┌──(kali㉿kali)-[~/Desktop/volatility/volatility_2.5.linux.standalone]
└─$ ./volatility_2.5_linux_x64 --profile=WinXPSP2x86 -f OCSALY_Case_001/0zapftis.vmem  hivelist
Volatility Foundation Volatility Framework 2.5
Virtual    Physical   Name
---------- ---------- ----
0xe1bf6b60 0x0af3cb60 \Device\HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
0xe1bb2b60 0x0accab60 \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT
0xe1a4db60 0x08b7cb60 \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
0xe1991b60 0x07d9ab60 \Device\HarddiskVolume1\Documents and Settings\LocalService\NTUSER.DAT
0xe1844458 0x07741458 \Device\HarddiskVolume1\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
0xe183e008 0x076b8008 \Device\HarddiskVolume1\Documents and Settings\NetworkService\NTUSER.DAT
0xe1544b60 0x05c63b60 \Device\HarddiskVolume1\WINDOWS\system32\config\software
0xe154db60 0x05c6fb60 \Device\HarddiskVolume1\WINDOWS\system32\config\SAM
0xe154d008 0x05c6f008 \Device\HarddiskVolume1\WINDOWS\system32\config\default
0xe1544008 0x05c63008 \Device\HarddiskVolume1\WINDOWS\system32\config\SECURITY
0xe13b5a40 0x02463a40 [no name]
0xe1018388 0x020bf388 \Device\HarddiskVolume1\WINDOWS\system32\config\system
0xe1008b60 0x020c3b60 [no name]
                                                                                                        
┌──(kali㉿kali)-[~/Desktop/volatility/volatility_2.5.linux.standalone]
└─$ ./volatility_2.5_linux_x64 --profile=WinXPSP2x86 -f OCSALY_Case_001/0zapftis.vmem  timeliner
Volatility Foundation Volatility Framework 2.5
2011-10-10 17:06:54 UTC+0000|[LIVE RESPONSE]| (System time)|
2011-10-04 18:21:31 UTC+0000|[IEHISTORY]| explorer.exe->Visited: Administrator@file:///C:/Documents%20and%20Settings/Administrator/Desktop/listener.pdf| PID: 1956/Cache type "URL " at 0x1715000 End: 2011-10-04 18:21:31 UTC+0000
2010-11-06 18:14:46 UTC+0000|[IEHISTORY]| explorer.exe->Visited: Administrator@about:Home| PID: 1956/Cache type "URL " at 0x1715100 End: 2010-11-06 18:14:46 UTC+0000
2011-10-04 18:00:18 UTC+0000|[IEHISTORY]| explorer.exe->Visited: Administrator@file:///C:/Program%20Files/Adobe/Reader%209.0/Reader/Legal/ENU/license.html| PID: 1956/Cache type "URL " at 0x1715200 End: 2011-10-04 18:00:18 UTC+0000
2011-10-04 18:01:23 UTC+0000|[IEHISTORY]| explorer.exe->Visited: Administrator@file:///C:/Documents%20and%20Settings/Administrator/Desktop/Exploit.pdf| PID: 1956/Cache type "URL " at 0x1715380 End: 2011-10-04 18:01:23 UTC+0000
2011-10-10 17:03:58 UTC+0000|[PROCESS]| winlogon.exe| PID: 632/PPID: 536/POffset: 0x015a9020
2011-10-10 17:03:58 UTC+0000|[PROCESS LastTrimTime]| winlogon.exe| PID: 632/PPID: 536/POffset: 0x015a9020
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2010-11-06 18:08:41 UTC+0000|[Handle (Key)]| USER\.DEFAULT| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2010-11-06 18:16:22 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPT32CHAIN| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\CRYPTNET| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2010-11-06 18:09:27 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\SCLGNTFY| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2010-11-06 18:16:12 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\TPSVC| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2011-10-10 17:03:59 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2011-10-10 17:03:59 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2011-10-10 17:03:59 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\CREDENTIALS| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2010-11-06 18:13:41 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\SETUP| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2010-11-06 18:16:18 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORKPROVIDER\HWORDER| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2011-10-10 16:44:25 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2011-10-10 17:06:42 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2011-10-10 16:41:13 UTC+0000|[Handle (Key)]| USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2011-10-10 16:41:13 UTC+0000|[Handle (Key)]| USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\MUICACHE| winlogon.exe PID: 632/PPID: 536/POffset: 0x015a9020
2004-08-04 06:14:52 UTC+0000|[PE HEADER (exe)]| winlogon.exe| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x01000000
-|[PE DEBUG]| winlogon.exe| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x01000000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x7c900000
2004-08-04 07:57:03 UTC+0000|[PE HEADER (dll)]| MSACM32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77be0000
-|[PE DEBUG]| MSACM32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77be0000
2004-08-04 07:56:08 UTC+0000|[PE HEADER (dll)]| cscui.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77a20000
-|[PE DEBUG]| cscui.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77a20000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77f60000
2004-08-04 07:56:55 UTC+0000|[PE HEADER (dll)]| PROFMAP.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x75930000
-|[PE DEBUG]| PROFMAP.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x75930000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| snmpapi.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x71f60000
-|[PE DEBUG]| snmpapi.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x71f60000
2004-08-04 07:58:01 UTC+0000|[PE HEADER (dll)]| MSGINA.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x75970000
-|[PE DEBUG]| MSGINA.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x75970000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| rtutils.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76e80000
-|[PE DEBUG]| rtutils.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76e80000
2009-04-07 14:39:10 UTC+0000|[PE HEADER (dll)]| mfc42ul.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x10000000
-|[PE DEBUG]| mfc42ul.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x10000000
2004-08-04 07:56:25 UTC+0000|[PE HEADER (dll)]| midimap.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77bd0000
2004-08-04 05:58:38 UTC+0000|[PE DEBUG]| midimap.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77bd0000
2004-08-04 07:57:17 UTC+0000|[PE HEADER (dll)]| ODBC32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x74320000
-|[PE DEBUG]| ODBC32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x74320000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| Apphelp.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77b40000
-|[PE DEBUG]| Apphelp.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77b40000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| WlNotify.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x75950000
-|[PE DEBUG]| WlNotify.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x75950000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| REGAPI.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76bc0000
-|[PE DEBUG]| REGAPI.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76bc0000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77dd0000
2004-08-04 07:56:49 UTC+0000|[PE HEADER (dll)]| Secur32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77fe0000
-|[PE DEBUG]| Secur32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77fe0000
2004-08-04 07:57:25 UTC+0000|[PE HEADER (dll)]| odbcint.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x20000000
-|[PE DEBUG]| odbcint.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x20000000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77c00000
-|[PE DEBUG]| VERSION.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77c00000
2004-08-04 07:56:13 UTC+0000|[PE HEADER (dll)]| adsldpc.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76e10000
-|[PE DEBUG]| adsldpc.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76e10000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| WINSTA.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76360000
-|[PE DEBUG]| WINSTA.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76360000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| WINSCARD.DLL| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x723d0000
-|[PE DEBUG]| WINSCARD.DLL| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x723d0000
2004-07-07 02:17:12 UTC+0000|[PE HEADER (dll)]| rsaenh.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x0ffd0000
-|[PE DEBUG]| rsaenh.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x0ffd0000
2004-08-04 07:56:28 UTC+0000|[PE HEADER (dll)]| NETAPI32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x5b860000
-|[PE DEBUG]| NETAPI32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x5b860000
2004-08-04 07:56:34 UTC+0000|[PE HEADER (dll)]| sfc.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76bb0000
-|[PE DEBUG]| sfc.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76bb0000
2004-08-04 07:56:24 UTC+0000|[PE HEADER (dll)]| NDdeApi.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x75940000
-|[PE DEBUG]| NDdeApi.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x75940000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| xpsp2res.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x014a0000
-|[PE DEBUG]| xpsp2res.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x014a0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x71ab0000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| wldap32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76f60000
-|[PE DEBUG]| wldap32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76f60000
2004-08-04 07:56:35 UTC+0000|[PE HEADER (dll)]| sfc_os.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76c60000
-|[PE DEBUG]| sfc_os.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76c60000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| OLEAUT32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77120000
-|[PE DEBUG]| OLEAUT32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77120000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x774e0000
2004-08-04 07:57:10 UTC+0000|[PE HEADER (dll)]| WINMM.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76b40000
-|[PE DEBUG]| WINMM.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76b40000
2004-08-04 07:56:38 UTC+0000|[PE HEADER (dll)]| WINSPOOL.DRV| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x73000000
-|[PE DEBUG]| WINSPOOL.DRV| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x73000000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77f10000
-|[PE DEBUG]| GDI32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77f10000
2004-08-04 07:56:32 UTC+0000|[PE HEADER (dll)]| SETUPAPI.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77920000
-|[PE DEBUG]| SETUPAPI.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77920000
2004-08-04 07:56:03 UTC+0000|[PE HEADER (dll)]| ACTIVEDS.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77cc0000
-|[PE DEBUG]| ACTIVEDS.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77cc0000
2004-08-04 07:56:47 UTC+0000|[PE HEADER (dll)]| MPRAPI.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76d40000
-|[PE DEBUG]| MPRAPI.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76d40000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77d40000
2004-08-04 06:14:57 UTC+0000|[PE HEADER (dll)]| sxs.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x75e90000
-|[PE DEBUG]| sxs.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x75e90000
2004-08-04 07:57:55 UTC+0000|[PE HEADER (dll)]| WTSAPI32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76f50000
-|[PE DEBUG]| WTSAPI32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76f50000
2004-08-04 07:56:10 UTC+0000|[PE HEADER (dll)]| iphlpapi.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76d60000
-|[PE DEBUG]| iphlpapi.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76d60000
2004-08-04 07:56:18 UTC+0000|[PE HEADER (dll)]| CLBCATQ.DLL| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76fd0000
-|[PE DEBUG]| CLBCATQ.DLL| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76fd0000
2004-08-04 07:56:29 UTC+0000|[PE HEADER (dll)]| SAMLIB.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x71bf0000
-|[PE DEBUG]| SAMLIB.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x71bf0000
2004-08-04 07:56:32 UTC+0000|[PE HEADER (dll)]| comdlg32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x763b0000
-|[PE DEBUG]| comdlg32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x763b0000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| USERENV.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x769c0000
-|[PE DEBUG]| USERENV.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x769c0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x7c800000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x773d0000
-|[PE DEBUG]| comctl32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x773d0000
2004-08-04 07:56:55 UTC+0000|[PE HEADER (dll)]| ATL.DLL| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76b20000
-|[PE DEBUG]| ATL.DLL| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76b20000
2004-08-04 07:56:58 UTC+0000|[PE HEADER (dll)]| PSAPI.DLL| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76bf0000
-|[PE DEBUG]| PSAPI.DLL| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76bf0000
2004-08-04 07:56:46 UTC+0000|[PE HEADER (dll)]| MPR.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x71b20000
-|[PE DEBUG]| MPR.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x71b20000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| cscdll.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76600000
-|[PE DEBUG]| cscdll.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76600000
2004-08-04 07:57:02 UTC+0000|[PE HEADER (dll)]| NTMARTA.DLL| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77690000
-|[PE DEBUG]| NTMARTA.DLL| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77690000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77c10000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77e70000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| uxtheme.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x5ad70000
-|[PE DEBUG]| uxtheme.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x5ad70000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| WINTRUST.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76c30000
-|[PE DEBUG]| WINTRUST.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76c30000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x7c9c0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| COMRes.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77050000
-|[PE DEBUG]| COMRes.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77050000
2004-08-04 07:59:11 UTC+0000|[PE HEADER (dll)]| msv1_0.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77c70000
-|[PE DEBUG]| msv1_0.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77c70000
2004-08-04 07:56:54 UTC+0000|[PE HEADER (dll)]| wdmaud.drv| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x72d20000
2004-08-04 06:07:49 UTC+0000|[PE DEBUG]| wdmaud.drv| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x72d20000
2004-08-04 07:56:01 UTC+0000|[PE HEADER (dll)]| CRYPT32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77a80000
-|[PE DEBUG]| CRYPT32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77a80000
2004-08-04 07:56:25 UTC+0000|[PE HEADER (dll)]| IMAGEHLP.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76c90000
-|[PE DEBUG]| IMAGEHLP.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x76c90000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x71aa0000
-|[PE DEBUG]| WS2HELP.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x71aa0000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| AUTHZ.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x776c0000
-|[PE DEBUG]| AUTHZ.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x776c0000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| COMCTL32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x5d090000
-|[PE DEBUG]| COMCTL32.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x5d090000
2004-08-04 07:56:47 UTC+0000|[PE HEADER (dll)]| SHSVCS.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x776e0000
-|[PE DEBUG]| SHSVCS.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x776e0000
2004-08-04 07:57:23 UTC+0000|[PE HEADER (dll)]| MSASN1.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77b20000
-|[PE DEBUG]| MSASN1.dll| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x77b20000
2001-08-18 05:33:30 UTC+0000|[PE HEADER (dll)]| msacm32.drv| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x72d10000
2001-08-17 20:46:45 UTC+0000|[PE DEBUG]| msacm32.drv| Process: winlogon.exe/PID: 632/PPID: 536/Process POffset: 0x015a9020/DLL Base: 0x72d10000
2011-10-10 17:03:58 UTC+0000|[PROCESS]| services.exe| PID: 676/PPID: 632/POffset: 0x018da020
2011-10-10 17:03:58 UTC+0000|[PROCESS LastTrimTime]| services.exe| PID: 676/PPID: 632/POffset: 0x018da020
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE\ALTERNATE SORTS| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LANGUAGE GROUPS| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2010-11-06 13:05:12 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\ENUM| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2011-10-10 17:02:47 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\CLASS| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PERHWIDSTORAGE| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2010-11-06 18:16:18 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORKPROVIDER\ORDER| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2010-11-06 18:07:11 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\SERVICEGROUPORDER| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2011-10-10 17:04:45 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\SERVICECURRENT| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2011-10-10 16:41:13 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2010-11-06 18:13:42 UTC+0000|[Handle (Key)]| USER\S-1-5-20| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2010-11-06 18:08:41 UTC+0000|[Handle (Key)]| USER\.DEFAULT| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| USER\S-1-5-19| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2010-11-06 18:13:42 UTC+0000|[Handle (Key)]| USER\S-1-5-20| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| USER\S-1-5-19| services.exe PID: 676/PPID: 632/POffset: 0x018da020
2004-08-04 06:14:11 UTC+0000|[PE HEADER (exe)]| services.exe| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x01000000
2004-08-04 06:14:11 UTC+0000|[PE DEBUG]| services.exe| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x01000000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x7c900000
2004-08-04 07:57:10 UTC+0000|[PE HEADER (dll)]| WINMM.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x76b40000
-|[PE DEBUG]| WINMM.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x76b40000
2004-08-04 07:57:03 UTC+0000|[PE HEADER (dll)]| MSACM32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77be0000
-|[PE DEBUG]| MSACM32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77be0000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| WINSTA.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x76360000
2004-08-04 06:17:48 UTC+0000|[PE DEBUG]| WINSTA.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x76360000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77c00000
2004-08-04 06:14:58 UTC+0000|[PE DEBUG]| VERSION.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77c00000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| UxTheme.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x5ad70000
-|[PE DEBUG]| UxTheme.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x5ad70000
2009-04-07 14:39:10 UTC+0000|[PE HEADER (dll)]| mfc42ul.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x10000000
-|[PE DEBUG]| mfc42ul.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x10000000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| Apphelp.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77b40000
-|[PE DEBUG]| Apphelp.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77b40000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77dd0000
2004-08-04 07:56:49 UTC+0000|[PE HEADER (dll)]| secur32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77fe0000
-|[PE DEBUG]| secur32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77fe0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x7c800000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77d40000
2004-08-04 07:56:28 UTC+0000|[PE HEADER (dll)]| NETAPI32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x5b860000
-|[PE DEBUG]| NETAPI32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x5b860000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77e70000
2004-08-04 07:59:13 UTC+0000|[PE HEADER (dll)]| MSVCP60.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x76080000
-|[PE DEBUG]| MSVCP60.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x76080000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x71ab0000
2004-08-04 07:56:37 UTC+0000|[PE HEADER (dll)]| umpnpmgr.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x758c0000
2004-08-04 06:15:03 UTC+0000|[PE DEBUG]| umpnpmgr.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x758c0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x774e0000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77f10000
2004-08-04 06:14:43 UTC+0000|[PE DEBUG]| GDI32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77f10000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| OLEAUT32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77120000
-|[PE DEBUG]| OLEAUT32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77120000
2004-08-04 07:57:55 UTC+0000|[PE HEADER (dll)]| wtsapi32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x76f50000
2004-08-04 06:01:27 UTC+0000|[PE DEBUG]| wtsapi32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x76f50000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| snmpapi.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x71f60000
2004-08-04 06:05:57 UTC+0000|[PE DEBUG]| snmpapi.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x71f60000
2004-08-04 07:56:21 UTC+0000|[PE HEADER (dll)]| NCObjAPI.DLL| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x5f770000
2004-08-04 06:14:11 UTC+0000|[PE DEBUG]| NCObjAPI.DLL| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x5f770000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| USERENV.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x769c0000
-|[PE DEBUG]| USERENV.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x769c0000
2004-08-04 07:55:58 UTC+0000|[PE HEADER (dll)]| AcGenral.DLL| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x6f880000
2004-08-04 06:04:41 UTC+0000|[PE DEBUG]| AcGenral.DLL| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x6f880000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x773d0000
2004-08-04 07:56:58 UTC+0000|[PE HEADER (dll)]| PSAPI.DLL| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x76bf0000
2004-08-04 06:14:30 UTC+0000|[PE DEBUG]| PSAPI.DLL| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x76bf0000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77c10000
2004-08-04 07:56:42 UTC+0000|[PE HEADER (dll)]| ShimEng.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x5cb70000
2004-08-04 06:04:52 UTC+0000|[PE DEBUG]| ShimEng.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x5cb70000
2004-08-04 07:56:05 UTC+0000|[PE HEADER (dll)]| eventlog.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77b70000
-|[PE DEBUG]| eventlog.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77b70000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x7c9c0000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x77f60000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x71aa0000
2004-08-04 06:14:48 UTC+0000|[PE DEBUG]| WS2HELP.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x71aa0000
2004-08-04 07:56:38 UTC+0000|[PE HEADER (dll)]| SCESRV.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x758e0000
