140000-0017-0413-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Dutch) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
"{90140000-0100-0413-0000-0000000FF1CE}" = Microsoft Office O MUI (Dutch) 2010
"{90140000-0101-0413-0000-0000000FF1CE}" = Microsoft Office X MUI (Dutch) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A32F592F-AA0E-49AF-8E85-A0A25AF83314}" = Wave Infrastructure Installer
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7D91856-258D-4C87-8041-B170851CE432}" = Dell Data Protection | Access
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{AC76BA86-7AD7-1043-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Nederlands
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BD3068DE-D53B-4CE8-B2BC-32E1323441CD}" = PC-CCID
"{C0DB380B-97B5-4BB8-AC8D-1835E61439B6}" = Microsoft redistributable runtime DLLs VS2005(x86)
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = vcredist_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Borland Database Engine Setup" = Borland Database Engine Setup
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.23
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.OMUI.nl-nl" = Microsoft Office Language Pack 2010 - Dutch/Nederlands
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OfficeScanNT" = Trend Micro OfficeScan Client
"SAPGUI710" = SAP GUI 7.10
"ST6UNST #1" = Components
"ST6UNST #2" = Components (C:\Program Files\Components\)
"ST6UNST #3" = Components (C:\Program Files\Components\) #3
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1196368360-3271040469-418439646-36559\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8e3135b376bd523e" = Dell System Detect Bootstrapper
"9204f5692a8faf3b" = Dell System Detect
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/26/2013 8:53:48 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = ESENT | ID = 414
Description = wuaueng.dll (1000) SUS20ClientDataStore: Unable to write to section
 0 while flushing logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log.
 Error -1011 (0xfffffc0d).
 
Error - 7/26/2013 8:53:48 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = ESENT | ID = 492
Description = wuaueng.dll (1000) SUS20ClientDataStore: The logfile sequence in "C:\Windows\SoftwareDistribution\DataStore\Logs\"
 has been halted due to a fatal error.  No further updates are possible for the
databases that use this logfile sequence.  Please correct the problem and restart
 or restore from backup.
 
Error - 7/26/2013 8:53:48 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = ESENT | ID = 471
Description = wuaueng.dll (1000) SUS20ClientDataStore: Unable to rollback operation
 #1356 on database C:\Windows\SoftwareDistribution\DataStore\DataStore.edb. Error:
 -510. All future database updates will be rejected.
 
Error - 7/26/2013 8:53:48 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = ESENT | ID = 104
Description = wuaueng.dll (1000) SUS20ClientDataStore: The database engine stopped
 the instance (0) with error (-1090).
 
Error - 7/26/2013 8:53:48 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = ESENT | ID = 482
Description = wuaueng.dll (1000) SUS20ClientDataStore: An attempt to write to the
 file "C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk" at offset 0 (0x0000000000000000)
 for 8192 (0x00002000) bytes failed after 0 seconds with system error 8 (0x00000008):
 "Not enough storage is available to process this command. ".  The write operation
 will fail with error -1011 (0xfffffc0d).  If this error persists then the file
may be damaged and may need to be restored from a previous backup.
 
Error - 7/26/2013 8:53:48 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = ESENT | ID = 439
Description = wuaueng.dll (1000) SUS20ClientDataStore: Unable to write a shadowed
 header for file C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk. Error -1011.
 
Error - 7/31/2013 3:58:17 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16496,
time stamp: 0x51a55c6d  Faulting module name: msvcrt.dll, version: 7.0.7601.17744,
 time stamp: 0x4eeaf722  Exception code: 0xc0000005  Fault offset: 0x00009dae  Faulting
 process id: 0x12f8  Faulting application start time: 0x01ce8dc32943bfe3  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\msvcrt.dll
Report
 Id: f5249705-f9b6-11e2-ad50-782bcb91e789
 
Error - 7/31/2013 5:36:48 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16496,
time stamp: 0x51a55c6d  Faulting module name: msvcrt.dll, version: 7.0.7601.17744,
 time stamp: 0x4eeaf722  Exception code: 0xc0000005  Fault offset: 0x00009dae  Faulting
 process id: 0x1268  Faulting application start time: 0x01ce8dcfc3eba2d1  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\msvcrt.dll
Report
 Id: b8272239-f9c4-11e2-90e5-782bcb91e789
 
Error - 7/31/2013 5:39:13 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16496,
time stamp: 0x51a55c6d  Faulting module name: msvcrt.dll, version: 7.0.7601.17744,
 time stamp: 0x4eeaf722  Exception code: 0xc0000005  Fault offset: 0x00009cc6  Faulting
 process id: 0x624  Faulting application start time: 0x01ce8dd1c50d4a2c  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\msvcrt.dll
Report
 Id: 0e6ac1a5-f9c5-11e2-90e5-782bcb91e789
 
Error - 7/31/2013 5:39:34 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16496,
time stamp: 0x51a55c6d  Faulting module name: msvcrt.dll, version: 7.0.7601.17744,
 time stamp: 0x4eeaf722  Exception code: 0xc0000005  Fault offset: 0x00009cc6  Faulting
 process id: 0x1450  Faulting application start time: 0x01ce8dd1d233ef41  Faulting application
 path: C:\Program Files\Internet Explorer\iexplore.exe  Faulting module path: C:\Windows\system32\msvcrt.dll
Report
 Id: 1b4f39b5-f9c5-11e2-90e5-782bcb91e789
 
Error - 8/1/2013 5:37:38 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = EventSystem | ID = 4612
Description =
 
[ System Events ]
Error - 8/6/2013 9:08:45 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
 .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Error - 8/6/2013 9:09:38 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
 Updateservice (gupdate) service to connect.
 
Error - 8/6/2013 9:09:38 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = Service Control Manager | ID = 7000
Description = The Google Updateservice (gupdate) service failed to start due to
the following error:   %%1053
 
Error - 8/6/2013 9:28:29 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 8/6/2013 9:32:03 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 8/6/2013 9:34:54 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 8/6/2013 9:38:59 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services
 service which failed to start because of the following error:   %%0
 
Error - 8/6/2013 9:42:39 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
 .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Error - 8/6/2013 9:43:09 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
 Updateservice (gupdate) service to connect.
 
Error - 8/6/2013 9:43:09 AM | Computer Name = NLEKF-PLOEGCHEF.keter.corp | Source = Service Control Manager | ID = 7000
Description = The Google Updateservice (gupdate) service failed to start due to
the following error:   %%1053
 
 
< End of report >
 

[Maniac]

Step 1

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL

  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.

  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.

  :files

  ipconfig /flushdns /c

  :Commands

  [resethosts]

  [emptytemp]

  [clearallrestorepoints]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

  

• Put a checkmark beside loaded modules.

  

• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Check all boxes then click OK.

  

• Click the Start Scan button.

  

• The scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.

  

• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

  

  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

In your next reply, post the following log files:

• OTL Fix log
• TDSSKiller log

[DarkAllMan]

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\nailk\Desktop\cmd.bat deleted successfully.
C:\Users\nailk\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: jans
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3021 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
 
User: manuelr
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1419599 bytes
->Flash cache emptied: 492 bytes
 
User: marcor
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 61303526 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 31139986 bytes
->Flash cache emptied: 291 bytes
 
User: nailk
->Temp folder emptied: 64547 bytes
->Temporary Internet Files folder emptied: 90768044 bytes
->Java cache emptied: 1001 bytes
->Google Chrome cache emptied: 51918588 bytes
->Flash cache emptied: 602 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: randall
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: randall.KETER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 331841 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 5385796 bytes
->Flash cache emptied: 750 bytes
 
User: robs
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 626834237 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 364613634 bytes
->Flash cache emptied: 12279 bytes
 
User: yuksels
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1500497 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14280 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,178.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 08072013_134033

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

[DarkAllMan]

14:12:01.0840 0328  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:12:02.0464 0328  ============================================================
14:12:02.0464 0328  Current date / time: 2013/08/07 14:12:02.0464
14:12:02.0464 0328  SystemInfo:
14:12:02.0464 0328  
14:12:02.0464 0328  OS Version: 6.1.7601 ServicePack: 1.0
14:12:02.0464 0328  Product type: Workstation
14:12:02.0464 0328  ComputerName: NLEKF-PLOEGCHEF
14:12:02.0464 0328  UserName: nailk
14:12:02.0464 0328  Windows directory: C:\Windows
14:12:02.0464 0328  System windows directory: C:\Windows
14:12:02.0464 0328  Processor architecture: Intel x86
14:12:02.0464 0328  Number of processors: 2
14:12:02.0464 0328  Page size: 0x1000
14:12:02.0464 0328  Boot type: Normal boot
14:12:02.0464 0328  ============================================================
14:12:12.0584 0328  BG loaded
14:12:19.0427 0328  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:12:19.0521 0328  ============================================================
14:12:19.0521 0328  \Device\Harddisk0\DR0:
14:12:19.0567 0328  MBR partitions:
14:12:19.0567 0328  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4B000, BlocksNum 0x177000
14:12:19.0567 0328  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C2000, BlocksNum 0x1D003000
14:12:19.0567 0328  ============================================================
14:12:20.0378 0328  C: <-> \Device\Harddisk0\DR0\Partition2
14:12:20.0378 0328  ============================================================
14:12:20.0378 0328  Initialize success
14:12:20.0378 0328  ============================================================
14:21:19.0958 3784  ============================================================
14:21:19.0958 3784  Scan started
14:21:19.0958 3784  Mode: Manual; SigCheck; TDLFS;
14:21:19.0958 3784  ============================================================
14:21:20.0301 3784  ================ Scan system memory ========================
14:21:20.0301 3784  System memory - ok
14:21:20.0301 3784  ================ Scan services =============================
14:21:20.0410 3784  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:21:20.0550 3784  1394ohci - ok
14:21:20.0582 3784  [ 54955DC2160AB1970144C4E968F67570 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:21:20.0582 3784  Suspicious file (Forged): C:\Windows\system32\drivers\ACPI.sys. Real md5: 54955DC2160AB1970144C4E968F67570, Fake md5: CEA80C80BED809AA0DA6FEBC04733349
14:21:20.0582 3784  ACPI ( ForgedFile.Multi.Generic ) - warning
14:21:20.0582 3784  ACPI - detected ForgedFile.Multi.Generic (1)
14:21:20.0597 3784  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:21:20.0644 3784  AcpiPmi - ok
14:21:20.0722 3784  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:21:20.0753 3784  AdobeARMservice - ok
14:21:20.0784 3784  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:21:20.0831 3784  AdobeFlashPlayerUpdateSvc - ok
14:21:20.0862 3784  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:21:20.0909 3784  adp94xx - ok
14:21:20.0925 3784  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:21:20.0971 3784  adpahci - ok
14:21:20.0971 3784  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:21:21.0018 3784  adpu320 - ok
14:21:21.0049 3784  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:21:21.0127 3784  AeLookupSvc - ok
14:21:21.0159 3784  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
14:21:21.0237 3784  AFD - ok
14:21:21.0252 3784  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
14:21:21.0283 3784  agp440 - ok
14:21:21.0315 3784  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
14:21:21.0346 3784  aic78xx - ok
14:21:21.0393 3784  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
14:21:21.0439 3784  ALG - ok
14:21:21.0455 3784  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:21:21.0486 3784  aliide - ok
14:21:21.0502 3784  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:21:21.0533 3784  amdagp - ok
14:21:21.0549 3784  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:21:21.0580 3784  amdide - ok
14:21:21.0595 3784  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:21:21.0642 3784  AmdK8 - ok
14:21:21.0658 3784  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:21:21.0705 3784  AmdPPM - ok
14:21:21.0736 3784  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:21:21.0783 3784  amdsata - ok
14:21:21.0798 3784  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:21:21.0876 3784  amdsbs - ok
14:21:21.0876 3784  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:21:21.0907 3784  amdxata - ok
14:21:21.0923 3784  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
14:21:21.0985 3784  AppID - ok
14:21:22.0016 3784  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:21:22.0063 3784  AppIDSvc - ok
14:21:22.0094 3784  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
14:21:22.0172 3784  Appinfo - ok
14:21:22.0204 3784  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:21:22.0250 3784  AppMgmt - ok
14:21:22.0282 3784  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:21:22.0313 3784  arc - ok
14:21:22.0313 3784  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:21:22.0344 3784  arcsas - ok
14:21:22.0422 3784  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:21:22.0453 3784  aspnet_state - ok
14:21:22.0469 3784  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:21:22.0516 3784  AsyncMac - ok
14:21:22.0531 3784  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
14:21:22.0562 3784  atapi - ok
14:21:22.0594 3784  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:21:22.0656 3784  AudioEndpointBuilder - ok
14:21:22.0656 3784  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:21:22.0687 3784  Audiosrv - ok
14:21:22.0718 3784  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:21:22.0765 3784  AxInstSV - ok
14:21:22.0812 3784  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
14:21:22.0874 3784  b06bdrv - ok
14:21:22.0890 3784  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
14:21:22.0952 3784  b57nd60x - ok
14:21:22.0984 3784  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:21:23.0046 3784  BDESVC - ok
14:21:23.0061 3784  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:21:23.0108 3784  Beep - ok
14:21:23.0139 3784  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
14:21:23.0202 3784  BFE - ok
14:21:23.0233 3784  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
14:21:23.0311 3784  BITS - ok
14:21:23.0327 3784  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:21:23.0373 3784  blbdrive - ok
14:21:23.0405 3784  [ A1115D933E7E3588E6DD53B03219F808 ] Blfp            C:\Windows\system32\DRIVERS\basp.sys
14:21:23.0467 3784  Blfp - ok
14:21:23.0498 3784  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:21:23.0545 3784  bowser - ok
14:21:23.0576 3784  [ E7CA80FA5A7E82ED87E8140E0BDFA13B ] BrcmMgmtAgent   C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
14:21:23.0623 3784  BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - warning
14:21:23.0623 3784  BrcmMgmtAgent - detected UnsignedFile.Multi.Generic (1)
14:21:23.0654 3784  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:21:23.0685 3784  BrFiltLo - ok
14:21:23.0701 3784  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:21:23.0732 3784  BrFiltUp - ok
14:21:23.0748 3784  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:21:23.0795 3784  BridgeMP - ok
14:21:23.0826 3784  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
14:21:23.0857 3784  Browser - ok
14:21:23.0873 3784  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:21:23.0951 3784  Brserid - ok
14:21:23.0951 3784  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:21:23.0997 3784  BrSerWdm - ok
14:21:23.0997 3784  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:21:24.0044 3784  BrUsbMdm - ok
14:21:24.0060 3784  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:21:24.0122 3784  BrUsbSer - ok
14:21:24.0122 3784  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:21:24.0169 3784  BTHMODEM - ok
14:21:24.0200 3784  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
14:21:24.0262 3784  bthserv - ok
14:21:24.0340 3784  catchme - ok
14:21:24.0340 3784  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:21:24.0403 3784  cdfs - ok
14:21:24.0434 3784  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:21:24.0481 3784  cdrom - ok
14:21:24.0512 3784  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:21:24.0559 3784  CertPropSvc - ok
14:21:24.0574 3784  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:21:24.0606 3784  circlass - ok
14:21:24.0637 3784  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
14:21:24.0699 3784  CLFS - ok
14:21:24.0730 3784  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:21:24.0762 3784  clr_optimization_v2.0.50727_32 - ok
14:21:24.0793 3784  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:21:24.0840 3784  clr_optimization_v4.0.30319_32 - ok
14:21:24.0840 3784  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:21:24.0871 3784  CmBatt - ok
14:21:24.0886 3784  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:21:24.0902 3784  cmdide - ok
14:21:24.0933 3784  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:21:24.0980 3784  CNG - ok
14:21:24.0996 3784  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:21:25.0027 3784  Compbatt - ok
14:21:25.0058 3784  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:21:25.0105 3784  CompositeBus - ok
14:21:25.0136 3784  COMSysApp - ok
14:21:25.0167 3784  [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv          C:\Program Files\SystemRequirementsLab\cpudrv.sys
14:21:25.0198 3784  cpudrv - ok
14:21:25.0214 3784  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:21:25.0245 3784  crcdisk - ok
14:21:25.0261 3784  [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:21:25.0307 3784  CryptSvc - ok
14:21:25.0339 3784  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
14:21:25.0401 3784  CSC - ok
14:21:25.0417 3784  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
14:21:25.0463 3784  CscService - ok
14:21:25.0479 3784  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:21:25.0510 3784  DcomLaunch - ok
14:21:25.0541 3784  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:21:25.0604 3784  defragsvc - ok
14:21:25.0635 3784  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:21:25.0697 3784  DfsC - ok
14:21:25.0744 3784  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:21:25.0822 3784  Dhcp - ok
14:21:25.0838 3784  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
14:21:25.0885 3784  discache - ok
14:21:25.0900 3784  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:21:25.0947 3784  Disk - ok
14:21:25.0963 3784  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:21:26.0025 3784  Dnscache - ok
14:21:26.0056 3784  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:21:26.0119 3784  dot3svc - ok
14:21:26.0134 3784  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
14:21:26.0197 3784  DPS - ok
14:21:26.0228 3784  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:21:26.0243 3784  drmkaud - ok
14:21:26.0274 3784  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:21:26.0352 3784  DXGKrnl - ok
14:21:26.0368 3784  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
14:21:26.0415 3784  EapHost - ok
14:21:26.0477 3784  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
14:21:26.0602 3784  ebdrv - ok
14:21:26.0633 3784  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
14:21:26.0664 3784  EFS - ok
14:21:26.0711 3784  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:21:26.0774 3784  ehRecvr - ok
14:21:26.0805 3784  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
14:21:26.0867 3784  ehSched - ok
14:21:26.0898 3784  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:21:26.0945 3784  elxstor - ok
14:21:26.0976 3784  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:21:27.0008 3784  ErrDev - ok
14:21:27.0039 3784  esgiguard - ok
14:21:27.0070 3784  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
14:21:27.0117 3784  EventSystem - ok
14:21:27.0132 3784  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
14:21:27.0195 3784  exfat - ok
14:21:27.0210 3784  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:21:27.0273 3784  fastfat - ok
14:21:27.0304 3784  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
14:21:27.0320 3784  Fax - ok
14:21:27.0335 3784  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:21:27.0366 3784  fdc - ok
14:21:27.0397 3784  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
14:21:27.0429 3784  fdPHost - ok
14:21:27.0444 3784  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
14:21:27.0491 3784  FDResPub - ok
14:21:27.0491 3784  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:21:27.0522 3784  FileInfo - ok
14:21:27.0538 3784  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:21:27.0585 3784  Filetrace - ok
14:21:27.0585 3784  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:21:27.0631 3784  flpydisk - ok
14:21:27.0647 3784  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:21:27.0709 3784  FltMgr - ok
14:21:27.0741 3784  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
14:21:27.0819 3784  FontCache - ok
14:21:27.0881 3784  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:21:27.0912 3784  FontCache3.0.0.0 - ok
14:21:27.0912 3784  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:21:27.0959 3784  FsDepends - ok
14:21:27.0975 3784  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:21:28.0006 3784  Fs_Rec - ok
14:21:28.0037 3784  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:21:28.0099 3784  fvevol - ok
14:21:28.0115 3784  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:21:28.0162 3784  gagp30kx - ok
14:21:28.0193 3784  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:21:28.0240 3784  gpsvc - ok
14:21:28.0333 3784  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:21:28.0380 3784  gupdate - ok
14:21:28.0396 3784  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:21:28.0396 3784  gupdatem - ok
14:21:28.0411 3784  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:21:28.0458 3784  hcw85cir - ok
14:21:28.0474 3784  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:21:28.0536 3784  HDAudBus - ok
14:21:28.0552 3784  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:21:28.0583 3784  HidBatt - ok
14:21:28.0598 3784  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:21:28.0645 3784  HidBth - ok
14:21:28.0661 3784  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:21:28.0708 3784  HidIr - ok
14:21:28.0739 3784  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
14:21:28.0786 3784  hidserv - ok
14:21:28.0832 3784  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:21:28.0879 3784  HidUsb - ok
14:21:28.0895 3784  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:21:28.0942 3784  hkmsvc - ok
14:21:28.0957 3784  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:21:29.0035 3784  HomeGroupListener - ok
14:21:29.0066 3784  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:21:29.0113 3784  HomeGroupProvider - ok
14:21:29.0129 3784  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:21:29.0160 3784  HpSAMD - ok
14:21:29.0191 3784  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:21:29.0285 3784  HTTP - ok
14:21:29.0300 3784  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:21:29.0332 3784  hwpolicy - ok
14:21:29.0363 3784  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:21:29.0410 3784  i8042prt - ok
14:21:29.0441 3784  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:21:29.0503 3784  iaStorV - ok
14:21:29.0534 3784  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:21:29.0597 3784  idsvc - ok
14:21:29.0737 3784  [ DCE0B53570703CCE580D066F89EF58CD ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
14:21:29.0924 3784  igfx - ok
14:21:29.0955 3784  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:21:29.0971 3784  iirsp - ok
14:21:30.0018 3784  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:21:30.0080 3784  IKEEXT - ok
14:21:30.0143 3784  [ 2D8D9516281E27A721897A388F17DEFB ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHDA.sys
14:21:30.0236 3784  IntcAzAudAddService - ok
14:21:30.0252 3784  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:21:30.0283 3784  intelide - ok
14:21:30.0299 3784  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:21:30.0345 3784  intelppm - ok
14:21:30.0377 3784  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:21:30.0423 3784  IPBusEnum - ok
14:21:30.0439 3784  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:21:30.0501 3784  IpFilterDriver - ok
14:21:30.0533 3784  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:21:30.0595 3784  iphlpsvc - ok
14:21:30.0610 3784  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:21:30.0673 3784  IPMIDRV - ok
14:21:30.0688 3784  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:21:30.0735 3784  IPNAT - ok
14:21:30.0751 3784  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:21:30.0782 3784  IRENUM - ok
14:21:30.0798 3784  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:21:30.0829 3784  isapnp - ok
14:21:30.0844 3784  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:21:30.0876 3784  iScsiPrt - ok
14:21:30.0907 3784  [ 51B719F0BCE4430A6EAAD43FB9FF61A3 ] k57nd60x        C:\Windows\system32\DRIVERS\k57nd60x.sys
14:21:30.0922 3784  k57nd60x - ok
14:21:30.0938 3784  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:21:30.0969 3784  kbdclass - ok
14:21:30.0985 3784  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:21:31.0032 3784  kbdhid - ok
14:21:31.0032 3784  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
14:21:31.0047 3784  KeyIso - ok
14:21:31.0078 3784  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:21:31.0110 3784  KSecDD - ok
14:21:31.0141 3784  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:21:31.0188 3784  KSecPkg - ok
14:21:31.0203 3784  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:21:31.0281 3784  KtmRm - ok
14:21:31.0297 3784  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:21:31.0359 3784  LanmanServer - ok
14:21:31.0390 3784  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:21:31.0437 3784  LanmanWorkstation - ok
14:21:31.0468 3784  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:21:31.0531 3784  lltdio - ok
14:21:31.0546 3784  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:21:31.0609 3784  lltdsvc - ok
14:21:31.0624 3784  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:21:31.0671 3784  lmhosts - ok
14:21:31.0687 3784  lmimirr - ok
14:21:31.0702 3784  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:21:31.0733 3784  LSI_FC - ok
14:21:31.0749 3784  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:21:31.0796 3784  LSI_SAS - ok
14:21:31.0796 3784  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:21:31.0827 3784  LSI_SAS2 - ok
14:21:31.0843 3784  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:21:31.0889 3784  LSI_SCSI - ok
14:21:31.0905 3784  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
14:21:31.0967 3784  luafv - ok
14:21:31.0983 3784  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:21:32.0014 3784  Mcx2Svc - ok
14:21:32.0030 3784  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:21:32.0061 3784  megasas - ok
14:21:32.0061 3784  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:21:32.0123 3784  MegaSR - ok
14:21:32.0217 3784  Microsoft SharePoint Workspace Audit Service - ok
14:21:32.0248 3784  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
14:21:32.0295 3784  MMCSS - ok
14:21:32.0311 3784  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
14:21:32.0373 3784  Modem - ok