-|[PE DEBUG]| SCESRV.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x758e0000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| AUTHZ.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x776c0000
2004-08-04 06:16:09 UTC+0000|[PE DEBUG]| AUTHZ.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x776c0000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x5d090000
-|[PE DEBUG]| comctl32.dll| Process: services.exe/PID: 676/PPID: 632/Process POffset: 0x018da020/DLL Base: 0x5d090000
2011-10-10 17:04:01 UTC+0000|[PROCESS]| alg.exe| PID: 1616/PPID: 676/POffset: 0x0156c5a0
2011-10-10 17:04:01 UTC+0000|[PROCESS LastTrimTime]| alg.exe| PID: 1616/PPID: 676/POffset: 0x0156c5a0
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| USER\S-1-5-19_CLASSES| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| USER\S-1-5-19_CLASSES| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| USER\S-1-5-19_CLASSES| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2010-11-06 18:05:58 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\ALG\ISV| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| USER\S-1-5-19_CLASSES| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2010-11-06 18:16:22 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5| alg.exe PID: 1616/PPID: 676/POffset: 0x0156c5a0
2004-08-04 05:59:56 UTC+0000|[PE HEADER (exe)]| alg.exe| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x01000000
2004-08-04 05:59:56 UTC+0000|[PE DEBUG]| alg.exe| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x01000000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x7c900000
2004-08-04 07:57:10 UTC+0000|[PE HEADER (dll)]| WINMM.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x76b40000
-|[PE DEBUG]| WINMM.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x76b40000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77f60000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| UxTheme.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x5ad70000
-|[PE DEBUG]| UxTheme.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x5ad70000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| xpsp2res.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x20000000
-|[PE DEBUG]| xpsp2res.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x20000000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| USERENV.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x769c0000
-|[PE DEBUG]| USERENV.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x769c0000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77dd0000
2004-08-04 07:57:03 UTC+0000|[PE HEADER (dll)]| MSACM32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77be0000
-|[PE DEBUG]| MSACM32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77be0000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77c00000
2004-08-04 06:14:58 UTC+0000|[PE DEBUG]| VERSION.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77c00000
2004-08-04 07:56:18 UTC+0000|[PE HEADER (dll)]| CLBCATQ.DLL| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x76fd0000
2004-08-04 06:14:45 UTC+0000|[PE DEBUG]| CLBCATQ.DLL| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x76fd0000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77d40000
2004-08-04 07:59:20 UTC+0000|[PE HEADER (dll)]| MSWSOCK.DLL| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x71a50000
-|[PE DEBUG]| MSWSOCK.DLL| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x71a50000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77e70000
2004-08-04 07:55:58 UTC+0000|[PE HEADER (dll)]| AcGenral.DLL| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x6f880000
2004-08-04 06:04:41 UTC+0000|[PE DEBUG]| AcGenral.DLL| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x6f880000
2004-08-04 07:57:49 UTC+0000|[PE HEADER (dll)]| wshtcpip.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x71a90000
2004-08-04 06:14:51 UTC+0000|[PE DEBUG]| wshtcpip.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x71a90000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x71ab0000
2004-08-04 07:57:51 UTC+0000|[PE HEADER (dll)]| WSOCK32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x71ad0000
2004-08-04 06:14:51 UTC+0000|[PE DEBUG]| WSOCK32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x71ad0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x774e0000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77f10000
2004-08-04 06:14:43 UTC+0000|[PE DEBUG]| GDI32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77f10000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| OLEAUT32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77120000
-|[PE DEBUG]| OLEAUT32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77120000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x7c9c0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x7c800000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x773d0000
2004-08-04 07:56:16 UTC+0000|[PE HEADER (dll)]| hnetcfg.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x662b0000
2004-08-04 05:59:59 UTC+0000|[PE DEBUG]| hnetcfg.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x662b0000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77c10000
2004-08-04 07:56:42 UTC+0000|[PE HEADER (dll)]| ShimEng.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x5cb70000
2004-08-04 06:04:52 UTC+0000|[PE DEBUG]| ShimEng.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x5cb70000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| COMRes.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77050000
2004-07-12 19:30:21 UTC+0000|[PE DEBUG]| COMRes.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x77050000
2004-08-04 07:56:55 UTC+0000|[PE HEADER (dll)]| ATL.DLL| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x76b20000
2004-08-04 06:00:13 UTC+0000|[PE DEBUG]| ATL.DLL| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x76b20000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x5d090000
-|[PE DEBUG]| comctl32.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x5d090000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x71aa0000
2004-08-04 06:14:48 UTC+0000|[PE DEBUG]| WS2HELP.dll| Process: alg.exe/PID: 1616/PPID: 676/Process POffset: 0x0156c5a0/DLL Base: 0x71aa0000
2011-10-10 17:04:41 UTC+0000|[PROCESS]| VMwareTray.exe| PID: 184/PPID: 1956/POffset: 0x018d63d0
2011-10-10 17:04:41 UTC+0000|[PROCESS LastTrimTime]| VMwareTray.exe| PID: 184/PPID: 1956/POffset: 0x018d63d0
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| VMwareTray.exe PID: 184/PPID: 1956/POffset: 0x018d63d0
2011-10-10 17:06:42 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500| VMwareTray.exe PID: 184/PPID: 1956/POffset: 0x018d63d0
2010-04-01 00:09:12 UTC+0000|[PE HEADER (exe)]| VMwareTray.exe| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x00400000
2010-04-01 00:09:12 UTC+0000|[PE DEBUG]| VMwareTray.exe| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x00400000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x7c900000
2006-12-02 06:50:32 UTC+0000|[PE HEADER (dll)]| MSVCR80.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x78130000
2006-12-02 06:50:32 UTC+0000|[PE DEBUG]| MSVCR80.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x78130000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x77f60000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| uxtheme.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x5ad70000
-|[PE DEBUG]| uxtheme.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x5ad70000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| shfolder.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x76780000
2004-08-04 06:14:11 UTC+0000|[PE DEBUG]| shfolder.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x76780000
2010-04-01 00:07:33 UTC+0000|[PE HEADER (dll)]| VMControlPanel.cpl| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x10000000
2010-04-01 00:07:33 UTC+0000|[PE DEBUG]| VMControlPanel.cpl| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x10000000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x77dd0000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x77c00000
-|[PE DEBUG]| VERSION.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x77c00000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| snmpapi.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x71f60000
2004-08-04 06:05:57 UTC+0000|[PE DEBUG]| snmpapi.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x71f60000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x77e70000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x71ab0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x774e0000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x77f10000
-|[PE DEBUG]| GDI32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x77f10000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x77d40000
2009-04-07 14:39:10 UTC+0000|[PE HEADER (dll)]| mfc42ul.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x00390000
-|[PE DEBUG]| mfc42ul.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x00390000
2004-08-04 07:56:32 UTC+0000|[PE HEADER (dll)]| COMDLG32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x763b0000
2004-08-04 06:15:12 UTC+0000|[PE DEBUG]| COMDLG32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x763b0000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x7c9c0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x7c800000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x773d0000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x77c10000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| COMCTL32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x5d090000
-|[PE DEBUG]| COMCTL32.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x5d090000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x71aa0000
-|[PE DEBUG]| WS2HELP.dll| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x71aa0000
2006-12-02 08:07:20 UTC+0000|[PE HEADER (dll)]| MFC80U.DLL| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x782e0000
2006-12-02 08:07:20 UTC+0000|[PE DEBUG]| MFC80U.DLL| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x782e0000
2006-12-02 08:07:59 UTC+0000|[PE HEADER (dll)]| MFC80ENU.DLL| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x5d360000
-|[PE DEBUG]| MFC80ENU.DLL| Process: VMwareTray.exe/PID: 184/PPID: 1956/Process POffset: 0x018d63d0/DLL Base: 0x5d360000
2011-10-10 17:03:59 UTC+0000|[PROCESS]| svchost.exe| PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-10 17:03:59 UTC+0000|[PROCESS LastTrimTime]| svchost.exe| PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 18:13:42 UTC+0000|[Handle (Key)]| USER\S-1-5-20_CLASSES| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\APPID| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\OLE| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\OLE| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-04 17:56:34 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\POLICIES| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-04 17:56:34 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\POLICIES| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 18:16:22 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-10 16:44:25 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| svchost.exe PID: 916/PPID: 676/POffset: 0x019757f0
2004-08-04 06:14:46 UTC+0000|[PE HEADER (exe)]| svchost.exe| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x01000000
2004-08-04 06:14:46 UTC+0000|[PE DEBUG]| svchost.exe| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x01000000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x7c900000
2004-08-04 07:57:10 UTC+0000|[PE HEADER (dll)]| WINMM.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76b40000
-|[PE DEBUG]| WINMM.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76b40000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| USERENV.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x769c0000
-|[PE DEBUG]| USERENV.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x769c0000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77f60000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| UxTheme.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x5ad70000
-|[PE DEBUG]| UxTheme.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x5ad70000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| xpsp2res.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x20000000
-|[PE DEBUG]| xpsp2res.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x20000000
2004-08-04 07:56:24 UTC+0000|[PE HEADER (dll)]| rasadhlp.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76fc0000
2004-08-04 06:14:12 UTC+0000|[PE DEBUG]| rasadhlp.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76fc0000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77dd0000
2004-08-04 07:57:03 UTC+0000|[PE HEADER (dll)]| MSACM32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77be0000
-|[PE DEBUG]| MSACM32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77be0000
2004-08-04 07:57:49 UTC+0000|[PE HEADER (dll)]| wshtcpip.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x71a90000
2004-08-04 06:14:51 UTC+0000|[PE DEBUG]| wshtcpip.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x71a90000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77c00000
2004-08-04 06:14:58 UTC+0000|[PE DEBUG]| VERSION.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77c00000
2004-08-04 07:56:45 UTC+0000|[PE HEADER (dll)]| DNSAPI.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76f20000
2004-08-04 06:15:51 UTC+0000|[PE DEBUG]| DNSAPI.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76f20000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77d40000
2004-08-04 07:59:20 UTC+0000|[PE HEADER (dll)]| mswsock.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x71a50000
-|[PE DEBUG]| mswsock.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x71a50000
2004-08-04 07:55:58 UTC+0000|[PE HEADER (dll)]| AcGenral.DLL| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x6f880000
2004-08-04 06:04:41 UTC+0000|[PE DEBUG]| AcGenral.DLL| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x6f880000
2004-07-07 02:17:12 UTC+0000|[PE HEADER (dll)]| rsaenh.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x0ffd0000
2004-07-07 00:30:07 UTC+0000|[PE DEBUG]| rsaenh.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x0ffd0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x71ab0000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| WLDAP32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76f60000
2004-08-04 06:16:35 UTC+0000|[PE DEBUG]| WLDAP32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76f60000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x774e0000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77f10000
2004-08-04 06:14:43 UTC+0000|[PE DEBUG]| GDI32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77f10000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| OLEAUT32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77120000
-|[PE DEBUG]| OLEAUT32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77120000
2004-08-04 07:56:18 UTC+0000|[PE HEADER (dll)]| CLBCATQ.DLL| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76fd0000
2004-08-04 06:14:45 UTC+0000|[PE DEBUG]| CLBCATQ.DLL| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76fd0000
2004-08-04 07:56:10 UTC+0000|[PE HEADER (dll)]| iphlpapi.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76d60000
2004-08-04 06:14:22 UTC+0000|[PE DEBUG]| iphlpapi.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76d60000
2004-08-04 07:56:42 UTC+0000|[PE HEADER (dll)]| ShimEng.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x5cb70000
2004-08-04 06:04:52 UTC+0000|[PE DEBUG]| ShimEng.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x5cb70000
2004-08-04 07:56:35 UTC+0000|[PE HEADER (dll)]| winrnr.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76fb0000
-|[PE DEBUG]| winrnr.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76fb0000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x7c9c0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x7c800000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x773d0000
2004-08-04 07:56:16 UTC+0000|[PE HEADER (dll)]| hnetcfg.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x662b0000
2004-08-04 05:59:59 UTC+0000|[PE DEBUG]| hnetcfg.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x662b0000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77c10000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77e70000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| COMRes.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77050000
2004-07-12 19:30:21 UTC+0000|[PE DEBUG]| COMRes.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77050000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| rpcss.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76a80000
-|[PE DEBUG]| rpcss.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x76a80000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x5d090000
-|[PE DEBUG]| comctl32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x5d090000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x71aa0000
2004-08-04 06:14:48 UTC+0000|[PE DEBUG]| WS2HELP.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x71aa0000
2004-08-04 07:56:49 UTC+0000|[PE HEADER (dll)]| Secur32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77fe0000
-|[PE DEBUG]| Secur32.dll| Process: svchost.exe/PID: 916/PPID: 676/Process POffset: 0x019757f0/DLL Base: 0x77fe0000
2011-10-10 17:03:58 UTC+0000|[PROCESS]| lsass.exe| PID: 688/PPID: 632/POffset: 0x015c4020
2011-10-10 17:03:58 UTC+0000|[PROCESS LastTrimTime]| lsass.exe| PID: 688/PPID: 632/POffset: 0x015c4020
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 18:16:18 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORKPROVIDER\HWORDER| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 18:13:39 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\SSPICACHE\MSAPSSPC.DLL| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 18:13:39 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\SSPICACHE\DIGEST.DLL| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 18:13:39 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\SSPICACHE\MSNSSPC.DLL| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE\SECURITY| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2011-10-10 17:03:59 UTC+0000|[Handle (Key)]| MACHINE\SECURITY\RXACT| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 18:05:34 UTC+0000|[Handle (Key)]| MACHINE\SECURITY\POLICY| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\AUDIT\PERUSERAUDITING\SYSTEM| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\KERBEROS| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 18:05:34 UTC+0000|[Handle (Key)]| MACHINE\SECURITY\POLICY| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\KERBEROS\SIDCACHE| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\KERBEROS\DOMAINS| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 18:16:22 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2011-10-10 16:44:25 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 13:02:46 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\MSV1_0| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 18:05:34 UTC+0000|[Handle (Key)]| MACHINE\SECURITY\POLICY| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\SECURITYPROVIDERS\WDIGEST| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY\PROTECT\PROVIDERS\DF9D8CD0-1501-11D1-8C7A-00C04FC297EB| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 13:01:56 UTC+0000|[Handle (Key)]| MACHINE\SAM\SAM| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 13:01:55 UTC+0000|[Handle (Key)]| MACHINE\SAM\SAM\RXACT| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SAM\SAM\DOMAINS\BUILTIN| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2011-10-10 16:43:20 UTC+0000|[Handle (Key)]| MACHINE\SAM\SAM\DOMAINS\ACCOUNT| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2010-11-06 18:05:34 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\IPSEC| lsass.exe PID: 688/PPID: 632/POffset: 0x015c4020
2004-08-04 05:59:41 UTC+0000|[PE HEADER (exe)]| lsass.exe| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x01000000
2004-08-04 05:59:41 UTC+0000|[PE DEBUG]| lsass.exe| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x01000000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x7c900000
2004-08-04 07:56:59 UTC+0000|[PE HEADER (dll)]| psbase.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x743c0000
-|[PE DEBUG]| psbase.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x743c0000
2004-08-04 07:57:10 UTC+0000|[PE HEADER (dll)]| WINMM.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x76b40000
-|[PE DEBUG]| WINMM.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x76b40000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77d40000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| WLDAP32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x76f60000
2004-08-04 06:16:35 UTC+0000|[PE DEBUG]| WLDAP32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x76f60000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77c00000
2004-08-04 06:14:58 UTC+0000|[PE DEBUG]| VERSION.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77c00000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| UxTheme.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x5ad70000
-|[PE DEBUG]| UxTheme.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x5ad70000
2004-08-04 07:56:53 UTC+0000|[PE HEADER (dll)]| wdigest.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x74380000
2004-08-04 05:59:56 UTC+0000|[PE DEBUG]| wdigest.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x74380000
2009-04-07 14:39:10 UTC+0000|[PE HEADER (dll)]| mfc42ul.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x10000000
-|[PE DEBUG]| mfc42ul.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x10000000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| USERENV.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x769c0000
-|[PE DEBUG]| USERENV.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x769c0000
2004-08-04 07:56:57 UTC+0000|[PE HEADER (dll)]| NTDSAPI.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x767a0000
2004-08-04 06:15:44 UTC+0000|[PE DEBUG]| NTDSAPI.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x767a0000
2004-08-04 07:56:10 UTC+0000|[PE HEADER (dll)]| iphlpapi.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x76d60000
2004-08-04 06:14:22 UTC+0000|[PE DEBUG]| iphlpapi.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x76d60000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77dd0000
2004-08-04 07:56:01 UTC+0000|[PE HEADER (dll)]| CRYPT32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77a80000
-|[PE DEBUG]| CRYPT32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77a80000
2004-08-04 07:56:49 UTC+0000|[PE HEADER (dll)]| Secur32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77fe0000
-|[PE DEBUG]| Secur32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77fe0000
2004-08-04 07:57:49 UTC+0000|[PE HEADER (dll)]| wshtcpip.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71a90000
2004-08-04 06:14:51 UTC+0000|[PE DEBUG]| wshtcpip.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71a90000
2004-08-04 07:56:37 UTC+0000|[PE HEADER (dll)]| scecli.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x74410000
-|[PE DEBUG]| scecli.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x74410000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x7c800000
2004-08-04 07:57:04 UTC+0000|[PE HEADER (dll)]| pstorsvc.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x743a0000
2004-08-04 06:15:55 UTC+0000|[PE DEBUG]| pstorsvc.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x743a0000
2004-08-04 07:56:46 UTC+0000|[PE HEADER (dll)]| MPR.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71b20000
-|[PE DEBUG]| MPR.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71b20000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| SAMSRV.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x74440000
-|[PE DEBUG]| SAMSRV.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x74440000
2004-08-04 07:59:20 UTC+0000|[PE HEADER (dll)]| mswsock.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71a50000
-|[PE DEBUG]| mswsock.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71a50000
2004-08-04 07:56:28 UTC+0000|[PE HEADER (dll)]| NETAPI32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x5b860000
-|[PE DEBUG]| NETAPI32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x5b860000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| schannel.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x767f0000
-|[PE DEBUG]| schannel.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x767f0000
2004-08-04 07:55:58 UTC+0000|[PE HEADER (dll)]| AcGenral.DLL| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x6f880000
2004-08-04 06:04:41 UTC+0000|[PE DEBUG]| AcGenral.DLL| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x6f880000
2004-08-04 07:56:21 UTC+0000|[PE HEADER (dll)]| oakley.DLL| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x75d90000
2004-08-04 06:14:58 UTC+0000|[PE DEBUG]| oakley.DLL| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x75d90000
2004-07-07 02:17:12 UTC+0000|[PE HEADER (dll)]| rsaenh.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x0ffd0000
2004-07-07 00:30:07 UTC+0000|[PE DEBUG]| rsaenh.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x0ffd0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71ab0000
2004-08-04 07:57:09 UTC+0000|[PE HEADER (dll)]| WINIPSEC.DLL| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x74370000
2004-08-04 06:00:51 UTC+0000|[PE DEBUG]| WINIPSEC.DLL| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x74370000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x774e0000
2004-08-04 07:56:32 UTC+0000|[PE HEADER (dll)]| SETUPAPI.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77920000
-|[PE DEBUG]| SETUPAPI.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77920000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| AUTHZ.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x776c0000
2004-08-04 06:16:09 UTC+0000|[PE DEBUG]| AUTHZ.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x776c0000
2004-08-04 07:56:15 UTC+0000|[PE HEADER (dll)]| ipsecsvc.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x743e0000
-|[PE DEBUG]| ipsecsvc.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x743e0000
2004-08-04 07:59:13 UTC+0000|[PE HEADER (dll)]| MSVCP60.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x76080000
-|[PE DEBUG]| MSVCP60.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x76080000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77f10000
2004-08-04 06:14:43 UTC+0000|[PE DEBUG]| GDI32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77f10000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| OLEAUT32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77120000
-|[PE DEBUG]| OLEAUT32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77120000
2004-08-04 07:56:29 UTC+0000|[PE HEADER (dll)]| LSASRV.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x75730000
-|[PE DEBUG]| LSASRV.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x75730000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| snmpapi.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71f60000
2004-08-04 06:05:57 UTC+0000|[PE DEBUG]| snmpapi.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71f60000
2004-08-04 07:56:42 UTC+0000|[PE HEADER (dll)]| ShimEng.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x5cb70000
2004-08-04 06:04:52 UTC+0000|[PE DEBUG]| ShimEng.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x5cb70000
2004-08-04 07:56:34 UTC+0000|[PE HEADER (dll)]| w32time.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x767c0000
2004-08-04 06:16:07 UTC+0000|[PE DEBUG]| w32time.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x767c0000
2004-08-04 07:56:02 UTC+0000|[PE HEADER (dll)]| cryptdll.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x76790000
2004-08-04 06:16:45 UTC+0000|[PE DEBUG]| cryptdll.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x76790000
2004-08-04 07:58:58 UTC+0000|[PE HEADER (dll)]| msprivs.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x20000000
-|[PE DEBUG]| msprivs.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x20000000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x7c9c0000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x773d0000
2004-08-04 07:56:29 UTC+0000|[PE HEADER (dll)]| SAMLIB.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71bf0000
-|[PE DEBUG]| SAMLIB.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71bf0000
2004-08-04 07:56:16 UTC+0000|[PE HEADER (dll)]| hnetcfg.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x662b0000
2004-08-04 05:59:59 UTC+0000|[PE DEBUG]| hnetcfg.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x662b0000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77c10000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77e70000
2004-05-15 01:06:23 UTC+0000|[PE HEADER (dll)]| dssenh.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x68100000
2004-05-15 01:06:23 UTC+0000|[PE DEBUG]| dssenh.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x68100000
2004-08-04 07:59:11 UTC+0000|[PE HEADER (dll)]| msv1_0.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77c70000
2004-08-04 06:17:06 UTC+0000|[PE DEBUG]| msv1_0.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77c70000
2004-08-04 07:56:45 UTC+0000|[PE HEADER (dll)]| DNSAPI.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x76f20000
2004-08-04 06:15:51 UTC+0000|[PE DEBUG]| DNSAPI.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x76f20000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x5d090000
-|[PE DEBUG]| comctl32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x5d090000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77f60000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71aa0000
2004-08-04 06:14:48 UTC+0000|[PE DEBUG]| WS2HELP.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71aa0000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| netlogon.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x744b0000
-|[PE DEBUG]| netlogon.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x744b0000
2004-08-04 07:57:03 UTC+0000|[PE HEADER (dll)]| MSACM32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77be0000
-|[PE DEBUG]| MSACM32.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77be0000
2004-08-04 07:56:22 UTC+0000|[PE HEADER (dll)]| kerberos.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71cf0000
-|[PE DEBUG]| kerberos.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x71cf0000
2004-08-04 07:57:23 UTC+0000|[PE HEADER (dll)]| MSASN1.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77b20000
-|[PE DEBUG]| MSASN1.dll| Process: lsass.exe/PID: 688/PPID: 632/Process POffset: 0x015c4020/DLL Base: 0x77b20000
2011-10-10 17:03:59 UTC+0000|[PROCESS]| vmacthlp.exe| PID: 832/PPID: 676/POffset: 0x01972ca8
2011-10-10 17:03:59 UTC+0000|[PROCESS LastTrimTime]| vmacthlp.exe| PID: 832/PPID: 676/POffset: 0x01972ca8
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| vmacthlp.exe PID: 832/PPID: 676/POffset: 0x01972ca8
2010-04-01 00:14:13 UTC+0000|[PE HEADER (exe)]| vmacthlp.exe| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x00400000
2010-04-01 00:14:13 UTC+0000|[PE DEBUG]| vmacthlp.exe| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x00400000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x7c900000
2006-12-02 06:50:32 UTC+0000|[PE HEADER (dll)]| MSVCR80.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x78130000
2006-12-02 06:50:32 UTC+0000|[PE DEBUG]| MSVCR80.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x78130000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x77d40000
2006-12-02 06:52:56 UTC+0000|[PE HEADER (dll)]| MSVCP80.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x7c420000
2006-12-02 06:52:56 UTC+0000|[PE DEBUG]| MSVCP80.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x7c420000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x77c10000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| snmpapi.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x71f60000
2004-08-04 06:05:57 UTC+0000|[PE DEBUG]| snmpapi.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x71f60000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x77c00000
-|[PE DEBUG]| VERSION.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x77c00000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x77e70000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x773d0000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| SHFOLDER.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x76780000
2004-08-04 06:14:11 UTC+0000|[PE DEBUG]| SHFOLDER.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x76780000
2009-04-07 14:39:10 UTC+0000|[PE HEADER (dll)]| mfc42ul.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x10000000
-|[PE DEBUG]| mfc42ul.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x10000000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x5d090000
-|[PE DEBUG]| comctl32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x5d090000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x71aa0000
-|[PE DEBUG]| WS2HELP.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x71aa0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x71ab0000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x77f60000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x774e0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x7c800000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x77f10000
-|[PE DEBUG]| GDI32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x77f10000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: vmacthlp.exe/PID: 832/PPID: 676/Process POffset: 0x01972ca8/DLL Base: 0x77dd0000
2011-10-10 17:06:42 UTC+0000|[PROCESS]| cmd.exe| PID: 544/PPID: 1956/POffset: 0x019a34b0
2011-10-10 17:06:42 UTC+0000|[PROCESS LastTrimTime]| cmd.exe| PID: 544/PPID: 1956/POffset: 0x019a34b0
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| cmd.exe PID: 544/PPID: 1956/POffset: 0x019a34b0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| cmd.exe PID: 544/PPID: 1956/POffset: 0x019a34b0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| cmd.exe PID: 544/PPID: 1956/POffset: 0x019a34b0
2011-10-10 17:06:42 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500| cmd.exe PID: 544/PPID: 1956/POffset: 0x019a34b0
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE| cmd.exe PID: 544/PPID: 1956/POffset: 0x019a34b0
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE\ALTERNATE SORTS| cmd.exe PID: 544/PPID: 1956/POffset: 0x019a34b0
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LANGUAGE GROUPS| cmd.exe PID: 544/PPID: 1956/POffset: 0x019a34b0
2004-08-04 06:14:22 UTC+0000|[PE HEADER (exe)]| cmd.exe| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x4ad00000
2004-08-04 06:14:22 UTC+0000|[PE DEBUG]| cmd.exe| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x4ad00000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x7c900000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| Apphelp.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77b40000
-|[PE DEBUG]| Apphelp.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77b40000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| USERENV.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x769c0000
-|[PE DEBUG]| USERENV.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x769c0000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77f60000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| UxTheme.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x5ad70000
-|[PE DEBUG]| UxTheme.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x5ad70000
2009-04-07 14:39:10 UTC+0000|[PE HEADER (dll)]| mfc42ul.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x10000000
-|[PE DEBUG]| mfc42ul.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x10000000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77dd0000
2004-08-04 07:57:03 UTC+0000|[PE HEADER (dll)]| MSACM32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77be0000
-|[PE DEBUG]| MSACM32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77be0000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77c00000
2004-08-04 06:14:58 UTC+0000|[PE DEBUG]| VERSION.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77c00000
2004-08-04 07:57:10 UTC+0000|[PE HEADER (dll)]| WINMM.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x76b40000
-|[PE DEBUG]| WINMM.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x76b40000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77e70000
2004-08-04 07:55:58 UTC+0000|[PE HEADER (dll)]| AcGenral.DLL| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x6f880000
2004-08-04 06:04:41 UTC+0000|[PE DEBUG]| AcGenral.DLL| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x6f880000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x71ab0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x774e0000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| OLEAUT32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77120000
-|[PE DEBUG]| OLEAUT32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77120000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77d40000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| snmpapi.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x71f60000
2004-08-04 06:05:57 UTC+0000|[PE DEBUG]| snmpapi.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x71f60000
2004-08-04 07:56:42 UTC+0000|[PE HEADER (dll)]| ShimEng.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x5cb70000
2004-08-04 06:04:52 UTC+0000|[PE DEBUG]| ShimEng.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x5cb70000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x7c9c0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x7c800000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x773d0000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77c10000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77f10000
2004-08-04 06:14:43 UTC+0000|[PE DEBUG]| GDI32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x77f10000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x5d090000
-|[PE DEBUG]| comctl32.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x5d090000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x71aa0000
2004-08-04 06:14:48 UTC+0000|[PE DEBUG]| WS2HELP.dll| Process: cmd.exe/PID: 544/PPID: 1956/Process POffset: 0x019a34b0/DLL Base: 0x71aa0000
2011-10-10 17:03:59 UTC+0000|[PROCESS]| svchost.exe| PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 17:03:59 UTC+0000|[PROCESS LastTrimTime]| svchost.exe| PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\APPID| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\OLE| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\OLE| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-04 17:56:34 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\POLICIES| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-04 17:56:34 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\POLICIES| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 18:14:22 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER\LICENSING CORE| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 17:03:59 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 18:14:22 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TERMSERVICE\PARAMETERS| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 18:16:22 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 17:25:06 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\TERMINAL SERVICES| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2010-11-06 18:14:22 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-04 17:56:34 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\POLICIES| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| svchost.exe PID: 848/PPID: 676/POffset: 0x0187e9d0
2004-08-04 06:14:46 UTC+0000|[PE HEADER (exe)]| svchost.exe| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x01000000
2004-08-04 06:14:46 UTC+0000|[PE DEBUG]| svchost.exe| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x01000000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x7c900000
2004-08-04 07:57:10 UTC+0000|[PE HEADER (dll)]| WINMM.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76b40000
-|[PE DEBUG]| WINMM.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76b40000
2004-08-04 07:56:13 UTC+0000|[PE HEADER (dll)]| adsldpc.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76e10000
2004-08-04 06:15:49 UTC+0000|[PE DEBUG]| adsldpc.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76e10000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| USERENV.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x769c0000
-|[PE DEBUG]| USERENV.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x769c0000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77f60000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| UxTheme.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x5ad70000
-|[PE DEBUG]| UxTheme.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x5ad70000
2009-04-07 14:39:10 UTC+0000|[PE HEADER (dll)]| mfc42ul.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x10000000
-|[PE DEBUG]| mfc42ul.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x10000000
2004-08-04 07:56:25 UTC+0000|[PE HEADER (dll)]| IMAGEHLP.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76c90000
-|[PE DEBUG]| IMAGEHLP.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76c90000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| REGAPI.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76bc0000
2004-08-04 06:14:24 UTC+0000|[PE DEBUG]| REGAPI.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76bc0000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77dd0000
2004-08-04 07:56:01 UTC+0000|[PE HEADER (dll)]| CRYPT32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77a80000
-|[PE DEBUG]| CRYPT32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77a80000
2004-08-04 07:57:03 UTC+0000|[PE HEADER (dll)]| MSACM32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77be0000
-|[PE DEBUG]| MSACM32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77be0000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77c00000
2004-08-04 06:14:58 UTC+0000|[PE DEBUG]| VERSION.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77c00000
2004-08-04 07:56:18 UTC+0000|[PE HEADER (dll)]| CLBCATQ.DLL| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76fd0000
2004-08-04 06:14:45 UTC+0000|[PE DEBUG]| CLBCATQ.DLL| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76fd0000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77d40000
2004-07-07 02:17:12 UTC+0000|[PE HEADER (dll)]| rsaenh.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x0ffd0000
2004-07-07 00:30:07 UTC+0000|[PE DEBUG]| rsaenh.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x0ffd0000
2004-08-04 07:56:28 UTC+0000|[PE HEADER (dll)]| NETAPI32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x5b860000
-|[PE DEBUG]| NETAPI32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x5b860000
2004-08-04 07:55:58 UTC+0000|[PE HEADER (dll)]| AcGenral.DLL| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x6f880000
2004-08-04 06:04:41 UTC+0000|[PE DEBUG]| AcGenral.DLL| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x6f880000
2004-08-04 07:57:02 UTC+0000|[PE HEADER (dll)]| NTMARTA.DLL| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77690000
-|[PE DEBUG]| NTMARTA.DLL| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77690000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x71ab0000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| WLDAP32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76f60000
2004-08-04 06:16:35 UTC+0000|[PE DEBUG]| WLDAP32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76f60000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x774e0000
2004-08-04 07:56:32 UTC+0000|[PE HEADER (dll)]| SETUPAPI.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77920000
-|[PE DEBUG]| SETUPAPI.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77920000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77f10000
2004-08-04 06:14:43 UTC+0000|[PE DEBUG]| GDI32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77f10000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| OLEAUT32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77120000
-|[PE DEBUG]| OLEAUT32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77120000
2004-08-04 07:56:03 UTC+0000|[PE HEADER (dll)]| ACTIVEDS.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77cc0000
2004-08-04 06:15:37 UTC+0000|[PE DEBUG]| ACTIVEDS.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77cc0000
2004-08-04 07:56:09 UTC+0000|[PE HEADER (dll)]| ICAAPI.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x74f70000
2004-08-04 06:00:16 UTC+0000|[PE DEBUG]| ICAAPI.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x74f70000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| snmpapi.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x71f60000
2004-08-04 06:05:57 UTC+0000|[PE DEBUG]| snmpapi.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x71f60000
2004-08-04 07:56:42 UTC+0000|[PE HEADER (dll)]| ShimEng.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x5cb70000
2004-08-04 06:04:52 UTC+0000|[PE DEBUG]| ShimEng.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x5cb70000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| xpsp2res.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x20000000
-|[PE DEBUG]| xpsp2res.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x20000000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x7c9c0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x7c800000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x773d0000
2004-08-04 07:56:55 UTC+0000|[PE HEADER (dll)]| ATL.DLL| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76b20000
2004-08-04 06:00:13 UTC+0000|[PE DEBUG]| ATL.DLL| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76b20000
2004-08-04 07:56:29 UTC+0000|[PE HEADER (dll)]| SAMLIB.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x71bf0000
-|[PE DEBUG]| SAMLIB.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x71bf0000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77c10000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77e70000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| WINTRUST.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76c30000
-|[PE DEBUG]| WINTRUST.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76c30000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| COMRes.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77050000
2004-07-12 19:30:21 UTC+0000|[PE DEBUG]| COMRes.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77050000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| rpcss.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76a80000
-|[PE DEBUG]| rpcss.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x76a80000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x5d090000
-|[PE DEBUG]| comctl32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x5d090000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x71aa0000
2004-08-04 06:14:48 UTC+0000|[PE DEBUG]| WS2HELP.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x71aa0000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| AUTHZ.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x776c0000
2004-08-04 06:16:09 UTC+0000|[PE DEBUG]| AUTHZ.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x776c0000
2004-08-04 07:56:49 UTC+0000|[PE HEADER (dll)]| Secur32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77fe0000
-|[PE DEBUG]| Secur32.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77fe0000
2004-08-04 07:56:45 UTC+0000|[PE HEADER (dll)]| termsrv.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x760f0000
2004-08-04 06:00:22 UTC+0000|[PE DEBUG]| termsrv.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x760f0000
2004-08-04 07:57:23 UTC+0000|[PE HEADER (dll)]| MSASN1.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77b20000
-|[PE DEBUG]| MSASN1.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x77b20000
2004-08-04 07:59:09 UTC+0000|[PE HEADER (dll)]| mstlsapi.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x75110000
2004-08-04 05:59:45 UTC+0000|[PE DEBUG]| mstlsapi.dll| Process: svchost.exe/PID: 848/PPID: 676/Process POffset: 0x0187e9d0/DLL Base: 0x75110000