14:21:32.0389 3784  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:21:32.0435 3784  monitor - ok
14:21:32.0467 3784  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:21:32.0498 3784  mouclass - ok
14:21:32.0513 3784  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:21:32.0560 3784  mouhid - ok
14:21:32.0576 3784  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:21:32.0623 3784  mountmgr - ok
14:21:32.0638 3784  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:21:32.0685 3784  mpio - ok
14:21:32.0700 3784  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:21:32.0747 3784  mpsdrv - ok
14:21:32.0778 3784  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:21:32.0825 3784  MpsSvc - ok
14:21:32.0856 3784  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:21:32.0919 3784  MRxDAV - ok
14:21:32.0966 3784  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:21:33.0044 3784  mrxsmb - ok
14:21:33.0059 3784  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:21:33.0090 3784  mrxsmb10 - ok
14:21:33.0106 3784  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:21:33.0153 3784  mrxsmb20 - ok
14:21:33.0184 3784  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
14:21:33.0215 3784  msahci - ok
14:21:33.0246 3784  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:21:33.0293 3784  msdsm - ok
14:21:33.0293 3784  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
14:21:33.0356 3784  MSDTC - ok
14:21:33.0387 3784  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:21:33.0434 3784  Msfs - ok
14:21:33.0449 3784  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:21:33.0496 3784  mshidkmdf - ok
14:21:33.0527 3784  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:21:33.0558 3784  msisadrv - ok
14:21:33.0574 3784  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:21:33.0621 3784  MSiSCSI - ok
14:21:33.0636 3784  msiserver - ok
14:21:33.0652 3784  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:21:33.0683 3784  MSKSSRV - ok
14:21:33.0699 3784  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:21:33.0746 3784  MSPCLOCK - ok
14:21:33.0746 3784  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:21:33.0792 3784  MSPQM - ok
14:21:33.0823 3784  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:21:33.0870 3784  MsRPC - ok
14:21:33.0886 3784  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:21:33.0901 3784  mssmbios - ok
14:21:33.0917 3784  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:21:33.0948 3784  MSTEE - ok
14:21:33.0948 3784  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:21:33.0995 3784  MTConfig - ok
14:21:33.0995 3784  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:21:34.0026 3784  Mup - ok
14:21:34.0057 3784  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
14:21:34.0120 3784  napagent - ok
14:21:34.0135 3784  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:21:34.0198 3784  NativeWifiP - ok
14:21:34.0229 3784  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:21:34.0245 3784  NDIS - ok
14:21:34.0260 3784  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:21:34.0307 3784  NdisCap - ok
14:21:34.0338 3784  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:21:34.0385 3784  NdisTapi - ok
14:21:34.0416 3784  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:21:34.0463 3784  Ndisuio - ok
14:21:34.0479 3784  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:21:34.0557 3784  NdisWan - ok
14:21:34.0588 3784  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:21:34.0635 3784  NDProxy - ok
14:21:34.0666 3784  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:21:34.0713 3784  NetBIOS - ok
14:21:34.0744 3784  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:21:34.0822 3784  NetBT - ok
14:21:34.0822 3784  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
14:21:34.0837 3784  Netlogon - ok
14:21:34.0868 3784  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
14:21:34.0915 3784  Netman - ok
14:21:34.0946 3784  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:21:34.0978 3784  NetMsmqActivator - ok
14:21:34.0993 3784  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:21:34.0993 3784  NetPipeActivator - ok
14:21:35.0009 3784  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
14:21:35.0071 3784  netprofm - ok
14:21:35.0071 3784  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:21:35.0071 3784  NetTcpActivator - ok
14:21:35.0087 3784  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:21:35.0087 3784  NetTcpPortSharing - ok
14:21:35.0118 3784  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:21:35.0149 3784  nfrd960 - ok
14:21:35.0180 3784  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:21:35.0227 3784  NlaSvc - ok
14:21:35.0243 3784  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:21:35.0290 3784  Npfs - ok
14:21:35.0290 3784  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
14:21:35.0336 3784  nsi - ok
14:21:35.0336 3784  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:21:35.0383 3784  nsiproxy - ok
14:21:35.0414 3784  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:21:35.0524 3784  Ntfs - ok
14:21:35.0680 3784  [ 12167A47F764EE93C339215F00CD8E7F ] ntrtscan        C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
14:21:35.0711 3784  ntrtscan - ok
14:21:35.0742 3784  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
14:21:35.0773 3784  Null - ok
14:21:35.0804 3784  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:21:35.0851 3784  nvraid - ok
14:21:35.0867 3784  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:21:35.0929 3784  nvstor - ok
14:21:35.0945 3784  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:21:35.0991 3784  nv_agp - ok
14:21:36.0023 3784  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:21:36.0085 3784  ohci1394 - ok
14:21:36.0132 3784  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:21:36.0179 3784  ose - ok
14:21:36.0257 3784  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:21:36.0459 3784  osppsvc - ok
14:21:36.0491 3784  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:21:36.0584 3784  p2pimsvc - ok
14:21:36.0615 3784  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:21:36.0662 3784  p2psvc - ok
14:21:36.0693 3784  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:21:36.0725 3784  Parport - ok
14:21:36.0740 3784  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:21:36.0787 3784  partmgr - ok
14:21:36.0787 3784  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
14:21:36.0834 3784  Parvdm - ok
14:21:36.0865 3784  [ 4088C1ECD1F54281A92FA663B0FDC36F ] PBADRV          C:\Windows\system32\DRIVERS\PBADRV.sys
14:21:36.0881 3784  PBADRV - ok
14:21:36.0896 3784  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:21:36.0927 3784  PcaSvc - ok
14:21:36.0943 3784  pccsmcfd - ok
14:21:36.0959 3784  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
14:21:37.0005 3784  pci - ok
14:21:37.0021 3784  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
14:21:37.0052 3784  pciide - ok
14:21:37.0068 3784  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:21:37.0114 3784  pcmcia - ok
14:21:37.0130 3784  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
14:21:37.0161 3784  pcw - ok
14:21:37.0177 3784  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:21:37.0239 3784  PEAUTH - ok
14:21:37.0270 3784  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:21:37.0333 3784  PeerDistSvc - ok
14:21:37.0380 3784  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
14:21:37.0473 3784  pla - ok
14:21:37.0504 3784  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:21:37.0567 3784  PlugPlay - ok
14:21:37.0598 3784  [ 379F7A0EC9FBE07629FD3F244D3E3E44 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:21:37.0645 3784  Pml Driver HPZ12 - ok
14:21:37.0676 3784  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:21:37.0723 3784  PNRPAutoReg - ok
14:21:37.0738 3784  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:21:37.0754 3784  PNRPsvc - ok
14:21:37.0785 3784  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:21:37.0832 3784  PolicyAgent - ok
14:21:37.0848 3784  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
14:21:37.0910 3784  Power - ok
14:21:37.0941 3784  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:21:38.0004 3784  PptpMiniport - ok
14:21:38.0019 3784  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:21:38.0082 3784  Processor - ok
14:21:38.0113 3784  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
14:21:38.0175 3784  ProfSvc - ok
14:21:38.0175 3784  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:21:38.0191 3784  ProtectedStorage - ok
14:21:38.0191 3784  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:21:38.0253 3784  Psched - ok
14:21:38.0269 3784  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
14:21:38.0300 3784  PxHelp20 - ok
14:21:38.0331 3784  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:21:38.0425 3784  ql2300 - ok
14:21:38.0440 3784  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:21:38.0487 3784  ql40xx - ok
14:21:38.0503 3784  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
14:21:38.0549 3784  QWAVE - ok
14:21:38.0565 3784  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:21:38.0596 3784  QWAVEdrv - ok
14:21:38.0612 3784  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:21:38.0643 3784  RasAcd - ok
14:21:38.0674 3784  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:21:38.0737 3784  RasAgileVpn - ok
14:21:38.0752 3784  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
14:21:38.0815 3784  RasAuto - ok
14:21:38.0846 3784  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:21:38.0908 3784  Rasl2tp - ok
14:21:38.0939 3784  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
14:21:39.0002 3784  RasMan - ok
14:21:39.0017 3784  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:21:39.0080 3784  RasPppoe - ok
14:21:39.0095 3784  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:21:39.0158 3784  RasSstp - ok
14:21:39.0173 3784  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:21:39.0251 3784  rdbss - ok
14:21:39.0267 3784  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:21:39.0314 3784  rdpbus - ok
14:21:39.0345 3784  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:21:39.0376 3784  RDPCDD - ok
14:21:39.0407 3784  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:21:39.0485 3784  RDPDR - ok
14:21:39.0501 3784  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:21:39.0532 3784  RDPENCDD - ok
14:21:39.0548 3784  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:21:39.0610 3784  RDPREFMP - ok
14:21:39.0641 3784  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:21:39.0688 3784  RdpVideoMiniport - ok
14:21:39.0719 3784  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:21:39.0782 3784  RDPWD - ok
14:21:39.0813 3784  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:21:39.0860 3784  rdyboost - ok
14:21:39.0891 3784  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:21:39.0938 3784  RemoteAccess - ok
14:21:39.0953 3784  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:21:40.0000 3784  RemoteRegistry - ok
14:21:40.0078 3784  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
14:21:40.0141 3784  RoxMediaDB12OEM - ok
14:21:40.0156 3784  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
14:21:40.0203 3784  RoxWatch12 - ok
14:21:40.0219 3784  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:21:40.0250 3784  RpcEptMapper - ok
14:21:40.0281 3784  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
14:21:40.0312 3784  RpcLocator - ok
14:21:40.0328 3784  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
14:21:40.0359 3784  RpcSs - ok
14:21:40.0375 3784  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:21:40.0421 3784  rspndr - ok
14:21:40.0453 3784  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:21:40.0484 3784  s3cap - ok
14:21:40.0499 3784  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
14:21:40.0515 3784  SamSs - ok
14:21:40.0531 3784  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:21:40.0577 3784  sbp2port - ok
14:21:40.0593 3784  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:21:40.0671 3784  SCardSvr - ok
14:21:40.0702 3784  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:21:40.0733 3784  scfilter - ok
14:21:40.0765 3784  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
14:21:40.0827 3784  Schedule - ok
14:21:40.0843 3784  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:21:40.0874 3784  SCPolicySvc - ok
14:21:40.0889 3784  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:21:40.0936 3784  SDRSVC - ok
14:21:40.0967 3784  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:21:41.0014 3784  secdrv - ok
14:21:41.0030 3784  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
14:21:41.0077 3784  seclogon - ok
14:21:41.0155 3784  [ 6ABF8E8AE3800CCF84D9AE6865A641E5 ] SecureStorageService C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
14:21:41.0248 3784  SecureStorageService ( UnsignedFile.Multi.Generic ) - warning
14:21:41.0248 3784  SecureStorageService - detected UnsignedFile.Multi.Generic (1)
14:21:41.0279 3784  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
14:21:41.0326 3784  SENS - ok
14:21:41.0357 3784  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:21:41.0404 3784  SensrSvc - ok
14:21:41.0420 3784  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:21:41.0466 3784  Serenum - ok
14:21:41.0498 3784  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:21:41.0560 3784  Serial - ok
14:21:41.0576 3784  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:21:41.0607 3784  sermouse - ok
14:21:41.0638 3784  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:21:41.0669 3784  SessionEnv - ok
14:21:41.0700 3784  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:21:41.0732 3784  sffdisk - ok
14:21:41.0747 3784  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:21:41.0778 3784  sffp_mmc - ok
14:21:41.0794 3784  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:21:41.0825 3784  sffp_sd - ok
14:21:41.0856 3784  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:21:41.0888 3784  sfloppy - ok
14:21:41.0919 3784  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:21:41.0966 3784  SharedAccess - ok
14:21:41.0981 3784  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:21:42.0044 3784  ShellHWDetection - ok
14:21:42.0075 3784  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:21:42.0106 3784  sisagp - ok
14:21:42.0122 3784  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:21:42.0153 3784  SiSRaid2 - ok
14:21:42.0153 3784  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:21:42.0200 3784  SiSRaid4 - ok
14:21:42.0200 3784  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:21:42.0246 3784  Smb - ok
14:21:42.0278 3784  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:21:42.0309 3784  SNMPTRAP - ok
14:21:42.0324 3784  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:21:42.0340 3784  spldr - ok
14:21:42.0387 3784  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
14:21:42.0449 3784  Spooler - ok
14:21:42.0496 3784  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
14:21:42.0605 3784  sppsvc - ok
14:21:42.0621 3784  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:21:42.0683 3784  sppuinotify - ok
14:21:42.0714 3784  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:21:42.0792 3784  srv - ok
14:21:42.0824 3784  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:21:42.0886 3784  srv2 - ok
14:21:42.0917 3784  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:21:42.0964 3784  srvnet - ok
14:21:43.0011 3784  [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
14:21:43.0058 3784  sscdbus - ok
14:21:43.0073 3784  [ 8A1BE0C347814F482F493AEA619D57F6 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
14:21:43.0120 3784  sscdmdfl - ok
14:21:43.0151 3784  [ 5AB0B1987F682A59B15B78F84C6AD7D0 ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
14:21:43.0229 3784  sscdmdm - ok
14:21:43.0245 3784  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:21:43.0307 3784  SSDPSRV - ok
14:21:43.0307 3784  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:21:43.0354 3784  SstpSvc - ok
14:21:43.0385 3784  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:21:43.0416 3784  stexstor - ok
14:21:43.0432 3784  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
14:21:43.0494 3784  StiSvc - ok
14:21:43.0526 3784  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:21:43.0557 3784  stllssvr - ok
14:21:43.0572 3784  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:21:43.0604 3784  storflt - ok
14:21:43.0619 3784  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
14:21:43.0650 3784  StorSvc - ok
14:21:43.0682 3784  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:21:43.0697 3784  storvsc - ok
14:21:43.0713 3784  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:21:43.0744 3784  swenum - ok
14:21:43.0775 3784  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
14:21:43.0838 3784  swprv - ok
14:21:43.0869 3784  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
14:21:43.0931 3784  SysMain - ok
14:21:43.0947 3784  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:21:43.0994 3784  TabletInputService - ok
14:21:44.0009 3784  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:21:44.0072 3784  TapiSrv - ok
14:21:44.0087 3784  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
14:21:44.0134 3784  TBS - ok
14:21:44.0165 3784  [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:21:44.0243 3784  Tcpip - ok
14:21:44.0274 3784  [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:21:44.0306 3784  TCPIP6 - ok
14:21:44.0321 3784  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:21:44.0368 3784  tcpipreg - ok
14:21:44.0430 3784  [ E42D560E2163480E7B586B14ABEB3386 ] tcsd_win32.exe  C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
14:21:44.0539 3784  tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - warning
14:21:44.0539 3784  tcsd_win32.exe - detected UnsignedFile.Multi.Generic (1)
14:21:44.0617 3784  [ B434294EAA2AE4FB9BD63E25EB89B86F ] TdmService      C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
14:21:44.0649 3784  TdmService - ok
14:21:44.0680 3784  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:21:44.0711 3784  TDPIPE - ok
14:21:44.0742 3784  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:21:44.0773 3784  TDTCP - ok
14:21:44.0805 3784  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:21:44.0867 3784  tdx - ok
14:21:44.0883 3784  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:21:44.0914 3784  TermDD - ok
14:21:44.0945 3784  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
14:21:45.0007 3784  TermService - ok
14:21:45.0039 3784  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
14:21:45.0101 3784  Themes - ok
14:21:45.0117 3784  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
14:21:45.0148 3784  THREADORDER - ok
14:21:45.0195 3784  [ 028E02E1621466B5B4DC0525BC071B09 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
14:21:45.0195 3784  tmactmon - ok
14:21:45.0226 3784  [ 3001E1CB1BFBB9A907A81A7ECF89657F ] TMBMServer      C:\Program Files\Trend Micro\BM\TMBMSRV.exe
14:21:45.0241 3784  TMBMServer - ok
14:21:45.0257 3784  [ F33C3F08536F988AAC84D72D83B139A6 ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
14:21:45.0257 3784  tmcomm - ok
14:21:45.0273 3784  [ 65E50CCFD60A2BCAF7F15BBE8A456157 ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
14:21:45.0273 3784  tmevtmgr - ok
14:21:45.0319 3784  [ 6341531EE7FE1CE4C116C849BE02534F ] TmFilter        C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
14:21:45.0366 3784  TmFilter - ok
14:21:45.0429 3784  [ FEB758600E2C902737FF551D57120459 ] tmlisten        C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
14:21:45.0460 3784  tmlisten - ok
14:21:45.0475 3784  [ 7697034EBCE2528796DF5D7C55B52CC8 ] TmLwf           C:\Windows\system32\DRIVERS\tmlwf.sys
14:21:45.0491 3784  TmLwf - ok
14:21:45.0522 3784  [ 141FF68169F065D2038C56821F742D8B ] TmPfw           C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
14:21:45.0538 3784  TmPfw - ok
14:21:45.0553 3784  [ 0DE3104387D312EA8B096D97305430D0 ] TmPreFilter     C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
14:21:45.0569 3784  TmPreFilter - ok
14:21:45.0585 3784  [ 68299FFDFAEBBCA1B4B8D4E81AD1695F ] TmProxy         C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
14:21:45.0631 3784  TmProxy - ok
14:21:45.0663 3784  [ 5F7F63884A8547981EE379B8C0FB3312 ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
14:21:45.0678 3784  tmtdi - ok
14:21:45.0694 3784  [ A56279BBA7AD6F78FB7C9E5B75EB562C ] tmWfp           C:\Windows\system32\DRIVERS\tmwfp.sys
14:21:45.0709 3784  tmWfp - ok
14:21:45.0756 3784  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
14:21:45.0803 3784  TrkWks - ok
14:21:45.0897 3784  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:21:45.0975 3784  TrustedInstaller - ok
14:21:46.0006 3784  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:21:46.0068 3784  tssecsrv - ok
14:21:46.0115 3784  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:21:46.0162 3784  TsUsbFlt - ok
14:21:46.0193 3784  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:21:46.0255 3784  tunnel - ok
14:21:46.0287 3784  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:21:46.0318 3784  uagp35 - ok
14:21:46.0349 3784  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:21:46.0427 3784  udfs - ok
14:21:46.0443 3784  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:21:46.0489 3784  UI0Detect - ok
14:21:46.0521 3784  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:21:46.0552 3784  uliagpkx - ok
14:21:46.0583 3784  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:21:46.0614 3784  umbus - ok
14:21:46.0630 3784  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:21:46.0661 3784  UmPass - ok
14:21:46.0708 3784  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:21:46.0755 3784  UmRdpService - ok
14:21:46.0770 3784  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
14:21:46.0848 3784  upnphost - ok
14:21:46.0864 3784  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:21:46.0911 3784  usbccgp - ok
14:21:46.0957 3784  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:21:46.0989 3784  usbcir - ok
14:21:47.0020 3784  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:21:47.0051 3784  usbehci - ok
14:21:47.0067 3784  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:21:47.0113 3784  usbhub - ok
14:21:47.0129 3784  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:21:47.0176 3784  usbohci - ok
14:21:47.0207 3784  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:21:47.0238 3784  usbprint - ok
14:21:47.0269 3784  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:21:47.0316 3784  usbscan - ok
14:21:47.0363 3784  [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser          C:\Windows\system32\drivers\usbser.sys
14:21:47.0410 3784  usbser - ok
14:21:47.0441 3784  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:21:47.0503 3784  USBSTOR - ok
14:21:47.0519 3784  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:21:47.0550 3784  usbuhci - ok
14:21:47.0581 3784  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
14:21:47.0612 3784  UxSms - ok
14:21:47.0612 3784  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
14:21:47.0628 3784  VaultSvc - ok
14:21:47.0644 3784  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:21:47.0675 3784  vdrvroot - ok
14:21:47.0706 3784  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
14:21:47.0784 3784  vds - ok
14:21:47.0800 3784  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:21:47.0846 3784  vga - ok
14:21:47.0862 3784  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:21:47.0893 3784  VgaSave - ok
14:21:47.0924 3784  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:21:47.0971 3784  vhdmp - ok
14:21:48.0002 3784  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:21:48.0034 3784  viaagp - ok
14:21:48.0034 3784  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
14:21:48.0080 3784  ViaC7 - ok
14:21:48.0096 3784  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
14:21:48.0127 3784  viaide - ok
14:21:48.0158 3784  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:21:48.0190 3784  vmbus - ok
14:21:48.0205 3784  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:21:48.0236 3784  VMBusHID - ok
14:21:48.0268 3784  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:21:48.0299 3784  volmgr - ok
14:21:48.0314 3784  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:21:48.0361 3784  volmgrx - ok
14:21:48.0392 3784  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:21:48.0455 3784  volsnap - ok
14:21:48.0486 3784  [ 1C0A7FF6CA0F21E26AD34377A56C9B4F ] VSApiNt         C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
14:21:48.0533 3784  VSApiNt - ok
14:21:48.0564 3784  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:21:48.0595 3784  vsmraid - ok
14:21:48.0626 3784  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
14:21:48.0720 3784  VSS - ok
14:21:48.0736 3784  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:21:48.0782 3784  vwifibus - ok
14:21:48.0814 3784  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
14:21:48.0860 3784  W32Time - ok
14:21:48.0876 3784  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:21:48.0892 3784  WacomPen - ok
14:21:48.0938 3784  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:21:48.0985 3784  WANARP - ok
14:21:49.0001 3784  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:21:49.0016 3784  Wanarpv6 - ok
14:21:49.0063 3784  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:21:49.0141 3784  WatAdminSvc - ok
14:21:49.0188 3784  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
14:21:49.0297 3784  wbengine - ok
14:21:49.0328 3784  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:21:49.0360 3784  WbioSrvc - ok
14:21:49.0391 3784  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:21:49.0453 3784  wcncsvc - ok
14:21:49.0453 3784  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:21:49.0500 3784  WcsPlugInService - ok
14:21:49.0516 3784  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:21:49.0547 3784  Wd - ok
14:21:49.0578 3784  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:21:49.0640 3784  Wdf01000 - ok
14:21:49.0656 3784  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:21:49.0703 3784  WdiServiceHost - ok
14:21:49.0703 3784  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:21:49.0718 3784  WdiSystemHost - ok
14:21:49.0750 3784  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
14:21:49.0796 3784  WebClient - ok
14:21:49.0812 3784  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:21:49.0859 3784  Wecsvc - ok
14:21:49.0874 3784  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:21:49.0890 3784  wercplsupport - ok
14:21:49.0906 3784  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:21:49.0952 3784  WerSvc - ok
14:21:49.0999 3784  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:21:50.0030 3784  WfpLwf - ok
14:21:50.0046 3784  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:21:50.0062 3784  WIMMount - ok
14:21:50.0108 3784  [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:21:50.0171 3784  WinDefend - ok
14:21:50.0171 3784  WinHttpAutoProxySvc - ok
14:21:50.0218 3784  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:21:50.0249 3784  Winmgmt - ok
14:21:50.0296 3784  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
14:21:50.0483 3784  WinRM - ok
14:21:50.0514 3784  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:21:50.0545 3784  WinUsb - ok
14:21:50.0576 3784  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:21:50.0639 3784  Wlansvc - ok
14:21:50.0686 3784  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:21:50.0717 3784  wlcrasvc - ok
14:21:50.0763 3784  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:21:50.0779 3784  wlidsvc - ok
14:21:50.0810 3784  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:21:50.0841 3784  WmiAcpi - ok
14:21:50.0873 3784  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:21:50.0935 3784  wmiApSrv - ok
14:21:50.0982 3784  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:21:51.0060 3784  WMPNetworkSvc - ok
14:21:51.0075 3784  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:21:51.0122 3784  WPCSvc - ok
14:21:51.0153 3784  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:21:51.0200 3784  WPDBusEnum - ok
14:21:51.0216 3784  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:21:51.0263 3784  ws2ifsl - ok
14:21:51.0278 3784  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
14:21:51.0325 3784  wscsvc - ok
14:21:51.0325 3784  WSearch - ok
14:21:51.0387 3784  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
14:21:51.0434 3784  wuauserv - ok
14:21:51.0465 3784  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:21:51.0512 3784  WudfPf - ok
14:21:51.0528 3784  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:21:51.0575 3784  WUDFRd - ok
14:21:51.0606 3784  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:21:51.0653 3784  wudfsvc - ok
14:21:51.0668 3784  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:21:51.0715 3784  WwanSvc - ok

[DarkAllMan]

14:21:51.0731 3784  ================ Scan global ===============================
14:21:51.0762 3784  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
14:21:51.0793 3784  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
14:21:51.0824 3784  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
14:21:51.0855 3784  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:21:51.0902 3784  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:21:51.0949 3784  [Global] - ok
14:21:51.0949 3784  ================ Scan MBR ==================================
14:21:51.0949 3784  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:21:52.0199 3784  \Device\Harddisk0\DR0 - ok
14:21:52.0199 3784  ================ Scan VBR ==================================
14:21:52.0199 3784  [ ECD5652754C6AF51EA8F4C9BA23390EB ] \Device\Harddisk0\DR0\Partition1
14:21:52.0199 3784  \Device\Harddisk0\DR0\Partition1 - ok
14:21:52.0230 3784  [ C927337637E8C0BD73C5AA862AC61A16 ] \Device\Harddisk0\DR0\Partition2
14:21:52.0230 3784  \Device\Harddisk0\DR0\Partition2 - ok
14:21:52.0230 3784  ================ Scan active images ========================
14:21:52.0230 3784  [ B7EFEF22FF426EC4158A177CB3B558D3 ] C:\Windows\System32\drivers\crashdmp.sys
14:21:52.0230 3784  C:\Windows\System32\drivers\crashdmp.sys - ok
14:21:52.0230 3784  [ 338C86357871C167A96AB976519BF59E ] C:\Windows\System32\drivers\atapi.sys
14:21:52.0230 3784  C:\Windows\System32\drivers\atapi.sys - ok
14:21:52.0245 3784  [ 5428227D4730EBDFC842E9FB593F8C8A ] C:\Windows\System32\drivers\Dumpata.sys
14:21:52.0245 3784  C:\Windows\System32\drivers\Dumpata.sys - ok
14:21:52.0245 3784  [ 62A63EF2F3053B461CB327E4D69AAA74 ] C:\Windows\System32\drivers\dumpfve.sys
14:21:52.0245 3784  C:\Windows\System32\drivers\dumpfve.sys - ok
14:21:52.0245 3784  [ 505506526A9D467307B3C393DEDAF858 ] C:\Windows\System32\drivers\beep.sys
14:21:52.0245 3784  C:\Windows\System32\drivers\beep.sys - ok
14:21:52.0245 3784  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] C:\Windows\System32\drivers\cdrom.sys
14:21:52.0245 3784  C:\Windows\System32\drivers\cdrom.sys - ok
14:21:52.0245 3784  [ F9756A98D69098DCA8945D62858A812C ] C:\Windows\System32\drivers\null.sys
14:21:52.0245 3784  C:\Windows\System32\drivers\null.sys - ok
14:21:52.0245 3784  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] C:\Windows\System32\drivers\msfs.sys
14:21:52.0245 3784  C:\Windows\System32\drivers\msfs.sys - ok
14:21:52.0245 3784  [ 1DB262A9F8C087E8153D89BEF3D2235F ] C:\Windows\System32\drivers\npfs.sys
14:21:52.0245 3784  C:\Windows\System32\drivers\npfs.sys - ok
14:21:52.0261 3784  [ 23DAE03F29D253AE74C44F99E515F9A1 ] C:\Windows\System32\drivers\RDPCDD.sys
14:21:52.0261 3784  C:\Windows\System32\drivers\RDPCDD.sys - ok
14:21:52.0261 3784  [ 5A53CA1598DD4156D44196D200C94B8A ] C:\Windows\System32\drivers\RDPENCDD.sys
14:21:52.0261 3784  C:\Windows\System32\drivers\RDPENCDD.sys - ok
14:21:52.0261 3784  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] C:\Windows\System32\drivers\RDPREFMP.sys
14:21:52.0261 3784  C:\Windows\System32\drivers\RDPREFMP.sys - ok
14:21:52.0261 3784  [ 8E38096AD5C8570A6F1570A61E251561 ] C:\Windows\System32\drivers\vga.sys
14:21:52.0261 3784  C:\Windows\System32\drivers\vga.sys - ok
14:21:52.0261 3784  [ 15C126D1B55814B9E5CAB10A9C1F4C67 ] C:\Windows\System32\drivers\videoprt.sys
14:21:52.0261 3784  C:\Windows\System32\drivers\videoprt.sys - ok
14:21:52.0261 3784  [ CB45A417C8EF7BA6BAC67EDCDDED8700 ] C:\Windows\System32\drivers\watchdog.sys
14:21:52.0261 3784  C:\Windows\System32\drivers\watchdog.sys - ok
14:21:52.0277 3784  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] C:\Windows\System32\drivers\afd.sys
14:21:52.0277 3784  C:\Windows\System32\drivers\afd.sys - ok
14:21:52.0277 3784  [ 2F885864D5BC8A16C86BEE595969A48A ] C:\Windows\System32\drivers\tdi.sys
14:21:52.0277 3784  C:\Windows\System32\drivers\tdi.sys - ok
14:21:52.0277 3784  [ B459575348C20E8121D6039DA063C704 ] C:\Windows\System32\drivers\tdx.sys
14:21:52.0277 3784  C:\Windows\System32\drivers\tdx.sys - ok
14:21:52.0277 3784  [ 280122DDCF04B378EDD1AD54D71C1E54 ] C:\Windows\System32\drivers\netbt.sys
14:21:52.0277 3784  C:\Windows\System32\drivers\netbt.sys - ok
14:21:52.0277 3784  [ 6270CCAE2A86DE6D146529FE55B3246A ] C:\Windows\System32\drivers\pacer.sys
14:21:52.0277 3784  C:\Windows\System32\drivers\pacer.sys - ok
14:21:52.0277 3784  [ 8B9A943F3B53861F2BFAF6C186168F79 ] C:\Windows\System32\drivers\wfplwf.sys
14:21:52.0277 3784  C:\Windows\System32\drivers\wfplwf.sys - ok
14:21:52.0277 3784  [ 6DB3276587B853BF886B69528FDB048C ] C:\Windows\System32\drivers\ws2ifsl.sys
14:21:52.0277 3784  C:\Windows\System32\drivers\ws2ifsl.sys - ok
14:21:52.0292 3784  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] C:\Windows\System32\drivers\netbios.sys
14:21:52.0292 3784  C:\Windows\System32\drivers\netbios.sys - ok
14:21:52.0292 3784  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] C:\Windows\System32\drivers\serial.sys
14:21:52.0292 3784  C:\Windows\System32\drivers\serial.sys - ok
14:21:52.0292 3784  [ 7697034EBCE2528796DF5D7C55B52CC8 ] C:\Windows\System32\drivers\tmlwf.sys
14:21:52.0292 3784  C:\Windows\System32\drivers\tmlwf.sys - ok
14:21:52.0292 3784  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] C:\Windows\System32\drivers\wanarp.sys
14:21:52.0292 3784  C:\Windows\System32\drivers\wanarp.sys - ok
14:21:52.0292 3784  [ 5F7F63884A8547981EE379B8C0FB3312 ] C:\Windows\System32\drivers\tmtdi.sys
14:21:52.0292 3784  C:\Windows\System32\drivers\tmtdi.sys - ok
14:21:52.0292 3784  [ 1A050B0274BFB3890703D490F330C0DA ] C:\Windows\System32\drivers\discache.sys
14:21:52.0292 3784  C:\Windows\System32\drivers\discache.sys - ok
14:21:52.0292 3784  [ FC6B9FF600CC585EA38B12589BD4E246 ] C:\Windows\System32\drivers\mssmbios.sys
14:21:52.0292 3784  C:\Windows\System32\drivers\mssmbios.sys - ok
14:21:52.0308 3784  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] C:\Windows\System32\drivers\nsiproxy.sys
14:21:52.0308 3784  C:\Windows\System32\drivers\nsiproxy.sys - ok
14:21:52.0308 3784  [ D528BC58A489409BA40334EBF96A311B ] C:\Windows\System32\drivers\rdbss.sys
14:21:52.0308 3784  C:\Windows\System32\drivers\rdbss.sys - ok
14:21:52.0308 3784  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] C:\Windows\System32\drivers\termdd.sys
14:21:52.0308 3784  C:\Windows\System32\drivers\termdd.sys - ok
14:21:52.0308 3784  [ 2287078ED48FCFC477B05B20CF38F36F ] C:\Windows\System32\drivers\blbdrive.sys
14:21:52.0308 3784  C:\Windows\System32\drivers\blbdrive.sys - ok
14:21:52.0308 3784  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] C:\Windows\System32\drivers\csc.sys
14:21:52.0308 3784  C:\Windows\System32\drivers\csc.sys - ok
14:21:52.0308 3784  [ F024449C97EC1E464AAFFDA18593DB88 ] C:\Windows\System32\drivers\dfsc.sys
14:21:52.0308 3784  C:\Windows\System32\drivers\dfsc.sys - ok
14:21:52.0308 3784  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] C:\Windows\System32\drivers\intelppm.sys
14:21:52.0308 3784  C:\Windows\System32\drivers\intelppm.sys - ok
14:21:52.0323 3784  [ B2FA25D9B17A68BB93D58B0556E8C90D ] C:\Windows\System32\drivers\tunnel.sys
14:21:52.0323 3784  C:\Windows\System32\drivers\tunnel.sys - ok
14:21:52.0323 3784  [ 0217679B8FCA58714C3BF2726D2CA84E ] C:\Windows\System32\drivers\wmiacpi.sys
14:21:52.0323 3784  C:\Windows\System32\drivers\wmiacpi.sys - ok
14:21:52.0323 3784  [ DCE0B53570703CCE580D066F89EF58CD ] C:\Windows\System32\drivers\igdkmd32.sys
14:21:52.0323 3784  C:\Windows\System32\drivers\igdkmd32.sys - ok
14:21:52.0323 3784  [ 16498EBC04AE9DD07049A8884B205C05 ] C:\Windows\System32\drivers\dxgkrnl.sys
14:21:52.0323 3784  C:\Windows\System32\drivers\dxgkrnl.sys - ok
14:21:52.0323 3784  [ E405328A0E38BF823E2361C413283F6D ] C:\Windows\System32\drivers\dxgmms1.sys
14:21:52.0323 3784  C:\Windows\System32\drivers\dxgmms1.sys - ok
14:21:52.0323 3784  [ 9036377B8A6C15DC2EEC53E489D159B5 ] C:\Windows\System32\drivers\hdaudbus.sys
14:21:52.0323 3784  C:\Windows\System32\drivers\hdaudbus.sys - ok
14:21:52.0339 3784  [ 51B719F0BCE4430A6EAAD43FB9FF61A3 ] C:\Windows\System32\drivers\k57nd60x.sys
14:21:52.0339 3784  C:\Windows\System32\drivers\k57nd60x.sys - ok
14:21:52.0339 3784  [ 3AA940AA9AC3055FE32FF2D3D20CCD28 ] C:\Windows\System32\drivers\usbport.sys
14:21:52.0339 3784  C:\Windows\System32\drivers\usbport.sys - ok
14:21:52.0339 3784  [ 68DF884CF41CDADA664BEB01DAF67E3D ] C:\Windows\System32\drivers\usbuhci.sys
14:21:52.0339 3784  C:\Windows\System32\drivers\usbuhci.sys - ok
14:21:52.0339 3784  [ C30A91ADE8C9CB91E4281EC83C4500C6 ] C:\Windows\System32\ntdll.dll
14:21:52.0339 3784  C:\Windows\System32\ntdll.dll - ok
14:21:52.0339 3784  [ DE91DCC7BC55E940979097E98F743205 ] C:\Windows\System32\smss.exe
14:21:52.0339 3784  C:\Windows\System32\smss.exe - ok
14:21:52.0339 3784  [ F88A52EB62019D6A62FDD9E08034DBD8 ] C:\Windows\System32\autochk.exe
14:21:52.0339 3784  C:\Windows\System32\autochk.exe - ok
14:21:52.0339 3784  [ 57EC4AEF73660166074D8F7F31C0D4FD ] C:\Windows\System32\drivers\agilevpn.sys
14:21:52.0339 3784  C:\Windows\System32\drivers\agilevpn.sys - ok
14:21:52.0355 3784  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] C:\Windows\System32\drivers\CompositeBus.sys
14:21:52.0355 3784  C:\Windows\System32\drivers\CompositeBus.sys - ok
14:21:52.0355 3784  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] C:\Windows\System32\drivers\parport.sys
14:21:52.0355 3784  C:\Windows\System32\drivers\parport.sys - ok
14:21:52.0355 3784  [ D9F91EAFEC2815365CBE6D167E4E332A ] C:\Windows\System32\drivers\rasl2tp.sys
14:21:52.0355 3784  C:\Windows\System32\drivers\rasl2tp.sys - ok
14:21:52.0355 3784  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] C:\Windows\System32\drivers\serenum.sys
14:21:52.0355 3784  C:\Windows\System32\drivers\serenum.sys - ok
14:21:52.0355 3784  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] C:\Windows\System32\drivers\usbehci.sys
14:21:52.0355 3784  C:\Windows\System32\drivers\usbehci.sys - ok
14:21:52.0355 3784  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] C:\Windows\System32\drivers\ndistapi.sys
14:21:52.0355 3784  C:\Windows\System32\drivers\ndistapi.sys - ok
14:21:52.0370 3784  [ 38FBE267E7E6983311179230FACB1017 ] C:\Windows\System32\drivers\ndiswan.sys
14:21:52.0370 3784  C:\Windows\System32\drivers\ndiswan.sys - ok
14:21:52.0370 3784  [ 0FE8B15916307A6AC12BFB6A63E45507 ] C:\Windows\System32\drivers\raspppoe.sys
14:21:52.0370 3784  C:\Windows\System32\drivers\raspppoe.sys - ok
14:21:52.0370 3784  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] C:\Windows\System32\drivers\raspptp.sys
14:21:52.0370 3784  C:\Windows\System32\drivers\raspptp.sys - ok
14:21:52.0370 3784  [ ADEF52CA1AEAE82B50DF86B56413107E ] C:\Windows\System32\drivers\kbdclass.sys
14:21:52.0370 3784  C:\Windows\System32\drivers\kbdclass.sys - ok
14:21:52.0370 3784  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] C:\Windows\System32\drivers\mouclass.sys
14:21:52.0370 3784  C:\Windows\System32\drivers\mouclass.sys - ok
14:21:52.0370 3784  [ 44101F495A83EA6401D886E7FD70096B ] C:\Windows\System32\drivers\rassstp.sys
14:21:52.0370 3784  C:\Windows\System32\drivers\rassstp.sys - ok
14:21:52.0370 3784  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] C:\Windows\System32\drivers\rdpbus.sys
14:21:52.0370 3784  C:\Windows\System32\drivers\rdpbus.sys - ok
14:21:52.0386 3784  [ 5DCEF0C32BE0F33277326586FA503689 ] C:\Windows\System32\drivers\ks.sys
14:21:52.0386 3784  C:\Windows\System32\drivers\ks.sys - ok
14:21:52.0386 3784  [ E58C78A848ADD9610A4DB6D214AF5224 ] C:\Windows\System32\drivers\swenum.sys
14:21:52.0386 3784  C:\Windows\System32\drivers\swenum.sys - ok
14:21:52.0386 3784  [ D295BED4B898F0FD999FCFA9B32B071B ] C:\Windows\System32\drivers\umbus.sys
14:21:52.0386 3784  C:\Windows\System32\drivers\umbus.sys - ok
14:21:52.0386 3784  [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\System32\psapi.dll
14:21:52.0386 3784  C:\Windows\System32\psapi.dll - ok
14:21:52.0386 3784  [ 070C5B9D3006602A07757179D9B56F5D ] C:\Windows\System32\difxapi.dll
14:21:52.0386 3784  C:\Windows\System32\difxapi.dll - ok
14:21:52.0386 3784  [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\System32\comdlg32.dll
14:21:52.0386 3784  C:\Windows\System32\comdlg32.dll - ok
14:21:52.0401 3784  [ AE09B85158C66E2C154C5C9B3C0027B3 ] C:\Windows\System32\kernel32.dll
14:21:52.0401 3784  C:\Windows\System32\kernel32.dll - ok
14:21:52.0401 3784  [ F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 ] C:\Windows\System32\user32.dll
14:21:52.0401 3784  C:\Windows\System32\user32.dll - ok
14:21:52.0401 3784  [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\System32\advapi32.dll
14:21:52.0401 3784  C:\Windows\System32\advapi32.dll - ok
14:21:52.0401 3784  [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\System32\normaliz.dll
14:21:52.0401 3784  C:\Windows\System32\normaliz.dll - ok
14:21:52.0401 3784  [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\System32\sechost.dll
14:21:52.0401 3784  C:\Windows\System32\sechost.dll - ok
14:21:52.0401 3784  [ 565D78187494FB5F08B5A52DEB2AEA7A ] C:\Windows\System32\shell32.dll
14:21:52.0401 3784  C:\Windows\System32\shell32.dll - ok
14:21:52.0401 3784  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] C:\Windows\System32\drivers\usbhub.sys
14:21:52.0401 3784  C:\Windows\System32\drivers\usbhub.sys - ok
14:21:52.0417 3784  [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\System32\ole32.dll
14:21:52.0417 3784  C:\Windows\System32\ole32.dll - ok
14:21:52.0417 3784  [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\System32\ws2_32.dll
14:21:52.0417 3784  C:\Windows\System32\ws2_32.dll - ok
14:21:52.0417 3784  [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\System32\oleaut32.dll
14:21:52.0417 3784  C:\Windows\System32\oleaut32.dll - ok
14:21:52.0417 3784  [ 4F154D2C9C6DF951FD6E5AABBAE6B5EE ] C:\Windows\System32\lpk.dll
14:21:52.0417 3784  C:\Windows\System32\lpk.dll - ok
14:21:52.0417 3784  [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\System32\usp10.dll
14:21:52.0417 3784  C:\Windows\System32\usp10.dll - ok
14:21:52.0417 3784  [ EA952A5C277CABCBA69EA806146BB984 ] C:\Windows\System32\wininet.dll
14:21:52.0417 3784  C:\Windows\System32\wininet.dll - ok
14:21:52.0417 3784  [ 39EC64DDBEB1C233589ED9954C209E38 ] C:\Windows\System32\urlmon.dll
14:21:52.0417 3784  C:\Windows\System32\urlmon.dll - ok
14:21:52.0433 3784  [ FF5688D309347F2720911D8796912834 ] C:\Windows\System32\clbcatq.dll
14:21:52.0433 3784  C:\Windows\System32\clbcatq.dll - ok
14:21:52.0433 3784  [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\System32\msvcrt.dll
14:21:52.0433 3784  C:\Windows\System32\msvcrt.dll - ok
14:21:52.0433 3784  [ 501E7642455831A51448F82C1C468538 ] C:\Windows\System32\iertutil.dll
14:21:52.0433 3784  C:\Windows\System32\iertutil.dll - ok
14:21:52.0433 3784  [ 6400774E903729ADD0A62A24A334EE56 ] C:\Windows\System32\rpcrt4.dll
14:21:52.0433 3784  C:\Windows\System32\rpcrt4.dll - ok
14:21:52.0433 3784  [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\System32\shlwapi.dll
14:21:52.0433 3784  C:\Windows\System32\shlwapi.dll - ok
14:21:52.0433 3784  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] C:\Windows\System32\drivers\ndproxy.sys
14:21:52.0433 3784  C:\Windows\System32\drivers\ndproxy.sys - ok
14:21:52.0433 3784  [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\System32\imagehlp.dll
14:21:52.0433 3784  C:\Windows\System32\imagehlp.dll - ok
14:21:52.0448 3784  [ 4A8E2F20809CC161107FAA94F6CF2685 ] C:\Windows\System32\imm32.dll
14:21:52.0448 3784  C:\Windows\System32\imm32.dll - ok
14:21:52.0448 3784  [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\System32\msctf.dll
14:21:52.0448 3784  C:\Windows\System32\msctf.dll - ok
14:21:52.0448 3784  [ E87F5393F7D8CE2FACC4DFF703531392 ] C:\Windows\System32\gdi32.dll
14:21:52.0448 3784  C:\Windows\System32\gdi32.dll - ok
14:21:52.0448 3784  [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\System32\nsi.dll
14:21:52.0448 3784  C:\Windows\System32\nsi.dll - ok
14:21:52.0448 3784  [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\System32\setupapi.dll
14:21:52.0448 3784  C:\Windows\System32\setupapi.dll - ok
14:21:52.0448 3784  [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\System32\Wldap32.dll
14:21:52.0448 3784  C:\Windows\System32\Wldap32.dll - ok
14:21:52.0448 3784  [ AD88D390C9417C959E08F8BF6F2B8154 ] C:\Windows\System32\KernelBase.dll
14:21:52.0448 3784  C:\Windows\System32\KernelBase.dll - ok
14:21:52.0464 3784  [ 27F9288AF019E6DACA281EDE51FF5928 ] C:\Windows\System32\drivers\drmk.sys
14:21:52.0464 3784  C:\Windows\System32\drivers\drmk.sys - ok
14:21:52.0464 3784  [ D72708C9F49500C13D7D067E169B7715 ] C:\Windows\System32\drivers\portcls.sys
14:21:52.0464 3784  C:\Windows\System32\drivers\portcls.sys - ok
14:21:52.0464 3784  [ 2D8D9516281E27A721897A388F17DEFB ] C:\Windows\System32\drivers\RTDVHDA.sys
14:21:52.0464 3784  C:\Windows\System32\drivers\RTDVHDA.sys - ok
14:21:52.0464 3784  [ 92245C959E5BC378809D2CC5E9F6E9C7 ] C:\Windows\System32\crypt32.dll
14:21:52.0464 3784  C:\Windows\System32\crypt32.dll - ok
14:21:52.0464 3784  [ 3FFAEA12666E565FF51BF2FCA674F543 ] C:\Windows\System32\cfgmgr32.dll
14:21:52.0464 3784  C:\Windows\System32\cfgmgr32.dll - ok
14:21:52.0464 3784  [ CC4ED8BEA78B0DCA6F217E014C3291A7 ] C:\Windows\System32\devobj.dll
14:21:52.0464 3784  C:\Windows\System32\devobj.dll - ok
14:21:52.0479 3784  [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\System32\wintrust.dll
14:21:52.0479 3784  C:\Windows\System32\wintrust.dll - ok
14:21:52.0479 3784  [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\System32\comctl32.dll
14:21:52.0479 3784  C:\Windows\System32\comctl32.dll - ok
14:21:52.0479 3784  [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\System32\msasn1.dll
14:21:52.0479 3784  C:\Windows\System32\msasn1.dll - ok
14:21:52.0479 3784  [ 5FCD3320AAE71506B43F9E12E4E72172 ] C:\Windows\System32\drivers\dxapi.sys
14:21:52.0479 3784  C:\Windows\System32\drivers\dxapi.sys - ok
14:21:52.0479 3784  [ 4D52150FC35E333F6CBBB6B6E6D9366D ] C:\Windows\System32\win32k.sys
14:21:52.0479 3784  C:\Windows\System32\win32k.sys - ok
14:21:52.0479 3784  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\System32\basesrv.dll
14:21:52.0479 3784  C:\Windows\System32\basesrv.dll - ok
14:21:52.0479 3784  [ 23AB7E36551C6BA5370EF7F05142F0EB ] C:\Windows\System32\csrsrv.dll
14:21:52.0479 3784  C:\Windows\System32\csrsrv.dll - ok
14:21:52.0495 3784  [ 342271F6142E7C70805B8A81E1BA5F5C ] C:\Windows\System32\csrss.exe
14:21:52.0495 3784  C:\Windows\System32\csrss.exe - ok
14:21:52.0495 3784  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\System32\winsrv.dll
14:21:52.0495 3784  C:\Windows\System32\winsrv.dll - ok
14:21:52.0495 3784  [ 79D10964DE86B292320E9DFE02282A23 ] C:\Windows\System32\drivers\monitor.sys
14:21:52.0495 3784  C:\Windows\System32\drivers\monitor.sys - ok
14:21:52.0495 3784  [ 7C76B61A5E1EF5D1FA554CF134100F18 ] C:\Windows\System32\tsddd.dll
14:21:52.0495 3784  C:\Windows\System32\tsddd.dll - ok
14:21:52.0495 3784  [ BD9C55D7023C5DE374507ACC7A14E2AC ] C:\Windows\System32\drivers\usbccgp.sys
14:21:52.0495 3784  C:\Windows\System32\drivers\usbccgp.sys - ok
14:21:52.0495 3784  [ 5787196F32D043572EC6565C0EF1B8E0 ] C:\Windows\System32\drivers\usbd.sys
14:21:52.0495 3784  C:\Windows\System32\drivers\usbd.sys - ok
14:21:52.0495 3784  [ 357B990A4249D7F7485B230C0CC8825A ] C:\Windows\System32\KBDUS.DLL
14:21:52.0495 3784  C:\Windows\System32\KBDUS.DLL - ok
14:21:52.0511 3784  [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\System32\profapi.dll
14:21:52.0511 3784  C:\Windows\System32\profapi.dll - ok
14:21:52.0511 3784  [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\System32\RpcRtRemote.dll
14:21:52.0511 3784  C:\Windows\System32\RpcRtRemote.dll - ok
14:21:52.0511 3784  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\System32\sxssrv.dll
14:21:52.0511 3784  C:\Windows\System32\sxssrv.dll - ok
14:21:52.0511 3784  [ B5C5DCAD3899512020D135600129D665 ] C:\Windows\System32\wininit.exe
14:21:52.0511 3784  C:\Windows\System32\wininit.exe - ok
14:21:52.0511 3784  [ CAEF9CD6C10B1017E2C298D849CD31DB ] C:\Windows\System32\cdd.dll
14:21:52.0511 3784  C:\Windows\System32\cdd.dll - ok
14:21:52.0511 3784  [ 931A1DF1520ABC6E84BA4A75E6957025 ] C:\Windows\System32\drivers\hidclass.sys
14:21:52.0511 3784  C:\Windows\System32\drivers\hidclass.sys - ok
14:21:52.0526 3784  [ 6C26122F1931D4D7810240F32DDCE890 ] C:\Windows\System32\drivers\hidparse.sys
14:21:52.0526 3784  C:\Windows\System32\drivers\hidparse.sys - ok
14:21:52.0526 3784  [ 10C19F8290891AF023EAEC0832E1EB4D ] C:\Windows\System32\drivers\hidusb.sys
14:21:52.0526 3784  C:\Windows\System32\drivers\hidusb.sys - ok
14:21:52.0526 3784  [ 6D13E1406F50C66E2A95D97F22C47560 ] C:\Windows\System32\winlogon.exe
14:21:52.0526 3784  C:\Windows\System32\winlogon.exe - ok
14:21:52.0526 3784  [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\System32\winsta.dll
14:21:52.0526 3784  C:\Windows\System32\winsta.dll - ok
14:21:52.0526 3784  [ 9E3CED91863E6EE98C24794D05E27A71 ] C:\Windows\System32\drivers\kbdhid.sys
14:21:52.0526 3784  C:\Windows\System32\drivers\kbdhid.sys - ok
14:21:52.0526 3784  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] C:\Windows\System32\drivers\mouhid.sys
14:21:52.0526 3784  C:\Windows\System32\drivers\mouhid.sys - ok
14:21:52.0526 3784  [ 9F794D728D63513D8649EE6DC8BAEDCB ] C:\Windows\System32\KBDNE.DLL
14:21:52.0526 3784  C:\Windows\System32\KBDNE.DLL - ok
14:21:52.0542 3784  [ C25F054900BD3CC5C333E7B0FA75DA91 ] C:\Windows\System32\KBDUSX.DLL
14:21:52.0542 3784  C:\Windows\System32\KBDUSX.DLL - ok
14:21:52.0542 3784  [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\System32\sxs.dll
14:21:52.0542 3784  C:\Windows\System32\sxs.dll - ok
14:21:52.0542 3784  [ 633C2C060CF857099F6C4F8D75C952B1 ] C:\Windows\System32\WlS0WndH.dll
14:21:52.0542 3784  C:\Windows\System32\WlS0WndH.dll - ok
14:21:52.0542 3784  [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\System32\cryptbase.dll
14:21:52.0542 3784  C:\Windows\System32\cryptbase.dll - ok
14:21:52.0542 3784  [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\System32\apphelp.dll
14:21:52.0542 3784  C:\Windows\System32\apphelp.dll - ok
14:21:52.0542 3784  [ 444430C44727B5F22B4DC17284798EBD ] C:\Windows\System32\lsasrv.dll
14:21:52.0542 3784  C:\Windows\System32\lsasrv.dll - ok
14:21:52.0542 3784  [ 81951F51E318AECC2D68559E47485CC4 ] C:\Windows\System32\lsass.exe
14:21:52.0542 3784  C:\Windows\System32\lsass.exe - ok
14:21:52.0557 3784  [ 8AEA9A37C1A3565A204D37C5E72AB791 ] C:\Windows\System32\lsm.exe
14:21:52.0557 3784  C:\Windows\System32\lsm.exe - ok
14:21:52.0557 3784  [ 250AA41DE690561AF1282D598914564C ] C:\Windows\System32\scesrv.dll
14:21:52.0557 3784  C:\Windows\System32\scesrv.dll - ok
14:21:52.0557 3784  [ 3369D021265E369D57317D61FA86DD79 ] C:\Windows\System32\scext.dll
14:21:52.0557 3784  C:\Windows\System32\scext.dll - ok
14:21:52.0557 3784  [ 69678722290C78D5D7198C60B5A4E3E8 ] C:\Windows\System32\secur32.dll
14:21:52.0557 3784  C:\Windows\System32\secur32.dll - ok
14:21:52.0557 3784  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\System32\services.exe
14:21:52.0557 3784  C:\Windows\System32\services.exe - ok
14:21:52.0557 3784  [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\System32\srvcli.dll
14:21:52.0557 3784  C:\Windows\System32\srvcli.dll - ok
14:21:52.0557 3784  [ 4A054C853031616D161A84BECF281F47 ] C:\Windows\System32\sspicli.dll
14:21:52.0557 3784  C:\Windows\System32\sspicli.dll - ok
14:21:52.0573 3784  [ E361AE3010EA4B3123DAB5BDAE21798F ] C:\Windows\System32\sspisrv.dll
14:21:52.0573 3784  C:\Windows\System32\sspisrv.dll - ok
14:21:52.0573 3784  [ BA51FFE170C5B3AE8EC4F5BD2581A29E ] C:\Windows\System32\sysntfy.dll
14:21:52.0573 3784  C:\Windows\System32\sysntfy.dll - ok