2011-10-10 17:03:59 UTC+0000|[PROCESS]| svchost.exe| PID: 1020/PPID: 676/POffset: 0x017daca8
2011-10-10 17:03:59 UTC+0000|[PROCESS LastTrimTime]| svchost.exe| PID: 1020/PPID: 676/POffset: 0x017daca8
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| svchost.exe PID: 1020/PPID: 676/POffset: 0x017daca8
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| svchost.exe PID: 1020/PPID: 676/POffset: 0x017daca8
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| svchost.exe PID: 1020/PPID: 676/POffset: 0x017daca8
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE| svchost.exe PID: 1020/PPID: 676/POffset: 0x017daca8
2011-10-10 16:44:25 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS| svchost.exe PID: 1020/PPID: 676/POffset: 0x017daca8
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES| svchost.exe PID: 1020/PPID: 676/POffset: 0x017daca8
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS| svchost.exe PID: 1020/PPID: 676/POffset: 0x017daca8
2010-11-06 18:16:22 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9| svchost.exe PID: 1020/PPID: 676/POffset: 0x017daca8
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5| svchost.exe PID: 1020/PPID: 676/POffset: 0x017daca8
2004-08-04 06:14:46 UTC+0000|[PE HEADER (exe)]| svchost.exe| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x01000000
2004-08-04 06:14:46 UTC+0000|[PE DEBUG]| svchost.exe| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x01000000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x7c900000
2004-08-04 07:57:10 UTC+0000|[PE HEADER (dll)]| WINMM.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x76b40000
-|[PE DEBUG]| WINMM.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x76b40000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| USERENV.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x769c0000
-|[PE DEBUG]| USERENV.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x769c0000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77f60000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| UxTheme.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x5ad70000
-|[PE DEBUG]| UxTheme.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x5ad70000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77dd0000
2004-08-04 07:57:03 UTC+0000|[PE HEADER (dll)]| MSACM32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77be0000
-|[PE DEBUG]| MSACM32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77be0000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77c00000
2004-08-04 06:14:58 UTC+0000|[PE DEBUG]| VERSION.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77c00000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77d40000
2004-08-04 07:55:58 UTC+0000|[PE HEADER (dll)]| AcGenral.DLL| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x6f880000
2004-08-04 06:04:41 UTC+0000|[PE DEBUG]| AcGenral.DLL| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x6f880000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x71ab0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x774e0000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77f10000
2004-08-04 06:14:43 UTC+0000|[PE DEBUG]| GDI32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77f10000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| OLEAUT32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77120000
-|[PE DEBUG]| OLEAUT32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77120000
2004-08-04 07:56:10 UTC+0000|[PE HEADER (dll)]| iphlpapi.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x76d60000
2004-08-04 06:14:22 UTC+0000|[PE DEBUG]| iphlpapi.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x76d60000
2004-08-04 07:56:46 UTC+0000|[PE HEADER (dll)]| dnsrslvr.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x76770000
2004-08-04 06:15:55 UTC+0000|[PE DEBUG]| dnsrslvr.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x76770000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x71aa0000
2004-08-04 06:14:48 UTC+0000|[PE DEBUG]| WS2HELP.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x71aa0000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x7c9c0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x7c800000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x773d0000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77c10000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x77e70000
2004-08-04 07:56:42 UTC+0000|[PE HEADER (dll)]| ShimEng.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x5cb70000
2004-08-04 06:04:52 UTC+0000|[PE DEBUG]| ShimEng.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x5cb70000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x5d090000
-|[PE DEBUG]| comctl32.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x5d090000
2004-08-04 07:56:45 UTC+0000|[PE HEADER (dll)]| DNSAPI.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x76f20000
2004-08-04 06:15:51 UTC+0000|[PE DEBUG]| DNSAPI.dll| Process: svchost.exe/PID: 1020/PPID: 676/Process POffset: 0x017daca8/DLL Base: 0x76f20000
2011-10-10 17:04:00 UTC+0000|[PROCESS]| VMwareService.e| PID: 1444/PPID: 676/POffset: 0x01954990
2011-10-10 17:04:00 UTC+0000|[PROCESS LastTrimTime]| VMwareService.e| PID: 1444/PPID: 676/POffset: 0x01954990
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE\ALTERNATE SORTS| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LANGUAGE GROUPS| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2011-10-10 16:44:25 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 18:08:41 UTC+0000|[Handle (Key)]| USER\.DEFAULT| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PERFLIB| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 17:21:57 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\CONTENTFILTER\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 17:21:57 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\CONTENTINDEX\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 17:22:06 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\ISAPISEARCH\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 17:22:10 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\MSDTC\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 17:22:16 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\PERFDISK\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 17:22:17 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\PERFNET\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 17:22:17 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\PERFOS\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 17:22:18 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\PERFPROC\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 17:22:19 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\PSCHED\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 17:22:23 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\REMOTEACCESS\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 17:22:23 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\RSVP\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 17:22:26 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\SPOOLER\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 17:22:28 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TAPISRV\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 17:22:28 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-11-06 17:22:29 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TERMSERVICE\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2011-10-10 16:40:21 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WMIAPRPL\PERFORMANCE| VMwareService.e PID: 1444/PPID: 676/POffset: 0x01954990
2010-04-01 00:09:09 UTC+0000|[PE HEADER (dll)]| VMwareService.exe| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x00400000
2010-04-01 00:09:09 UTC+0000|[PE DEBUG]| VMwareService.exe| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x00400000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x7c900000
2006-12-02 06:50:32 UTC+0000|[PE HEADER (dll)]| MSVCR80.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x78130000
2006-12-02 06:50:32 UTC+0000|[PE DEBUG]| MSVCR80.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x78130000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| snmpapi.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x71f60000
2004-08-04 06:05:57 UTC+0000|[PE DEBUG]| snmpapi.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x71f60000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| uxtheme.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x5ad70000
-|[PE DEBUG]| uxtheme.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x5ad70000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| shfolder.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x76780000
2004-08-04 06:14:11 UTC+0000|[PE DEBUG]| shfolder.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x76780000
2009-04-07 14:39:10 UTC+0000|[PE HEADER (dll)]| mfc42ul.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x10000000
-|[PE DEBUG]| mfc42ul.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x10000000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| userenv.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x769c0000
-|[PE DEBUG]| userenv.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x769c0000
2004-08-04 07:56:35 UTC+0000|[PE HEADER (dll)]| perfos.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x5e760000
2004-08-04 06:07:48 UTC+0000|[PE DEBUG]| perfos.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x5e760000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77dd0000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| WLDAP32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x76f60000
2004-08-04 06:16:35 UTC+0000|[PE DEBUG]| WLDAP32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x76f60000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77c00000
-|[PE DEBUG]| VERSION.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77c00000
2004-08-04 07:56:18 UTC+0000|[PE HEADER (dll)]| CLBCATQ.DLL| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x76fd0000
2004-08-04 06:14:45 UTC+0000|[PE DEBUG]| CLBCATQ.DLL| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x76fd0000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77d40000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77f60000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77e70000
2004-08-04 07:57:02 UTC+0000|[PE HEADER (dll)]| NTMARTA.DLL| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77690000
-|[PE DEBUG]| NTMARTA.DLL| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77690000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x71ab0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x774e0000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77f10000
-|[PE DEBUG]| GDI32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77f10000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| OLEAUT32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77120000
-|[PE DEBUG]| OLEAUT32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77120000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| perfproc.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x5e750000
2004-08-04 06:07:48 UTC+0000|[PE DEBUG]| perfproc.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x5e750000
2004-08-04 07:56:10 UTC+0000|[PE HEADER (dll)]| IpHlpApi.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x76d60000
2004-08-04 06:14:22 UTC+0000|[PE DEBUG]| IpHlpApi.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x76d60000
2004-08-04 07:56:34 UTC+0000|[PE HEADER (dll)]| perfdisk.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x5e790000
2004-08-04 06:07:48 UTC+0000|[PE DEBUG]| perfdisk.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x5e790000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x7c9c0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x7c800000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x773d0000
2004-08-04 07:56:29 UTC+0000|[PE HEADER (dll)]| SAMLIB.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x71bf0000
-|[PE DEBUG]| SAMLIB.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x71bf0000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77c10000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| COMRes.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77050000
2004-07-12 19:30:21 UTC+0000|[PE DEBUG]| COMRes.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x77050000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x5d090000
-|[PE DEBUG]| comctl32.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x5d090000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x71aa0000
-|[PE DEBUG]| WS2HELP.dll| Process: VMwareService.e/PID: 1444/PPID: 676/Process POffset: 0x01954990/DLL Base: 0x71aa0000
2011-10-10 17:03:59 UTC+0000|[PROCESS]| svchost.exe| PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 17:03:59 UTC+0000|[PROCESS LastTrimTime]| svchost.exe| PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:44:25 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:16:22 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:42:34 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\DHCP\PARAMETERS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:44:25 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:05:34 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\DHCP\PARAMETERS\OPTIONS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 17:02:47 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\DNSREGISTEREDADAPTERS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\TRACING\WZCTRACE| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\TRACING\EAPOL| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:08:41 UTC+0000|[Handle (Key)]| USER\.DEFAULT| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:09:59 UTC+0000|[Handle (Key)]| USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\TRACING\RASTLS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\TRACING\RASCHAP| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\TRACING\WLPOLICY| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 17:04:00 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PREFETCHER| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:14:22 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:05:43 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\LANMANWORKSTATION\PARAMETERS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:08:52 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\TRACING\IPNATHLP| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-04 17:56:34 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\POLICIES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:07:15 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\EVENTSYSTEM\{26C409CC-AE86-11D1-B616-00805FC79216}| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 17:04:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\EPOCH| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 17:04:00 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\LANMANSERVER\PARAMETERS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:14:13 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\EVENTSYSTEM\{26C409CC-AE86-11D1-B616-00805FC79216}\EVENTCLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 17:04:00 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\EVENTSYSTEM\{26C409CC-AE86-11D1-B616-00805FC79216}\SUBSCRIPTIONS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:13:41 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\SETUP| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\LSA\AUDIT| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 17:04:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\EPOCH| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:08:30 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:08:30 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:14:05 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINDOWSUPDATE\REPORTING| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:14:05 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINDOWSUPDATE\REPORTING\EVENTCACHE\SUS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:14:05 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINDOWSUPDATE\REPORTING\EVENTCACHE\WU| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:08:52 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\NETWORK\LOCATION AWARENESS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:08:52 UTC+0000|[Handle (Key)]| USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\NETWORK\LOCATION AWARENESS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 17:04:00 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\SECURITY CENTER| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:25 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINDOWSUPDATE\AUTO UPDATE| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:08:52 UTC+0000|[Handle (Key)]| USER\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\NETWORK\LOCATION AWARENESS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 17:04:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\EPOCH| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:08:53 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\TRACING\NETMAN| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:05:42 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\BROWSER\PARAMETERS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:06:18 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORK\{4D36E972-E325-11CE-BFC1-08002BE10318}\{3BDDF783-7916-49ED-8735-241129C528F1}\CONNECTION| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:14:20 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\SECURITY CENTER\MONITORING| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORK\CONNECTIONS| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 17:04:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\EPOCH| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2010-11-06 18:15:04 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\TRACING\RASDLG| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 964/PPID: 676/POffset: 0x018c6da0
2004-08-04 06:14:46 UTC+0000|[PE HEADER (exe)]| svchost.exe| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x01000000
2004-08-04 06:14:46 UTC+0000|[PE DEBUG]| svchost.exe| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x01000000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x7c900000
2004-08-04 07:56:08 UTC+0000|[PE HEADER (dll)]| certcli.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77b90000
-|[PE DEBUG]| certcli.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77b90000
2004-08-04 07:56:51 UTC+0000|[PE HEADER (dll)]| WMI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76d30000
2004-08-04 06:13:56 UTC+0000|[PE DEBUG]| WMI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76d30000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77f60000
2004-08-04 06:14:32 UTC+0000|[PE HEADER (dll)]| wuauserv.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x50000000
2004-08-04 06:14:32 UTC+0000|[PE DEBUG]| wuauserv.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x50000000
2004-08-04 07:56:49 UTC+0000|[PE HEADER (dll)]| Secur32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77fe0000
-|[PE DEBUG]| Secur32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77fe0000
2004-08-04 07:56:29 UTC+0000|[PE HEADER (dll)]| netcfgx.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x755f0000
2004-08-04 05:58:50 UTC+0000|[PE DEBUG]| netcfgx.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x755f0000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77c00000
2004-08-04 06:14:58 UTC+0000|[PE DEBUG]| VERSION.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77c00000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| rtutils.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76e80000
-|[PE DEBUG]| rtutils.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76e80000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x773d0000
2004-08-04 07:59:20 UTC+0000|[PE HEADER (dll)]| mswsock.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71a50000
-|[PE DEBUG]| mswsock.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71a50000
2004-08-04 07:57:51 UTC+0000|[PE HEADER (dll)]| WSOCK32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71ad0000
2004-08-04 06:14:51 UTC+0000|[PE DEBUG]| WSOCK32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71ad0000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| wbemcomn.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75290000
2004-08-04 06:14:29 UTC+0000|[PE DEBUG]| wbemcomn.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75290000
2004-08-04 07:56:38 UTC+0000|[PE HEADER (dll)]| TAPI32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76eb0000
-|[PE DEBUG]| TAPI32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76eb0000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| WLDAP32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76f60000
2004-08-04 06:16:35 UTC+0000|[PE DEBUG]| WLDAP32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76f60000
2004-08-04 07:56:53 UTC+0000|[PE HEADER (dll)]| POWRPROF.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x74ad0000
-|[PE DEBUG]| POWRPROF.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x74ad0000
2004-08-04 07:56:32 UTC+0000|[PE HEADER (dll)]| netman.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77d00000
-|[PE DEBUG]| netman.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77d00000
2004-08-04 07:56:38 UTC+0000|[PE HEADER (dll)]| WINSPOOL.DRV| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x73000000
2004-08-04 06:14:18 UTC+0000|[PE DEBUG]| WINSPOOL.DRV| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x73000000
2004-08-04 07:56:50 UTC+0000|[PE HEADER (dll)]| esscli.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75310000
2004-08-04 06:00:41 UTC+0000|[PE DEBUG]| esscli.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75310000
2004-08-04 07:56:32 UTC+0000|[PE HEADER (dll)]| SETUPAPI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77920000
-|[PE DEBUG]| SETUPAPI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77920000
2004-08-04 07:56:21 UTC+0000|[PE HEADER (dll)]| NCObjAPI.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x5f770000
2004-08-04 06:14:11 UTC+0000|[PE DEBUG]| NCObjAPI.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x5f770000
2004-08-04 07:56:28 UTC+0000|[PE HEADER (dll)]| dhcpcsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76d80000
-|[PE DEBUG]| dhcpcsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76d80000
2004-08-04 07:56:48 UTC+0000|[PE HEADER (dll)]| wbemess.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75390000
2004-08-04 06:00:47 UTC+0000|[PE DEBUG]| wbemess.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75390000
2004-08-04 07:56:18 UTC+0000|[PE HEADER (dll)]| CLBCATQ.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76fd0000
2004-08-04 06:14:45 UTC+0000|[PE DEBUG]| CLBCATQ.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76fd0000
2004-08-04 07:56:27 UTC+0000|[PE HEADER (dll)]| raschap.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76bd0000
2004-08-04 06:05:14 UTC+0000|[PE DEBUG]| raschap.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76bd0000
2004-08-04 07:58:26 UTC+0000|[PE HEADER (dll)]| msi.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x7d1e0000
-|[PE DEBUG]| msi.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x7d1e0000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SCHANNEL.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x767f0000
-|[PE DEBUG]| SCHANNEL.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x767f0000
2004-08-04 07:56:25 UTC+0000|[PE HEADER (dll)]| IMAGEHLP.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76c90000
-|[PE DEBUG]| IMAGEHLP.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76c90000
2004-08-04 07:57:57 UTC+0000|[PE HEADER (dll)]| WZCSAPI.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x73030000
2004-08-04 06:01:20 UTC+0000|[PE DEBUG]| WZCSAPI.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x73030000
2004-08-04 06:14:33 UTC+0000|[PE HEADER (dll)]| wups.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x50640000
2004-08-04 06:14:33 UTC+0000|[PE DEBUG]| wups.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x50640000
2004-08-04 07:56:24 UTC+0000|[PE HEADER (dll)]| ADVPACK.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75260000
2004-08-04 06:01:38 UTC+0000|[PE DEBUG]| ADVPACK.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75260000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| wmisvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x59490000
2004-08-04 06:01:44 UTC+0000|[PE DEBUG]| wmisvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x59490000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71aa0000
2004-08-04 06:14:48 UTC+0000|[PE DEBUG]| WS2HELP.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71aa0000
2004-08-04 07:56:25 UTC+0000|[PE HEADER (dll)]| RESUTILS.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x750b0000
-|[PE DEBUG]| RESUTILS.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x750b0000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| AUTHZ.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x776c0000
2004-08-04 06:16:09 UTC+0000|[PE DEBUG]| AUTHZ.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x776c0000
2004-08-04 07:59:16 UTC+0000|[PE HEADER (dll)]| SSDPAPI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x74f00000
2004-08-04 06:08:07 UTC+0000|[PE DEBUG]| SSDPAPI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x74f00000
2004-08-04 07:56:55 UTC+0000|[PE HEADER (dll)]| ATL.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76b20000
2004-08-04 06:00:13 UTC+0000|[PE DEBUG]| ATL.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76b20000
2004-08-04 07:56:29 UTC+0000|[PE HEADER (dll)]| colbact.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75130000
2004-08-04 06:14:50 UTC+0000|[PE DEBUG]| colbact.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75130000
2004-08-04 07:56:22 UTC+0000|[PE HEADER (dll)]| ncprov.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x5f740000
2004-08-04 06:01:20 UTC+0000|[PE DEBUG]| ncprov.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x5f740000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| WINSTA.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76360000
2004-08-04 06:17:48 UTC+0000|[PE DEBUG]| WINSTA.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76360000
2004-08-04 07:56:46 UTC+0000|[PE HEADER (dll)]| ersvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x74f80000
2004-08-04 06:05:56 UTC+0000|[PE DEBUG]| ersvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x74f80000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| Apphelp.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77b40000
-|[PE DEBUG]| Apphelp.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77b40000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| VSSAPI.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x753e0000
2004-08-04 06:00:31 UTC+0000|[PE DEBUG]| VSSAPI.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x753e0000
2009-04-07 14:39:10 UTC+0000|[PE HEADER (dll)]| mfc42ul.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x10000000
-|[PE DEBUG]| mfc42ul.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x10000000
2004-08-04 07:56:57 UTC+0000|[PE HEADER (dll)]| NTDSAPI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x767a0000
2004-08-04 06:15:44 UTC+0000|[PE DEBUG]| NTDSAPI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x767a0000
2004-08-04 07:56:45 UTC+0000|[PE HEADER (dll)]| wbemcons.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x73d30000
2004-08-04 06:01:07 UTC+0000|[PE DEBUG]| wbemcons.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x73d30000
2004-08-04 07:56:11 UTC+0000|[PE HEADER (dll)]| ipnathlp.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x66460000
2004-08-04 06:04:49 UTC+0000|[PE DEBUG]| ipnathlp.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x66460000
2004-08-04 07:59:13 UTC+0000|[PE HEADER (dll)]| MSVCP60.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76080000
-|[PE DEBUG]| MSVCP60.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76080000
2004-08-04 07:57:02 UTC+0000|[PE HEADER (dll)]| NTMARTA.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77690000
-|[PE DEBUG]| NTMARTA.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77690000
2004-08-04 07:57:40 UTC+0000|[PE HEADER (dll)]| wscsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x4c0a0000
2004-08-04 06:09:10 UTC+0000|[PE DEBUG]| wscsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x4c0a0000
2004-08-04 07:56:16 UTC+0000|[PE HEADER (dll)]| HNETCFG.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x662b0000
2004-08-04 05:59:59 UTC+0000|[PE DEBUG]| HNETCFG.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x662b0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x774e0000
2004-08-04 07:56:05 UTC+0000|[PE HEADER (dll)]| FastProx.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75690000
2004-08-04 06:01:02 UTC+0000|[PE DEBUG]| FastProx.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75690000
2004-08-04 07:56:47 UTC+0000|[PE HEADER (dll)]| es.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77710000
2004-07-12 19:31:21 UTC+0000|[PE DEBUG]| es.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77710000
2004-08-04 07:56:48 UTC+0000|[PE HEADER (dll)]| seclogon.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x73d20000
-|[PE DEBUG]| seclogon.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x73d20000
2004-08-04 07:58:28 UTC+0000|[PE HEADER (dll)]| MSIDLE.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x74f50000
2004-08-04 06:14:56 UTC+0000|[PE DEBUG]| MSIDLE.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x74f50000
2004-08-04 07:56:37 UTC+0000|[PE HEADER (dll)]| comsvcs.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76620000
2004-08-04 06:14:23 UTC+0000|[PE DEBUG]| comsvcs.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76620000
2004-08-04 07:56:34 UTC+0000|[PE HEADER (dll)]| rastls.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76b70000
2004-08-04 06:05:15 UTC+0000|[PE DEBUG]| rastls.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76b70000
2004-08-04 07:56:08 UTC+0000|[PE HEADER (dll)]| browser.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76da0000
2004-08-04 06:16:14 UTC+0000|[PE DEBUG]| browser.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76da0000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| USERENV.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x769c0000
-|[PE DEBUG]| USERENV.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x769c0000
2004-07-07 02:17:12 UTC+0000|[PE HEADER (dll)]| rsaenh.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x0ffd0000
2004-07-07 00:30:07 UTC+0000|[PE DEBUG]| rsaenh.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x0ffd0000
2004-08-04 07:56:29 UTC+0000|[PE HEADER (dll)]| SAMLIB.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71bf0000
-|[PE DEBUG]| SAMLIB.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71bf0000
2004-08-04 07:56:45 UTC+0000|[PE HEADER (dll)]| repdrvfs.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75200000
2004-08-04 06:01:45 UTC+0000|[PE DEBUG]| repdrvfs.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75200000
2004-08-04 07:57:08 UTC+0000|[PE HEADER (dll)]| WININET.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x771b0000
-|[PE DEBUG]| WININET.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x771b0000
2004-08-04 07:56:42 UTC+0000|[PE HEADER (dll)]| ShimEng.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x5cb70000
2004-08-04 06:04:52 UTC+0000|[PE DEBUG]| ShimEng.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x5cb70000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| COMRes.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77050000
2004-07-12 19:30:21 UTC+0000|[PE DEBUG]| COMRes.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77050000
2004-08-04 07:59:11 UTC+0000|[PE HEADER (dll)]| msv1_0.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77c70000
2004-08-04 06:17:06 UTC+0000|[PE DEBUG]| msv1_0.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77c70000
2004-08-04 07:59:15 UTC+0000|[PE HEADER (dll)]| srvsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75090000
-|[PE DEBUG]| srvsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75090000
2004-08-04 07:56:47 UTC+0000|[PE HEADER (dll)]| shsvcs.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x776e0000
2004-08-04 06:00:44 UTC+0000|[PE DEBUG]| shsvcs.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x776e0000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| schedsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77300000
2004-08-04 05:59:42 UTC+0000|[PE DEBUG]| schedsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77300000
2004-08-04 07:56:45 UTC+0000|[PE HEADER (dll)]| DNSAPI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76f20000
2004-08-04 06:15:51 UTC+0000|[PE DEBUG]| DNSAPI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76f20000
2004-08-04 07:57:10 UTC+0000|[PE HEADER (dll)]| WINMM.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76b40000
-|[PE DEBUG]| WINMM.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76b40000
2004-08-04 07:56:00 UTC+0000|[PE HEADER (dll)]| Cabinet.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75150000
2004-08-04 06:14:46 UTC+0000|[PE DEBUG]| Cabinet.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75150000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| xpsp2res.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x20000000
-|[PE DEBUG]| xpsp2res.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x20000000
2004-08-04 07:56:37 UTC+0000|[PE HEADER (dll)]| netshell.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76400000
-|[PE DEBUG]| netshell.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76400000
2004-08-04 07:56:34 UTC+0000|[PE HEADER (dll)]| w32time.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x767c0000
2004-08-04 06:16:07 UTC+0000|[PE DEBUG]| w32time.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x767c0000
2004-08-04 07:57:06 UTC+0000|[PE HEADER (dll)]| wmiutils.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75020000
2004-08-04 06:00:35 UTC+0000|[PE DEBUG]| wmiutils.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75020000
2004-08-04 07:56:28 UTC+0000|[PE HEADER (dll)]| NETAPI32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x5b860000
-|[PE DEBUG]| NETAPI32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x5b860000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77e70000
2004-08-04 07:57:49 UTC+0000|[PE HEADER (dll)]| wshtcpip.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71a90000
2004-08-04 06:14:51 UTC+0000|[PE DEBUG]| wshtcpip.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71a90000
2004-08-04 07:58:55 UTC+0000|[PE HEADER (dll)]| mspatcha.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x600a0000
2004-08-04 06:09:55 UTC+0000|[PE DEBUG]| mspatcha.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x600a0000
2004-08-04 07:56:48 UTC+0000|[PE HEADER (dll)]| ESENT.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x606b0000
-|[PE DEBUG]| ESENT.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x606b0000
2004-08-04 07:56:03 UTC+0000|[PE HEADER (dll)]| ACTIVEDS.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77cc0000
2004-08-04 06:15:37 UTC+0000|[PE DEBUG]| ACTIVEDS.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77cc0000
2004-08-04 07:56:27 UTC+0000|[PE HEADER (dll)]| sens.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x722d0000
-|[PE DEBUG]| sens.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x722d0000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| OLEAUT32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77120000
-|[PE DEBUG]| OLEAUT32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77120000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77d40000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| snmpapi.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71f60000
2004-08-04 06:05:57 UTC+0000|[PE DEBUG]| snmpapi.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71f60000
2004-08-04 07:57:55 UTC+0000|[PE HEADER (dll)]| WTSAPI32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76f50000
2004-08-04 06:01:27 UTC+0000|[PE DEBUG]| WTSAPI32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76f50000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| srsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x751a0000
2004-08-04 06:06:28 UTC+0000|[PE DEBUG]| srsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x751a0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| WinSCard.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x723d0000
2004-08-04 06:16:14 UTC+0000|[PE DEBUG]| WinSCard.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x723d0000
2004-08-04 07:57:03 UTC+0000|[PE HEADER (dll)]| wmiprvsd.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x597f0000
2004-08-04 06:01:28 UTC+0000|[PE DEBUG]| wmiprvsd.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x597f0000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77c10000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77dd0000
2004-08-04 07:56:42 UTC+0000|[PE HEADER (dll)]| wkssvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76e40000
-|[PE DEBUG]| wkssvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76e40000
2004-08-04 07:57:00 UTC+0000|[PE HEADER (dll)]| trkwks.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75070000
2004-08-04 06:14:11 UTC+0000|[PE DEBUG]| trkwks.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75070000
2004-08-04 07:57:03 UTC+0000|[PE HEADER (dll)]| audiosrv.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x708b0000
2004-08-04 05:58:32 UTC+0000|[PE DEBUG]| audiosrv.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x708b0000
2004-08-04 07:56:04 UTC+0000|[PE HEADER (dll)]| actxprxy.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71d40000
2004-08-04 06:13:58 UTC+0000|[PE DEBUG]| actxprxy.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71d40000
2004-08-04 07:56:06 UTC+0000|[PE HEADER (dll)]| CRYPTUI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x754d0000
-|[PE DEBUG]| CRYPTUI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x754d0000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x5d090000
-|[PE DEBUG]| comctl32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x5d090000
2004-08-04 07:59:26 UTC+0000|[PE HEADER (dll)]| MTXCLU.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x750f0000
2004-08-04 06:14:05 UTC+0000|[PE DEBUG]| MTXCLU.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x750f0000
2004-08-04 07:56:20 UTC+0000|[PE HEADER (dll)]| CLUSAPI.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76d10000
2004-08-04 06:14:13 UTC+0000|[PE DEBUG]| CLUSAPI.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76d10000
2004-08-04 07:56:29 UTC+0000|[PE HEADER (dll)]| pchsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x74f40000
2004-08-04 06:14:15 UTC+0000|[PE DEBUG]| pchsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x74f40000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| SHFOLDER.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76780000
2004-08-04 06:14:11 UTC+0000|[PE DEBUG]| SHFOLDER.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76780000
2004-08-04 07:56:24 UTC+0000|[PE HEADER (dll)]| rasadhlp.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76fc0000
2004-08-04 06:14:12 UTC+0000|[PE DEBUG]| rasadhlp.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76fc0000
2004-08-04 07:57:03 UTC+0000|[PE HEADER (dll)]| MSACM32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77be0000
-|[PE DEBUG]| MSACM32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77be0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x7c800000
2004-08-04 07:56:13 UTC+0000|[PE HEADER (dll)]| adsldpc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76e10000
2004-08-04 06:15:49 UTC+0000|[PE DEBUG]| adsldpc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76e10000
2004-08-04 07:56:05 UTC+0000|[PE HEADER (dll)]| cryptsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76ce0000
-|[PE DEBUG]| cryptsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76ce0000
2004-08-04 06:14:22 UTC+0000|[PE HEADER (dll)]| wuaueng.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x50040000
-|[PE DEBUG]| wuaueng.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x50040000
2004-08-04 07:56:35 UTC+0000|[PE HEADER (dll)]| sfc_os.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76c60000
2004-08-04 06:03:12 UTC+0000|[PE DEBUG]| sfc_os.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76c60000
2004-08-04 07:55:58 UTC+0000|[PE HEADER (dll)]| AcGenral.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x6f880000
2004-08-04 06:04:41 UTC+0000|[PE DEBUG]| AcGenral.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x6f880000
2004-08-04 07:56:29 UTC+0000|[PE HEADER (dll)]| rasman.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76e90000
2004-08-04 06:14:24 UTC+0000|[PE DEBUG]| rasman.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76e90000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x71ab0000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77f10000
2004-08-04 06:14:43 UTC+0000|[PE DEBUG]| GDI32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77f10000
2004-08-04 07:56:47 UTC+0000|[PE HEADER (dll)]| MPRAPI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76d40000
-|[PE DEBUG]| MPRAPI.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76d40000
2004-08-04 06:14:57 UTC+0000|[PE HEADER (dll)]| SXS.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75e90000
-|[PE DEBUG]| SXS.DLL| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x75e90000
2004-08-04 07:56:10 UTC+0000|[PE HEADER (dll)]| iphlpapi.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76d60000
2004-08-04 06:14:22 UTC+0000|[PE DEBUG]| iphlpapi.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76d60000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| dmserver.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x74f90000
2004-08-04 06:14:34 UTC+0000|[PE DEBUG]| dmserver.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x74f90000
2004-08-04 07:56:34 UTC+0000|[PE HEADER (dll)]| sfc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76bb0000
2004-08-04 06:03:40 UTC+0000|[PE DEBUG]| sfc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76bb0000
2004-08-04 07:56:45 UTC+0000|[PE HEADER (dll)]| upnp.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76de0000
2004-08-04 06:08:09 UTC+0000|[PE DEBUG]| upnp.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76de0000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| UxTheme.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x5ad70000
-|[PE DEBUG]| UxTheme.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x5ad70000
2004-08-04 07:57:58 UTC+0000|[PE HEADER (dll)]| wzcsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77620000
2004-08-04 06:01:24 UTC+0000|[PE DEBUG]| wzcsvc.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77620000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| WINTRUST.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76c30000
-|[PE DEBUG]| WINTRUST.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76c30000
2004-08-04 07:56:01 UTC+0000|[PE HEADER (dll)]| CRYPT32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77a80000
-|[PE DEBUG]| CRYPT32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77a80000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x7c9c0000
2004-08-04 06:00:21 UTC+0000|[PE HEADER (dll)]| wuapi.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x506a0000
2004-08-04 06:00:21 UTC+0000|[PE DEBUG]| wuapi.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x506a0000
2004-08-04 07:56:46 UTC+0000|[PE HEADER (dll)]| wbemcore.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x762c0000
2004-08-04 06:01:03 UTC+0000|[PE DEBUG]| wbemcore.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x762c0000
2004-08-04 07:56:28 UTC+0000|[PE HEADER (dll)]| RASDLG.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x768d0000
2004-08-04 06:05:37 UTC+0000|[PE DEBUG]| RASDLG.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x768d0000
2004-08-04 07:56:25 UTC+0000|[PE HEADER (dll)]| RASAPI32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76ee0000
-|[PE DEBUG]| RASAPI32.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76ee0000
2004-08-04 07:56:42 UTC+0000|[PE HEADER (dll)]| credui.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76c00000
2004-08-04 06:01:07 UTC+0000|[PE DEBUG]| credui.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x76c00000
2004-08-04 07:57:07 UTC+0000|[PE HEADER (dll)]| WINHTTP.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x4d4f0000
2004-08-04 06:02:26 UTC+0000|[PE DEBUG]| WINHTTP.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x4d4f0000
2004-08-04 07:57:23 UTC+0000|[PE HEADER (dll)]| MSASN1.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77b20000
-|[PE DEBUG]| MSASN1.dll| Process: svchost.exe/PID: 964/PPID: 676/Process POffset: 0x018c6da0/DLL Base: 0x77b20000
2011-10-10 17:04:41 UTC+0000|[PROCESS]| reader_sl.exe| PID: 228/PPID: 1956/POffset: 0x01a233c8
2011-10-10 17:04:41 UTC+0000|[PROCESS LastTrimTime]| reader_sl.exe| PID: 228/PPID: 1956/POffset: 0x01a233c8
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| reader_sl.exe PID: 228/PPID: 1956/POffset: 0x01a233c8
2011-10-10 17:06:42 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500| reader_sl.exe PID: 228/PPID: 1956/POffset: 0x01a233c8
2008-06-12 09:37:53 UTC+0000|[PE HEADER (dll)]| Reader_sl.exe| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x00400000
-|[PE DEBUG]| Reader_sl.exe| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x00400000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x7c900000
2006-12-02 06:50:32 UTC+0000|[PE HEADER (dll)]| MSVCR80.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x78130000
2006-12-02 06:50:32 UTC+0000|[PE DEBUG]| MSVCR80.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x78130000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x77d40000
2006-12-02 06:52:56 UTC+0000|[PE HEADER (dll)]| MSVCP80.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x7c420000
2006-12-02 06:52:56 UTC+0000|[PE DEBUG]| MSVCP80.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x7c420000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x77f10000
-|[PE DEBUG]| GDI32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x77f10000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| snmpapi.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x71f60000
2004-08-04 06:05:57 UTC+0000|[PE DEBUG]| snmpapi.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x71f60000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x77f60000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x77c00000
-|[PE DEBUG]| VERSION.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x77c00000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x77e70000
2009-04-07 14:39:10 UTC+0000|[PE HEADER (dll)]| mfc42ul.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x10000000
-|[PE DEBUG]| mfc42ul.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x10000000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x5d090000
-|[PE DEBUG]| comctl32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x5d090000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x71aa0000
-|[PE DEBUG]| WS2HELP.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x71aa0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x71ab0000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x7c9c0000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| uxtheme.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x5ad70000
-|[PE DEBUG]| uxtheme.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x5ad70000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x773d0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x7c800000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x77c10000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: reader_sl.exe/PID: 228/PPID: 1956/Process POffset: 0x01a233c8/DLL Base: 0x77dd0000