14:21:52.0573 3784  [ 5FEAB868CAEDBBD1B7A145CA8261E4AA ] C:\Windows\System32\WerFault.exe
14:21:52.0573 3784  C:\Windows\System32\WerFault.exe - ok
14:21:52.0573 3784  [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\System32\wmsgapi.dll
14:21:52.0573 3784  C:\Windows\System32\wmsgapi.dll - ok
14:21:52.0573 3784  [ 9CE253214ACAA5A7D323327D2055EFAA ] C:\Windows\System32\drivers\TsUsbFlt.sys
14:21:52.0573 3784  C:\Windows\System32\drivers\TsUsbFlt.sys - ok
14:21:52.0573 3784  [ 245F4691314F42D4D1BC06442F0B2086 ] C:\Windows\System32\samsrv.dll
14:21:52.0573 3784  C:\Windows\System32\samsrv.dll - ok
14:21:52.0573 3784  [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\System32\wer.dll
14:21:52.0573 3784  C:\Windows\System32\wer.dll - ok
14:21:52.0589 3784  [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
14:21:52.0589 3784  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
14:21:52.0589 3784  [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\System32\authz.dll
14:21:52.0589 3784  C:\Windows\System32\authz.dll - ok
14:21:52.0589 3784  [ FC7650224790CAE75A5E9231961FDEC5 ] C:\Windows\System32\bcrypt.dll
14:21:52.0589 3784  C:\Windows\System32\bcrypt.dll - ok
14:21:52.0589 3784  [ 50BA656134F78AF64E4DD3C8B6FEFD7E ] C:\Windows\System32\cngaudit.dll
14:21:52.0589 3784  C:\Windows\System32\cngaudit.dll - ok
14:21:52.0589 3784  [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\System32\cryptdll.dll
14:21:52.0589 3784  C:\Windows\System32\cryptdll.dll - ok
14:21:52.0589 3784  [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\System32\ncrypt.dll
14:21:52.0589 3784  C:\Windows\System32\ncrypt.dll - ok
14:21:52.0604 3784  [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\System32\wevtapi.dll
14:21:52.0604 3784  C:\Windows\System32\wevtapi.dll - ok
14:21:52.0604 3784  [ 5DAF8A6B7F127C4E70A5C1F707347859 ] C:\Windows\System32\atmfd.dll
14:21:52.0604 3784  C:\Windows\System32\atmfd.dll - ok
14:21:52.0604 3784  [ 1E8D06AAE74FED674C1156B3FEA911C2 ] C:\Windows\System32\Faultrep.dll
14:21:52.0604 3784  C:\Windows\System32\Faultrep.dll - ok
14:21:52.0604 3784  [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\System32\wkscli.dll
14:21:52.0604 3784  C:\Windows\System32\wkscli.dll - ok
14:21:52.0604 3784  [ BDA0B954A30498B5A7EDC6204CBA07ED ] C:\Windows\System32\kerberos.dll
14:21:52.0604 3784  C:\Windows\System32\kerberos.dll - ok
14:21:52.0604 3784  [ C90878913DF3DC504790282043DB5F4C ] C:\Windows\System32\msprivs.dll
14:21:52.0604 3784  C:\Windows\System32\msprivs.dll - ok
14:21:52.0604 3784  [ 6DCFAEC6D1334AA6CDF8961DB4633CBF ] C:\Windows\System32\negoexts.dll
14:21:52.0604 3784  C:\Windows\System32\negoexts.dll - ok
14:21:52.0620 3784  [ E343CABBD8D600ABAF3F11625D33B3D0 ] C:\Windows\System32\netjoin.dll
14:21:52.0620 3784  C:\Windows\System32\netjoin.dll - ok
14:21:52.0620 3784  [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\System32\cryptsp.dll
14:21:52.0620 3784  C:\Windows\System32\cryptsp.dll - ok
14:21:52.0620 3784  [ 4C1E16B9A53102C8D6FBA587CBCB95DE ] C:\Windows\System32\msv1_0.dll
14:21:52.0620 3784  C:\Windows\System32\msv1_0.dll - ok
14:21:52.0620 3784  [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\System32\mswsock.dll
14:21:52.0620 3784  C:\Windows\System32\mswsock.dll - ok
14:21:52.0620 3784  [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\System32\wship6.dll
14:21:52.0620 3784  C:\Windows\System32\wship6.dll - ok
14:21:52.0620 3784  [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\System32\dnsapi.dll
14:21:52.0620 3784  C:\Windows\System32\dnsapi.dll - ok
14:21:52.0620 3784  [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\System32\logoncli.dll
14:21:52.0620 3784  C:\Windows\System32\logoncli.dll - ok
14:21:52.0635 3784  [ C1809B9907ADEDAF16F50C894100883B ] C:\Windows\System32\netlogon.dll
14:21:52.0635 3784  C:\Windows\System32\netlogon.dll - ok
14:21:52.0635 3784  [ 37CC990D4E2CDFAE12AC47F6B620FC13 ] C:\Windows\System32\pku2u.dll
14:21:52.0635 3784  C:\Windows\System32\pku2u.dll - ok
14:21:52.0635 3784  [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\System32\rsaenh.dll
14:21:52.0635 3784  C:\Windows\System32\rsaenh.dll - ok
14:21:52.0635 3784  [ AF78F66116814FDD6677CEBD73035CDD ] C:\Windows\System32\schannel.dll
14:21:52.0635 3784  C:\Windows\System32\schannel.dll - ok
14:21:52.0635 3784  [ D29E45078CF4020CE0AAC82EC652D1EA ] C:\Windows\System32\TSpkg.dll
14:21:52.0635 3784  C:\Windows\System32\TSpkg.dll - ok
14:21:52.0635 3784  [ 0450CF487ECD8A67B56F59F9A96D024D ] C:\Windows\System32\wdigest.dll
14:21:52.0635 3784  C:\Windows\System32\wdigest.dll - ok
14:21:52.0651 3784  [ 93723774872D9FB903266A46ED1E0BC2 ] C:\Windows\System32\LIVESSP.DLL
14:21:52.0651 3784  C:\Windows\System32\LIVESSP.DLL - ok
14:21:52.0651 3784  [ EB167B2BA298DECA28CF3693B0052315 ] C:\Windows\System32\wvauth.dll
14:21:52.0651 3784  C:\Windows\System32\wvauth.dll - ok
14:21:52.0651 3784  [ 521B748A7F9923302CA18B7E6AA2EEAE ] C:\Windows\System32\activeds.dll
14:21:52.0651 3784  C:\Windows\System32\activeds.dll - ok
14:21:52.0651 3784  [ 51F5CC1E7DA3D9C664C2D0D61F315E06 ] C:\Windows\System32\adsldpc.dll
14:21:52.0651 3784  C:\Windows\System32\adsldpc.dll - ok
14:21:52.0651 3784  [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\System32\atl.dll
14:21:52.0651 3784  C:\Windows\System32\atl.dll - ok
14:21:52.0651 3784  [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\System32\netapi32.dll
14:21:52.0651 3784  C:\Windows\System32\netapi32.dll - ok
14:21:52.0651 3784  [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\System32\netutils.dll
14:21:52.0651 3784  C:\Windows\System32\netutils.dll - ok
14:21:52.0667 3784  [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\System32\samcli.dll
14:21:52.0667 3784  C:\Windows\System32\samcli.dll - ok
14:21:52.0667 3784  [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\System32\userenv.dll
14:21:52.0667 3784  C:\Windows\System32\userenv.dll - ok
14:21:52.0667 3784  [ 9419ABF3163B6F0E3AD3DD2B381C879F ] C:\Windows\System32\WinSCard.dll
14:21:52.0667 3784  C:\Windows\System32\WinSCard.dll - ok
14:21:52.0667 3784  [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\System32\wsock32.dll
14:21:52.0667 3784  C:\Windows\System32\wsock32.dll - ok
14:21:52.0667 3784  [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\System32\bcryptprimitives.dll
14:21:52.0667 3784  C:\Windows\System32\bcryptprimitives.dll - ok
14:21:52.0667 3784  [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\System32\credssp.dll
14:21:52.0667 3784  C:\Windows\System32\credssp.dll - ok
14:21:52.0667 3784  [ 91F434FF6606ED9BDC6A05D651B69553 ] C:\Windows\System32\efslsaext.dll
14:21:52.0667 3784  C:\Windows\System32\efslsaext.dll - ok
14:21:52.0682 3784  [ 8124944EC89D6A1815E4E53F5B96AAF4 ] C:\Windows\System32\scecli.dll
14:21:52.0682 3784  C:\Windows\System32\scecli.dll - ok
14:21:52.0682 3784  [ 7222995615BF93B628DCEA4BD6CCACF7 ] C:\Windows\System32\ubpm.dll
14:21:52.0682 3784  C:\Windows\System32\ubpm.dll - ok
14:21:52.0682 3784  [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\System32\svchost.exe
14:21:52.0682 3784  C:\Windows\System32\svchost.exe - ok
14:21:52.0682 3784  [ FD07F21E0A19C27ED4E1EEC2B07452B3 ] C:\Windows\System32\devrtl.dll
14:21:52.0682 3784  C:\Windows\System32\devrtl.dll - ok
14:21:52.0682 3784  [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\System32\gpapi.dll
14:21:52.0682 3784  C:\Windows\System32\gpapi.dll - ok
14:21:52.0682 3784  [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\System32\SPInf.dll
14:21:52.0682 3784  C:\Windows\System32\SPInf.dll - ok
14:21:52.0682 3784  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] C:\Windows\System32\umpnpmgr.dll
14:21:52.0682 3784  C:\Windows\System32\umpnpmgr.dll - ok
14:21:52.0698 3784  [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\System32\pcwum.dll
14:21:52.0698 3784  C:\Windows\System32\pcwum.dll - ok
14:21:52.0698 3784  [ F87D30E72E03D579A5199CCB3831D6EA ] C:\Windows\System32\umpo.dll
14:21:52.0698 3784  C:\Windows\System32\umpo.dll - ok
14:21:52.0698 3784  [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\System32\powrprof.dll
14:21:52.0698 3784  C:\Windows\System32\powrprof.dll - ok
14:21:52.0698 3784  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] C:\Windows\System32\drivers\luafv.sys
14:21:52.0698 3784  C:\Windows\System32\drivers\luafv.sys - ok
14:21:52.0698 3784  [ 0DE3104387D312EA8B096D97305430D0 ] C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys
14:21:52.0698 3784  C:\Program Files\Trend Micro\OfficeScan Client\tmpreflt.sys - ok
14:21:52.0698 3784  [ 1C0A7FF6CA0F21E26AD34377A56C9B4F ] C:\Program Files\Trend Micro\OfficeScan Client\vsapint.sys
14:21:52.0698 3784  C:\Program Files\Trend Micro\OfficeScan Client\vsapint.sys - ok
14:21:52.0713 3784  [ 6341531EE7FE1CE4C116C849BE02534F ] C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys
14:21:52.0713 3784  C:\Program Files\Trend Micro\OfficeScan Client\tmxpflt.sys - ok
14:21:52.0713 3784  [ 7660F01D3B38ACA1747E397D21D790AF ] C:\Windows\System32\rpcss.dll
14:21:52.0713 3784  C:\Windows\System32\rpcss.dll - ok
14:21:52.0713 3784  [ 78D072F35BC45D9E4E1B61895C152234 ] C:\Windows\System32\RpcEpMap.dll
14:21:52.0713 3784  C:\Windows\System32\RpcEpMap.dll - ok
14:21:52.0713 3784  [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\System32\wshqos.dll
14:21:52.0713 3784  C:\Windows\System32\wshqos.dll - ok
14:21:52.0713 3784  [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\System32\WSHTCPIP.DLL
14:21:52.0713 3784  C:\Windows\System32\WSHTCPIP.DLL - ok
14:21:52.0713 3784  [ 3F50200237961034FACE602373838980 ] C:\Windows\System32\FirewallAPI.dll
14:21:52.0713 3784  C:\Windows\System32\FirewallAPI.dll - ok
14:21:52.0713 3784  [ 702254574E7E52052DE39408457B7149 ] C:\Windows\System32\version.dll
14:21:52.0713 3784  C:\Windows\System32\version.dll - ok
14:21:52.0729 3784  [ 3EF0D8AB08385AAB5802E773511A2E6A ] C:\Windows\System32\LogonUI.exe
14:21:52.0729 3784  C:\Windows\System32\LogonUI.exe - ok
14:21:52.0729 3784  [ 241E015DD809CFB23242F890B1FC575B ] C:\Windows\System32\wevtsvc.dll
14:21:52.0729 3784  C:\Windows\System32\wevtsvc.dll - ok
14:21:52.0729 3784  [ E904178851A6A44BFA97E064EF779E9D ] C:\Windows\System32\authui.dll
14:21:52.0729 3784  C:\Windows\System32\authui.dll - ok
14:21:52.0729 3784  [ 28CA821606669BB9215CE010767720FA ] C:\Windows\System32\cryptui.dll
14:21:52.0729 3784  C:\Windows\System32\cryptui.dll - ok
14:21:52.0729 3784  [ AC8C80DC4F1A6E60C9A762C1799F0B39 ] C:\Windows\System32\adtschema.dll
14:21:52.0729 3784  C:\Windows\System32\adtschema.dll - ok
14:21:52.0729 3784  [ 9835584E999D25004E1EE8E5F3E3B881 ] C:\Windows\System32\MPSSVC.dll
14:21:52.0729 3784  C:\Windows\System32\MPSSVC.dll - ok
14:21:52.0729 3784  [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\System32\ntmarta.dll
14:21:52.0729 3784  C:\Windows\System32\ntmarta.dll - ok
14:21:52.0745 3784  [ 5826854E4E420E29F59C2865F0FA562F ] C:\Program Files\Windows Defender\MpEvMsg.dll
14:21:52.0745 3784  C:\Program Files\Windows Defender\MpEvMsg.dll - ok
14:21:52.0745 3784  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] C:\Windows\System32\audiosrv.dll
14:21:52.0745 3784  C:\Windows\System32\audiosrv.dll - ok
14:21:52.0745 3784  [ E12C4928B32ACE04610259647F072635 ] C:\Windows\System32\FntCache.dll
14:21:52.0745 3784  C:\Windows\System32\FntCache.dll - ok
14:21:52.0745 3784  [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\System32\MMDevAPI.dll
14:21:52.0745 3784  C:\Windows\System32\MMDevAPI.dll - ok
14:21:52.0745 3784  [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\System32\propsys.dll
14:21:52.0745 3784  C:\Windows\System32\propsys.dll - ok
14:21:52.0745 3784  [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\System32\avrt.dll
14:21:52.0745 3784  C:\Windows\System32\avrt.dll - ok
14:21:52.0760 3784  [ 146B6F43A673379A3C670E86D89BE5EA ] C:\Windows\System32\mmcss.dll
14:21:52.0760 3784  C:\Windows\System32\mmcss.dll - ok
14:21:52.0760 3784  [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\System32\netprofm.dll
14:21:52.0760 3784  C:\Windows\System32\netprofm.dll - ok
14:21:52.0760 3784  [ 8B0B4C5927A333A05513791758350DC4 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
14:21:52.0760 3784  C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
14:21:52.0760 3784  [ 7520EC808E0C35E0EE6F841294316653 ] C:\Windows\System32\drivers\fltMgr.sys
14:21:52.0760 3784  C:\Windows\System32\drivers\fltMgr.sys - ok
14:21:52.0760 3784  [ D93A937A2A9D2CBC06B3A615A197011F ] C:\Windows\System32\PSHED.DLL
14:21:52.0760 3784  C:\Windows\System32\PSHED.DLL - ok
14:21:52.0760 3784  [ 1F5497D7D3D79C7BF0AB0C8B4C5BFE6E ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
14:21:52.0760 3784  C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
14:21:52.0760 3784  [ F68194F74350D4A2ADE98961E33F884C ] C:\Windows\System32\audiodg.exe
14:21:52.0760 3784  C:\Windows\System32\audiodg.exe - ok
14:21:52.0776 3784  [ 15F93B37F6801943360D9EB42485D5D3 ] C:\Windows\System32\cscsvc.dll
14:21:52.0776 3784  C:\Windows\System32\cscsvc.dll - ok
14:21:52.0776 3784  [ E897EAF5ED6BA41E081060C9B447A673 ] C:\Windows\System32\gpsvc.dll
14:21:52.0776 3784  C:\Windows\System32\gpsvc.dll - ok
14:21:52.0776 3784  [ 772F44012DBE49DE894976AE2259A659 ] C:\Windows\System32\PeerDist.dll
14:21:52.0776 3784  C:\Windows\System32\PeerDist.dll - ok
14:21:52.0776 3784  [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\System32\es.dll
14:21:52.0776 3784  C:\Windows\System32\es.dll - ok
14:21:52.0776 3784  [ 50E0DD0A5B8D8BC353578F2F73926697 ] C:\Windows\System32\nlaapi.dll
14:21:52.0776 3784  C:\Windows\System32\nlaapi.dll - ok
14:21:52.0776 3784  [ CADEFAC453040E370A1BDFF3973BE00D ] C:\Windows\System32\profsvc.dll
14:21:52.0776 3784  C:\Windows\System32\profsvc.dll - ok
14:21:52.0776 3784  [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\System32\taskschd.dll
14:21:52.0776 3784  C:\Windows\System32\taskschd.dll - ok
14:21:52.0791 3784  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] C:\Windows\System32\themeservice.dll
14:21:52.0791 3784  C:\Windows\System32\themeservice.dll - ok
14:21:52.0791 3784  [ 808D8A8B2A3074002852BC856D419576 ] C:\Windows\System32\comres.dll
14:21:52.0791 3784  C:\Windows\System32\comres.dll - ok
14:21:52.0791 3784  [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\System32\dsrole.dll
14:21:52.0791 3784  C:\Windows\System32\dsrole.dll - ok
14:21:52.0791 3784  [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\System32\mstask.dll
14:21:52.0791 3784  C:\Windows\System32\mstask.dll - ok
14:21:52.0791 3784  [ DCB7FCDCC97F87360F75D77425B81737 ] C:\Windows\System32\Sens.dll
14:21:52.0791 3784  C:\Windows\System32\Sens.dll - ok
14:21:52.0791 3784  [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\System32\slc.dll
14:21:52.0791 3784  C:\Windows\System32\slc.dll - ok
14:21:52.0791 3784  [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\System32\wtsapi32.dll
14:21:52.0791 3784  C:\Windows\System32\wtsapi32.dll - ok
14:21:52.0807 3784  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] C:\Windows\System32\drivers\lltdio.sys
14:21:52.0807 3784  C:\Windows\System32\drivers\lltdio.sys - ok
14:21:52.0807 3784  [ 032B0D36AD92B582D869879F5AF5B928 ] C:\Windows\System32\drivers\rspndr.sys
14:21:52.0807 3784  C:\Windows\System32\drivers\rspndr.sys - ok
14:21:52.0807 3784  [ 081E6E1C91AEC36758902A9F727CD23C ] C:\Windows\System32\uxsms.dll
14:21:52.0807 3784  C:\Windows\System32\uxsms.dll - ok
14:21:52.0807 3784  [ E9E01EB683C132F7FA27CD607B8A2B63 ] C:\Windows\System32\dhcpcore.dll
14:21:52.0807 3784  C:\Windows\System32\dhcpcore.dll - ok
14:21:52.0807 3784  [ EF71BA5DF59034962B0C62314A71351A ] C:\Windows\System32\dhcpcore6.dll
14:21:52.0807 3784  C:\Windows\System32\dhcpcore6.dll - ok
14:21:52.0807 3784  [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\System32\IPHLPAPI.DLL
14:21:52.0807 3784  C:\Windows\System32\IPHLPAPI.DLL - ok
14:21:52.0823 3784  [ 55CA01BA19D0006C8F2639B6C045E08B ] C:\Windows\System32\lmhsvc.dll
14:21:52.0823 3784  C:\Windows\System32\lmhsvc.dll - ok
14:21:52.0823 3784  [ D2A937964199F647B1C3BC435712E5D9 ] C:\Windows\System32\nrpsrv.dll
14:21:52.0823 3784  C:\Windows\System32\nrpsrv.dll - ok
14:21:52.0823 3784  [ BA387E955E890C8A88306D9B8D06BF17 ] C:\Windows\System32\nsisvc.dll
14:21:52.0823 3784  C:\Windows\System32\nsisvc.dll - ok
14:21:52.0823 3784  [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\System32\winnsi.dll
14:21:52.0823 3784  C:\Windows\System32\winnsi.dll - ok
14:21:52.0823 3784  [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\System32\dhcpcsvc.dll
14:21:52.0823 3784  C:\Windows\System32\dhcpcsvc.dll - ok
14:21:52.0823 3784  [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\System32\dhcpcsvc6.dll
14:21:52.0823 3784  C:\Windows\System32\dhcpcsvc6.dll - ok
14:21:52.0823 3784  [ 100103C6535C66265267F5EEA5F5846E ] C:\Windows\System32\dnsext.dll
14:21:52.0823 3784  C:\Windows\System32\dnsext.dll - ok
14:21:52.0838 3784  [ 33EF4861F19A0736B11314AAD9AE28D0 ] C:\Windows\System32\dnsrslvr.dll
14:21:52.0838 3784  C:\Windows\System32\dnsrslvr.dll - ok
14:21:52.0838 3784  [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\System32\FWPUCLNT.DLL
14:21:52.0838 3784  C:\Windows\System32\FWPUCLNT.DLL - ok
14:21:52.0838 3784  [ 414DA952A35BF5D50192E28263B40577 ] C:\Windows\System32\shsvcs.dll
14:21:52.0838 3784  C:\Windows\System32\shsvcs.dll - ok
14:21:52.0838 3784  [ A04BB13F8A72F8B6E8B4071723E4E336 ] C:\Windows\System32\schedsvc.dll
14:21:52.0838 3784  C:\Windows\System32\schedsvc.dll - ok
14:21:52.0838 3784  [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\System32\ktmw32.dll
14:21:52.0838 3784  C:\Windows\System32\ktmw32.dll - ok
14:21:52.0838 3784  [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\System32\xmllite.dll
14:21:52.0838 3784  C:\Windows\System32\xmllite.dll - ok
14:21:52.0838 3784  [ E6D90DC604F407B3B5E0FD285E46B2A0 ] C:\Windows\System32\fveapi.dll
14:21:52.0838 3784  C:\Windows\System32\fveapi.dll - ok
14:21:52.0854 3784  [ C87F28A34B3840F4B40011D170B1A159 ] C:\Windows\System32\fvecerts.dll
14:21:52.0854 3784  C:\Windows\System32\fvecerts.dll - ok
14:21:52.0854 3784  [ EAFC149CD3BD78C443E31BB157841197 ] C:\Windows\System32\tbs.dll
14:21:52.0854 3784  C:\Windows\System32\tbs.dll - ok
14:21:52.0854 3784  [ E2D56AE1D40E3725084054CD8E9CFBB1 ] C:\Windows\System32\wiarpc.dll
14:21:52.0854 3784  C:\Windows\System32\wiarpc.dll - ok
14:21:52.0854 3784  [ 1C3E8371377E988B683797A132EFFE1B ] C:\Windows\System32\taskcomp.dll
14:21:52.0854 3784  C:\Windows\System32\taskcomp.dll - ok
14:21:52.0854 3784  [ 871917B07A141BFF43D76D8844D48106 ] C:\Windows\System32\drivers\http.sys
14:21:52.0854 3784  C:\Windows\System32\drivers\http.sys - ok
14:21:52.0854 3784  [ 9AEA093B8F9C37CF45538382CABA2475 ] C:\Windows\System32\spoolsv.exe
14:21:52.0854 3784  C:\Windows\System32\spoolsv.exe - ok
14:21:52.0854 3784  [ B799D9FDB26111737F58288D8DC172D9 ] C:\Windows\System32\tbssvc.dll
14:21:52.0854 3784  C:\Windows\System32\tbssvc.dll - ok
14:21:52.0869 3784  [ 1E2BAC209D184BB851E1A187D8A29136 ] C:\Windows\System32\BFE.DLL
14:21:52.0869 3784  C:\Windows\System32\BFE.DLL - ok
14:21:52.0869 3784  [ B434294EAA2AE4FB9BD63E25EB89B86F ] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
14:21:52.0869 3784  C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe - ok
14:21:52.0869 3784  [ F90EBC68576282E05CCE91F29E88BB0C ] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\Super20.dll
14:21:52.0869 3784  C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\Super20.dll - ok
14:21:52.0869 3784  [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
14:21:52.0869 3784  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
14:21:52.0869 3784  [ 7489B03EF64CEF6834385FA6656C6026 ] C:\Windows\winsxs\x86_wave.wcl10.cryptoruntime_1aaab1af848ab112_1.0.2.5_none_fc0d0356ef93d61e\WCR10.dll
14:21:52.0869 3784  C:\Windows\winsxs\x86_wave.wcl10.cryptoruntime_1aaab1af848ab112_1.0.2.5_none_fc0d0356ef93d61e\WCR10.dll - ok
14:21:52.0869 3784  [ 58A14C45A5CD2528F10A889E7B0C3FC2 ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll
14:21:52.0869 3784  C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll - ok
14:21:52.0885 3784  [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
14:21:52.0885 3784  C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
14:21:52.0885 3784  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] C:\Windows\System32\drivers\bowser.sys
14:21:52.0885 3784  C:\Windows\System32\drivers\bowser.sys - ok
14:21:52.0885 3784  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] C:\Windows\System32\drivers\mpsdrv.sys
14:21:52.0885 3784  C:\Windows\System32\drivers\mpsdrv.sys - ok
14:21:52.0885 3784  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] C:\Windows\System32\drivers\mrxsmb.sys
14:21:52.0885 3784  C:\Windows\System32\drivers\mrxsmb.sys - ok
14:21:52.0885 3784  [ 6D17A4791ACA19328C685D256349FEFC ] C:\Windows\System32\drivers\mrxsmb10.sys
14:21:52.0885 3784  C:\Windows\System32\drivers\mrxsmb10.sys - ok
14:21:52.0885 3784  [ B81F204D146000BE76651A50670A5E9E ] C:\Windows\System32\drivers\mrxsmb20.sys
14:21:52.0885 3784  C:\Windows\System32\drivers\mrxsmb20.sys - ok
14:21:52.0901 3784  [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\System32\msi.dll
14:21:52.0901 3784  C:\Windows\System32\msi.dll - ok
14:21:52.0901 3784  [ 58405E4F68BA8E4057C6E914F326ABA2 ] C:\Windows\System32\wkssvc.dll
14:21:52.0901 3784  C:\Windows\System32\wkssvc.dll - ok
14:21:52.0901 3784  [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\System32\msiltcfg.dll
14:21:52.0901 3784  C:\Windows\System32\msiltcfg.dll - ok
14:21:52.0901 3784  [ 019C372B1A9DA73A22D0D35A4D40F5C9 ] C:\Windows\System32\wfapigp.dll
14:21:52.0901 3784  C:\Windows\System32\wfapigp.dll - ok
14:21:52.0901 3784  [ EB0A59F29C19B86479D36B35983DAADC ] C:\Windows\System32\drivers\parvdm.sys
14:21:52.0901 3784  C:\Windows\System32\drivers\parvdm.sys - ok
14:21:52.0901 3784  [ 9D4A1690AF93F233E15380398BEC7431 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
14:21:52.0901 3784  C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
14:21:52.0901 3784  [ F33C3F08536F988AAC84D72D83B139A6 ] C:\Windows\System32\drivers\tmcomm.sys
14:21:52.0901 3784  C:\Windows\System32\drivers\tmcomm.sys - ok
14:21:52.0916 3784  [ 65E50CCFD60A2BCAF7F15BBE8A456157 ] C:\Windows\System32\drivers\tmevtmgr.sys
14:21:52.0916 3784  C:\Windows\System32\drivers\tmevtmgr.sys - ok
14:21:52.0916 3784  [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\System32\rasadhlp.dll
14:21:52.0916 3784  C:\Windows\System32\rasadhlp.dll - ok
14:21:52.0916 3784  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:21:52.0916 3784  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
14:21:52.0916 3784  [ 028E02E1621466B5B4DC0525BC071B09 ] C:\Windows\System32\drivers\tmactmon.sys
14:21:52.0916 3784  C:\Windows\System32\drivers\tmactmon.sys - ok
14:21:52.0916 3784  [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\System32\mscms.dll
14:21:52.0916 3784  C:\Windows\System32\mscms.dll - ok
14:21:52.0916 3784  [ 358AB7956D3160000726574083DFC8A6 ] C:\Windows\System32\pcasvc.dll
14:21:52.0916 3784  C:\Windows\System32\pcasvc.dll - ok
14:21:52.0916 3784  [ 6A984831644ECA1A33FFEAE4126F4F37 ] C:\Windows\System32\snmptrap.exe
14:21:52.0916 3784  C:\Windows\System32\snmptrap.exe - ok
14:21:52.0932 3784  [ F845CB13B1D1FC68C97900FEF94D03CC ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll
14:21:52.0932 3784  C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok
14:21:52.0932 3784  [ E7CA80FA5A7E82ED87E8140E0BDFA13B ] C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
14:21:52.0932 3784  C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe - ok
14:21:52.0932 3784  [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\System32\winbrand.dll
14:21:52.0932 3784  C:\Windows\System32\winbrand.dll - ok