2011-10-10 17:04:46 UTC+0000|[PROCESS]| wuauclt.exe| PID: 400/PPID: 964/POffset: 0x017e7be0
2011-10-10 17:04:46 UTC+0000|[PROCESS LastTrimTime]| wuauclt.exe| PID: 400/PPID: 964/POffset: 0x017e7be0
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE\ALTERNATE SORTS| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NLS\LANGUAGE GROUPS| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| wuauclt.exe PID: 400/PPID: 964/POffset: 0x017e7be0
2004-08-04 06:00:27 UTC+0000|[PE HEADER (exe)]| wuauclt.exe| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x00400000
2004-08-04 06:00:27 UTC+0000|[PE DEBUG]| wuauclt.exe| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x00400000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x7c900000
2004-08-04 07:57:10 UTC+0000|[PE HEADER (dll)]| WINMM.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76b40000
-|[PE DEBUG]| WINMM.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76b40000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| COMCTL32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| COMCTL32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x773d0000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77f60000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| UxTheme.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x5ad70000
-|[PE DEBUG]| UxTheme.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x5ad70000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| SHFOLDER.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76780000
2004-08-04 06:14:11 UTC+0000|[PE DEBUG]| SHFOLDER.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76780000
2009-04-07 14:39:10 UTC+0000|[PE HEADER (dll)]| mfc42ul.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x10000000
-|[PE DEBUG]| mfc42ul.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x10000000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x71ab0000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77dd0000
2004-08-04 07:56:01 UTC+0000|[PE HEADER (dll)]| CRYPT32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77a80000
-|[PE DEBUG]| CRYPT32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77a80000
2004-08-04 07:57:03 UTC+0000|[PE HEADER (dll)]| MSACM32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77be0000
-|[PE DEBUG]| MSACM32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77be0000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| xpsp2res.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x20000000
-|[PE DEBUG]| xpsp2res.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x20000000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77c00000
2004-08-04 06:14:58 UTC+0000|[PE DEBUG]| VERSION.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77c00000
2004-08-04 06:00:18 UTC+0000|[PE HEADER (dll)]| wuaucpl.cpl| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x50940000
2004-08-04 06:00:18 UTC+0000|[PE DEBUG]| wuaucpl.cpl| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x50940000
2004-08-04 07:58:31 UTC+0000|[PE HEADER (dll)]| MSIMG32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76380000
2004-08-04 06:14:23 UTC+0000|[PE DEBUG]| MSIMG32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76380000
2004-08-04 06:14:22 UTC+0000|[PE HEADER (dll)]| wuaueng.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x50040000
-|[PE DEBUG]| wuaueng.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x50040000
2004-08-04 07:56:28 UTC+0000|[PE HEADER (dll)]| NETAPI32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x5b860000
-|[PE DEBUG]| NETAPI32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x5b860000
2004-08-04 07:55:58 UTC+0000|[PE HEADER (dll)]| AcGenral.DLL| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x6f880000
2004-08-04 06:04:41 UTC+0000|[PE DEBUG]| AcGenral.DLL| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x6f880000
2004-08-04 07:58:55 UTC+0000|[PE HEADER (dll)]| mspatcha.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x600a0000
2004-08-04 06:09:55 UTC+0000|[PE DEBUG]| mspatcha.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x600a0000
2004-08-04 07:56:48 UTC+0000|[PE HEADER (dll)]| ESENT.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x606b0000
-|[PE DEBUG]| ESENT.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x606b0000
2004-08-04 07:56:35 UTC+0000|[PE HEADER (dll)]| sfc_os.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76c60000
2004-08-04 06:03:12 UTC+0000|[PE DEBUG]| sfc_os.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76c60000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x774e0000
2004-08-04 07:56:32 UTC+0000|[PE HEADER (dll)]| SETUPAPI.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77920000
-|[PE DEBUG]| SETUPAPI.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77920000
2004-08-04 07:56:38 UTC+0000|[PE HEADER (dll)]| WINSPOOL.DRV| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x73000000
2004-08-04 06:14:18 UTC+0000|[PE DEBUG]| WINSPOOL.DRV| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x73000000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77f10000
2004-08-04 06:14:43 UTC+0000|[PE DEBUG]| GDI32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77f10000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| OLEAUT32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77120000
-|[PE DEBUG]| OLEAUT32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77120000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77d40000
2004-08-04 07:57:55 UTC+0000|[PE HEADER (dll)]| WTSAPI32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76f50000
2004-08-04 06:01:27 UTC+0000|[PE DEBUG]| WTSAPI32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76f50000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| snmpapi.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x71f60000
2004-08-04 06:05:57 UTC+0000|[PE DEBUG]| snmpapi.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x71f60000
2004-08-04 07:56:42 UTC+0000|[PE HEADER (dll)]| ShimEng.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x5cb70000
2004-08-04 06:04:52 UTC+0000|[PE DEBUG]| ShimEng.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x5cb70000
2004-08-04 07:56:34 UTC+0000|[PE HEADER (dll)]| sfc.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76bb0000
2004-08-04 06:03:40 UTC+0000|[PE DEBUG]| sfc.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76bb0000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| USERENV.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x769c0000
-|[PE DEBUG]| USERENV.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x769c0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x7c800000
2004-08-04 07:56:18 UTC+0000|[PE HEADER (dll)]| CLBCATQ.DLL| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76fd0000
2004-08-04 06:14:45 UTC+0000|[PE DEBUG]| CLBCATQ.DLL| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76fd0000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77c10000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77e70000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| WINTRUST.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76c30000
-|[PE DEBUG]| WINTRUST.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76c30000
2004-08-04 06:14:33 UTC+0000|[PE HEADER (dll)]| wups.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x50640000
2004-08-04 06:14:33 UTC+0000|[PE DEBUG]| wups.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x50640000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x7c9c0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| COMRes.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77050000
2004-07-12 19:30:21 UTC+0000|[PE DEBUG]| COMRes.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77050000
2004-08-04 07:56:24 UTC+0000|[PE HEADER (dll)]| ADVPACK.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x75260000
2004-08-04 06:01:38 UTC+0000|[PE DEBUG]| ADVPACK.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x75260000
2004-08-04 07:56:00 UTC+0000|[PE HEADER (dll)]| Cabinet.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x75150000
2004-08-04 06:14:46 UTC+0000|[PE DEBUG]| Cabinet.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x75150000
2004-08-04 07:56:55 UTC+0000|[PE HEADER (dll)]| ATL.DLL| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76b20000
2004-08-04 06:00:13 UTC+0000|[PE DEBUG]| ATL.DLL| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76b20000
2004-08-04 07:56:25 UTC+0000|[PE HEADER (dll)]| IMAGEHLP.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76c90000
-|[PE DEBUG]| IMAGEHLP.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76c90000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x71aa0000
2004-08-04 06:14:48 UTC+0000|[PE DEBUG]| WS2HELP.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x71aa0000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| WINSTA.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76360000
2004-08-04 06:17:48 UTC+0000|[PE DEBUG]| WINSTA.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x76360000
2004-08-04 07:57:07 UTC+0000|[PE HEADER (dll)]| WINHTTP.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x4d4f0000
2004-08-04 06:02:26 UTC+0000|[PE DEBUG]| WINHTTP.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x4d4f0000
2004-08-04 07:57:23 UTC+0000|[PE HEADER (dll)]| MSASN1.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77b20000
-|[PE DEBUG]| MSASN1.dll| Process: wuauclt.exe/PID: 400/PPID: 964/Process POffset: 0x017e7be0/DLL Base: 0x77b20000
2011-10-10 17:04:00 UTC+0000|[PROCESS]| spoolsv.exe| PID: 1260/PPID: 676/POffset: 0x019937e0
2011-10-10 17:04:00 UTC+0000|[PROCESS LastTrimTime]| spoolsv.exe| PID: 1260/PPID: 676/POffset: 0x019937e0
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| spoolsv.exe PID: 1260/PPID: 676/POffset: 0x019937e0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| spoolsv.exe PID: 1260/PPID: 676/POffset: 0x019937e0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| spoolsv.exe PID: 1260/PPID: 676/POffset: 0x019937e0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| spoolsv.exe PID: 1260/PPID: 676/POffset: 0x019937e0
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE| spoolsv.exe PID: 1260/PPID: 676/POffset: 0x019937e0
2011-10-10 16:44:25 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS| spoolsv.exe PID: 1260/PPID: 676/POffset: 0x019937e0
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES| spoolsv.exe PID: 1260/PPID: 676/POffset: 0x019937e0
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS| spoolsv.exe PID: 1260/PPID: 676/POffset: 0x019937e0
2011-10-10 17:06:32 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\PRINT| spoolsv.exe PID: 1260/PPID: 676/POffset: 0x019937e0
2010-11-06 18:05:43 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PRINT\PRINTERS| spoolsv.exe PID: 1260/PPID: 676/POffset: 0x019937e0
2010-11-06 18:05:43 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\PRINT\MONITORS\STANDARD TCP/IP PORT| spoolsv.exe PID: 1260/PPID: 676/POffset: 0x019937e0
2010-11-06 18:16:22 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9| spoolsv.exe PID: 1260/PPID: 676/POffset: 0x019937e0
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5| spoolsv.exe PID: 1260/PPID: 676/POffset: 0x019937e0
2010-11-06 18:16:05 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\PRINT\MONITORS\THINPRINT PRINT PORT MONITOR FOR VMWARE| spoolsv.exe PID: 1260/PPID: 676/POffset: 0x019937e0
2010-11-06 13:01:37 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\HARDWARE PROFILES\0001| spoolsv.exe PID: 1260/PPID: 676/POffset: 0x019937e0
2004-08-04 06:14:12 UTC+0000|[PE HEADER (exe)]| spoolsv.exe| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x01000000
2004-08-04 06:14:12 UTC+0000|[PE DEBUG]| spoolsv.exe| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x01000000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x7c900000
2004-08-04 07:57:10 UTC+0000|[PE HEADER (dll)]| WINMM.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76b40000
-|[PE DEBUG]| WINMM.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76b40000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| USERENV.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x769c0000
-|[PE DEBUG]| USERENV.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x769c0000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77f60000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| UxTheme.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x5ad70000
-|[PE DEBUG]| UxTheme.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x5ad70000
2009-04-07 14:39:10 UTC+0000|[PE HEADER (dll)]| mfc42ul.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x10000000
-|[PE DEBUG]| mfc42ul.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x10000000
2004-08-04 07:56:29 UTC+0000|[PE HEADER (dll)]| SAMLIB.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x71bf0000
-|[PE DEBUG]| SAMLIB.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x71bf0000
2004-08-04 07:56:57 UTC+0000|[PE HEADER (dll)]| NTDSAPI.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x767a0000
2004-08-04 06:15:44 UTC+0000|[PE DEBUG]| NTDSAPI.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x767a0000
2004-08-04 07:56:25 UTC+0000|[PE HEADER (dll)]| IMAGEHLP.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76c90000
-|[PE DEBUG]| IMAGEHLP.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76c90000
2004-08-04 07:56:24 UTC+0000|[PE HEADER (dll)]| rasadhlp.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76fc0000
2004-08-04 06:14:12 UTC+0000|[PE DEBUG]| rasadhlp.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76fc0000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77dd0000
2004-08-04 07:56:01 UTC+0000|[PE HEADER (dll)]| CRYPT32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77a80000
-|[PE DEBUG]| CRYPT32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77a80000
2004-08-04 07:57:03 UTC+0000|[PE HEADER (dll)]| MSACM32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77be0000
-|[PE DEBUG]| MSACM32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77be0000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| xpsp2res.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x20000000
-|[PE DEBUG]| xpsp2res.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x20000000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77c00000
2004-08-04 06:14:58 UTC+0000|[PE DEBUG]| VERSION.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77c00000
2004-08-04 07:56:18 UTC+0000|[PE HEADER (dll)]| CLBCATQ.DLL| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76fd0000
2004-08-04 06:14:45 UTC+0000|[PE DEBUG]| CLBCATQ.DLL| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76fd0000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77d40000
2004-08-04 07:59:20 UTC+0000|[PE HEADER (dll)]| mswsock.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x71a50000
-|[PE DEBUG]| mswsock.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x71a50000
2004-08-04 07:56:35 UTC+0000|[PE HEADER (dll)]| sfc_os.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76c60000
2004-08-04 06:03:12 UTC+0000|[PE DEBUG]| sfc_os.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76c60000
2004-08-04 07:55:58 UTC+0000|[PE HEADER (dll)]| AcGenral.DLL| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x6f880000
2004-08-04 06:04:41 UTC+0000|[PE DEBUG]| AcGenral.DLL| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x6f880000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| tcpmon.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x72400000
-|[PE DEBUG]| tcpmon.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x72400000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| inetpp.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x74300000
2004-08-04 06:14:07 UTC+0000|[PE DEBUG]| inetpp.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x74300000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| pjlmon.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x74280000
2004-08-04 06:14:05 UTC+0000|[PE DEBUG]| pjlmon.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x74280000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x71ab0000
2004-08-04 07:56:28 UTC+0000|[PE HEADER (dll)]| netapi32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x5b860000
-|[PE DEBUG]| netapi32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x5b860000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| WLDAP32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76f60000
2004-08-04 06:16:35 UTC+0000|[PE DEBUG]| WLDAP32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76f60000
2004-08-04 07:57:51 UTC+0000|[PE HEADER (dll)]| WSOCK32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x71ad0000
2004-08-04 06:14:51 UTC+0000|[PE DEBUG]| WSOCK32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x71ad0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x774e0000
2004-08-04 07:57:04 UTC+0000|[PE HEADER (dll)]| win32spl.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x75c10000
-|[PE DEBUG]| win32spl.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x75c10000
2004-08-04 07:56:38 UTC+0000|[PE HEADER (dll)]| winspool.drv| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x73000000
2004-08-04 06:14:18 UTC+0000|[PE DEBUG]| winspool.drv| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x73000000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77f10000
2004-08-04 06:14:43 UTC+0000|[PE DEBUG]| GDI32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77f10000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| OLEAUT32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77120000
-|[PE DEBUG]| OLEAUT32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77120000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| snmpapi.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x71f60000
2004-08-04 06:05:57 UTC+0000|[PE DEBUG]| snmpapi.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x71f60000
2004-08-04 07:56:35 UTC+0000|[PE HEADER (dll)]| winrnr.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76fb0000
-|[PE DEBUG]| winrnr.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76fb0000
2004-08-04 07:56:42 UTC+0000|[PE HEADER (dll)]| ShimEng.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x5cb70000
2004-08-04 06:04:52 UTC+0000|[PE DEBUG]| ShimEng.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x5cb70000
2004-08-04 07:56:20 UTC+0000|[PE HEADER (dll)]| localspl.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x75bb0000
-|[PE DEBUG]| localspl.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x75bb0000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x7c9c0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x7c800000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x773d0000
2007-06-22 08:11:16 UTC+0000|[PE HEADER (dll)]| TPWinPrn.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x00de0000
2007-06-22 08:11:16 UTC+0000|[PE DEBUG]| TPWinPrn.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x00de0000
2004-08-04 07:56:38 UTC+0000|[PE HEADER (dll)]| usbmon.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x723f0000
2004-08-04 06:14:12 UTC+0000|[PE DEBUG]| usbmon.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x723f0000
2008-03-04 17:56:12 UTC+0000|[PE HEADER (dll)]| TPVMW32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x00d50000
-|[PE DEBUG]| TPVMW32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x00d50000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77c10000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77e70000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| WINTRUST.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76c30000
-|[PE DEBUG]| WINTRUST.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76c30000
2004-08-04 07:56:49 UTC+0000|[PE HEADER (dll)]| Secur32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77fe0000
-|[PE DEBUG]| Secur32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77fe0000
2004-08-04 07:56:10 UTC+0000|[PE HEADER (dll)]| iphlpapi.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76d60000
2004-08-04 06:14:22 UTC+0000|[PE DEBUG]| iphlpapi.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76d60000
2004-08-04 07:56:45 UTC+0000|[PE HEADER (dll)]| DNSAPI.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76f20000
2004-08-04 06:15:51 UTC+0000|[PE DEBUG]| DNSAPI.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76f20000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x5d090000
-|[PE DEBUG]| comctl32.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x5d090000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| COMRes.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77050000
2004-07-12 19:30:21 UTC+0000|[PE DEBUG]| COMRes.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77050000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x71aa0000
2004-08-04 06:14:48 UTC+0000|[PE DEBUG]| WS2HELP.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x71aa0000
2004-08-04 07:56:25 UTC+0000|[PE HEADER (dll)]| RESUTILS.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x750b0000
-|[PE DEBUG]| RESUTILS.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x750b0000
2004-08-04 07:56:26 UTC+0000|[PE HEADER (dll)]| cnbjmon.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x742a0000
2004-02-19 01:43:41 UTC+0000|[PE DEBUG]| cnbjmon.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x742a0000
2004-08-04 07:57:16 UTC+0000|[PE HEADER (dll)]| SPOOLSS.DLL| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x742e0000
-|[PE DEBUG]| SPOOLSS.DLL| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x742e0000
2004-08-04 07:56:35 UTC+0000|[PE HEADER (dll)]| NETRAP.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x71c80000
-|[PE DEBUG]| NETRAP.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x71c80000
2008-02-07 17:26:00 UTC+0000|[PE HEADER (dll)]| TPVMMon.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x00cf0000
2008-02-07 17:26:00 UTC+0000|[PE DEBUG]| TPVMMon.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x00cf0000
2004-08-04 07:57:23 UTC+0000|[PE HEADER (dll)]| MSASN1.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77b20000
-|[PE DEBUG]| MSASN1.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x77b20000
2004-08-04 07:56:20 UTC+0000|[PE HEADER (dll)]| CLUSAPI.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76d10000
2004-08-04 06:14:13 UTC+0000|[PE DEBUG]| CLUSAPI.dll| Process: spoolsv.exe/PID: 1260/PPID: 676/Process POffset: 0x019937e0/DLL Base: 0x76d10000
2011-10-10 17:04:39 UTC+0000|[PROCESS]| explorer.exe| PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 17:04:39 UTC+0000|[PROCESS LastTrimTime]| explorer.exe| PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 17:06:42 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-11 22:27:54 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 17:03:59 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:16:22 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 17:04:40 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-04 17:56:34 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 17:04:40 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:48 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\PLUS!\THEMES\APPLY| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:08:34 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\HTTP\SHELL| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:57 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY\P3GLOBAL| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:57 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY\P3SITES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-04 18:00:16 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 17:16:27 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\WINDOWS\SHELL| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 16:41:42 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\WINDOWS\SHELL\BAGS\1\DESKTOP| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-04 17:56:34 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\APPLICATIONS\ACRORD32.EXE| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 16:51:32 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 16:54:14 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\MUICACHE| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 17:06:42 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USERASSIST\{75048700-EF1F-11D0-9888-006097DEACF9}\COUNT| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 17:03:36 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\USERASSIST\{5E6AB780-7743-11CF-A12B-00AA004AE837}\COUNT| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:15:00 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\TRACING\NETSHELL| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 16:44:25 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2011-10-10 16:51:31 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\RUNMRU| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\MULTIMEDIA\AUDIO\VOLUMECONTROL| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:13:41 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\SETUP| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| explorer.exe PID: 1956/PPID: 1884/POffset: 0x015bcda0