[DarkAllMan]

14:21:52.0932 3784  [ 9B43251B491BA40CE976ED12AED9B2BE ] C:\Program Files\Broadcom\MgmtAgent\BMAPI.dll
14:21:52.0932 3784  C:\Program Files\Broadcom\MgmtAgent\BMAPI.dll - ok
14:21:52.0932 3784  [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\System32\ntdsapi.dll
14:21:52.0932 3784  C:\Windows\System32\ntdsapi.dll - ok
14:21:52.0932 3784  [ A86F5616EACB7155998011CEFFFB52F6 ] C:\Windows\System32\RdpGroupPolicyExtension.dll
14:21:52.0932 3784  C:\Windows\System32\RdpGroupPolicyExtension.dll - ok
14:21:52.0947 3784  [ E223D2851906B84F52E1B75EA16198F9 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
14:21:52.0947 3784  C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll - ok
14:21:52.0947 3784  [ 12167A47F764EE93C339215F00CD8E7F ] C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
14:21:52.0947 3784  C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe - ok
14:21:52.0947 3784  [ 3897DFF247D9ED0006190349DE264E14 ] C:\Windows\System32\cryptsvc.dll
14:21:52.0947 3784  C:\Windows\System32\cryptsvc.dll - ok
14:21:52.0947 3784  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] C:\Windows\System32\FDResPub.dll
14:21:52.0947 3784  C:\Windows\System32\FDResPub.dll - ok
14:21:52.0947 3784  [ F95622F161474511B8D80D6B093AA610 ] C:\Windows\System32\IKEEXT.DLL
14:21:52.0947 3784  C:\Windows\System32\IKEEXT.DLL - ok
14:21:52.0947 3784  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] C:\Windows\System32\dps.dll
14:21:52.0947 3784  C:\Windows\System32\dps.dll - ok
14:21:52.0947 3784  [ 5845B1C54380FB980F68024B3A8B1E66 ] C:\Windows\System32\vpnikeapi.dll
14:21:52.0947 3784  C:\Windows\System32\vpnikeapi.dll - ok
14:21:52.0963 3784  [ A2F17346CC5C502D4E29EF986BD17D34 ] C:\Windows\System32\PeerDistSh.dll
14:21:52.0963 3784  C:\Windows\System32\PeerDistSh.dll - ok
14:21:52.0963 3784  [ 63BFDF555DA2075A77D677829C3CCCD0 ] C:\Windows\System32\uxtheme.dll
14:21:52.0963 3784  C:\Windows\System32\uxtheme.dll - ok
14:21:52.0963 3784  [ 84174CA0E190BB9D1EFD0F005FE13B35 ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\GdiPlus.dll
14:21:52.0963 3784  C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_72d2e82386681b36\GdiPlus.dll - ok
14:21:52.0963 3784  [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\System32\dui70.dll
14:21:52.0963 3784  C:\Windows\System32\dui70.dll - ok
14:21:52.0963 3784  [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\System32\duser.dll
14:21:52.0963 3784  C:\Windows\System32\duser.dll - ok
14:21:52.0963 3784  [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\System32\wbem\wbemprox.dll
14:21:52.0963 3784  C:\Windows\System32\wbem\wbemprox.dll - ok
14:21:52.0979 3784  [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\System32\winmm.dll
14:21:52.0979 3784  C:\Windows\System32\winmm.dll - ok
14:21:52.0979 3784  [ 8A8B277067C22F4BF6AA9A31692FC4D3 ] C:\Windows\System32\cryptnet.dll
14:21:52.0979 3784  C:\Windows\System32\cryptnet.dll - ok
14:21:52.0979 3784  [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\System32\dwmapi.dll
14:21:52.0979 3784  C:\Windows\System32\dwmapi.dll - ok
14:21:52.0979 3784  [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\System32\hid.dll
14:21:52.0979 3784  C:\Windows\System32\hid.dll - ok
14:21:52.0979 3784  [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\System32\ksuser.dll
14:21:52.0979 3784  C:\Windows\System32\ksuser.dll - ok
14:21:52.0979 3784  [ 2CFA4569350B7F84F815E9EC34E85766 ] C:\Windows\System32\SndVolSSO.dll
14:21:52.0979 3784  C:\Windows\System32\SndVolSSO.dll - ok
14:21:52.0979 3784  [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\System32\wdmaud.drv
14:21:52.0979 3784  C:\Windows\System32\wdmaud.drv - ok
14:21:52.0994 3784  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] C:\Windows\System32\provsvc.dll
14:21:52.0994 3784  C:\Windows\System32\provsvc.dll - ok
14:21:52.0994 3784  [ D318F23BE45D5E3A107469EB64815B50 ] C:\Windows\System32\sstpsvc.dll
14:21:52.0994 3784  C:\Windows\System32\sstpsvc.dll - ok
14:21:52.0994 3784  [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\System32\AudioSes.dll
14:21:52.0994 3784  C:\Windows\System32\AudioSes.dll - ok
14:21:52.0994 3784  [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\System32\midimap.dll
14:21:52.0994 3784  C:\Windows\System32\midimap.dll - ok
14:21:52.0994 3784  [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\System32\msacm32.dll
14:21:52.0994 3784  C:\Windows\System32\msacm32.dll - ok
14:21:52.0994 3784  [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\System32\msacm32.drv
14:21:52.0994 3784  C:\Windows\System32\msacm32.drv - ok
14:21:52.0994 3784  [ 5B2E4E90C04FB9AE9F2C5E99FF59B283 ] C:\Windows\System32\WindowsCodecs.dll
14:21:52.0994 3784  C:\Windows\System32\WindowsCodecs.dll - ok
14:21:53.0010 3784  [ BBA9D5A730D5E304117AD26923EBD8AA ] C:\Windows\System32\AudioEng.dll
14:21:53.0010 3784  C:\Windows\System32\AudioEng.dll - ok
14:21:53.0010 3784  [ 39038D796F67A0AEEA4E743BB4D0C44E ] C:\Program Files\Common Files\SPBA\provider.dll
14:21:53.0010 3784  C:\Program Files\Common Files\SPBA\provider.dll - ok
14:21:53.0010 3784  [ 96F0F8F4DEE598C8D12AD9633E0CFE2A ] C:\Windows\System32\AUDIOKSE.dll
14:21:53.0010 3784  C:\Windows\System32\AUDIOKSE.dll - ok
14:21:53.0010 3784  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
14:21:53.0010 3784  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
14:21:53.0010 3784  [ 6C2DE3200644F9D9CA6420DC79E2DA85 ] C:\Program Files\Common Files\SPBA\infql2.dll
14:21:53.0010 3784  C:\Program Files\Common Files\SPBA\infql2.dll - ok
14:21:53.0010 3784  [ E59F08ED9D2A128CE436BBFC232247F6 ] C:\Windows\System32\BioCredProv.dll
14:21:53.0010 3784  C:\Windows\System32\BioCredProv.dll - ok
14:21:53.0025 3784  [ C976ABDAAA8911AFEF6E7E8882B7BC85 ] C:\Windows\System32\RtkAPO.dll
14:21:53.0025 3784  C:\Windows\System32\RtkAPO.dll - ok
14:21:53.0025 3784  [ 05BF975CA428E04B462FB90841B37C95 ] C:\Windows\System32\SmartcardCredentialProvider.dll
14:21:53.0025 3784  C:\Windows\System32\SmartcardCredentialProvider.dll - ok
14:21:53.0025 3784  [ 65BF13016A3C22775F3E17591AE5268A ] C:\Windows\System32\VaultCredProvider.dll
14:21:53.0025 3784  C:\Windows\System32\VaultCredProvider.dll - ok
14:21:53.0025 3784  [ EFDA8576B2BA177AE3DF78B29EA0C45B ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDCREDPROV.DLL
14:21:53.0025 3784  C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDCREDPROV.DLL - ok
14:21:53.0025 3784  [ 6D8CACF3B1B54943EFCF420C2D667B37 ] C:\Windows\System32\certCredProvider.dll
14:21:53.0025 3784  C:\Windows\System32\certCredProvider.dll - ok
14:21:53.0025 3784  [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\System32\credui.dll
14:21:53.0025 3784  C:\Windows\System32\credui.dll - ok
14:21:53.0025 3784  [ FFE4BEC5C187C426A17AE76A773063A6 ] C:\Windows\System32\rasplap.dll
14:21:53.0025 3784  C:\Windows\System32\rasplap.dll - ok
14:21:53.0041 3784  [ 36B8D5903CEEF0AA42A1EE002BD27FF1 ] C:\Windows\System32\vaultcli.dll
14:21:53.0041 3784  C:\Windows\System32\vaultcli.dll - ok
14:21:53.0041 3784  [ 3FAD263CE1E2A6FFF40D00043B2275E3 ] C:\Windows\System32\winbio.dll
14:21:53.0041 3784  C:\Windows\System32\winbio.dll - ok
14:21:53.0041 3784  [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\System32\rasapi32.dll
14:21:53.0041 3784  C:\Windows\System32\rasapi32.dll - ok
14:21:53.0041 3784  [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\System32\rasman.dll
14:21:53.0041 3784  C:\Windows\System32\rasman.dll - ok
14:21:53.0041 3784  [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\System32\rtutils.dll
14:21:53.0041 3784  C:\Windows\System32\rtutils.dll - ok
14:21:53.0041 3784  [ A12829E9974F57E9B5DBFEA7C93190F6 ] C:\Windows\System32\UXInit.dll
14:21:53.0041 3784  C:\Windows\System32\UXInit.dll - ok
14:21:53.0041 3784  [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\System32\oleacc.dll
14:21:53.0041 3784  C:\Windows\System32\oleacc.dll - ok
14:21:53.0057 3784  [ FD049C25A168D3DE310D9207B7B6367B ] C:\Windows\System32\UIAutomationCore.dll
14:21:53.0057 3784  C:\Windows\System32\UIAutomationCore.dll - ok
14:21:53.0057 3784  [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\System32\msimg32.dll
14:21:53.0057 3784  C:\Windows\System32\msimg32.dll - ok
14:21:53.0057 3784  [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\System32\samlib.dll
14:21:53.0057 3784  C:\Windows\System32\samlib.dll - ok
14:21:53.0057 3784  [ 4E30ED3E551E867ADD1C8D58F5EDD9DF ] C:\Windows\System32\WMALFXGFXDSP.dll
14:21:53.0057 3784  C:\Windows\System32\WMALFXGFXDSP.dll - ok
14:21:53.0057 3784  [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\System32\mfplat.dll
14:21:53.0057 3784  C:\Windows\System32\mfplat.dll - ok
14:21:53.0057 3784  [ 73F6C5223F7E9B5780DD4A6C30FCF569 ] C:\Windows\System32\WSDApi.dll
14:21:53.0057 3784  C:\Windows\System32\WSDApi.dll - ok
14:21:53.0072 3784  [ 0FA8AEC2D1E29F1D263A59796449E04F ] C:\Program Files\Trend Micro\OfficeScan Client\perfiCrcPerfMonMgr.dll
14:21:53.0072 3784  C:\Program Files\Trend Micro\OfficeScan Client\perfiCrcPerfMonMgr.dll - ok
14:21:53.0072 3784  [ 529879612A7FAE235914E3AA6A9A669C ] C:\Windows\System32\loadperf.dll
14:21:53.0072 3784  C:\Windows\System32\loadperf.dll - ok
14:21:53.0072 3784  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] C:\Windows\System32\netman.dll
14:21:53.0072 3784  C:\Windows\System32\netman.dll - ok
14:21:53.0072 3784  [ 140D9F911182357626165EA0BEB98C4F ] C:\Windows\System32\ncsi.dll
14:21:53.0072 3784  C:\Windows\System32\ncsi.dll - ok
14:21:53.0072 3784  [ 374071043F9E4231EE43BE2BB48DD36D ] C:\Windows\System32\nlasvc.dll
14:21:53.0072 3784  C:\Windows\System32\nlasvc.dll - ok
14:21:53.0072 3784  [ 13337A3FB17F2242487FD45488ED0485 ] C:\Windows\System32\vssapi.dll
14:21:53.0072 3784  C:\Windows\System32\vssapi.dll - ok
14:21:53.0072 3784  [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\System32\webio.dll
14:21:53.0072 3784  C:\Windows\System32\webio.dll - ok
14:21:53.0088 3784  [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\System32\winhttp.dll
14:21:53.0088 3784  C:\Windows\System32\winhttp.dll - ok
14:21:53.0088 3784  [ 06EE687AAF9181646AB2BEEFD67F28C9 ] C:\Program Files\Common Files\SPBA\qlbase.dll
14:21:53.0088 3784  C:\Program Files\Common Files\SPBA\qlbase.dll - ok
14:21:53.0088 3784  [ F14A9B1778376D0B1788E402AC1F831A ] C:\Windows\System32\shacct.dll
14:21:53.0088 3784  C:\Windows\System32\shacct.dll - ok
14:21:53.0088 3784  [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\System32\ssdpapi.dll
14:21:53.0088 3784  C:\Windows\System32\ssdpapi.dll - ok
14:21:53.0088 3784  [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\System32\vsstrace.dll
14:21:53.0088 3784  C:\Windows\System32\vsstrace.dll - ok
14:21:53.0088 3784  [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\System32\imageres.dll
14:21:53.0088 3784  C:\Windows\System32\imageres.dll - ok
14:21:53.0103 3784  [ 1D0CF63DF5F1E7C7D2A89ACB417A5B21 ] C:\Program Files\Common Files\SPBA\upeksvr.exe
14:21:53.0103 3784  C:\Program Files\Common Files\SPBA\upeksvr.exe - ok
14:21:53.0103 3784  [ DB846EECA70EE9D2E2FF31147C57B0F4 ] C:\Windows\System32\webservices.dll
14:21:53.0103 3784  C:\Windows\System32\webservices.dll - ok
14:21:53.0103 3784  [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\System32\NapiNSP.dll
14:21:53.0103 3784  C:\Windows\System32\NapiNSP.dll - ok
14:21:53.0103 3784  [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\System32\pnrpnsp.dll
14:21:53.0103 3784  C:\Windows\System32\pnrpnsp.dll - ok
14:21:53.0103 3784  [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\System32\winrnr.dll
14:21:53.0103 3784  C:\Windows\System32\winrnr.dll - ok
14:21:53.0103 3784  [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\System32\wbemcomn.dll
14:21:53.0103 3784  C:\Windows\System32\wbemcomn.dll - ok
14:21:53.0103 3784  [ 89D90579E5FB1469CB0464F6512E42B7 ] C:\Windows\System32\fundisc.dll
14:21:53.0103 3784  C:\Windows\System32\fundisc.dll - ok
14:21:53.0119 3784  [ EF3F5F24C79DDFE59F307DD48984DBC0 ] C:\Program Files\Common Files\SPBA\homepass.dll
14:21:53.0119 3784  C:\Program Files\Common Files\SPBA\homepass.dll - ok
14:21:53.0119 3784  [ 050BB5AE62F1B9054DFB7D41250BBFBC ] C:\Program Files\Trend Micro\OfficeScan Client\VSAPI32.DLL
14:21:53.0119 3784  C:\Program Files\Trend Micro\OfficeScan Client\VSAPI32.DLL - ok
14:21:53.0119 3784  [ 8CD1DEE212E52B9C22E66DBA44991D32 ] C:\Windows\System32\httpapi.dll
14:21:53.0119 3784  C:\Windows\System32\httpapi.dll - ok
14:21:53.0119 3784  [ 9E0104BA49F4E6973749A02BF41344ED ] C:\Windows\System32\drivers\PEAuth.sys
14:21:53.0119 3784  C:\Windows\System32\drivers\PEAuth.sys - ok
14:21:53.0119 3784  [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
14:21:53.0119 3784  C:\Windows\System32\drivers\secdrv.sys - ok
14:21:53.0119 3784  [ 379F7A0EC9FBE07629FD3F244D3E3E44 ] C:\Windows\System32\HPZIPM12.DLL
14:21:53.0119 3784  C:\Windows\System32\HPZIPM12.DLL - ok
14:21:53.0119 3784  [ CB9A8683F4EF2BF99E123D79950D7935 ] C:\Windows\System32\regsvc.dll
14:21:53.0119 3784  C:\Windows\System32\regsvc.dll - ok
14:21:53.0135 3784  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] C:\Windows\System32\drivers\srvnet.sys
14:21:53.0135 3784  C:\Windows\System32\drivers\srvnet.sys - ok
14:21:53.0135 3784  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] C:\Windows\System32\drivers\tcpipreg.sys
14:21:53.0135 3784  C:\Windows\System32\drivers\tcpipreg.sys - ok
14:21:53.0135 3784  [ A59B3A4442C52060CC7A85293AA3546F ] C:\Windows\System32\seclogon.dll
14:21:53.0135 3784  C:\Windows\System32\seclogon.dll - ok
14:21:53.0135 3784  [ 613BF4820361543956909043A265C6AC ] C:\Windows\System32\tapisrv.dll
14:21:53.0135 3784  C:\Windows\System32\tapisrv.dll - ok
14:21:53.0135 3784  [ E1FB3706030FB4578A0D72C2FC3689E4 ] C:\Windows\System32\wiaservc.dll
14:21:53.0135 3784  C:\Windows\System32\wiaservc.dll - ok
14:21:53.0135 3784  [ B087F2B901570F6EF62F6C2E01A480F3 ] C:\Windows\System32\wiatrace.dll
14:21:53.0135 3784  C:\Windows\System32\wiatrace.dll - ok
14:21:53.0150 3784  [ A56279BBA7AD6F78FB7C9E5B75EB562C ] C:\Windows\System32\drivers\tmwfp.sys
14:21:53.0150 3784  C:\Windows\System32\drivers\tmwfp.sys - ok
14:21:53.0150 3784  [ EAADD6E47ED2A7003ACE1793B98CF63F ] C:\Windows\System32\msxml6.dll
14:21:53.0150 3784  C:\Windows\System32\msxml6.dll - ok
14:21:53.0150 3784  [ 36650D618CA34C9D357DFD3D89B2C56F ] C:\Windows\System32\sysmain.dll
14:21:53.0150 3784  C:\Windows\System32\sysmain.dll - ok
14:21:53.0150 3784  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] C:\Windows\System32\trkwks.dll
14:21:53.0150 3784  C:\Windows\System32\trkwks.dll - ok
14:21:53.0150 3784  [ 082CF481F659FAE0DE51AD060881EB47 ] C:\Program Files\Windows Defender\MpSvc.dll
14:21:53.0150 3784  C:\Program Files\Windows Defender\MpSvc.dll - ok
14:21:53.0150 3784  [ F62E510B6AD4C21EB9FE8668ED251826 ] C:\Windows\System32\wbem\WMIsvc.dll
14:21:53.0150 3784  C:\Windows\System32\wbem\WMIsvc.dll - ok
14:21:53.0150 3784  [ 0A70F4022EC2E14C159EFC4F69AA2477 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
14:21:53.0150 3784  C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE - ok
14:21:53.0166 3784  [ 881D9F2D6E04E1C323050CF1574870F7 ] C:\Windows\System32\wbem\WinMgmtR.dll
14:21:53.0166 3784  C:\Windows\System32\wbem\WinMgmtR.dll - ok
14:21:53.0166 3784  [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\System32\sfc.dll
14:21:53.0166 3784  C:\Windows\System32\sfc.dll - ok
14:21:53.0166 3784  [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\System32\sfc_os.dll
14:21:53.0166 3784  C:\Windows\System32\sfc_os.dll - ok
14:21:53.0166 3784  [ 701C9EB15E1E23D22F7C7184C0506673 ] C:\Windows\System32\wbem\WmiDcPrv.dll
14:21:53.0166 3784  C:\Windows\System32\wbem\WmiDcPrv.dll - ok
14:21:53.0166 3784  [ 5B8E80EC0D621CDF920AB2141CDBC733 ] C:\Program Files\Windows Defender\MpClient.dll
14:21:53.0166 3784  C:\Program Files\Windows Defender\MpClient.dll - ok
14:21:53.0166 3784  [ 585EB475E7AF55C9065256E8FFB751A1 ] C:\Windows\System32\wbem\wbemcore.dll
14:21:53.0166 3784  C:\Windows\System32\wbem\wbemcore.dll - ok
14:21:53.0181 3784  [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\System32\wbem\fastprox.dll
14:21:53.0181 3784  C:\Windows\System32\wbem\fastprox.dll - ok
14:21:53.0181 3784  [ 5AE88135C6A86FCD67BA16AFBB1C8389 ] C:\Windows\System32\wbem\esscli.dll
14:21:53.0181 3784  C:\Windows\System32\wbem\esscli.dll - ok
14:21:53.0181 3784  [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\System32\wbem\wbemsvc.dll
14:21:53.0181 3784  C:\Windows\System32\wbem\wbemsvc.dll - ok
14:21:53.0181 3784  [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL
14:21:53.0181 3784  C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL - ok
14:21:53.0181 3784  [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\System32\SensApi.dll
14:21:53.0181 3784  C:\Windows\System32\SensApi.dll - ok
14:21:53.0181 3784  [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\System32\wbem\wmiutils.dll
14:21:53.0181 3784  C:\Windows\System32\wbem\wmiutils.dll - ok
14:21:53.0181 3784  [ 371E3B05894549113D07CD3081ED55EF ] C:\Windows\System32\wbem\repdrvfs.dll
14:21:53.0181 3784  C:\Windows\System32\wbem\repdrvfs.dll - ok
14:21:53.0197 3784  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] C:\Windows\System32\drivers\srv2.sys
14:21:53.0197 3784  C:\Windows\System32\drivers\srv2.sys - ok
14:21:53.0197 3784  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] C:\Windows\System32\iphlpsvc.dll
14:21:53.0197 3784  C:\Windows\System32\iphlpsvc.dll - ok
14:21:53.0197 3784  [ CE292C4C10B8DB6070F262EA2733F0DC ] C:\Windows\System32\sqmapi.dll
14:21:53.0197 3784  C:\Windows\System32\sqmapi.dll - ok
14:21:53.0197 3784  [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\System32\eappprxy.dll
14:21:53.0197 3784  C:\Windows\System32\eappprxy.dll - ok
14:21:53.0197 3784  [ CB9E04DC05EACF5B9A36CA276D475006 ] C:\Windows\System32\rasmans.dll
14:21:53.0197 3784  C:\Windows\System32\rasmans.dll - ok
14:21:53.0197 3784  [ A399514D3B28C9A3453A486BBAAFF1C7 ] C:\Windows\System32\wdscore.dll
14:21:53.0197 3784  C:\Windows\System32\wdscore.dll - ok
14:21:53.0197 3784  [ B2E1E4A16EDD02396F451F915FA3CBFA ] C:\Windows\System32\rastapi.dll
14:21:53.0197 3784  C:\Windows\System32\rastapi.dll - ok
14:21:53.0213 3784  [ BA32509D9B340162327B341013DE6522 ] C:\Windows\System32\tapi32.dll
14:21:53.0213 3784  C:\Windows\System32\tapi32.dll - ok
14:21:53.0213 3784  [ FEB758600E2C902737FF551D57120459 ] C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
14:21:53.0213 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe - ok
14:21:53.0213 3784  [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\System32\msxml3.dll
14:21:53.0213 3784  C:\Windows\System32\msxml3.dll - ok
14:21:53.0213 3784  [ E2F6CC0D191361EE94FEA3957653F531 ] C:\Windows\System32\hidphone.tsp
14:21:53.0213 3784  C:\Windows\System32\hidphone.tsp - ok
14:21:53.0213 3784  [ F3FB146CDBDD26FCD0CF7941C547BEE4 ] C:\Windows\System32\kmddsp.tsp
14:21:53.0213 3784  C:\Windows\System32\kmddsp.tsp - ok
14:21:53.0213 3784  [ AA11A26692E0DB2996CAEFE9EC61F61F ] C:\Windows\System32\ndptsp.tsp
14:21:53.0213 3784  C:\Windows\System32\ndptsp.tsp - ok
14:21:53.0228 3784  [ 377F0C1DDBFA6A43CB7E7568BC0ECED0 ] C:\Windows\System32\unimdm.tsp
14:21:53.0228 3784  C:\Windows\System32\unimdm.tsp - ok
14:21:53.0228 3784  [ E675DE8CF57D8814218733B3DAE896D7 ] C:\Windows\System32\uniplat.dll
14:21:53.0228 3784  C:\Windows\System32\uniplat.dll - ok
14:21:53.0228 3784  [ 1FF7E4F548C7C372C804938F0D5B36AE ] C:\Windows\System32\netcfgx.dll
14:21:53.0228 3784  C:\Windows\System32\netcfgx.dll - ok
14:21:53.0228 3784  [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\System32\hnetcfg.dll
14:21:53.0228 3784  C:\Windows\System32\hnetcfg.dll - ok
14:21:53.0228 3784  [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\System32\eappcfg.dll
14:21:53.0228 3784  C:\Windows\System32\eappcfg.dll - ok
14:21:53.0228 3784  [ 67F9B5C7E215B48F9256757E9CC09A7B ] C:\Windows\System32\rasppp.dll
14:21:53.0228 3784  C:\Windows\System32\rasppp.dll - ok
14:21:53.0228 3784  [ 80B562B5B59ED850C328DD75F964F3D8 ] C:\Windows\System32\vpnike.dll
14:21:53.0228 3784  C:\Windows\System32\vpnike.dll - ok
14:21:53.0244 3784  [ 9C879E1C3B27085FB46EFECCD7120D51 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
14:21:53.0244 3784  C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE - ok
14:21:53.0244 3784  [ 207CF171B1C6B8AE50C1FBF87363EEBC ] C:\Windows\System32\raschap.dll
14:21:53.0244 3784  C:\Windows\System32\raschap.dll - ok
14:21:53.0244 3784  [ 45D9F6CD2469CDB6A640DD4BD2B01471 ] C:\Windows\System32\nci.dll
14:21:53.0244 3784  C:\Windows\System32\nci.dll - ok
14:21:53.0244 3784  [ 5C3F9DBA818CD93379D1A0F215270374 ] C:\Windows\System32\esent.dll
14:21:53.0244 3784  C:\Windows\System32\esent.dll - ok
14:21:53.0244 3784  [ 089B5F924E96BA9C40E4E4522BF43770 ] C:\Program Files\Windows Defender\MpRTP.dll
14:21:53.0244 3784  C:\Program Files\Windows Defender\MpRTP.dll - ok
14:21:53.0244 3784  [ 8D47D01378347889A662D54037A988CC ] C:\Windows\System32\tdh.dll
14:21:53.0244 3784  C:\Windows\System32\tdh.dll - ok
14:21:53.0244 3784  [ D3A0E4A8C05D250EF0ED598E7E8FC1AD ] C:\Program Files\Trend Micro\OfficeScan Client\FlowControl.dll
14:21:53.0244 3784  C:\Program Files\Trend Micro\OfficeScan Client\FlowControl.dll - ok
14:21:53.0259 3784  [ 227D933ED833E47A7EF524C155E4BD26 ] C:\Program Files\Trend Micro\OfficeScan Client\libTmCAV.dll
14:21:53.0259 3784  C:\Program Files\Trend Micro\OfficeScan Client\libTmCAV.dll - ok
14:21:53.0259 3784  [ 86FCACA7E01F55894A8246A389BF2023 ] C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll
14:21:53.0259 3784  C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll - ok
14:21:53.0259 3784  [ 2FE271235B04F0F7409AFBC8E96BE027 ] C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwCommon.dll
14:21:53.0259 3784  C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwCommon.dll - ok
14:21:53.0259 3784  [ C36BBC7EB77F2866234E73DB979454DC ] C:\Program Files\Trend Micro\OfficeScan Client\ZLIB.DLL
14:21:53.0259 3784  C:\Program Files\Trend Micro\OfficeScan Client\ZLIB.DLL - ok
14:21:53.0259 3784  [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\System32\winspool.drv
14:21:53.0259 3784  C:\Windows\System32\winspool.drv - ok
14:21:53.0259 3784  [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\System32\ncobjapi.dll
14:21:53.0259 3784  C:\Windows\System32\ncobjapi.dll - ok
14:21:53.0275 3784  [ 3CDE2911462FEC80064A409C07710C06 ] C:\Windows\System32\wbem\WmiPrvSD.dll
14:21:53.0275 3784  C:\Windows\System32\wbem\WmiPrvSD.dll - ok
14:21:53.0275 3784  [ B350509B6C9296529BC464C60FEEAEF1 ] C:\Windows\System32\wbem\wbemess.dll
14:21:53.0275 3784  C:\Windows\System32\wbem\wbemess.dll - ok
14:21:53.0275 3784  [ B042D6B383FEC85D73D09DB92F807713 ] C:\Windows\System32\wbem\unsecapp.exe
14:21:53.0275 3784  C:\Windows\System32\wbem\unsecapp.exe - ok
14:21:53.0275 3784  [ F148865E4AC4F715E322EA06E6E21D84 ] C:\Windows\System32\wbem\NCProv.dll
14:21:53.0275 3784  C:\Windows\System32\wbem\NCProv.dll - ok
14:21:53.0275 3784  [ 4FB491AC8D46AAF22BA8BC5C73DABEF7 ] C:\Windows\System32\wbem\WmiPrvSE.exe
14:21:53.0275 3784  C:\Windows\System32\wbem\WmiPrvSE.exe - ok
14:21:53.0275 3784  [ CB67C2B94302DC94BC15ED6553A5C1C7 ] C:\Windows\System32\wbem\cimwin32.dll
14:21:53.0275 3784  C:\Windows\System32\wbem\cimwin32.dll - ok
14:21:53.0275 3784  [ 0E6C67FB0DF3776F640909098C849B87 ] C:\Program Files\Common Files\SPBA\homefus2.dll
14:21:53.0275 3784  C:\Program Files\Common Files\SPBA\homefus2.dll - ok
14:21:53.0291 3784  [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\System32\riched20.dll
14:21:53.0291 3784  C:\Windows\System32\riched20.dll - ok
14:21:53.0291 3784  [ CD21479D5324076FADA0AAFA6F09CAE8 ] C:\Program Files\Common Files\SPBA\bio.dll
14:21:53.0291 3784  C:\Program Files\Common Files\SPBA\bio.dll - ok
14:21:53.0291 3784  [ 73072340083B539120DF37123A8B6466 ] C:\Program Files\Trend Micro\OfficeScan Client\TmListen.dll
14:21:53.0291 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmListen.dll - ok
14:21:53.0291 3784  [ D77447A10E1F918987A9CD7A373D256F ] C:\Program Files\Trend Micro\OfficeScan Client\TmListenShare.dll
14:21:53.0291 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmListenShare.dll - ok
14:21:53.0291 3784  [ 8BC3ED41EF8A2CF3BB3EF2311CDBA07E ] C:\Program Files\Trend Micro\OfficeScan Client\libNetCtrl.dll
14:21:53.0291 3784  C:\Program Files\Trend Micro\OfficeScan Client\libNetCtrl.dll - ok
14:21:53.0291 3784  [ A921E19E9B6E8AB615185D5CFB0E59B5 ] C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll
14:21:53.0291 3784  C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll - ok
14:21:53.0306 3784  [ 8C7DF028B8F2DA22D9853E2F18295DF1 ] C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll
14:21:53.0306 3784  C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll - ok
14:21:53.0306 3784  [ F5A6C8F295A4EB6ABDE2C1BF7850CD33 ] C:\Program Files\Trend Micro\OfficeScan Client\TmSock.dll
14:21:53.0306 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmSock.dll - ok
14:21:53.0306 3784  [ 178F08F98AFCC84A432ED8521C17D99E ] C:\Program Files\Trend Micro\OfficeScan Client\PccWFWMo.dll
14:21:53.0306 3784  C:\Program Files\Trend Micro\OfficeScan Client\PccWFWMo.dll - ok
14:21:53.0306 3784  [ 8559A80D7F77F7F7EA74ABA8402672D9 ] C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll
14:21:53.0306 3784  C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll - ok
14:21:53.0306 3784  [ DFCEF11711427FFFBC8D2E499210926A ] C:\Program Files\Trend Micro\OfficeScan Client\TmPac.dll
14:21:53.0306 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmPac.dll - ok
14:21:53.0306 3784  [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\System32\dbghelp.dll
14:21:53.0306 3784  C:\Windows\System32\dbghelp.dll - ok
14:21:53.0322 3784  [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\System32\security.dll
14:21:53.0322 3784  C:\Windows\System32\security.dll - ok
14:21:53.0322 3784  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] C:\Windows\System32\drivers\srv.sys
14:21:53.0322 3784  C:\Windows\System32\drivers\srv.sys - ok
14:21:53.0322 3784  [ D1A079A0DE2EA524513B6930C24527A2 ] C:\Windows\System32\ipnathlp.dll
14:21:53.0322 3784  C:\Windows\System32\ipnathlp.dll - ok
14:21:53.0322 3784  [ D4191EFAB91E00FC09257AA5EBAF503B ] C:\Windows\System32\mprapi.dll
14:21:53.0322 3784  C:\Windows\System32\mprapi.dll - ok
14:21:53.0322 3784  [ EAB975DB4C2805927FE5BD047D05C9AA ] C:\Windows\System32\netshell.dll
14:21:53.0322 3784  C:\Windows\System32\netshell.dll - ok
14:21:53.0322 3784  [ 4EFAA53C545F4FFB1EE0ED1709C15EA7 ] C:\Program Files\Trend Micro\OfficeScan Client\zlibwapi.dll
14:21:53.0322 3784  C:\Program Files\Trend Micro\OfficeScan Client\zlibwapi.dll - ok
14:21:53.0322 3784  [ FCC8F25A5F5A4D6BD57D917DB7A00D78 ] C:\Windows\System32\crtdll.dll
14:21:53.0322 3784  C:\Windows\System32\crtdll.dll - ok
14:21:53.0337 3784  [ 538EF50A58814A9652B08B5E7515E8D7 ] C:\Program Files\Trend Micro\OfficeScan Client\Tmupdate.dll
14:21:53.0337 3784  C:\Program Files\Trend Micro\OfficeScan Client\Tmupdate.dll - ok
14:21:53.0337 3784  [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\System32\mpr.dll
14:21:53.0337 3784  C:\Windows\System32\mpr.dll - ok
14:21:53.0337 3784  [ 92B6D2C67BBEFEFB7B84BDC5916C0FEA ] C:\Program Files\Trend Micro\OfficeScan Client\NTSvcRes.dll
14:21:53.0337 3784  C:\Program Files\Trend Micro\OfficeScan Client\NTSvcRes.dll - ok
14:21:53.0337 3784  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] C:\Windows\System32\browser.dll
14:21:53.0337 3784  C:\Windows\System32\browser.dll - ok
14:21:53.0337 3784  [ E4B72E71EC37A59FE574A998A0C0EB9B ] C:\Windows\System32\netmsg.dll
14:21:53.0337 3784  C:\Windows\System32\netmsg.dll - ok
14:21:53.0337 3784  [ D64AF876D53ECA3668BB97B51B4E70AB ] C:\Windows\System32\srvsvc.dll
14:21:53.0337 3784  C:\Windows\System32\srvsvc.dll - ok
14:21:53.0337 3784  [ 89E783711AF91AF09E1EF30EF3107446 ] C:\Windows\System32\sscore.dll
14:21:53.0337 3784  C:\Windows\System32\sscore.dll - ok
14:21:53.0353 3784  [ AE9898D5600A232CD8AE3298692162E5 ] C:\Windows\System32\clusapi.dll
14:21:53.0353 3784  C:\Windows\System32\clusapi.dll - ok
14:21:53.0353 3784  [ 2AF094C822BD6094F14A8E85FB51D52A ] C:\Windows\System32\resutils.dll
14:21:53.0353 3784  C:\Windows\System32\resutils.dll - ok
14:21:53.0353 3784  [ 6604C8C15B3AFD280F12B1FF4C7EF2B2 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF6DD6CB-B939-4009-8B37-25D33B44F233}\mpengine.dll
14:21:53.0353 3784  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF6DD6CB-B939-4009-8B37-25D33B44F233}\mpengine.dll - ok
14:21:53.0353 3784  [ 7E82616BEE76BF5EAA5B30F681414E21 ] C:\Windows\System32\perftrack.dll
14:21:53.0353 3784  C:\Windows\System32\perftrack.dll - ok
14:21:53.0353 3784  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] C:\Windows\System32\wdi.dll
14:21:53.0353 3784  C:\Windows\System32\wdi.dll - ok
14:21:53.0353 3784  [ 382C804C92811BE57829D8E550A900E2 ] C:\Windows\System32\termsrv.dll
14:21:53.0353 3784  C:\Windows\System32\termsrv.dll - ok
14:21:53.0369 3784  [ 8B794AE6D5C7D42092804BC39A2EB8F6 ] C:\Windows\System32\aepic.dll
14:21:53.0369 3784  C:\Windows\System32\aepic.dll - ok
14:21:53.0369 3784  [ 326A5BDD4F299EA8B4843BB78F06A6B8 ] C:\Windows\System32\icaapi.dll
14:21:53.0369 3784  C:\Windows\System32\icaapi.dll - ok
14:21:53.0369 3784  [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\System32\npmproxy.dll
14:21:53.0369 3784  C:\Windows\System32\npmproxy.dll - ok
14:21:53.0369 3784  [ 55187FD710E27D5095D10A472C8BAF1C ] C:\Windows\System32\w32time.dll
14:21:53.0369 3784  C:\Windows\System32\w32time.dll - ok
14:21:53.0369 3784  [ ECF036299AA554B5E0455262857B39D0 ] C:\Windows\System32\diagperf.dll
14:21:53.0369 3784  C:\Windows\System32\diagperf.dll - ok
14:21:53.0369 3784  [ A29E036A5A3B37C7530F3EA1CF385129 ] C:\Windows\System32\lsmproxy.dll
14:21:53.0369 3784  C:\Windows\System32\lsmproxy.dll - ok
14:21:53.0369 3784  [ 53946B69BA0836BD95B03759530C81EC ] C:\Windows\System32\IPSECSVC.DLL
14:21:53.0369 3784  C:\Windows\System32\IPSECSVC.DLL - ok
14:21:53.0384 3784  [ F8E882C10AF4C29E378D1E28D4817CB1 ] C:\Windows\System32\pnpts.dll
14:21:53.0384 3784  C:\Windows\System32\pnpts.dll - ok
14:21:53.0384 3784  [ 2607A85B6466C0110EA8ABB9D8CC83FC ] C:\Windows\System32\regapi.dll
14:21:53.0384 3784  C:\Windows\System32\regapi.dll - ok
14:21:53.0384 3784  [ B1462F0C851B0B0F3FBC4ADBB09CDF5E ] C:\Windows\System32\vmictimeprovider.dll
14:21:53.0384 3784  C:\Windows\System32\vmictimeprovider.dll - ok
14:21:53.0384 3784  [ AC3598BD1101BBC4365994BAB093BB62 ] C:\Windows\System32\rdpcorets.dll
14:21:53.0384 3784  C:\Windows\System32\rdpcorets.dll - ok
14:21:53.0384 3784  [ B4E5B29CF31DF85DFEF25D41871DCEDC ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF6DD6CB-B939-4009-8B37-25D33B44F233}\mpasbase.vdm
14:21:53.0384 3784  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF6DD6CB-B939-4009-8B37-25D33B44F233}\mpasbase.vdm - ok
14:21:53.0384 3784  [ DB603D3FD090C66F9709EF6493C26BA3 ] C:\Windows\System32\FwRemoteSvr.dll
14:21:53.0384 3784  C:\Windows\System32\FwRemoteSvr.dll - ok
14:21:53.0384 3784  [ 84546D71127011B19325BB2C615E4150 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF6DD6CB-B939-4009-8B37-25D33B44F233}\mpasdlta.vdm
14:21:53.0384 3784  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FF6DD6CB-B939-4009-8B37-25D33B44F233}\mpasdlta.vdm - ok
14:21:53.0400 3784  [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\System32\drprov.dll
14:21:53.0400 3784  C:\Windows\System32\drprov.dll - ok
14:21:53.0400 3784  [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\System32\cscapi.dll
14:21:53.0400 3784  C:\Windows\System32\cscapi.dll - ok
14:21:53.0400 3784  [ 284B59D7B56FC76C80E622AB856B1FAB ] C:\Windows\System32\davclnt.dll
14:21:53.0400 3784  C:\Windows\System32\davclnt.dll - ok
14:21:53.0400 3784  [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\System32\davhlpr.dll
14:21:53.0400 3784  C:\Windows\System32\davhlpr.dll - ok
14:21:53.0400 3784  [ 7AA994D0757EF3FDB4F3F7656E1E4D60 ] C:\Windows\System32\dfscli.dll
14:21:53.0400 3784  C:\Windows\System32\dfscli.dll - ok
14:21:53.0400 3784  [ D7B7159BC8374E87D8C45A30377A3440 ] C:\Windows\System32\ntlanman.dll
14:21:53.0400 3784  C:\Windows\System32\ntlanman.dll - ok
14:21:53.0415 3784  [ CAF9BEFEC0B30EE2CE51A65FF83941FF ] C:\Program Files\Trend Micro\OfficeScan Client\TMNotify.dll
14:21:53.0415 3784  C:\Program Files\Trend Micro\OfficeScan Client\TMNotify.dll - ok
14:21:53.0415 3784  [ 9AA69A2F61E7C4F1C6D94A6C3E3680E0 ] C:\Program Files\Trend Micro\OfficeScan Client\libeay32.dll
14:21:53.0415 3784  C:\Program Files\Trend Micro\OfficeScan Client\libeay32.dll - ok
14:21:53.0415 3784  [ F0016853FA3F38F55FD868FF74C0359B ] C:\Windows\System32\wdiasqmmodule.dll
14:21:53.0415 3784  C:\Windows\System32\wdiasqmmodule.dll - ok
14:21:53.0415 3784  [ AA53356D60AF47EACC85BC617A4F3F66 ] C:\Windows\System32\wpdbusenum.dll
14:21:53.0415 3784  C:\Windows\System32\wpdbusenum.dll - ok
14:21:53.0415 3784  [ 3CA5D661E6C5DDE5574D02F324C32E53 ] C:\Program Files\Windows Defender\MsMpLics.dll
14:21:53.0415 3784  C:\Program Files\Windows Defender\MsMpLics.dll - ok
14:21:53.0415 3784  [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\System32\wscapi.dll
14:21:53.0415 3784  C:\Windows\System32\wscapi.dll - ok
14:21:53.0415 3784  [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\System32\wscisvif.dll
14:21:53.0415 3784  C:\Windows\System32\wscisvif.dll - ok
14:21:53.0431 3784  [ 7DF186D86CF8C571A12AAB788C777F84 ] C:\Windows\System32\wscproxystub.dll
14:21:53.0431 3784  C:\Windows\System32\wscproxystub.dll - ok
14:21:53.0431 3784  [ E460AFD3A201408919ADB05977095E8D ] C:\Windows\System32\tlscsp.dll
14:21:53.0431 3784  C:\Windows\System32\tlscsp.dll - ok
14:21:53.0431 3784  [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\System32\d3d9.dll
14:21:53.0431 3784  C:\Windows\System32\d3d9.dll - ok
14:21:53.0431 3784  [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\System32\d3d8thk.dll
14:21:53.0431 3784  C:\Windows\System32\d3d8thk.dll - ok
14:21:53.0431 3784  [ 58D2343C32DF596FB6132B54395DE5DB ] C:\Windows\System32\rdpcorekmts.dll
14:21:53.0431 3784  C:\Windows\System32\rdpcorekmts.dll - ok
14:21:53.0431 3784  [ D33E95C0A2754061233B58DC41F8094C ] C:\Windows\System32\umb.dll
14:21:53.0431 3784  C:\Windows\System32\umb.dll - ok
14:21:53.0431 3784  [ E98278865E8DABA21CFE5FE4BE34210A ] C:\Windows\System32\PortableDeviceApi.dll
14:21:53.0431 3784  C:\Windows\System32\PortableDeviceApi.dll - ok
14:21:53.0447 3784  [ 954AAF2028CD907B7F7ED40FFFD9D27F ] C:\Windows\System32\rdpwsx.dll
14:21:53.0447 3784  C:\Windows\System32\rdpwsx.dll - ok
14:21:53.0447 3784  [ D99621C0735B21DCC8BC4FEF02F379EF ] C:\Windows\System32\Apphlpdm.dll
14:21:53.0447 3784  C:\Windows\System32\Apphlpdm.dll - ok
14:21:53.0447 3784  [ C693E642ACFBDD76433AF6BE3C3EEE6F ] C:\Windows\System32\PortableDeviceConnectApi.dll
14:21:53.0447 3784  C:\Windows\System32\PortableDeviceConnectApi.dll - ok
14:21:53.0447 3784  [ 72E953215CADE1A726C04AAFDF6B463D ] C:\Windows\System32\taskhost.exe
14:21:53.0447 3784  C:\Windows\System32\taskhost.exe - ok
14:21:53.0447 3784  [ C5C867CD7EFAC60D5021223E374DEEC5 ] C:\Windows\System32\dimsjob.dll
14:21:53.0447 3784  C:\Windows\System32\dimsjob.dll - ok
14:21:53.0447 3784  [ 14486EB6AF542F2BD3239F7FC3E713F7 ] C:\Windows\System32\pautoenr.dll
14:21:53.0447 3784  C:\Windows\System32\pautoenr.dll - ok
14:21:53.0462 3784  [ B973FCFC50DC1434E1970A146F7E3885 ] C:\Windows\System32\drivers\rdpdr.sys
14:21:53.0462 3784  C:\Windows\System32\drivers\rdpdr.sys - ok
14:21:53.0462 3784  [ 409994A8EACEEE4E328749C0353527A0 ] C:\Windows\System32\umrdp.dll
14:21:53.0462 3784  C:\Windows\System32\umrdp.dll - ok
14:21:53.0462 3784  [ 319C6B309773D063541D01DF8AC6F55F ] C:\Windows\System32\certprop.dll
14:21:53.0462 3784  C:\Windows\System32\certprop.dll - ok
14:21:53.0462 3784  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] C:\Windows\System32\drivers\tdtcp.sys
14:21:53.0462 3784  C:\Windows\System32\drivers\tdtcp.sys - ok
14:21:53.0462 3784  [ 254BB140EEE3C59D6114C1A86B636877 ] C:\Windows\System32\drivers\tssecsrv.sys
14:21:53.0462 3784  C:\Windows\System32\drivers\tssecsrv.sys - ok
14:21:53.0462 3784  [ 4AE380F39A0032EAB7DD953030B26D28 ] C:\Windows\System32\SessEnv.dll
14:21:53.0462 3784  C:\Windows\System32\SessEnv.dll - ok
14:21:53.0462 3784  [ DF6FEFE6F98FAFD3E5CE55C81079AF23 ] C:\Program Files\Trend Micro\OfficeScan Client\ssleay32.dll
14:21:53.0462 3784  C:\Program Files\Trend Micro\OfficeScan Client\ssleay32.dll - ok
14:21:53.0478 3784  [ 61B1ED5F429EFAC7E2036769870AB93E ] C:\Windows\System32\certcli.dll
14:21:53.0478 3784  C:\Windows\System32\certcli.dll - ok
14:21:53.0478 3784  [ F031683E6D1FEA157ABB2FF260B51E61 ] C:\Windows\System32\drivers\rdpwd.sys
14:21:53.0478 3784  C:\Windows\System32\drivers\rdpwd.sys - ok
14:21:53.0478 3784  [ C6B0509AA89F656247694E2D6ABF7255 ] C:\Windows\System32\wbem\wmiprov.dll
14:21:53.0478 3784  C:\Windows\System32\wbem\wmiprov.dll - ok
14:21:53.0478 3784  [ 6357E2B68753A1F5CF4A68A25C4FD14A ] C:\Windows\System32\wsnmp32.dll
14:21:53.0478 3784  C:\Windows\System32\wsnmp32.dll - ok
14:21:53.0478 3784  [ 29BC473072568C072EC8B176498DE996 ] C:\Windows\System32\CertEnroll.dll
14:21:53.0478 3784  C:\Windows\System32\CertEnroll.dll - ok
14:21:53.0478 3784  [ 7B70C0242712B020B51C674EA51CC29A ] C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll
14:21:53.0478 3784  C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll - ok
14:21:53.0493 3784  [ 2C3640E8647F6AE9A50698B53AC95192 ] C:\Program Files\Trend Micro\OfficeScan Client\OfcPluginTray.dll
14:21:53.0493 3784  C:\Program Files\Trend Micro\OfficeScan Client\OfcPluginTray.dll - ok
14:21:53.0493 3784  [ 417508E38BF3215E50635E4498D385AF ] C:\Program Files\Trend Micro\OfficeScan Client\TmpxCfg.dll
14:21:53.0493 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmpxCfg.dll - ok
14:21:53.0493 3784  [ 126F8331BD023178C7F0EF2F5EDE16B3 ] C:\Windows\System32\FXSMON.dll
14:21:53.0493 3784  C:\Windows\System32\FXSMON.dll - ok
14:21:53.0493 3784  [ 28DB6DD0816B33D8FEDCD2ACA1A2042D ] C:\Windows\System32\hpz3lw71.dll
14:21:53.0493 3784  C:\Windows\System32\hpz3lw71.dll - ok
14:21:53.0493 3784  [ 74AF6AA2E8B3180AADAE5FE8813CB1CD ] C:\Windows\System32\localspl.dll
14:21:53.0493 3784  C:\Windows\System32\localspl.dll - ok
14:21:53.0493 3784  [ 1574DD9D409F2DC45CF82C22B99164A4 ] C:\Windows\System32\pdfcmnnt.dll
14:21:53.0493 3784  C:\Windows\System32\pdfcmnnt.dll - ok
14:21:53.0493 3784  [ 03CF941D031F30272D3063E5A4D686F5 ] C:\Windows\System32\PrintIsolationProxy.dll
14:21:53.0493 3784  C:\Windows\System32\PrintIsolationProxy.dll - ok
14:21:53.0509 3784  [ 629181C26A78EB66B0B4E774E5AC2882 ] C:\Windows\System32\spoolss.dll
14:21:53.0509 3784  C:\Windows\System32\spoolss.dll - ok
14:21:53.0509 3784  [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
14:21:53.0509 3784  C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
14:21:53.0509 3784  [ F34CFADA6C48DAA41B996D24C7D8D3CA ] C:\Windows\System32\fdPnp.dll
14:21:53.0509 3784  C:\Windows\System32\fdPnp.dll - ok
14:21:53.0509 3784  [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\System32\snmpapi.dll
14:21:53.0509 3784  C:\Windows\System32\snmpapi.dll - ok
14:21:53.0509 3784  [ B390C1D825C7687493BEDE237C6C2F25 ] C:\Windows\System32\tcpmon.dll
14:21:53.0509 3784  C:\Windows\System32\tcpmon.dll - ok
14:21:53.0509 3784  [ 923CDD30092DB73EC4A0EBCDDD16C686 ] C:\Windows\System32\usbmon.dll
14:21:53.0509 3784  C:\Windows\System32\usbmon.dll - ok
14:21:53.0525 3784  [ A8EB761DE499242BECF153B2B34F020E ] C:\Windows\System32\WSDMon.dll
14:21:53.0525 3784  C:\Windows\System32\WSDMon.dll - ok
14:21:53.0525 3784  [ D27DDE7E0444C7F1819F958469EB7D93 ] C:\Windows\System32\inetpp.dll
14:21:53.0525 3784  C:\Windows\System32\inetpp.dll - ok
14:21:53.0525 3784  [ 0A404EE18BD87D39B850892A479DF55C ] C:\Windows\System32\spool\prtprocs\w32x86\hpzppw71.dll
14:21:53.0525 3784  C:\Windows\System32\spool\prtprocs\w32x86\hpzppw71.dll - ok
14:21:53.0525 3784  [ C2A44C942EC023CF2D5CF144B0F5D146 ] C:\Windows\System32\spool\prtprocs\w32x86\HPZPPWN7.DLL
14:21:53.0525 3784  C:\Windows\System32\spool\prtprocs\w32x86\HPZPPWN7.DLL - ok
14:21:53.0525 3784  [ CD72C6406BA561BED6D42CB145E55307 ] C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
14:21:53.0525 3784  C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll - ok
14:21:53.0525 3784  [ FC415B303B1ECF80B5F130A1F7203D02 ] C:\Windows\System32\win32spl.dll
14:21:53.0525 3784  C:\Windows\System32\win32spl.dll - ok
14:21:53.0525 3784  [ BD682367064E396651EADC0BC61A11C0 ] C:\Program Files\Trend Micro\OfficeScan Client\tmfbeng.dll
14:21:53.0525 3784  C:\Program Files\Trend Micro\OfficeScan Client\tmfbeng.dll - ok
14:21:53.0540 3784  [ A110A73A228F8041BE40CECA646068E9 ] C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.dll
14:21:53.0540 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.dll - ok
14:21:53.0540 3784  [ 5F7F63884A8547981EE379B8C0FB3312 ] C:\Program Files\Trend Micro\OfficeScan Client\tmtdi.sys
14:21:53.0540 3784  C:\Program Files\Trend Micro\OfficeScan Client\tmtdi.sys - ok
14:21:53.0540 3784  [ 3CA21F55740EAE156295D940AC5541C4 ] C:\Program Files\Trend Micro\OfficeScan Client\TmExtIns.exe
14:21:53.0540 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmExtIns.exe - ok
14:21:53.0540 3784  [ 3FA214B377B8711D859F950FDFEFF739 ] C:\Windows\System32\conhost.exe
14:21:53.0540 3784  C:\Windows\System32\conhost.exe - ok
14:21:53.0540 3784  [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\System32\shfolder.dll
14:21:53.0540 3784  C:\Windows\System32\shfolder.dll - ok
14:21:53.0540 3784  [ DD502A2E7B85EA7A3814C1034E6C23D3 ] C:\Windows\AppPatch\AcGenral.dll
14:21:53.0540 3784  C:\Windows\AppPatch\AcGenral.dll - ok
14:21:53.0556 3784  [ 1E81202224941D0F41F74F4D80EA41AE ] C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll
14:21:53.0556 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmIEPlg.dll - ok
14:21:53.0556 3784  [ 863DE7CC31E66F621F73C2BDB3DB703E ] C:\PROGRA~1\TRENDM~1\OFFICE~1\tmufeng.dll
14:21:53.0556 3784  C:\PROGRA~1\TRENDM~1\OFFICE~1\tmufeng.dll - ok
14:21:53.0556 3784  [ 92C229CBE688A7E274D39739954A4DA4 ] C:\PROGRA~1\TRENDM~1\OFFICE~1\tmaseng.dll
14:21:53.0556 3784  C:\PROGRA~1\TRENDM~1\OFFICE~1\tmaseng.dll - ok
14:21:53.0556 3784  [ 4EA140A2C6D27FE6FEEE74D2D863616E ] C:\Program Files\Trend Micro\OfficeScan Client\TmFFExt.dll
14:21:53.0556 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmFFExt.dll - ok
14:21:53.0556 3784  [ 3245606BADBD5D0ABECAB2A0CB1EB796 ] C:\Program Files\Trend Micro\OfficeScan Client\sqlite3.dll
14:21:53.0556 3784  C:\Program Files\Trend Micro\OfficeScan Client\sqlite3.dll - ok
14:21:53.0556 3784  [ 725099D6CC2C64C742A33D84E10684DD ] C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
14:21:53.0556 3784  C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe - ok
14:21:53.0556 3784  [ A942890E48C77265F5AAF6BCCFE74FBD ] C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
14:21:53.0556 3784  C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe - ok
14:21:53.0571 3784  [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\System32\linkinfo.dll
14:21:53.0571 3784  C:\Windows\System32\linkinfo.dll - ok
14:21:53.0571 3784  [ 7E0AB74553476622FB6AE36F73D97D35 ] C:\Windows\System32\drivers\fastfat.sys
14:21:53.0571 3784  C:\Windows\System32\drivers\fastfat.sys - ok
14:21:53.0571 3784  [ 198366199A9F342EF87978D79308B49F ] C:\Windows\System32\RacEngn.dll
14:21:53.0571 3784  C:\Windows\System32\RacEngn.dll - ok
14:21:53.0571 3784  [ B6C756FA661C5EB7B3547E60647F87A7 ] C:\Windows\System32\sqlceoledb30.dll
14:21:53.0571 3784  C:\Windows\System32\sqlceoledb30.dll - ok
14:21:53.0571 3784  [ 60236C8C3B8C2D8B9A59326890533EB8 ] C:\Windows\System32\sqlceqp30.dll
14:21:53.0571 3784  C:\Windows\System32\sqlceqp30.dll - ok
14:21:53.0571 3784  [ 13CDD3FF0961A2EC6D9829A1640DD6DC ] C:\Windows\System32\sqlcese30.dll
14:21:53.0571 3784  C:\Windows\System32\sqlcese30.dll - ok
14:21:53.0587 3784  [ D4F264FE23F8953D840904418220C15E ] C:\Windows\System32\dxgi.dll
14:21:53.0587 3784  C:\Windows\System32\dxgi.dll - ok
14:21:53.0587 3784  [ 81C0FA250EF6DC1C6B3FA2BCE81D6C2E ] C:\Windows\winsxs\x86_microsoft-windows-w..emassessmenttoolapi_31bf3856ad364e35_6.1.7601.17514_none_e5a5cc0555dc7cd1\WinSATAPI.dll
14:21:53.0587 3784  C:\Windows\winsxs\x86_microsoft-windows-w..emassessmenttoolapi_31bf3856ad364e35_6.1.7601.17514_none_e5a5cc0555dc7cd1\WinSATAPI.dll - ok
14:21:53.0587 3784  [ 2BFF31508A58EA3F82CA8D6620AE6E13 ] C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
14:21:53.0587 3784  C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL - ok
14:21:53.0587 3784  [ 1B0EC94520CAB89A9CE1B2DA405166AF ] C:\Windows\System32\p2pcollab.dll
14:21:53.0587 3784  C:\Windows\System32\p2pcollab.dll - ok
14:21:53.0587 3784  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] C:\Windows\System32\QAGENTRT.DLL
14:21:53.0587 3784  C:\Windows\System32\QAGENTRT.DLL - ok
14:21:53.0587 3784  [ 9FD6496B6D91C8BE2A10BD55EAE2D5F2 ] C:\Windows\System32\fveui.dll
14:21:53.0587 3784  C:\Windows\System32\fveui.dll - ok
14:21:53.0587 3784  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:21:53.0587 3784  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
14:21:53.0603 3784  [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\System32\msvcr100_clr0400.dll
14:21:53.0603 3784  C:\Windows\System32\msvcr100_clr0400.dll - ok
14:21:53.0603 3784  [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\System32\mscoree.dll
14:21:53.0603 3784  C:\Windows\System32\mscoree.dll - ok
14:21:53.0603 3784  [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
14:21:53.0603 3784  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
14:21:53.0603 3784  [ FF60B8C5BBE73B0790B3332783B6FD81 ] C:\Program Files\Google\Update\1.3.21.153\goopdate.dll
14:21:53.0603 3784  C:\Program Files\Google\Update\1.3.21.153\goopdate.dll - ok
14:21:53.0603 3784  [ 14DA7788DCFEC3D29FC1D9E67D8E0DA8 ] C:\Program Files\Google\Update\1.3.21.153\goopdateres_nl.dll
14:21:53.0603 3784  C:\Program Files\Google\Update\1.3.21.153\goopdateres_nl.dll - ok
14:21:53.0603 3784  [ 8726802EA4FBFFA3FD54FD2449BF51D4 ] C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
14:21:53.0603 3784  C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe - ok
14:21:53.0618 3784  [ 2B73088CC2CA757A172B425C9398E5BC ] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
14:21:53.0618 3784  C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe - ok
14:21:53.0618 3784  [ 7333E3C6FB7F18E5663B53E1F6DBF4C6 ] C:\Windows\System32\msvcp71.dll
14:21:53.0618 3784  C:\Windows\System32\msvcp71.dll - ok
14:21:53.0618 3784  [ A51A7D0C82C93827532DF3B8FE7804EA ] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\DLLShared\CPSCommonTools12OEM.dll
14:21:53.0618 3784  C:\Program Files\Common Files\Roxio Shared\OEM\12.0\DLLShared\CPSCommonTools12OEM.dll - ok
14:21:53.0618 3784  [ 3B1247FC09F82A1ECD1294EA13C79C3E ] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\DLLShared\roxippEMC12.dll
14:21:53.0618 3784  C:\Program Files\Common Files\Roxio Shared\OEM\12.0\DLLShared\roxippEMC12.dll - ok
14:21:53.0618 3784  [ 1020C0C4BAC624DAF56712EA6D5865CE ] C:\Windows\System32\msvcr71.dll
14:21:53.0618 3784  C:\Windows\System32\msvcr71.dll - ok
14:21:53.0618 3784  [ AAA0B3B32484156599B3BE5E3B88528A ] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\LeResourceLoader.dll
14:21:53.0618 3784  C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\LeResourceLoader.dll - ok
14:21:53.0634 3784  [ CF8D43B5CE132414CC0667E9C5EB5574 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\homepermitsconfig12OEM.dll
14:21:53.0634 3784  C:\Program Files\Common Files\Roxio Shared\DLLShared\homepermitsconfig12OEM.dll - ok
14:21:53.0634 3784  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
14:21:53.0634 3784  C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
14:21:53.0634 3784  [ 837115C004022C7C9317848645D714FD ] C:\Program Files\Common Files\Roxio Shared\DLLShared\rsl.dll
14:21:53.0634 3784  C:\Program Files\Common Files\Roxio Shared\DLLShared\rsl.dll - ok
14:21:53.0634 3784  [ 6046C98205A35C2CEC330B15F88D4443 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\SQLite352.dll
14:21:53.0634 3784  C:\Program Files\Common Files\Roxio Shared\DLLShared\SQLite352.dll - ok
14:21:53.0634 3784  [ 5BD85ABB12E057257D9D93C0838ABC0B ] C:\Program Files\Common Files\Roxio Shared\DLLShared\rcsl.dll
14:21:53.0634 3784  C:\Program Files\Common Files\Roxio Shared\DLLShared\rcsl.dll - ok
14:21:53.0634 3784  [ 72E6BB97A33137004FAC46CA43938F6C ] C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicHTTPClient12OEM.dll
14:21:53.0634 3784  C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicHTTPClient12OEM.dll - ok
14:21:53.0634 3784  [ 132AB9DB9A673FC20EE2D786E8CEC447 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicLicenseManager12OEM.dll
14:21:53.0634 3784  C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicLicenseManager12OEM.dll - ok
14:21:53.0649 3784  [ CF87A1DE791347E75B98885214CED2B8 ] C:\Windows\System32\sppsvc.exe

[DarkAllMan]

14:21:53.0649 3784  C:\Windows\System32\sppsvc.exe - ok
14:21:53.0649 3784  [ D0481FB85BEEDD30A0884BE327880F80 ] C:\Windows\System32\framedynos.dll
14:21:53.0649 3784  C:\Windows\System32\framedynos.dll - ok
14:21:53.0649 3784  [ 72910F1DEB838E6E08A9017BFB7D4F0B ] C:\Windows\System32\browcli.dll
14:21:53.0649 3784  C:\Windows\System32\browcli.dll - ok
14:21:53.0649 3784  [ 907281ED4AD35D41B29FFDC211EBAD80 ] C:\Windows\System32\wmi.dll
14:21:53.0649 3784  C:\Windows\System32\wmi.dll - ok
14:21:53.0649 3784  [ A42E7748BE906434C5FD17161D168C20 ] C:\Windows\System32\schedcli.dll
14:21:53.0649 3784  C:\Windows\System32\schedcli.dll - ok
14:21:53.0649 3784  [ 807B6562009E5858C93E1C0F435C0382 ] C:\Windows\System32\netbios.dll
14:21:53.0649 3784  C:\Windows\System32\netbios.dll - ok
14:21:53.0665 3784  [ D16D818E9930A6E5B4F6476DD0998D1A ] C:\Windows\System32\drivers\spsys.sys
14:21:53.0665 3784  C:\Windows\System32\drivers\spsys.sys - ok
14:21:53.0665 3784  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] C:\Windows\System32\wscsvc.dll
14:21:53.0665 3784  C:\Windows\System32\wscsvc.dll - ok
14:21:53.0665 3784  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\Windows\System32\wuapi.dll
14:21:53.0665 3784  C:\Windows\System32\wuapi.dll - ok
14:21:53.0665 3784  [ 7A6986DD659B96398A11AF5173892715 ] C:\Windows\System32\cabinet.dll
14:21:53.0665 3784  C:\Windows\System32\cabinet.dll - ok
14:21:53.0665 3784  [ 236F286E103FD44BD85FDD93097FD5DD ] C:\Windows\System32\SearchIndexer.exe
14:21:53.0665 3784  C:\Windows\System32\SearchIndexer.exe - ok
14:21:53.0665 3784  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\Windows\System32\wups.dll
14:21:53.0665 3784  C:\Windows\System32\wups.dll - ok
14:21:53.0665 3784  [ 465DBF63A5049E4DB4BC5C12FFE781CB ] C:\Windows\System32\tquery.dll
14:21:53.0665 3784  C:\Windows\System32\tquery.dll - ok
14:21:53.0681 3784  [ 0241CB16136B9A4939CA0395768AE286 ] C:\Windows\System32\mssrch.dll
14:21:53.0681 3784  C:\Windows\System32\mssrch.dll - ok
14:21:53.0681 3784  [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\System32\msidle.dll
14:21:53.0681 3784  C:\Windows\System32\msidle.dll - ok
14:21:53.0681 3784  [ 3A11396EAC2414012155AB14E5C1E332 ] C:\Windows\System32\sppwinob.dll
14:21:53.0681 3784  C:\Windows\System32\sppwinob.dll - ok
14:21:53.0681 3784  [ 421D9645B72CD341ECDBB0FCE06C97DE ] C:\Windows\System32\sppobjs.dll
14:21:53.0681 3784  C:\Windows\System32\sppobjs.dll - ok
14:21:53.0681 3784  [ B63E24E9271E99FD4540E3CA22A937DA ] C:\Windows\System32\en-US\tquery.dll.mui
14:21:53.0681 3784  C:\Windows\System32\en-US\tquery.dll.mui - ok
14:21:53.0681 3784  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\Windows\System32\wuaueng.dll
14:21:53.0681 3784  C:\Windows\System32\wuaueng.dll - ok
14:21:53.0681 3784  [ 387A8A473ECC5BA02CF453277C1F3274 ] C:\Windows\System32\mspatcha.dll
14:21:53.0681 3784  C:\Windows\System32\mspatcha.dll - ok
14:21:53.0696 3784  [ E1AC89F6C5252057E6062843E36A6701 ] C:\Windows\System32\SearchProtocolHost.exe
14:21:53.0696 3784  C:\Windows\System32\SearchProtocolHost.exe - ok
14:21:53.0696 3784  [ A5D237B8673025B052C0E6FDB6A883E8 ] C:\Windows\System32\msshooks.dll
14:21:53.0696 3784  C:\Windows\System32\msshooks.dll - ok
14:21:53.0696 3784  [ A6CD6B3F71E13E2E45B727FB8A47EA87 ] C:\Windows\System32\SearchFilterHost.exe
14:21:53.0696 3784  C:\Windows\System32\SearchFilterHost.exe - ok
14:21:53.0696 3784  [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
14:21:53.0696 3784  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
14:21:53.0696 3784  [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\System32\mssprxy.dll
14:21:53.0696 3784  C:\Windows\System32\mssprxy.dll - ok
14:21:53.0696 3784  [ DB67C7C62038BDE813CB6486581A7611 ] C:\Windows\System32\mssph.dll
14:21:53.0696 3784  C:\Windows\System32\mssph.dll - ok
14:21:53.0712 3784  [ 8BC9DB92C4B2F3BE89185BEAB2AFC1F6 ] C:\Windows\System32\mapi32.dll
14:21:53.0712 3784  C:\Windows\System32\mapi32.dll - ok
14:21:53.0712 3784  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\Windows\System32\wups2.dll
14:21:53.0712 3784  C:\Windows\System32\wups2.dll - ok
14:21:53.0712 3784  [ 8B57A1AD493653BB57F281FE75DD175B ] C:\Windows\System32\NaturalLanguage6.dll
14:21:53.0712 3784  C:\Windows\System32\NaturalLanguage6.dll - ok
14:21:53.0712 3784  [ 8133EA1A6258D0F536EC51BE0A67855A ] C:\Windows\System32\NlsData0013.dll
14:21:53.0712 3784  C:\Windows\System32\NlsData0013.dll - ok
14:21:53.0712 3784  [ 1AB5B6EC4981D49A0D04DEE0E1085BEC ] C:\Windows\System32\NlsLexicons0013.dll
14:21:53.0712 3784  C:\Windows\System32\NlsLexicons0013.dll - ok
14:21:53.0712 3784  [ 8444A7364D6877922049E99BF4B78C5C ] C:\Windows\System32\ELSCore.dll
14:21:53.0712 3784  C:\Windows\System32\ELSCore.dll - ok
14:21:53.0712 3784  [ 7B3FD36359DE5D2EE49D213CCAD13427 ] C:\Windows\System32\elsTrans.dll
14:21:53.0712 3784  C:\Windows\System32\elsTrans.dll - ok
14:21:53.0727 3784  [ 02A2ED8497F437EA200DF3ACED255AFE ] C:\Windows\System32\elslad.dll
14:21:53.0727 3784  C:\Windows\System32\elslad.dll - ok
14:21:53.0727 3784  [ 2992932C1AB1D29A1A4A9E8CB8530CBF ] C:\Windows\System32\NlsData0009.dll
14:21:53.0727 3784  C:\Windows\System32\NlsData0009.dll - ok
14:21:53.0727 3784  [ C8CB301BF896C7C556BBE963FADF5BB6 ] C:\Windows\System32\NlsLexicons0009.dll
14:21:53.0727 3784  C:\Windows\System32\NlsLexicons0009.dll - ok
14:21:53.0727 3784  [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\System32\dssenh.dll
14:21:53.0727 3784  C:\Windows\System32\dssenh.dll - ok
14:21:53.0727 3784  [ 43BE3B9CA431F88E049928DC45C4365C ] C:\Windows\System32\wbem\wmipcima.dll
14:21:53.0727 3784  C:\Windows\System32\wbem\wmipcima.dll - ok
14:21:53.0727 3784  [ 52799EAD792B0E9AE7FD4BA5BD18FE5C ] C:\Windows\System32\wbem\WMIADAP.exe
14:21:53.0727 3784  C:\Windows\System32\wbem\WMIADAP.exe - ok
14:21:53.0727 3784  [ F35314802B20CE37AF5F700A252812DD ] C:\Windows\System32\mpnotify.exe
14:21:53.0727 3784  C:\Windows\System32\mpnotify.exe - ok
14:21:53.0743 3784  [ 9BA9E22DF9AAAB58B3546E26792E54B2 ] C:\Windows\System32\TdmNetworkProvider.dll
14:21:53.0743 3784  C:\Windows\System32\TdmNetworkProvider.dll - ok
14:21:53.0743 3784  [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\System32\dllhost.exe
14:21:53.0743 3784  C:\Windows\System32\dllhost.exe - ok
14:21:53.0743 3784  [ 0B31464B7B2D616BD5F7036673588EC1 ] C:\Windows\System32\IDStore.dll
14:21:53.0743 3784  C:\Windows\System32\IDStore.dll - ok
14:21:53.0743 3784  [ 7319102526BD11B45FD66335CF90CA12 ] C:\Windows\System32\HotStartUserAgent.dll
14:21:53.0743 3784  C:\Windows\System32\HotStartUserAgent.dll - ok
14:21:53.0743 3784  [ 7FFD52D73352806969D424EF327D10A7 ] C:\Windows\System32\radardt.dll
14:21:53.0743 3784  C:\Windows\System32\radardt.dll - ok
14:21:53.0743 3784  [ F58516E2DC0D963EF70D6BFC21FD82C4 ] C:\Windows\System32\PlaySndSrv.dll
14:21:53.0743 3784  C:\Windows\System32\PlaySndSrv.dll - ok
14:21:53.0759 3784  [ 4F2659160AFCCA990305816946F69407 ] C:\Windows\System32\taskeng.exe
14:21:53.0759 3784  C:\Windows\System32\taskeng.exe - ok
14:21:53.0759 3784  [ 3CA2BB895E204478C7A4C9BAF70970CE ] C:\Windows\System32\AtBroker.exe
14:21:53.0759 3784  C:\Windows\System32\AtBroker.exe - ok
14:21:53.0759 3784  [ B435F655E021A54C21A2EBAE349E11C7 ] C:\Program Files\Common Files\SPBA\vtapipql.dll
14:21:53.0759 3784  C:\Program Files\Common Files\SPBA\vtapipql.dll - ok
14:21:53.0759 3784  [ B43687C534A49700BF4B3C9898763752 ] C:\Windows\System32\MsCtfMonitor.dll
14:21:53.0759 3784  C:\Windows\System32\MsCtfMonitor.dll - ok
14:21:53.0759 3784  [ 56CEED370508F69A1BA04939BD1BADDA ] C:\Windows\System32\msutb.dll
14:21:53.0759 3784  C:\Windows\System32\msutb.dll - ok
14:21:53.0759 3784  [ 61AC3EFDFACFDD3F0F11DD4FD4044223 ] C:\Windows\System32\userinit.exe
14:21:53.0759 3784  C:\Windows\System32\userinit.exe - ok
14:21:53.0759 3784  [ 505BF4D1CADEB8D4F8BCD08D944DE25D ] C:\Windows\System32\dwm.exe
14:21:53.0759 3784  C:\Windows\System32\dwm.exe - ok
14:21:53.0774 3784  [ 497E59D9F01C6F247E72222A61835119 ] C:\Windows\System32\dwmcore.dll
14:21:53.0774 3784  C:\Windows\System32\dwmcore.dll - ok
14:21:53.0774 3784  [ 754AFC50022C95DA7C86B7020DB78136 ] C:\Windows\System32\dwmredir.dll
14:21:53.0774 3784  C:\Windows\System32\dwmredir.dll - ok
14:21:53.0774 3784  [ 659E04E74135927CA6D7BC5E75C84417 ] C:\Windows\System32\TSChannel.dll
14:21:53.0774 3784  C:\Windows\System32\TSChannel.dll - ok
14:21:53.0774 3784  [ 3C1936A12C62254F914A01BBC6A8DC69 ] C:\Windows\System32\d3d10_1.dll
14:21:53.0774 3784  C:\Windows\System32\d3d10_1.dll - ok
14:21:53.0774 3784  [ D4212AB475A3B25EC4DF574536C3EDC5 ] C:\Windows\System32\d3d10_1core.dll
14:21:53.0774 3784  C:\Windows\System32\d3d10_1core.dll - ok
14:21:53.0774 3784  [ 6DE66FE7C526637E74CD066461C7C871 ] C:\Windows\System32\d3d11.dll
14:21:53.0774 3784  C:\Windows\System32\d3d11.dll - ok
14:21:53.0774 3784  [ 8B88EBBB05A0E56B7DCC708498C02B3E ] C:\Windows\explorer.exe
14:21:53.0774 3784  C:\Windows\explorer.exe - ok
14:21:53.0790 3784  [ B0590AE25C847A74A644F3D6E22A4BE1 ] C:\Windows\System32\gpscript.exe
14:21:53.0790 3784  C:\Windows\System32\gpscript.exe - ok
14:21:53.0790 3784  [ 3D57FFBAD3ED16B63DE3879BAB0FB56F ] C:\Windows\System32\networkexplorer.dll
14:21:53.0790 3784  C:\Windows\System32\networkexplorer.dll - ok
14:21:53.0790 3784  [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\System32\ExplorerFrame.dll
14:21:53.0790 3784  C:\Windows\System32\ExplorerFrame.dll - ok
14:21:53.0790 3784  [ A648AB50A6FE18002C762674F4E0F41C ] C:\Windows\System32\igd10umd32.dll
14:21:53.0790 3784  C:\Windows\System32\igd10umd32.dll - ok
14:21:53.0790 3784  [ 2FAC6451A41551966A7607651049B997 ] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
14:21:53.0790 3784  C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll - ok
14:21:53.0790 3784  [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\System32\EhStorShell.dll
14:21:53.0790 3784  C:\Windows\System32\EhStorShell.dll - ok
14:21:53.0805 3784  [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\System32\cmd.exe
14:21:53.0805 3784  C:\Windows\System32\cmd.exe - ok
14:21:53.0805 3784  [ B9A4DAC2192FD78CDA097BFA79F6E7B2 ] C:\Windows\System32\net.exe
14:21:53.0805 3784  C:\Windows\System32\net.exe - ok
14:21:53.0805 3784  [ D1F438E9DFD869B33D1EDB635764C892 ] C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
14:21:53.0805 3784  C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL - ok
14:21:53.0805 3784  [ 640A476C8867AEAAD8FF9F59A61AFE2F ] C:\Windows\System32\PrintIsolationHost.exe
14:21:53.0805 3784  C:\Windows\System32\PrintIsolationHost.exe - ok
14:21:53.0805 3784  [ FC70115B86B7BC41467BE7A5696C44C5 ] C:\Windows\System32\spool\drivers\w32x86\3\UNIDRV.DLL
14:21:53.0805 3784  C:\Windows\System32\spool\drivers\w32x86\3\UNIDRV.DLL - ok
14:21:53.0805 3784  [ 32F4D839CA942236F933A78C3DC404F9 ] C:\Windows\System32\spool\drivers\w32x86\3\unidrvui.dll
14:21:53.0805 3784  C:\Windows\System32\spool\drivers\w32x86\3\unidrvui.dll - ok
14:21:53.0821 3784  [ 23C3C398E352D5DB6AEFE65736DFD0B5 ] C:\Windows\System32\spool\drivers\w32x86\3\HPZUIWN7.DLL
14:21:53.0821 3784  C:\Windows\System32\spool\drivers\w32x86\3\HPZUIWN7.DLL - ok
14:21:53.0821 3784  [ A026BD4085C0E933A57E1B81840DDD83 ] C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
14:21:53.0821 3784  C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF - ok
14:21:53.0821 3784  [ 765A886E3E0557E5A66D95BCFBD0F3AC ] C:\Windows\System32\compstui.dll
14:21:53.0821 3784  C:\Windows\System32\compstui.dll - ok
14:21:53.0821 3784  [ 3E7D612816758A498714F7E672A68691 ] C:\PROGRA~1\MICROS~4\Office14\1043\GrooveIntlResource.dll
14:21:53.0821 3784  C:\PROGRA~1\MICROS~4\Office14\1043\GrooveIntlResource.dll - ok
14:21:53.0821 3784  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] C:\Windows\System32\aelupsvc.dll
14:21:53.0821 3784  C:\Windows\System32\aelupsvc.dll - ok
14:21:53.0821 3784  [ 3EC541C196DE18ED9A0D0AC82A694D4C ] C:\Windows\System32\cscui.dll
14:21:53.0821 3784  C:\Windows\System32\cscui.dll - ok
14:21:53.0821 3784  [ 57A51217581614DE07F30E34D6BB4993 ] C:\Windows\System32\cscdll.dll
14:21:53.0821 3784  C:\Windows\System32\cscdll.dll - ok
14:21:53.0837 3784  [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\System32\ntshrui.dll
14:21:53.0837 3784  C:\Windows\System32\ntshrui.dll - ok
14:21:53.0837 3784  [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\System32\IconCodecService.dll
14:21:53.0837 3784  C:\Windows\System32\IconCodecService.dll - ok
14:21:53.0837 3784  [ EACFDF31921F51C097629F1F3C9129B4 ] C:\Windows\System32\appinfo.dll
14:21:53.0837 3784  C:\Windows\System32\appinfo.dll - ok
14:21:53.0837 3784  [ 1E69377A695C0C0092F90CB63396FB19 ] C:\Windows\System32\spool\drivers\w32x86\3\eSh3uui.dll
14:21:53.0837 3784  C:\Windows\System32\spool\drivers\w32x86\3\eSh3uui.dll - ok
14:21:53.0837 3784  [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\System32\runonce.exe
14:21:53.0837 3784  C:\Windows\System32\runonce.exe - ok
14:21:53.0837 3784  [ F5860C2D91EA9AF29C7144FD7D94D9AC ] C:\Windows\System32\ieframe.dll
14:21:53.0837 3784  C:\Windows\System32\ieframe.dll - ok
14:21:53.0852 3784  [ 947D4A27FF2D7099D95A4E396608B320 ] C:\Windows\System32\spool\drivers\w32x86\3\eSh3fw.dll
14:21:53.0852 3784  C:\Windows\System32\spool\drivers\w32x86\3\eSh3fw.dll - ok
14:21:53.0852 3784  [ 2A9B3DD8E3965DEAF64881E0DC3AEB05 ] C:\Windows\System32\spool\drivers\w32x86\3\eSh3fwdsdk.dll
14:21:53.0852 3784  C:\Windows\System32\spool\drivers\w32x86\3\eSh3fwdsdk.dll - ok
14:21:53.0852 3784  [ C9A6121252634AA4D4618981DE929BBB ] C:\Windows\System32\setx.exe
14:21:53.0852 3784  C:\Windows\System32\setx.exe - ok
14:21:53.0852 3784  [ 1F05F5A16881CD928C82D53CEFCF4477 ] C:\Windows\System32\shdocvw.dll
14:21:53.0852 3784  C:\Windows\System32\shdocvw.dll - ok
14:21:53.0852 3784  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\nailk\AppData\Local\temp\B4641787-E7EB-492D-96D9-C61FEE3D1D34.exe
14:21:53.0852 3784  C:\Users\nailk\AppData\Local\temp\B4641787-E7EB-492D-96D9-C61FEE3D1D34.exe - ok
14:21:53.0852 3784  [ 5EFDBEAECD69E250E5BA4A2950203CD4 ] C:\Windows\System32\sdclt.exe
14:21:53.0852 3784  C:\Windows\System32\sdclt.exe - ok
14:21:53.0852 3784  [ 3CC04CB09FAFAD87942437FDDEE11EE3 ] C:\Windows\System32\ReAgent.dll
14:21:53.0852 3784  C:\Windows\System32\ReAgent.dll - ok
14:21:53.0868 3784  [ 971A36C4827AD1AE2A54E6407478921A ] C:\Windows\System32\spp.dll
14:21:53.0868 3784  C:\Windows\System32\spp.dll - ok
14:21:53.0868 3784  [ 3B28814B74E898750A139FA4CBDFDCF7 ] C:\Windows\System32\sdengin2.dll
14:21:53.0868 3784  C:\Windows\System32\sdengin2.dll - ok
14:21:53.0868 3784  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] C:\Windows\System32\sdrsvc.dll
14:21:53.0868 3784  C:\Windows\System32\sdrsvc.dll - ok
14:21:53.0868 3784  [ 9BF7BDBD1EC69D44EA8D9BE222FC93BB ] C:\Windows\System32\sxshared.dll
14:21:53.0868 3784  C:\Windows\System32\sxshared.dll - ok
14:21:53.0868 3784  [ DD7596A0BC60AFFCCEB07E64F876FB59 ] C:\Windows\System32\sxproxy.dll
14:21:53.0868 3784  C:\Windows\System32\sxproxy.dll - ok
14:21:53.0868 3784  [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe
14:21:53.0868 3784  C:\Windows\System32\ie4uinit.exe - ok
14:21:53.0868 3784  [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll
14:21:53.0868 3784  C:\Windows\System32\iedkcs32.dll - ok
14:21:53.0883 3784  [ 7E9917D5309A90E7576653BFE39F80D8 ] C:\Windows\System32\timedate.cpl
14:21:53.0883 3784  C:\Windows\System32\timedate.cpl - ok
14:21:53.0883 3784  [ D2958325C1AE1AE37A83334C6229E3BC ] C:\Windows\System32\actxprxy.dll
14:21:53.0883 3784  C:\Windows\System32\actxprxy.dll - ok
14:21:53.0883 3784  [ FA752544EE1EE59E8AD938CBB43CAC93 ] C:\Program Files\Windows Live\Messenger\msgslang.dll
14:21:53.0883 3784  C:\Program Files\Windows Live\Messenger\msgslang.dll - ok
14:21:53.0883 3784  [ 64E211E0FDFCE4D186DF58BB7D0503BC ] C:\Windows\System32\gameux.dll
14:21:53.0883 3784  C:\Windows\System32\gameux.dll - ok
14:21:53.0883 3784  [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\System32\msftedit.dll
14:21:53.0883 3784  C:\Windows\System32\msftedit.dll - ok
14:21:53.0883 3784  [ 7896EFFDEE215C172BE724A64931EF1C ] C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
14:21:53.0883 3784  C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll - ok
14:21:53.0899 3784  [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\System32\msls31.dll
14:21:53.0899 3784  C:\Windows\System32\msls31.dll - ok
14:21:53.0899 3784  [ 2A39F32E0067CBF221611FE1FA8C6D8F ] C:\Windows\System32\DeviceCenter.dll
14:21:53.0899 3784  C:\Windows\System32\DeviceCenter.dll - ok
14:21:53.0899 3784  [ 672D7C5080ACB003343006405DA2E621 ] C:\Windows\System32\thumbcache.dll
14:21:53.0899 3784  C:\Windows\System32\thumbcache.dll - ok
14:21:53.0899 3784  [ 31B37D8376846E2A711CF13F78571E05 ] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
14:21:53.0899 3784  C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe - ok
14:21:53.0899 3784  [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\System32\oledlg.dll
14:21:53.0899 3784  C:\Windows\System32\oledlg.dll - ok
14:21:53.0899 3784  [ F5FBA8724DE219E96D9ABAF4772D31A3 ] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
14:21:53.0899 3784  C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe - ok
14:21:53.0899 3784  [ 38DD8C528516755C37619DB364826055 ] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
14:21:53.0899 3784  C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe - ok
14:21:53.0914 3784  [ A7749965A3923D024922A86BAAECAFF4 ] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
14:21:53.0914 3784  C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe - ok
14:21:53.0914 3784  [ 4164A47F3A2DA7EA44572904C3DF44A4 ] C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
14:21:53.0914 3784  C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe - ok
14:21:53.0914 3784  [ B9E362680ADB83F0E0134F4567DBF656 ] C:\Program Files\Common Files\Roxio Shared\OEM\12.0\DLLShared\LayoutDLL12OEM.dll
14:21:53.0914 3784  C:\Program Files\Common Files\Roxio Shared\OEM\12.0\DLLShared\LayoutDLL12OEM.dll - ok
14:21:53.0914 3784  [ 7ECFF5FCBF0AACAC99425D160B9D9CD0 ] C:\Program Files\CyberLink\PowerDVD9\Language\Language.dll
14:21:53.0914 3784  C:\Program Files\CyberLink\PowerDVD9\Language\Language.dll - ok
14:21:53.0914 3784  [ 53E81C75B3C260C8FE9FD9ED4D8DB8F0 ] C:\Program Files\Roxio\OEM\Roxio Burn\AS_Storage_w32.dll
14:21:53.0914 3784  C:\Program Files\Roxio\OEM\Roxio Burn\AS_Storage_w32.dll - ok
14:21:53.0914 3784  [ 04E7DF86D28BAE36D91B2D4ADC0370DA ] C:\Program Files\Trend Micro\OfficeScan Client\libCNTProdRes.dll
14:21:53.0914 3784  C:\Program Files\Trend Micro\OfficeScan Client\libCNTProdRes.dll - ok
14:21:53.0930 3784  [ C0440E464DEEDE7994DEDC3C25D9BF26 ] C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll
14:21:53.0930 3784  C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll - ok
14:21:53.0930 3784  [ 652B4E6919AB957E202057FD60D1B42A ] C:\Program Files\CyberLink\PowerDVD9\CLRCEngine3.dll
14:21:53.0930 3784  C:\Program Files\CyberLink\PowerDVD9\CLRCEngine3.dll - ok
14:21:53.0930 3784  [ 1020C0C4BAC624DAF56712EA6D5865CE ] C:\Program Files\CyberLink\PowerDVD9\msvcr71.dll
14:21:53.0930 3784  C:\Program Files\CyberLink\PowerDVD9\msvcr71.dll - ok
14:21:53.0930 3784  [ 96C70BD48D49B87475F4572DEDC62EB9 ] C:\Windows\AppPatch\AcLayers.dll
14:21:53.0930 3784  C:\Windows\AppPatch\AcLayers.dll - ok
14:21:53.0930 3784  [ 175383778EB24D98C84E624021E3AA0B ] C:\Windows\System32\aeevts.dll
14:21:53.0930 3784  C:\Windows\System32\aeevts.dll - ok
14:21:53.0930 3784  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:21:53.0930 3784  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
14:21:53.0930 3784  [ 9ACCBC5891BA51B5B29C1A88F80D4CE3 ] C:\Program Files\QuickTime\QTTask.exe
14:21:53.0930 3784  C:\Program Files\QuickTime\QTTask.exe - ok
14:21:53.0946 3784  [ 187F4C75A89E3F412322C94526320074 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
14:21:53.0946 3784  C:\Program Files\Microsoft Office\Office14\BCSSync.exe - ok
14:21:53.0946 3784  [ 2C1B1E9174D94E9F6EE3CF373ABAB7DD ] C:\Windows\System32\igfxtray.exe
14:21:53.0946 3784  C:\Windows\System32\igfxtray.exe - ok
14:21:53.0946 3784  [ F01E123F2AE03DF8F551A6ED5DEFDA35 ] C:\Program Files\Trend Micro\OfficeScan Client\NTMonRes.dll
14:21:53.0946 3784  C:\Program Files\Trend Micro\OfficeScan Client\NTMonRes.dll - ok
14:21:53.0946 3784  [ 5F12DCBECEE0ADE819E3F710F5508B31 ] C:\Windows\System32\hccutils.dll
14:21:53.0946 3784  C:\Windows\System32\hccutils.dll - ok
14:21:53.0946 3784  [ 87D78CF6365BDDACBE9D34B60FE0E23B ] C:\Windows\System32\hkcmd.exe
14:21:53.0946 3784  C:\Windows\System32\hkcmd.exe - ok
14:21:53.0946 3784  [ 1BC8A289BFDE02DF0DA6C06689FA89C3 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\homepermitsconfig13.dll
14:21:53.0946 3784  C:\Program Files\Common Files\Roxio Shared\DLLShared\homepermitsconfig13.dll - ok
14:21:53.0961 3784  [ E325D1DB76B13B33692D6318F67DC4EC ] C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicHTTPClient13.dll
14:21:53.0961 3784  C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicHTTPClient13.dll - ok
14:21:53.0961 3784  [ 89D3DE5E2C77DCD99C56F0E46310AEA0 ] C:\Windows\System32\igfxpers.exe
14:21:53.0961 3784  C:\Windows\System32\igfxpers.exe - ok
14:21:53.0961 3784  [ 8F17CA7CD61AF4602FC88647BAEA9F54 ] C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicLicenseManager13.dll
14:21:53.0961 3784  C:\Program Files\Common Files\Roxio Shared\DLLShared\SonicLicenseManager13.dll - ok
14:21:53.0961 3784  [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
14:21:53.0961 3784  C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
14:21:53.0961 3784  [ 1C7F1C3EA5894995E6C563E9AE9F029F ] C:\Windows\System32\l3codeca.acm
14:21:53.0961 3784  C:\Windows\System32\l3codeca.acm - ok
14:21:53.0961 3784  [ D63797E8E7781EE1500A810CB6194FA6 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
14:21:53.0961 3784  C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
14:21:53.0977 3784  [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\Windows\System32\msvcp100.dll
14:21:53.0977 3784  C:\Windows\System32\msvcp100.dll - ok
14:21:53.0977 3784  [ BF38660A9125935658CFA3E53FDC7D65 ] C:\Windows\System32\msvcr100.dll
14:21:53.0977 3784  C:\Windows\System32\msvcr100.dll - ok
14:21:53.0977 3784  [ DCCA4B04AF87E52EF9EAA2190E06CBAC ] C:\Program Files\Windows Sidebar\sidebar.exe
14:21:53.0977 3784  C:\Program Files\Windows Sidebar\sidebar.exe - ok
14:21:53.0977 3784  [ 9BB284CD5ECB89096B90BE55DCE7CB9B ] C:\Windows\HelpDeskinfo.exe
14:21:53.0977 3784  C:\Windows\HelpDeskinfo.exe - ok
14:21:53.0977 3784  [ 5E350C463EE596321C79CF23ADA56E7A ] C:\Windows\System32\igfxsrvc.exe
14:21:53.0977 3784  C:\Windows\System32\igfxsrvc.exe - ok
14:21:53.0977 3784  [ 347AAE83C7C7B787CED89544532AA47D ] C:\Windows\System32\PhotoMetadataHandler.dll
14:21:53.0977 3784  C:\Windows\System32\PhotoMetadataHandler.dll - ok
14:21:53.0977 3784  [ 53EE5AF5320FEA562A7A7BE6F71A534A ] C:\Windows\System32\igfxsrvc.dll
14:21:53.0977 3784  C:\Windows\System32\igfxsrvc.dll - ok
14:21:53.0992 3784  [ 5B80E7FBD710D0C19A93E41C2BA90E09 ] C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.ex_
14:21:53.0992 3784  C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.ex_ - ok
14:21:53.0992 3784  [ 90A77D095B9030CC2F632E93EB5AD61F ] C:\Program Files\Trend Micro\OfficeScan Client\PccNTUpd.exe
14:21:53.0992 3784  C:\Program Files\Trend Micro\OfficeScan Client\PccNTUpd.exe - ok
14:21:53.0992 3784  [ 7B2E20CAE7730B2ADD47E09FD14F18C3 ] C:\Windows\System32\igfxdev.dll
14:21:53.0992 3784  C:\Windows\System32\igfxdev.dll - ok
14:21:53.0992 3784  [ 2A02F387DC308D3AD95DBBC3C34DEAAC ] C:\Program Files\Common Files\microsoft shared\OFFICE14\msoshext.dll
14:21:53.0992 3784  C:\Program Files\Common Files\microsoft shared\OFFICE14\msoshext.dll - ok
14:21:53.0992 3784  [ 7059D86F14417D725ACA4D88D9073737 ] C:\Windows\System32\igfxrnld.lrc
14:21:53.0992 3784  C:\Windows\System32\igfxrnld.lrc - ok
14:21:53.0992 3784  [ 7BD6A6DFA75B665FA8F21BB21E59EC11 ] C:\Windows\System32\mshtml.dll
14:21:53.0992 3784  C:\Windows\System32\mshtml.dll - ok
14:21:54.0008 3784  [ B5506B451BFE7148ECA7056BDA2970BD ] C:\Windows\System32\riched32.dll
14:21:54.0008 3784  C:\Windows\System32\riched32.dll - ok
14:21:54.0008 3784  [ 2B8064BFF1C61C7E61232D2652894CD4 ] C:\Windows\System32\igfxress.dll
14:21:54.0008 3784  C:\Windows\System32\igfxress.dll - ok
14:21:54.0008 3784  [ 90A77D095B9030CC2F632E93EB5AD61F ] C:\Program Files\Trend Micro\OfficeScan Client\Temp\pccntupd.exe
14:21:54.0008 3784  C:\Program Files\Trend Micro\OfficeScan Client\Temp\pccntupd.exe - ok
14:21:54.0008 3784  [ BF7DDBE14FA4B68AAB6A3C78EF5C96B8 ] C:\Windows\System32\inetmib1.dll
14:21:54.0008 3784  C:\Windows\System32\inetmib1.dll - ok
14:21:54.0008 3784  [ C535DD3EF0EECB3792C8059DD257CDF8 ] C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
14:21:54.0008 3784  C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe - ok
14:21:54.0008 3784  [ F9C00C075FC9AD40135EC6B9695F49EB ] C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
14:21:54.0008 3784  C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe - ok
14:21:54.0008 3784  [ 9A69089E04F060CB25657EA0EA2ED503 ] C:\Windows\System32\GfxUI.exe