2004-08-04 06:14:38 UTC+0000|[PE HEADER (dll)]| Explorer.EXE| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x01000000
2004-08-04 06:14:38 UTC+0000|[PE DEBUG]| Explorer.EXE| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x01000000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x7c900000
2004-08-04 07:57:10 UTC+0000|[PE HEADER (dll)]| WINMM.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76b40000
-|[PE DEBUG]| WINMM.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76b40000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| WINTRUST.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76c30000
-|[PE DEBUG]| WINTRUST.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76c30000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77f60000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77c00000
2004-08-04 06:14:58 UTC+0000|[PE DEBUG]| VERSION.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77c00000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| UxTheme.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x5ad70000
-|[PE DEBUG]| UxTheme.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x5ad70000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| rtutils.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76e80000
-|[PE DEBUG]| rtutils.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76e80000
2004-08-04 07:56:09 UTC+0000|[PE HEADER (dll)]| BROWSEUI.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x75f80000
-|[PE DEBUG]| BROWSEUI.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x75f80000
2009-04-07 14:39:10 UTC+0000|[PE HEADER (dll)]| mfc42ul.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x10000000
-|[PE DEBUG]| mfc42ul.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x10000000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| USERENV.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x769c0000
-|[PE DEBUG]| USERENV.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x769c0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| appHelp.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77b40000
-|[PE DEBUG]| appHelp.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77b40000
2004-08-04 07:57:08 UTC+0000|[PE HEADER (dll)]| WININET.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x771b0000
-|[PE DEBUG]| WININET.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x771b0000
2004-08-04 07:56:24 UTC+0000|[PE HEADER (dll)]| rasadhlp.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76fc0000
2004-08-04 06:14:12 UTC+0000|[PE DEBUG]| rasadhlp.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76fc0000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77dd0000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| WLDAP32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76f60000
2004-08-04 06:16:35 UTC+0000|[PE DEBUG]| WLDAP32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76f60000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x7c800000
2004-08-04 07:56:18 UTC+0000|[PE HEADER (dll)]| CLBCATQ.DLL| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76fd0000
2004-08-04 06:14:45 UTC+0000|[PE DEBUG]| CLBCATQ.DLL| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76fd0000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77d40000
2004-08-04 07:56:38 UTC+0000|[PE HEADER (dll)]| SHDOCVW.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77760000
-|[PE DEBUG]| SHDOCVW.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77760000
2004-08-04 07:59:20 UTC+0000|[PE HEADER (dll)]| mswsock.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71a50000
-|[PE DEBUG]| mswsock.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71a50000
2004-08-04 07:56:28 UTC+0000|[PE HEADER (dll)]| NETAPI32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x5b860000
-|[PE DEBUG]| NETAPI32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x5b860000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77e70000
2004-08-04 07:55:58 UTC+0000|[PE HEADER (dll)]| AcGenral.DLL| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x6f880000
2004-08-04 06:04:41 UTC+0000|[PE DEBUG]| AcGenral.DLL| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x6f880000
2004-08-04 07:57:49 UTC+0000|[PE HEADER (dll)]| wshtcpip.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71a90000
2004-08-04 06:14:51 UTC+0000|[PE DEBUG]| wshtcpip.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71a90000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71ab0000
2004-08-04 07:57:51 UTC+0000|[PE HEADER (dll)]| WSOCK32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71ad0000
2004-08-04 06:14:51 UTC+0000|[PE DEBUG]| WSOCK32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71ad0000
2004-08-04 07:58:26 UTC+0000|[PE HEADER (dll)]| msi.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x7d1e0000
-|[PE DEBUG]| msi.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x7d1e0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x774e0000
2004-08-04 07:56:32 UTC+0000|[PE HEADER (dll)]| SETUPAPI.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77920000
-|[PE DEBUG]| SETUPAPI.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77920000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77f10000
2004-08-04 06:14:43 UTC+0000|[PE DEBUG]| GDI32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77f10000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| OLEAUT32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77120000
-|[PE DEBUG]| OLEAUT32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77120000
2004-08-04 07:56:55 UTC+0000|[PE HEADER (dll)]| webcheck.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x74b30000
-|[PE DEBUG]| webcheck.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x74b30000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| WINSTA.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76360000
2004-08-04 06:17:48 UTC+0000|[PE DEBUG]| WINSTA.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76360000
2004-08-04 07:56:04 UTC+0000|[PE HEADER (dll)]| actxprxy.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71d40000
2004-08-04 06:13:58 UTC+0000|[PE DEBUG]| actxprxy.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71d40000
2004-08-04 06:14:57 UTC+0000|[PE HEADER (dll)]| SXS.DLL| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x75e90000
-|[PE DEBUG]| SXS.DLL| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x75e90000
2004-08-04 07:57:55 UTC+0000|[PE HEADER (dll)]| WTSAPI32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76f50000
2004-08-04 06:01:27 UTC+0000|[PE DEBUG]| WTSAPI32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76f50000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| snmpapi.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71f60000
2004-08-04 06:05:57 UTC+0000|[PE DEBUG]| snmpapi.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71f60000
2004-08-04 07:56:42 UTC+0000|[PE HEADER (dll)]| ShimEng.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x5cb70000
2004-08-04 06:04:52 UTC+0000|[PE DEBUG]| ShimEng.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x5cb70000
2004-08-04 07:58:31 UTC+0000|[PE HEADER (dll)]| MSIMG32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76380000
2004-08-04 06:14:23 UTC+0000|[PE DEBUG]| MSIMG32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76380000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| xpsp2res.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x20000000
-|[PE DEBUG]| xpsp2res.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x20000000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x7c9c0000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x773d0000
2004-08-04 07:56:55 UTC+0000|[PE HEADER (dll)]| ATL.DLL| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76b20000
2004-08-04 06:00:13 UTC+0000|[PE DEBUG]| ATL.DLL| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76b20000
2004-08-04 07:56:53 UTC+0000|[PE HEADER (dll)]| POWRPROF.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x74ad0000
-|[PE DEBUG]| POWRPROF.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x74ad0000
2004-08-04 07:56:29 UTC+0000|[PE HEADER (dll)]| SAMLIB.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71bf0000
-|[PE DEBUG]| SAMLIB.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71bf0000
2004-08-04 07:56:08 UTC+0000|[PE HEADER (dll)]| cscui.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77a20000
-|[PE DEBUG]| cscui.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77a20000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| CSCDLL.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76600000
-|[PE DEBUG]| CSCDLL.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76600000
2004-08-04 07:56:16 UTC+0000|[PE HEADER (dll)]| hnetcfg.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x662b0000
2004-08-04 05:59:59 UTC+0000|[PE DEBUG]| hnetcfg.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x662b0000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77c10000
2004-08-04 07:56:06 UTC+0000|[PE HEADER (dll)]| CRYPTUI.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x754d0000
-|[PE DEBUG]| CRYPTUI.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x754d0000
2004-08-04 07:56:54 UTC+0000|[PE HEADER (dll)]| wdmaud.drv| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x72d20000
2004-08-04 06:07:49 UTC+0000|[PE DEBUG]| wdmaud.drv| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x72d20000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| COMRes.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77050000
2004-07-12 19:30:21 UTC+0000|[PE DEBUG]| COMRes.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77050000
2004-08-04 07:56:46 UTC+0000|[PE HEADER (dll)]| themeui.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x5ba60000
2004-08-04 05:58:31 UTC+0000|[PE DEBUG]| themeui.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x5ba60000
2004-08-04 07:56:25 UTC+0000|[PE HEADER (dll)]| midimap.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77bd0000
2004-08-04 05:58:38 UTC+0000|[PE DEBUG]| midimap.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77bd0000
2004-08-04 07:56:10 UTC+0000|[PE HEADER (dll)]| iphlpapi.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76d60000
2004-08-04 06:14:22 UTC+0000|[PE DEBUG]| iphlpapi.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76d60000
2004-08-04 07:56:01 UTC+0000|[PE HEADER (dll)]| CRYPT32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77a80000
-|[PE DEBUG]| CRYPT32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77a80000
2004-08-04 07:55:59 UTC+0000|[PE HEADER (dll)]| BatMeter.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x74af0000
2004-08-04 06:14:12 UTC+0000|[PE DEBUG]| BatMeter.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x74af0000
2004-08-04 07:56:25 UTC+0000|[PE HEADER (dll)]| IMAGEHLP.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76c90000
-|[PE DEBUG]| IMAGEHLP.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76c90000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71aa0000
2004-08-04 06:14:48 UTC+0000|[PE DEBUG]| WS2HELP.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x71aa0000
2004-08-04 07:56:37 UTC+0000|[PE HEADER (dll)]| NETSHELL.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76400000
-|[PE DEBUG]| NETSHELL.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76400000
2004-08-04 07:57:03 UTC+0000|[PE HEADER (dll)]| MSACM32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77be0000
-|[PE DEBUG]| MSACM32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77be0000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x5d090000
-|[PE DEBUG]| comctl32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x5d090000
2004-08-04 07:56:49 UTC+0000|[PE HEADER (dll)]| Secur32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77fe0000
-|[PE DEBUG]| Secur32.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77fe0000
2004-08-04 07:56:42 UTC+0000|[PE HEADER (dll)]| credui.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76c00000
2004-08-04 06:01:07 UTC+0000|[PE DEBUG]| credui.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76c00000
2004-08-04 07:56:37 UTC+0000|[PE HEADER (dll)]| urlmon.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77260000
-|[PE DEBUG]| urlmon.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77260000
2004-08-04 07:57:23 UTC+0000|[PE HEADER (dll)]| MSASN1.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77b20000
-|[PE DEBUG]| MSASN1.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x77b20000
2001-08-18 05:33:30 UTC+0000|[PE HEADER (dll)]| msacm32.drv| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x72d10000
2001-08-17 20:46:45 UTC+0000|[PE DEBUG]| msacm32.drv| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x72d10000
2004-08-04 07:59:26 UTC+0000|[PE HEADER (dll)]| stobject.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76280000
-|[PE DEBUG]| stobject.dll| Process: explorer.exe/PID: 1956/PPID: 1884/Process POffset: 0x015bcda0/DLL Base: 0x76280000
2011-10-10 17:04:39 UTC+0000|[PROCESS]| wscntfy.exe| PID: 1920/PPID: 964/POffset: 0x017c4da0
2011-10-10 17:04:39 UTC+0000|[PROCESS LastTrimTime]| wscntfy.exe| PID: 1920/PPID: 964/POffset: 0x017c4da0
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| wscntfy.exe PID: 1920/PPID: 964/POffset: 0x017c4da0
2004-08-04 06:09:09 UTC+0000|[PE HEADER (exe)]| wscntfy.exe| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x01000000
2004-08-04 06:09:09 UTC+0000|[PE DEBUG]| wscntfy.exe| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x01000000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x7c900000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x773d0000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x77f10000
-|[PE DEBUG]| GDI32.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x77f10000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| snmpapi.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x71f60000
2004-08-04 06:05:57 UTC+0000|[PE DEBUG]| snmpapi.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x71f60000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x77f60000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x77c00000
-|[PE DEBUG]| VERSION.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x77c00000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x77e70000
2009-04-07 14:39:10 UTC+0000|[PE HEADER (dll)]| mfc42ul.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x10000000
-|[PE DEBUG]| mfc42ul.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x10000000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| uxtheme.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x5ad70000
-|[PE DEBUG]| uxtheme.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x5ad70000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x71aa0000
-|[PE DEBUG]| WS2HELP.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x71aa0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x71ab0000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x7c9c0000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x77dd0000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| xpsp2res.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x20000000
-|[PE DEBUG]| xpsp2res.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x20000000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x7c800000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x77c10000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: wscntfy.exe/PID: 1920/PPID: 964/Process POffset: 0x017c4da0/DLL Base: 0x77d40000
2011-10-10 17:04:41 UTC+0000|[PROCESS]| VMwareUser.exe| PID: 192/PPID: 1956/POffset: 0x01a0b478
2011-10-10 17:04:41 UTC+0000|[PROCESS LastTrimTime]| VMwareUser.exe| PID: 192/PPID: 1956/POffset: 0x01a0b478
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| VMwareUser.exe PID: 192/PPID: 1956/POffset: 0x01a0b478
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| VMwareUser.exe PID: 192/PPID: 1956/POffset: 0x01a0b478
2010-11-06 18:16:18 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\NETWORKPROVIDER\HWORDER| VMwareUser.exe PID: 192/PPID: 1956/POffset: 0x01a0b478
2010-11-06 18:14:51 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500_CLASSES| VMwareUser.exe PID: 192/PPID: 1956/POffset: 0x01a0b478
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| VMwareUser.exe PID: 192/PPID: 1956/POffset: 0x01a0b478
2011-10-10 17:06:42 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500| VMwareUser.exe PID: 192/PPID: 1956/POffset: 0x01a0b478
2011-10-10 16:51:32 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM| VMwareUser.exe PID: 192/PPID: 1956/POffset: 0x01a0b478
2011-10-10 17:04:40 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER| VMwareUser.exe PID: 192/PPID: 1956/POffset: 0x01a0b478
2011-10-10 16:54:14 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\MUICACHE| VMwareUser.exe PID: 192/PPID: 1956/POffset: 0x01a0b478
2010-04-01 00:10:36 UTC+0000|[PE HEADER (exe)]| VMwareUser.exe| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x00400000
2010-04-01 00:10:36 UTC+0000|[PE DEBUG]| VMwareUser.exe| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x00400000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x7c900000
2006-12-02 06:50:32 UTC+0000|[PE HEADER (dll)]| MSVCR80.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x78130000
2006-12-02 06:50:32 UTC+0000|[PE DEBUG]| MSVCR80.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x78130000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77f60000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77c00000
-|[PE DEBUG]| VERSION.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77c00000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| uxtheme.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x5ad70000
-|[PE DEBUG]| uxtheme.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x5ad70000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| SHFOLDER.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x76780000
2004-08-04 06:14:11 UTC+0000|[PE DEBUG]| SHFOLDER.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x76780000
2007-05-04 20:42:50 UTC+0000|[PE HEADER (dll)]| sigc-2.0.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x10000000
2007-05-04 20:42:50 UTC+0000|[PE DEBUG]| sigc-2.0.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x10000000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77dd0000
2004-08-04 07:56:46 UTC+0000|[PE HEADER (dll)]| MPR.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x71b20000
-|[PE DEBUG]| MPR.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x71b20000
2004-08-04 07:57:10 UTC+0000|[PE HEADER (dll)]| WINMM.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x76b40000
-|[PE DEBUG]| WINMM.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x76b40000
2006-12-02 06:52:56 UTC+0000|[PE HEADER (dll)]| MSVCP80.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x7c420000
2006-12-02 06:52:56 UTC+0000|[PE DEBUG]| MSVCP80.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x7c420000
2004-08-04 07:56:28 UTC+0000|[PE HEADER (dll)]| NETAPI32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x5b860000
-|[PE DEBUG]| NETAPI32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x5b860000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77e70000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x71ab0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x774e0000
2004-08-04 07:56:38 UTC+0000|[PE HEADER (dll)]| WINSPOOL.DRV| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x73000000
2004-08-04 06:14:18 UTC+0000|[PE DEBUG]| WINSPOOL.DRV| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x73000000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77f10000
-|[PE DEBUG]| GDI32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77f10000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| OLEAUT32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77120000
-|[PE DEBUG]| OLEAUT32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77120000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77d40000
2004-08-04 07:57:55 UTC+0000|[PE HEADER (dll)]| wtsapi32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x76f50000
2004-08-04 06:01:27 UTC+0000|[PE DEBUG]| wtsapi32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x76f50000
2004-08-04 07:57:05 UTC+0000|[PE HEADER (dll)]| snmpapi.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x71f60000
2004-08-04 06:05:57 UTC+0000|[PE DEBUG]| snmpapi.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x71f60000
2009-04-07 14:39:10 UTC+0000|[PE HEADER (dll)]| mfc42ul.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x00390000
-|[PE DEBUG]| mfc42ul.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x00390000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| xpsp2res.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x20000000
-|[PE DEBUG]| xpsp2res.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x20000000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x7c9c0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x7c800000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x773d0000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| WINSTA.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x76360000
-|[PE DEBUG]| WINSTA.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x76360000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x77c10000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x5d090000
-|[PE DEBUG]| comctl32.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x5d090000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x71aa0000
-|[PE DEBUG]| WS2HELP.dll| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x71aa0000
2006-12-02 08:07:20 UTC+0000|[PE HEADER (dll)]| MFC80U.DLL| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x782e0000
2006-12-02 08:07:20 UTC+0000|[PE DEBUG]| MFC80U.DLL| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x782e0000
2006-12-02 08:07:59 UTC+0000|[PE HEADER (dll)]| MFC80ENU.DLL| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x5d360000
-|[PE DEBUG]| MFC80ENU.DLL| Process: VMwareUser.exe/PID: 192/PPID: 1956/Process POffset: 0x01a0b478/DLL Base: 0x5d360000
2011-10-10 17:04:00 UTC+0000|[PROCESS]| svchost.exe| PID: 1148/PPID: 676/POffset: 0x015aeda0
2011-10-10 17:04:00 UTC+0000|[PROCESS LastTrimTime]| svchost.exe| PID: 1148/PPID: 676/POffset: 0x015aeda0