14:21:54.0008 3784  C:\Windows\System32\GfxUI.exe - ok
14:21:54.0024 3784  [ EE12BA876C4190532A4085994BA9B616 ] C:\Program Files\Internet Explorer\iexplore.exe
14:21:54.0024 3784  C:\Program Files\Internet Explorer\iexplore.exe - ok
14:21:54.0024 3784  [ D52CBDE8BAEFADCC8C48623605B4C524 ] C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
14:21:54.0024 3784  C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe - ok
14:21:54.0024 3784  [ FD93357E2C8208CBB68A01A145230E9D ] C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe
14:21:54.0024 3784  C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe - ok
14:21:54.0024 3784  [ 5D21F2C91214FED9A4A4A5527AEAC24D ] C:\Program Files\Dell\SwyxIt!.exe
14:21:54.0024 3784  C:\Program Files\Dell\SwyxIt!.exe - ok
14:21:54.0024 3784  [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\nailk\Desktop\tdsskiller.exe
14:21:54.0024 3784  C:\Users\nailk\Desktop\tdsskiller.exe - ok
14:21:54.0024 3784  [ 37B6EBA4E783A0B25F3FE05EF86722CB ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
14:21:54.0024 3784  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
14:21:54.0039 3784  [ 4ADCFEE16EE9978F06157634669D36FB ] C:\Users\nailk\Desktop\OTL.exe
14:21:54.0039 3784  C:\Users\nailk\Desktop\OTL.exe - ok
14:21:54.0039 3784  [ 1024236EAEA1B01A4EA0B617462DC551 ] C:\Users\nailk\Desktop\ComboFix.exe
14:21:54.0039 3784  C:\Users\nailk\Desktop\ComboFix.exe - ok
14:21:54.0039 3784  [ 33A77D477EF9D7A5C65A950129DF2E47 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
14:21:54.0039 3784  C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll - ok
14:21:54.0039 3784  [ 1D1EAA16D193C6A2D45981ED3914D22A ] C:\Windows\System32\msimtf.dll
14:21:54.0039 3784  C:\Windows\System32\msimtf.dll - ok
14:21:54.0039 3784  [ F2DF250C50297E0ACD7E55ED31F1683E ] C:\Windows\System32\jscript9.dll
14:21:54.0039 3784  C:\Windows\System32\jscript9.dll - ok
14:21:54.0039 3784  [ 9FF8F684BACF326082E5562F7C104A79 ] C:\Windows\System32\d2d1.dll
14:21:54.0039 3784  C:\Windows\System32\d2d1.dll - ok
14:21:54.0039 3784  [ 1C0E369575F387460E2A5F28269B2CC4 ] C:\Windows\System32\DWrite.dll
14:21:54.0039 3784  C:\Windows\System32\DWrite.dll - ok
14:21:54.0055 3784  [ AE4C63D1FBE6029108A65043D4A1E217 ] C:\Users\nailk\Desktop\RogueKiller.exe
14:21:54.0055 3784  C:\Users\nailk\Desktop\RogueKiller.exe - ok
14:21:54.0055 3784  [ 27FC75229EEE367D4C0E643C108A90FA ] C:\Windows\System32\LocationApi.dll
14:21:54.0055 3784  C:\Windows\System32\LocationApi.dll - ok
14:21:54.0055 3784  [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\System32\mlang.dll
14:21:54.0055 3784  C:\Windows\System32\mlang.dll - ok
14:21:54.0055 3784  [ ECCA7F72A24C7CF43131946C076689D1 ] C:\Program Files\Google\Chrome\Application\chrome.exe
14:21:54.0055 3784  C:\Program Files\Google\Chrome\Application\chrome.exe - ok
14:21:54.0055 3784  [ D6626C93BF7F557839C028D32247F910 ] C:\Windows\System32\SensorsApi.dll
14:21:54.0055 3784  C:\Windows\System32\SensorsApi.dll - ok
14:21:54.0055 3784  [ B3170CCC779B682C3341873EA60CF084 ] C:\Windows\System32\d3d10warp.dll
14:21:54.0055 3784  C:\Windows\System32\d3d10warp.dll - ok
14:21:54.0070 3784  [ F28A5ABB4CA867E6D89392EF0D4AC8F7 ] C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
14:21:54.0070 3784  C:\Program Files\CPUID\HWMonitor\HWMonitor.exe - ok
14:21:54.0070 3784  [ 534A3CB0847BA114F0D8A5F2BB2EF6D0 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
14:21:54.0070 3784  C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe - ok
14:21:54.0070 3784  [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\System32\PortableDeviceTypes.dll
14:21:54.0070 3784  C:\Windows\System32\PortableDeviceTypes.dll - ok
14:21:54.0070 3784  [ F5ECEAF5132D00B3DA565DBDD14E430F ] C:\Windows\System32\igdumdx32.dll
14:21:54.0070 3784  C:\Windows\System32\igdumdx32.dll - ok
14:21:54.0070 3784  [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\System32\ddraw.dll
14:21:54.0070 3784  C:\Windows\System32\ddraw.dll - ok
14:21:54.0070 3784  [ BAB9EF9A340113666F678AA2474904B6 ] C:\Windows\System32\ddrawex.dll
14:21:54.0070 3784  C:\Windows\System32\ddrawex.dll - ok
14:21:54.0070 3784  [ CA493A92DA9880B6F1A89C3DBD54BA5B ] C:\Windows\System32\dxtrans.dll
14:21:54.0070 3784  C:\Windows\System32\dxtrans.dll - ok
14:21:54.0086 3784  [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\System32\dciman32.dll
14:21:54.0086 3784  C:\Windows\System32\dciman32.dll - ok
14:21:54.0086 3784  [ 4312DEBDACBE338F0B90E7F08E7672BE ] C:\Windows\System32\dxtmsft.dll
14:21:54.0086 3784  C:\Windows\System32\dxtmsft.dll - ok
14:21:54.0086 3784  [ 9F1477010CD126FC7289DEC5840C0A66 ] C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll
14:21:54.0086 3784  C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll - ok
14:21:54.0086 3784  [ 89A54A834EC2C491E392DEEDB12C1489 ] C:\Windows\System32\vbscript.dll
14:21:54.0086 3784  C:\Windows\System32\vbscript.dll - ok
14:21:54.0086 3784  [ B39B8CC163C41B12FE83E777199F3378 ] C:\Windows\System32\tzres.dll
14:21:54.0086 3784  C:\Windows\System32\tzres.dll - ok
14:21:54.0086 3784  [ 523214677C1D31D7991632C6D11E6B42 ] C:\Windows\System32\d3dim700.dll
14:21:54.0086 3784  C:\Windows\System32\d3dim700.dll - ok
14:21:54.0102 3784  [ 96FAF00A7ADC61AF68192445623402FA ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
14:21:54.0102 3784  C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll - ok
14:21:54.0102 3784  [ B3DD214F23037E3D3C27D6C9447B40B5 ] C:\Program Files\Windows NT\Accessories\wordpad.exe
14:21:54.0102 3784  C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
14:21:54.0102 3784  [ 912649A1B3F9E6ACB3899FBDABA2ED5F ] C:\Windows\System32\stobject.dll
14:21:54.0102 3784  C:\Windows\System32\stobject.dll - ok
14:21:54.0102 3784  [ 67C1B58706B47EEBA4E117AC197289E6 ] C:\Windows\System32\batmeter.dll
14:21:54.0102 3784  C:\Windows\System32\batmeter.dll - ok
14:21:54.0102 3784  [ E11AE58B6D040AE7E1E55741CB9C6694 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
14:21:54.0102 3784  C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll - ok
14:21:54.0102 3784  [ E1C1197D2202843F1CBAFB449851C7F5 ] C:\Program Files\Windows Sidebar\wlsrvc.dll
14:21:54.0102 3784  C:\Program Files\Windows Sidebar\wlsrvc.dll - ok
14:21:54.0102 3784  [ 9568054175BDD69CE78750AF7DB7FC6F ] \\nlekf-sql1\RT\rtapp\exec\Smart_Client_Touch_Eng_Citrix.exe
14:21:54.0102 3784  \\nlekf-sql1\RT\rtapp\exec\Smart_Client_Touch_Eng_Citrix.exe - ok
14:21:54.0117 3784  [ AAB33D004B74EE052F65A414E7D87F7E ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll
14:21:54.0117 3784  C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll - ok
14:21:54.0117 3784  [ BEF5E8ECC5C7E3ED0A4D901C28B0C4AD ] C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE
14:21:54.0117 3784  C:\Program Files\Trend Micro\OfficeScan Client\TSC.EXE - ok
14:21:54.0117 3784  [ 21DDC4F742DE59B1BB761C57DD2EECF3 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll
14:21:54.0117 3784  C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll - ok
14:21:54.0117 3784  [ 8DFB5078508924FA725C203CE179B10C ] C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
14:21:54.0117 3784  C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
14:21:54.0117 3784  [ E0E5BB58A4C43F7DBB83352785F32DEF ] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
14:21:54.0117 3784  C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll - ok
14:21:54.0117 3784  [ 09A116FB06C5E362EF8938D29CDAB27B ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
14:21:54.0117 3784  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
14:21:54.0133 3784  [ 32BE4A1FAFCCD5CA9AB0CE772C43D5E2 ] C:\Windows\System32\SnippingTool.exe
14:21:54.0133 3784  C:\Windows\System32\SnippingTool.exe - ok
14:21:54.0133 3784  [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
14:21:54.0133 3784  C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
14:21:54.0133 3784  [ 8050B4440BA297EFAE6616C4FF0EAD27 ] C:\Windows\System32\gfxSrvc.dll
14:21:54.0133 3784  C:\Windows\System32\gfxSrvc.dll - ok
14:21:54.0133 3784  [ 1321DD81B82EC59922A946C104D762B1 ] \\NLEKF-FAP1\Gebruiker\PAL\EXE\PAL.exe
14:21:54.0133 3784  \\NLEKF-FAP1\Gebruiker\PAL\EXE\PAL.exe - ok
14:21:54.0133 3784  [ 028B2DCFC468CF98B5428AF8AEF2C849 ] C:\Windows\System32\IGFXDEVLib.dll
14:21:54.0133 3784  C:\Windows\System32\IGFXDEVLib.dll - ok
14:21:54.0133 3784  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\33992349.sys
14:21:54.0133 3784  C:\Windows\System32\drivers\33992349.sys - ok
14:21:54.0148 3784  [ F4D1E4EC5FDCB9DBD778479EF7C8CCC2 ] C:\Program Files\Trend Micro\OfficeScan Client\ssapi32.dll
14:21:54.0148 3784  C:\Program Files\Trend Micro\OfficeScan Client\ssapi32.dll - ok
14:21:54.0148 3784  [ 37D2CC675F1B2DAD45B04F872F25A74F ] C:\Program Files\Trend Micro\OfficeScan Client\TMBMCLI.dll
14:21:54.0148 3784  C:\Program Files\Trend Micro\OfficeScan Client\TMBMCLI.dll - ok
14:21:54.0148 3784  [ 4538F127802B47CBFEDC9FB86FF1FE83 ] C:\Program Files\Trend Micro\OfficeScan Client\TmEngDrv.dll
14:21:54.0148 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmEngDrv.dll - ok
14:21:54.0148 3784  [ 5B37190F79F5D63C1033ED88C006080C ] C:\Windows\System32\occache.dll
14:21:54.0148 3784  C:\Windows\System32\occache.dll - ok
14:21:54.0148 3784  [ F58E87DE0F2855BAE62EED30D306358D ] C:\Windows\System32\igdumd32.dll
14:21:54.0148 3784  C:\Windows\System32\igdumd32.dll - ok
14:21:54.0148 3784  [ A3484A0159763330160FD820DE8C4624 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
14:21:54.0148 3784  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll - ok
14:21:54.0148 3784  [ C8333F1F77A1B2E25F2202E892CAF634 ] C:\Windows\System32\prnfldr.dll
14:21:54.0148 3784  C:\Windows\System32\prnfldr.dll - ok
14:21:54.0164 3784  [ 05A321CF65AB46D8E29E717D13662519 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
14:21:54.0164 3784  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll - ok
14:21:54.0164 3784  [ 62A6EB5771580CAE445804389F3F7432 ] C:\Windows\System32\WindowsCodecsExt.dll
14:21:54.0164 3784  C:\Windows\System32\WindowsCodecsExt.dll - ok
14:21:54.0164 3784  [ 816B681CC308FAA128EDCB90643DCED7 ] C:\Windows\System32\icm32.dll
14:21:54.0164 3784  C:\Windows\System32\icm32.dll - ok
14:21:54.0164 3784  [ 4F48114B614D0002891F74121693B98F ] C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\270c99bc4431829d4cf923be1a011196\WindowsFormsIntegration.ni.dll
14:21:54.0164 3784  C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\270c99bc4431829d4cf923be1a011196\WindowsFormsIntegration.ni.dll - ok
14:21:54.0164 3784  [ 93404139C96D29853338CA68F26513CA ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
14:21:54.0164 3784  C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll - ok
14:21:54.0164 3784  [ ADDB05C93272A62606599B24730BD645 ] C:\Windows\System32\DXP.dll
14:21:54.0164 3784  C:\Windows\System32\DXP.dll - ok
14:21:54.0180 3784  [ 8213C3AED38E3478F222951C95614D2C ] \\nlekf-sql1\RT\rtapp\exec\PRDCenterSap.exe
14:21:54.0180 3784  \\nlekf-sql1\RT\rtapp\exec\PRDCenterSap.exe - ok
14:21:54.0180 3784  [ A9B36CAB809EF486D456FA1A3B204152 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
14:21:54.0180 3784  C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll - ok
14:21:54.0180 3784  [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\System32\Syncreg.dll
14:21:54.0180 3784  C:\Windows\System32\Syncreg.dll - ok
14:21:54.0180 3784  [ F8F03D206F7D5811D630349A23E9B9B9 ] C:\Windows\ehome\ehSSO.dll
14:21:54.0180 3784  C:\Windows\ehome\ehSSO.dll - ok
14:21:54.0180 3784  [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\System32\AltTab.dll
14:21:54.0180 3784  C:\Windows\System32\AltTab.dll - ok
14:21:54.0180 3784  [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\System32\rasdlg.dll
14:21:54.0180 3784  C:\Windows\System32\rasdlg.dll - ok
14:21:54.0180 3784  [ 735263DA17BF5BAF9CCD483843BF9D5A ] C:\Windows\System32\WPDShServiceObj.dll
14:21:54.0180 3784  C:\Windows\System32\WPDShServiceObj.dll - ok
14:21:54.0195 3784  [ 3D6F22551D422F97AACB0BB927E4C846 ] C:\Windows\System32\pnidui.dll
14:21:54.0195 3784  C:\Windows\System32\pnidui.dll - ok
14:21:54.0195 3784  [ BD626EF05967D14C772B8096292731A3 ] C:\Windows\System32\QUTIL.DLL
14:21:54.0195 3784  C:\Windows\System32\QUTIL.DLL - ok
14:21:54.0195 3784  [ CF4274CEEA9F7791FB7FC40A066BC2C7 ] C:\Windows\System32\cscobj.dll
14:21:54.0195 3784  C:\Windows\System32\cscobj.dll - ok
14:21:54.0195 3784  [ C39CE795D0B48CB65909BE44A132E119 ] C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
14:21:54.0195 3784  C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe - ok
14:21:54.0195 3784  [ B61E268B55773A4E9B2D7C69616A49AA ] C:\Program Files\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe
14:21:54.0195 3784  C:\Program Files\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe - ok
14:21:54.0195 3784  [ 674B0C0F6A448EB185CAAB9C51D44032 ] C:\Windows\System32\srchadmin.dll
14:21:54.0195 3784  C:\Windows\System32\srchadmin.dll - ok
14:21:54.0211 3784  [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\System32\webcheck.dll
14:21:54.0211 3784  C:\Windows\System32\webcheck.dll - ok
14:21:54.0211 3784  [ 04B88428A872390D235BE52D38A9D4EF ] C:\Windows\System32\dot3api.dll
14:21:54.0211 3784  C:\Windows\System32\dot3api.dll - ok
14:21:54.0211 3784  [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\System32\wlanhlp.dll
14:21:54.0211 3784  C:\Windows\System32\wlanhlp.dll - ok
14:21:54.0211 3784  [ B010CF886420EE29C2C276646721D255 ] C:\Windows\System32\wlanapi.dll
14:21:54.0211 3784  C:\Windows\System32\wlanapi.dll - ok
14:21:54.0211 3784  [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\System32\wlanutil.dll
14:21:54.0211 3784  C:\Windows\System32\wlanutil.dll - ok
14:21:54.0211 3784  [ F748F53FE09D21D8ECBB6421E6792024 ] C:\Windows\System32\onex.dll
14:21:54.0211 3784  C:\Windows\System32\onex.dll - ok
14:21:54.0211 3784  [ 2DDEA2C345DA5BC589EFD398F220DB0E ] C:\Windows\System32\SyncCenter.dll
14:21:54.0211 3784  C:\Windows\System32\SyncCenter.dll - ok
14:21:54.0226 3784  [ 8B285BDAB7735FDFB18E6F7122923B77 ] C:\Windows\System32\UIAnimation.dll
14:21:54.0226 3784  C:\Windows\System32\UIAnimation.dll - ok
14:21:54.0226 3784  [ 9A39A2A5F443A756C568C6ED5748AFE4 ] C:\Windows\System32\ActionCenter.dll
14:21:54.0226 3784  C:\Windows\System32\ActionCenter.dll - ok
14:21:54.0226 3784  [ 2D11BC8B460957E62E4420373A0D8BDA ] C:\Windows\System32\imapi2.dll
14:21:54.0226 3784  C:\Windows\System32\imapi2.dll - ok
14:21:54.0226 3784  [ C02AA67276FEE0C15CC4D6D616BDE95E ] C:\Windows\System32\WWanAPI.dll
14:21:54.0226 3784  C:\Windows\System32\WWanAPI.dll - ok
14:21:54.0226 3784  [ F2ED6D00921CA138289E5E0CCB9ABF87 ] C:\Windows\System32\wwapi.dll
14:21:54.0226 3784  C:\Windows\System32\wwapi.dll - ok
14:21:54.0226 3784  [ C2D6A4475B87651D5909E364439FDA52 ] C:\Windows\System32\FXSST.dll
14:21:54.0226 3784  C:\Windows\System32\FXSST.dll - ok
14:21:54.0226 3784  [ 02530B0B7E048DD5AC8D52DAEACAEB2B ] C:\Windows\System32\QAGENT.DLL
14:21:54.0226 3784  C:\Windows\System32\QAGENT.DLL - ok
14:21:54.0242 3784  [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\System32\FXSAPI.dll
14:21:54.0242 3784  C:\Windows\System32\FXSAPI.dll - ok
14:21:54.0242 3784  [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\System32\FXSRESM.dll
14:21:54.0242 3784  C:\Windows\System32\FXSRESM.dll - ok
14:21:54.0242 3784  [ C7952D0A4C43A965A1741916BB134751 ] C:\Windows\System32\hgcpl.dll
14:21:54.0242 3784  C:\Windows\System32\hgcpl.dll - ok
14:21:54.0242 3784  [ 967EA5B213E9984CBE270205DF37755B ] C:\Windows\System32\FXSSVC.exe
14:21:54.0242 3784  C:\Windows\System32\FXSSVC.exe - ok
14:21:54.0242 3784  [ E3D5E244807AD655787FCD25477CC1BC ] C:\Windows\System32\bthprops.cpl
14:21:54.0242 3784  C:\Windows\System32\bthprops.cpl - ok
14:21:54.0242 3784  [ 987323F0247D023AD1AE52195540ECE0 ] C:\Windows\System32\mssvp.dll
14:21:54.0242 3784  C:\Windows\System32\mssvp.dll - ok
14:21:54.0242 3784  [ F33C3F08536F988AAC84D72D83B139A6 ] C:\Program Files\Trend Micro\OfficeScan Client\tmcomm.sys
14:21:54.0242 3784  C:\Program Files\Trend Micro\OfficeScan Client\tmcomm.sys - ok
14:21:54.0258 3784  [ 65E50CCFD60A2BCAF7F15BBE8A456157 ] C:\Program Files\Trend Micro\OfficeScan Client\tmevtmgr.sys
14:21:54.0258 3784  C:\Program Files\Trend Micro\OfficeScan Client\tmevtmgr.sys - ok
14:21:54.0258 3784  [ 028E02E1621466B5B4DC0525BC071B09 ] C:\Program Files\Trend Micro\OfficeScan Client\tmactmon.sys
14:21:54.0258 3784  C:\Program Files\Trend Micro\OfficeScan Client\tmactmon.sys - ok
14:21:54.0258 3784  [ 37D2CC675F1B2DAD45B04F872F25A74F ] C:\Program Files\Trend Micro\BM\TMBMCLI.dll
14:21:54.0258 3784  C:\Program Files\Trend Micro\BM\TMBMCLI.dll - ok
14:21:54.0258 3784  [ 3001E1CB1BFBB9A907A81A7ECF89657F ] C:\Program Files\Trend Micro\BM\TMBMSRV.exe
14:21:54.0258 3784  C:\Program Files\Trend Micro\BM\TMBMSRV.exe - ok
14:21:54.0258 3784  [ 3001E1CB1BFBB9A907A81A7ECF89657F ] C:\Program Files\Trend Micro\OfficeScan Client\TMBMSRV.exe
14:21:54.0258 3784  C:\Program Files\Trend Micro\OfficeScan Client\TMBMSRV.exe - ok
14:21:54.0258 3784  [ 19418E98583BF60A1C62120A65D866FB ] C:\Program Files\Trend Micro\BM\tmcomeng.dll
14:21:54.0258 3784  C:\Program Files\Trend Micro\BM\tmcomeng.dll - ok
14:21:54.0273 3784  [ 19418E98583BF60A1C62120A65D866FB ] C:\Program Files\Trend Micro\OfficeScan Client\tmcomeng.dll
14:21:54.0273 3784  C:\Program Files\Trend Micro\OfficeScan Client\tmcomeng.dll - ok
14:21:54.0273 3784  [ 4538F127802B47CBFEDC9FB86FF1FE83 ] C:\Program Files\Trend Micro\BM\TmEngDrv.dll
14:21:54.0273 3784  C:\Program Files\Trend Micro\BM\TmEngDrv.dll - ok
14:21:54.0273 3784  [ 9114AB8BCFF7D2D491C0F6F6AD0AD0CB ] C:\Program Files\Trend Micro\OfficeScan Client\tmtap.dll
14:21:54.0273 3784  C:\Program Files\Trend Micro\OfficeScan Client\tmtap.dll - ok
14:21:54.0273 3784  [ 9114AB8BCFF7D2D491C0F6F6AD0AD0CB ] C:\Program Files\Trend Micro\BM\tmtap.dll
14:21:54.0273 3784  C:\Program Files\Trend Micro\BM\tmtap.dll - ok
14:21:54.0273 3784  [ 863DE7CC31E66F621F73C2BDB3DB703E ] C:\Program Files\Trend Micro\BM\tmufeng.dll
14:21:54.0273 3784  C:\Program Files\Trend Micro\BM\tmufeng.dll - ok
14:21:54.0273 3784  [ 6427419EDD5F32FB1B8E36E77A938C09 ] C:\Program Files\Trend Micro\OfficeScan Client\TMPEM.dll
14:21:54.0273 3784  C:\Program Files\Trend Micro\OfficeScan Client\TMPEM.dll - ok
14:21:54.0289 3784  [ 6427419EDD5F32FB1B8E36E77A938C09 ] C:\Program Files\Trend Micro\BM\TMPEM.dll
14:21:54.0289 3784  C:\Program Files\Trend Micro\BM\TMPEM.dll - ok
14:21:54.0289 3784  [ 92C73039061907BAAC7AA7BAFA4A4302 ] C:\Program Files\Trend Micro\OfficeScan Client\ieplug.dll
14:21:54.0289 3784  C:\Program Files\Trend Micro\OfficeScan Client\ieplug.dll - ok
14:21:54.0289 3784  [ 92C73039061907BAAC7AA7BAFA4A4302 ] C:\Program Files\Trend Micro\BM\ieplug.dll
14:21:54.0289 3784  C:\Program Files\Trend Micro\BM\ieplug.dll - ok
14:21:54.0289 3784  [ 291727FE2E56FC6B4B5C22E387146F38 ] C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.dll
14:21:54.0289 3784  C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.dll - ok
14:21:54.0289 3784  [ F2C6F3F0B75B19118056B25312AC2971 ] C:\Program Files\Trend Micro\OfficeScan Client\TmPfwApi.dll
14:21:54.0289 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmPfwApi.dll - ok
14:21:54.0289 3784  [ 7697034EBCE2528796DF5D7C55B52CC8 ] C:\Program Files\Trend Micro\OfficeScan Client\TMLWF.sys
14:21:54.0289 3784  C:\Program Files\Trend Micro\OfficeScan Client\TMLWF.sys - ok
14:21:54.0289 3784  [ A56279BBA7AD6F78FB7C9E5B75EB562C ] C:\Program Files\Trend Micro\OfficeScan Client\TMWFP.sys
14:21:54.0289 3784  C:\Program Files\Trend Micro\OfficeScan Client\TMWFP.sys - ok
14:21:54.0304 3784  [ 236657DEDC455056EF2A072D603D2564 ] C:\Program Files\Trend Micro\OfficeScan Client\TM_CFW.sys
14:21:54.0304 3784  C:\Program Files\Trend Micro\OfficeScan Client\TM_CFW.sys - ok
14:21:54.0304 3784  [ 141FF68169F065D2038C56821F742D8B ] C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
14:21:54.0304 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe - ok
14:21:54.0304 3784  [ 18BF08599B87E3B3BFFBD0662C549793 ] C:\Program Files\Trend Micro\OfficeScan Client\TmPfwCtl.dll
14:21:54.0304 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmPfwCtl.dll - ok
14:21:54.0304 3784  [ 0663D7B9497B93AB0F1CCF3A4FD91193 ] C:\Program Files\Trend Micro\OfficeScan Client\tmwfpapi.dll
14:21:54.0304 3784  C:\Program Files\Trend Micro\OfficeScan Client\tmwfpapi.dll - ok
14:21:54.0304 3784  [ 5F01B708BC1B0C6EAA1486298CA199A4 ] C:\Program Files\Trend Micro\OfficeScan Client\tmHash.dll
14:21:54.0304 3784  C:\Program Files\Trend Micro\OfficeScan Client\tmHash.dll - ok
14:21:54.0304 3784  [ 610DDD3BC7A1E357C58E3147D8F93C82 ] C:\Program Files\Trend Micro\OfficeScan Client\TmPfwLog.dll
14:21:54.0304 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmPfwLog.dll - ok
14:21:54.0320 3784  [ D1AD06ACA45A7822FE27F7ABDCB997AE ] C:\Program Files\Trend Micro\OfficeScan Client\TmDbg32.dll
14:21:54.0320 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmDbg32.dll - ok
14:21:54.0320 3784  [ EB9BAE53CA406A57B5B1F275EBCED4AD ] C:\Program Files\Trend Micro\OfficeScan Client\TmPfwRul.dll
14:21:54.0320 3784  C:\Program Files\Trend Micro\OfficeScan Client\TmPfwRul.dll - ok
14:21:54.0320 3784  [ B8DF6FD74F931D9D75C33D6B46311797 ] C:\Program Files\Trend Micro\OfficeScan Client\PccNT.exe
14:21:54.0320 3784  C:\Program Files\Trend Micro\OfficeScan Client\PccNT.exe - ok
14:21:54.0320 3784  [ 3E709F7BFA217CD3B6FC338780465E20 ] C:\Windows\System32\adsldp.dll
14:21:54.0320 3784  C:\Windows\System32\adsldp.dll - ok
14:21:54.0320 3784  [ 44F5C1CF70AC8F7239F3B3667E58697A ] C:\Windows\winsxs\x86_microsoft-windows-s..icate-policy-engine_31bf3856ad364e35_6.1.7601.17514_none_677f0b3d9250663f\CertPolEng.dll
14:21:54.0320 3784  C:\Windows\winsxs\x86_microsoft-windows-s..icate-policy-engine_31bf3856ad364e35_6.1.7601.17514_none_677f0b3d9250663f\CertPolEng.dll - ok
14:21:54.0320 3784  [ 038A12E8D06726F8DA336EF5D5DD5A84 ] C:\Program Files\Trend Micro\OfficeScan Client\tmwlutil.dll
14:21:54.0320 3784  C:\Program Files\Trend Micro\OfficeScan Client\tmwlutil.dll - ok
14:21:54.0336 3784  [ F175E53C7C3B25A9029A131FB578B155 ] C:\Windows\System32\wscinterop.dll
14:21:54.0336 3784  C:\Windows\System32\wscinterop.dll - ok
14:21:54.0336 3784  [ 7FD5532C142DB6C9CC47AA4DCF71FDEC ] C:\Windows\System32\wscui.cpl
14:21:54.0336 3784  C:\Windows\System32\wscui.cpl - ok
14:21:54.0336 3784  [ 1869BD251211FB6275067372A45682D6 ] C:\Windows\System32\werconcpl.dll
14:21:54.0336 3784  C:\Windows\System32\werconcpl.dll - ok
14:21:54.0336 3784  [ AC804569BB2364FB6017370258A4091B ] C:\Windows\System32\wercplsupport.dll
14:21:54.0336 3784  C:\Windows\System32\wercplsupport.dll - ok
14:21:54.0336 3784  [ 57CE9D8350B1DD76EEC596C423C3C0BC ] C:\Windows\System32\hcproviders.dll
14:21:54.0336 3784  C:\Windows\System32\hcproviders.dll - ok
14:21:54.0336 3784  [ 77D34490E6D33626968BE1A41FEAF253 ] C:\Program Files\Internet Explorer\ieproxy.dll
14:21:54.0336 3784  C:\Program Files\Internet Explorer\ieproxy.dll - ok
14:21:54.0336 3784  [ C9905EA4C326DAB778B9297BA5BD1889 ] C:\Windows\System32\wermgr.exe
14:21:54.0336 3784  C:\Windows\System32\wermgr.exe - ok
14:21:54.0351 3784  [ 51138BEEA3E2C21EC44D0932C71762A8 ] C:\Windows\System32\rundll32.exe
14:21:54.0351 3784  C:\Windows\System32\rundll32.exe - ok
14:21:54.0351 3784  [ 249B010966B64C9805155704014C398F ] C:\Program Files\Windows Live\SOXE\wlsoxe.dll
14:21:54.0351 3784  C:\Program Files\Windows Live\SOXE\wlsoxe.dll - ok
14:21:54.0351 3784  [ E1EF320CBB1A6623DF040D5539DDA8F4 ] C:\Windows\winsxs\x86_microsoft-windows-t..cheduler-apis-proxy_31bf3856ad364e35_6.1.7600.16385_none_d58a4b8d7ce98308\TaskSchdPS.dll
14:21:54.0351 3784  C:\Windows\winsxs\x86_microsoft-windows-t..cheduler-apis-proxy_31bf3856ad364e35_6.1.7600.16385_none_d58a4b8d7ce98308\TaskSchdPS.dll - ok
14:21:54.0351 3784  ============================================================
14:21:54.0351 3784  Scan finished
14:21:54.0351 3784  ============================================================
14:21:54.0351 3100  Detected object count: 4
14:21:54.0351 3100  Actual detected object count: 4
14:23:39.0972 3100  ACPI ( ForgedFile.Multi.Generic ) - skipped by user
14:23:39.0972 3100  ACPI ( ForgedFile.Multi.Generic ) - User select action: Skip
14:23:39.0972 3100  BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - skipped by user
14:23:39.0972 3100  BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:23:39.0972 3100  SecureStorageService ( UnsignedFile.Multi.Generic ) - skipped by user
14:23:39.0972 3100  SecureStorageService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:23:39.0972 3100  tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - skipped by user
14:23:39.0972 3100  tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip

 

[Maniac]

Step 1

Please download Malwarebytes Anti-Rootkit from here

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

Step 2

Now you should run the fixdamage.exe application, located in the same MBAR directory as mbar.exe. Clicking on fixdamage.exe will open the console application and request confirmation to apply any fixes to the operating system. Input “Y” to being the fix. After the fix is complete, it will request you to restart the system again.