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:08:49 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\DRIVERS32| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\LINKAGE| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2011-10-10 16:44:25 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:06:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS\INTERFACES| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETBT\PARAMETERS| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:16:22 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\PROTOCOL_CATALOG9| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:05:35 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSOCK2\PARAMETERS\NAMESPACE_CATALOG5| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| USER\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| USER\S-1-5-19_CLASSES| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| USER\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| USER\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2011-10-10 17:04:01 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\EPOCH| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| USER\S-1-5-19_CLASSES| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2011-10-10 16:39:16 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2011-10-10 17:04:38 UTC+0000|[Handle (Key)]| USER| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\COM3| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2011-10-10 16:39:17 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\CLASSES\CLSID| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2010-11-06 18:13:46 UTC+0000|[Handle (Key)]| USER\S-1-5-19_CLASSES| svchost.exe PID: 1148/PPID: 676/POffset: 0x015aeda0
2004-08-04 06:14:46 UTC+0000|[PE HEADER (exe)]| svchost.exe| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x01000000
2004-08-04 06:14:46 UTC+0000|[PE DEBUG]| svchost.exe| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x01000000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x7c900000
2004-08-04 07:57:10 UTC+0000|[PE HEADER (dll)]| WINMM.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x76b40000
-|[PE DEBUG]| WINMM.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x76b40000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| USERENV.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x769c0000
-|[PE DEBUG]| USERENV.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x769c0000
2004-08-04 07:56:44 UTC+0000|[PE HEADER (dll)]| SHLWAPI.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77f60000
-|[PE DEBUG]| SHLWAPI.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77f60000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| UxTheme.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x5ad70000
-|[PE DEBUG]| UxTheme.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x5ad70000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| xpsp2res.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x20000000
-|[PE DEBUG]| xpsp2res.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x20000000
2004-08-04 07:57:08 UTC+0000|[PE HEADER (dll)]| WININET.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x771b0000
-|[PE DEBUG]| WININET.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x771b0000
2004-08-04 07:56:49 UTC+0000|[PE HEADER (dll)]| Secur32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77fe0000
-|[PE DEBUG]| Secur32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77fe0000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77dd0000
2004-08-04 07:57:03 UTC+0000|[PE HEADER (dll)]| MSACM32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77be0000
-|[PE DEBUG]| MSACM32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77be0000
2004-08-04 07:57:49 UTC+0000|[PE HEADER (dll)]| wshtcpip.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x71a90000
2004-08-04 06:14:51 UTC+0000|[PE DEBUG]| wshtcpip.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x71a90000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| VERSION.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77c00000
2004-08-04 06:14:58 UTC+0000|[PE DEBUG]| VERSION.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77c00000
2004-08-04 07:56:18 UTC+0000|[PE HEADER (dll)]| CLBCATQ.DLL| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x76fd0000
2004-08-04 06:14:45 UTC+0000|[PE DEBUG]| CLBCATQ.DLL| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x76fd0000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77d40000
2004-08-04 07:56:15 UTC+0000|[PE HEADER (dll)]| lmhsvc.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x74c40000
2004-08-04 06:14:34 UTC+0000|[PE DEBUG]| lmhsvc.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x74c40000
2004-08-04 07:59:20 UTC+0000|[PE HEADER (dll)]| mswsock.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x71a50000
-|[PE DEBUG]| mswsock.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x71a50000
2004-08-04 07:55:58 UTC+0000|[PE HEADER (dll)]| AcGenral.DLL| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x6f880000
2004-08-04 06:04:41 UTC+0000|[PE DEBUG]| AcGenral.DLL| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x6f880000
2004-08-04 07:57:02 UTC+0000|[PE HEADER (dll)]| NTMARTA.DLL| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77690000
-|[PE DEBUG]| NTMARTA.DLL| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77690000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| WS2_32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x71ab0000
-|[PE DEBUG]| WS2_32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x71ab0000
2004-08-04 07:56:43 UTC+0000|[PE HEADER (dll)]| WLDAP32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x76f60000
2004-08-04 06:16:35 UTC+0000|[PE DEBUG]| WLDAP32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x76f60000
2004-08-04 07:57:51 UTC+0000|[PE HEADER (dll)]| wsock32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x71ad0000
2004-08-04 06:14:51 UTC+0000|[PE DEBUG]| wsock32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x71ad0000
2004-08-04 07:57:38 UTC+0000|[PE HEADER (dll)]| ole32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x774e0000
-|[PE DEBUG]| ole32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x774e0000
2004-08-04 07:56:41 UTC+0000|[PE HEADER (dll)]| regsvc.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x76af0000
2004-08-04 06:20:08 UTC+0000|[PE DEBUG]| regsvc.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x76af0000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77f10000
2004-08-04 06:14:43 UTC+0000|[PE DEBUG]| GDI32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77f10000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| OLEAUT32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77120000
-|[PE DEBUG]| OLEAUT32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77120000
2004-08-04 07:56:10 UTC+0000|[PE HEADER (dll)]| iphlpapi.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x76d60000
2004-08-04 06:14:22 UTC+0000|[PE DEBUG]| iphlpapi.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x76d60000
2004-08-04 07:56:42 UTC+0000|[PE HEADER (dll)]| ShimEng.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x5cb70000
2004-08-04 06:04:52 UTC+0000|[PE DEBUG]| ShimEng.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x5cb70000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| SHELL32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x7c9c0000
-|[PE DEBUG]| SHELL32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x7c9c0000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| kernel32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x7c800000
-|[PE DEBUG]| kernel32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x7c800000
2004-08-04 07:55:56 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x773d0000
2004-08-04 05:58:44 UTC+0000|[PE DEBUG]| comctl32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x773d0000
2004-08-04 07:59:17 UTC+0000|[PE HEADER (dll)]| ssdpsrv.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x765e0000
2004-08-04 06:08:07 UTC+0000|[PE DEBUG]| ssdpsrv.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x765e0000
2004-08-04 07:56:29 UTC+0000|[PE HEADER (dll)]| SAMLIB.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x71bf0000
-|[PE DEBUG]| SAMLIB.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x71bf0000
2004-08-04 07:56:16 UTC+0000|[PE HEADER (dll)]| hnetcfg.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x662b0000
2004-08-04 05:59:59 UTC+0000|[PE DEBUG]| hnetcfg.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x662b0000
2004-08-04 07:59:14 UTC+0000|[PE HEADER (dll)]| msvcrt.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77c10000
2004-08-04 05:58:27 UTC+0000|[PE DEBUG]| msvcrt.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77c10000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77e70000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| COMRes.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77050000
2004-07-12 19:30:21 UTC+0000|[PE DEBUG]| COMRes.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77050000
2004-08-04 07:56:37 UTC+0000|[PE HEADER (dll)]| urlmon.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77260000
-|[PE DEBUG]| urlmon.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77260000
2004-08-04 07:56:01 UTC+0000|[PE HEADER (dll)]| CRYPT32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77a80000
-|[PE DEBUG]| CRYPT32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77a80000
2004-08-04 07:56:31 UTC+0000|[PE HEADER (dll)]| comctl32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x5d090000
-|[PE DEBUG]| comctl32.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x5d090000
2004-08-04 07:57:39 UTC+0000|[PE HEADER (dll)]| WS2HELP.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x71aa0000
2004-08-04 06:14:48 UTC+0000|[PE DEBUG]| WS2HELP.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x71aa0000
2004-08-04 07:56:56 UTC+0000|[PE HEADER (dll)]| webclnt.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x5a6e0000
2004-08-04 06:00:52 UTC+0000|[PE DEBUG]| webclnt.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x5a6e0000
2004-08-04 07:57:23 UTC+0000|[PE HEADER (dll)]| MSASN1.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77b20000
-|[PE DEBUG]| MSASN1.dll| Process: svchost.exe/PID: 1148/PPID: 676/Process POffset: 0x015aeda0/DLL Base: 0x77b20000
1970-01-01 00:00:00 UTC+0000|[PROCESS]| System| PID: 4/PPID: 0/POffset: 0x01bcc830
1970-01-01 00:00:00 UTC+0000|[PROCESS LastTrimTime]| System| PID: 4/PPID: 0/POffset: 0x01bcc830
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER\MEMORY MANAGEMENT\PREFETCHPARAMETERS| System PID: 4/PPID: 0/POffset: 0x01bcc830
2011-10-10 17:03:49 UTC+0000|[Handle (Key)]| | System PID: 4/PPID: 0/POffset: 0x01bcc830
2010-11-06 18:13:41 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\SETUP| System PID: 4/PPID: 0/POffset: 0x01bcc830
2011-10-10 17:03:49 UTC+0000|[Handle (Key)]| MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MULTIFUNCTIONADAPTER| System PID: 4/PPID: 0/POffset: 0x01bcc830
2010-11-06 18:06:41 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\WPA\MEDIACENTER| System PID: 4/PPID: 0/POffset: 0x01bcc830
2010-11-06 18:14:22 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\WPA\KEY-CJ27J3P2XV9J9JCPB4DVT| System PID: 4/PPID: 0/POffset: 0x01bcc830
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\WPA\PNP| System PID: 4/PPID: 0/POffset: 0x01bcc830
2010-11-06 18:14:18 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\WPA\SIGNINGHASH-6KCM6KFTX6MD62| System PID: 4/PPID: 0/POffset: 0x01bcc830
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\PRODUCTOPTIONS| System PID: 4/PPID: 0/POffset: 0x01bcc830
2011-10-10 16:41:13 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG| System PID: 4/PPID: 0/POffset: 0x01bcc830
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\ACPI\PARAMETERS| System PID: 4/PPID: 0/POffset: 0x01bcc830
2011-10-10 17:03:52 UTC+0000|[Handle (Key)]| MACHINE\HARDWARE\DEVICEMAP\SCSI\SCSI PORT 2\SCSI BUS 0\TARGET ID 0\LOGICAL UNIT ID 0| System PID: 4/PPID: 0/POffset: 0x01bcc830
2011-10-10 17:03:52 UTC+0000|[Handle (Key)]| MACHINE\HARDWARE\DEVICEMAP\SCSI\SCSI PORT 2\SCSI BUS 0\INITIATOR ID 7| System PID: 4/PPID: 0/POffset: 0x01bcc830
2011-10-10 17:03:52 UTC+0000|[Handle (Key)]| MACHINE\HARDWARE\DEVICEMAP\SCSI\SCSI PORT 2\SCSI BUS 0| System PID: 4/PPID: 0/POffset: 0x01bcc830
2011-10-10 17:03:52 UTC+0000|[Handle (Key)]| MACHINE\HARDWARE\DEVICEMAP\SCSI\SCSI PORT 2| System PID: 4/PPID: 0/POffset: 0x01bcc830
2011-10-10 17:03:52 UTC+0000|[Handle (Key)]| MACHINE\HARDWARE\DEVICEMAP\SCSI| System PID: 4/PPID: 0/POffset: 0x01bcc830
2011-10-10 17:03:52 UTC+0000|[Handle (Key)]| MACHINE\HARDWARE\DEVICEMAP\SCSI\SCSI PORT 2\SCSI BUS 0\TARGET ID 0| System PID: 4/PPID: 0/POffset: 0x01bcc830
2010-11-06 18:08:27 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\SERVICES\HTTP\PARAMETERS\URLACLINFO| System PID: 4/PPID: 0/POffset: 0x01bcc830
2011-10-10 17:03:49 UTC+0000|[Handle (Key)]| MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MULTIFUNCTIONADAPTER| System PID: 4/PPID: 0/POffset: 0x01bcc830
2011-10-10 17:03:49 UTC+0000|[Handle (Key)]| MACHINE\HARDWARE\DESCRIPTION\SYSTEM\MULTIFUNCTIONADAPTER| System PID: 4/PPID: 0/POffset: 0x01bcc830
2011-10-10 17:03:54 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\VIDEO\{E210C760-76C6-4E7E-9B2F-04D617F97DD7}\0000\VOLATILESETTINGS| System PID: 4/PPID: 0/POffset: 0x01bcc830
2011-10-10 17:03:54 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\VIDEO\{E210C760-76C6-4E7E-9B2F-04D617F97DD7}\0001\VOLATILESETTINGS| System PID: 4/PPID: 0/POffset: 0x01bcc830
2011-10-10 17:03:56 UTC+0000|[PROCESS]| smss.exe| PID: 536/PPID: 4/POffset: 0x01b45020
2011-10-10 17:03:56 UTC+0000|[PROCESS LastTrimTime]| smss.exe| PID: 536/PPID: 4/POffset: 0x01b45020
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\PERFLIB| smss.exe PID: 536/PPID: 4/POffset: 0x01b45020
2010-11-06 18:09:59 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\CRASHCONTROL| smss.exe PID: 536/PPID: 4/POffset: 0x01b45020
2004-08-04 06:03:40 UTC+0000|[PE HEADER (exe)]| smss.exe| Process: smss.exe/PID: 536/PPID: 4/Process POffset: 0x01b45020/DLL Base: 0x48580000
2004-08-04 06:03:40 UTC+0000|[PE DEBUG]| smss.exe| Process: smss.exe/PID: 536/PPID: 4/Process POffset: 0x01b45020/DLL Base: 0x48580000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: smss.exe/PID: 536/PPID: 4/Process POffset: 0x01b45020/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: smss.exe/PID: 536/PPID: 4/Process POffset: 0x01b45020/DLL Base: 0x7c900000
2011-10-10 17:03:58 UTC+0000|[PROCESS]| csrss.exe| PID: 608/PPID: 536/POffset: 0x018c6020
2011-10-10 17:03:58 UTC+0000|[PROCESS LastTrimTime]| csrss.exe| PID: 608/PPID: 536/POffset: 0x018c6020
2010-11-06 13:02:40 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\CONTROLSET001\CONTROL\PRIORITYCONTROL| csrss.exe PID: 608/PPID: 536/POffset: 0x018c6020
2011-10-10 17:03:58 UTC+0000|[Handle (Key)]| MACHINE| csrss.exe PID: 608/PPID: 536/POffset: 0x018c6020
2010-11-06 18:13:41 UTC+0000|[Handle (Key)]| MACHINE\SYSTEM\SETUP| csrss.exe PID: 608/PPID: 536/POffset: 0x018c6020
2010-11-06 18:14:21 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\CONTROL PANEL\INTERNATIONAL| csrss.exe PID: 608/PPID: 536/POffset: 0x018c6020
2010-11-06 18:14:21 UTC+0000|[Handle (Key)]| USER\S-1-5-21-839522115-73586283-2147125571-500\CONTROL PANEL\INTERNATIONAL| csrss.exe PID: 608/PPID: 536/POffset: 0x018c6020
2004-08-04 06:03:11 UTC+0000|[PE HEADER (exe)]| csrss.exe| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x4a680000
2004-08-04 06:03:11 UTC+0000|[PE DEBUG]| csrss.exe| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x4a680000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| ntdll.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x7c900000
-|[PE DEBUG]| ntdll.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x7c900000
2004-08-04 07:56:10 UTC+0000|[PE HEADER (dll)]| CSRSRV.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x75b40000
2004-08-04 06:03:11 UTC+0000|[PE DEBUG]| CSRSRV.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x75b40000
2004-08-04 07:56:40 UTC+0000|[PE HEADER (dll)]| USER32.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x77d40000
-|[PE DEBUG]| USER32.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x77d40000
2004-08-04 07:56:30 UTC+0000|[PE HEADER (dll)]| RPCRT4.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x77e70000
-|[PE DEBUG]| RPCRT4.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x77e70000
2004-08-04 06:14:57 UTC+0000|[PE HEADER (dll)]| sxs.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x75e90000
-|[PE DEBUG]| sxs.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x75e90000
2004-08-04 07:56:23 UTC+0000|[PE HEADER (dll)]| ADVAPI32.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x77dd0000
-|[PE DEBUG]| ADVAPI32.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x77dd0000
2004-08-04 06:03:45 UTC+0000|[PE HEADER (dll)]| basesrv.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x75b50000
2004-08-04 06:03:45 UTC+0000|[PE DEBUG]| basesrv.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x75b50000
2004-08-04 07:56:36 UTC+0000|[PE HEADER (dll)]| KERNEL32.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x7c800000
-|[PE DEBUG]| KERNEL32.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x7c800000
2004-08-04 07:56:07 UTC+0000|[PE HEADER (dll)]| GDI32.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x77f10000
-|[PE DEBUG]| GDI32.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x77f10000
2004-08-04 07:56:39 UTC+0000|[PE HEADER (dll)]| winsrv.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x75b60000
-|[PE DEBUG]| winsrv.dll| Process: csrss.exe/PID: 608/PPID: 536/Process POffset: 0x018c6020/DLL Base: 0x75b60000
2011-10-10 17:04:00 UTC+0000|[SOCKET]| LocalIP: 0.0.0.0:500/Protocol: 17(UDP)| PID: 688/POffset: 0x0x01796a78
2011-10-10 17:03:55 UTC+0000|[SOCKET]| LocalIP: 0.0.0.0:445/Protocol: 17(UDP)| PID: 4/POffset: 0x0x018118d8
2011-10-10 17:04:42 UTC+0000|[SOCKET]| LocalIP: 127.0.0.1:1029/Protocol: 17(UDP)| PID: 964/POffset: 0x0x0186a008
2011-10-10 17:04:01 UTC+0000|[SOCKET]| LocalIP: 127.0.0.1:1025/Protocol: 6(TCP)| PID: 1616/POffset: 0x0x01887e98
2011-10-10 17:04:41 UTC+0000|[SOCKET]| LocalIP: 127.0.0.1:1900/Protocol: 17(UDP)| PID: 1148/POffset: 0x0x0194fe98
2011-10-10 17:04:00 UTC+0000|[SOCKET]| LocalIP: 127.0.0.1:123/Protocol: 17(UDP)| PID: 964/POffset: 0x0x019517e8
2011-10-10 17:04:00 UTC+0000|[SOCKET]| LocalIP: 0.0.0.0:4500/Protocol: 17(UDP)| PID: 688/POffset: 0x0x01953008
2011-10-10 17:04:00 UTC+0000|[SOCKET]| LocalIP: 0.0.0.0:0/Protocol: 255(Reserved)| PID: 688/POffset: 0x0x01953b20
2011-10-10 17:04:39 UTC+0000|[SOCKET]| LocalIP: 0.0.0.0:1026/Protocol: 6(TCP)| PID: 1956/POffset: 0x0x0197e3c0
2011-10-10 17:03:59 UTC+0000|[SOCKET]| LocalIP: 0.0.0.0:135/Protocol: 6(TCP)| PID: 916/POffset: 0x0x01a328d8
2011-10-10 17:03:55 UTC+0000|[SOCKET]| LocalIP: 0.0.0.0:445/Protocol: 6(TCP)| PID: 4/POffset: 0x0x01addc08
2010-11-06 18:05:35 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/LoadPerf/1000/Info/RSVP;QoS RSVP
2010-11-06 18:05:59 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/LoadPerf/1000/Info/PSched;PSched
2010-11-06 18:06:02 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/LoadPerf/1000/Info/RemoteAccess;Routing and Remote Access
2010-11-06 18:07:09 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/LoadPerf/1000/Info/TermService;Terminal Services
2010-11-06 18:07:10 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/LoadPerf/1000/Info/MSDTC;MSDTC
2010-11-06 18:07:12 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/MSDTC/4104/Info/N/A
2010-11-06 18:07:12 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/MSDTC/2444/Info/0;0;0;0;0;0
2010-11-06 18:07:24 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/LoadPerf/1000/Info/WmiApRpl;WmiApRpl
2010-11-06 18:07:24 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/LoadPerf/1001/Info/WmiApRpl;WmiApRpl
2010-11-06 18:07:24 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/LoadPerf/1000/Info/WmiApRpl;WmiApRpl
2010-11-06 18:07:33 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/S-1-5-18 (Local System)/WinMgmt/63/Warning/HiPerfCooker_v1;Root\WMI
2010-11-06 18:07:35 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/S-1-5-18 (Local System)/WinMgmt/63/Warning/CmdTriggerConsumer;Root\cimv2
2010-11-06 18:07:35 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/S-1-5-18 (Local System)/WinMgmt/63/Warning/CmdTriggerConsumer;Root\cimv2
2010-11-06 18:07:37 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/LoadPerf/1000/Info/ContentIndex;ContentIndex
2010-11-06 18:07:37 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/LoadPerf/1000/Info/ContentFilter;ContentFilter
2010-11-06 18:07:37 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/LoadPerf/1000/Info/ISAPISearch;ISAPISearch
2010-11-06 18:09:31 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/S-1-5-18 (Local System)/WinMgmt/5603/Warning/Rsop Planning Mode Provider;root\RSOP
2010-11-06 18:09:31 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/S-1-5-18 (Local System)/WinMgmt/5603/Warning/Rsop Planning Mode Provider;root\RSOP
2010-11-06 18:09:35 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/COM+/4156/Info/First attemp to CoCreateInstance(CLSID_ComSystemAppEventData) failed!
2010-11-06 18:09:35 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/COM+/4156/Info/Remove old EventClass(CLSID_ComSystemAppEventData) from event system!.
2010-11-06 18:09:35 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/COM+/4156/Info/Added EventClass(CLSID_ComSystemAppEventData) to event system!.
2010-11-06 18:09:35 UTC+0000|[EVT LOG]| appevent.evt| HBGARY-5138B4D6/N/A/COM+/4156/Info/RegisterComSystemAppEventData() succeeded!  Will re-try CoCreateInstance(CLSID_ComSystemAppEventData)
2010-11-06 18:09:46 UTC+0000|[EVT LOG]| appevent.evt| /N/A/WmdmPm/100/Info/
2010-11-06 13:01:55 UTC+0000|[EVT LOG]| sysevent.evt| MACHINENAME/N/A/EventLog/6009/Info/5.01.;2600;Service Pack 2;Uniprocessor Free
2010-11-06 13:01:55 UTC+0000|[EVT LOG]| sysevent.evt| MACHINENAME/N/A/EventLog/6005/Info/N/A
2010-11-06 13:02:13 UTC+0000|[EVT LOG]| sysevent.evt| MACHINENAME/N/A/Serial/2/Info/\Device\Serial0;\Device\Serial0
2010-11-06 13:02:13 UTC+0000|[EVT LOG]| sysevent.evt| MACHINENAME/N/A/Serial/2/Info/\Device\Serial1;\Device\Serial1
2010-11-06 18:05:34 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/N/A/EventLog/6011/Info/MACHINENAME;HBGARY-5138B4D6
2010-11-06 18:06:41 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/N/A/Workstation/3260/Info/workgroup;WORKGROUP
2010-11-06 18:08:27 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/N/A/HTTP/15007/Info/;http://*:2869/
2010-11-06 18:13:06 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/N/A/Setup/60054/Info/2600
2010-11-06 18:13:45 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/N/A/EventLog/6009/Info/5.01.;2600;Service Pack 2;Uniprocessor Free
2010-11-06 18:13:45 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/N/A/EventLog/6005/Info/N/A
2010-11-06 18:14:06 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/N/A/SRService/115/Info/N/A
2010-11-06 18:14:22 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/S-1-5-18 (Local System)/Service Control Manager/7035/Info/DCOM Server Process Launcher;start
2010-11-06 18:14:22 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/S-1-5-18 (Local System)/Service Control Manager/7035/Info/Telephony;start
2010-11-06 18:14:22 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/S-1-5-18 (Local System)/Service Control Manager/7035/Info/Network Location Awareness (NLA);start
2010-11-06 18:14:22 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/N/A/Service Control Manager/7036/Info/Network Location Awareness (NLA);running
2010-11-06 18:14:22 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/S-1-5-18 (Local System)/Service Control Manager/7035/Info/Application Layer Gateway Service;start
2010-11-06 18:14:22 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/N/A/Service Control Manager/7036/Info/Application Layer Gateway Service;running
2010-11-06 18:14:22 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/N/A/Service Control Manager/7036/Info/Computer Browser;stopped
2010-11-06 18:14:22 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/N/A/Service Control Manager/7036/Info/Terminal Services;running
2010-11-06 18:14:22 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/S-1-5-18 (Local System)/Service Control Manager/7035/Info/Fast User Switching Compatibility;start
2010-11-06 18:14:22 UTC+0000|[EVT LOG]| sysevent.evt| HBGARY-5138B4D6/N/A/Service Control Manager/7036/Info/Fast User Switching Compatibility;running
2010-11-06 18:14:53 UTC+0000|[EVT LOG]| sysevent.evt| /S-0-0/Se/7035/Info/;
2011-10-10 17:04:01 UTC+0000|[THREAD]| alg.exe| PID: 1616/TID: 1640
2011-10-10 17:04:01 UTC+0000|[THREAD]| alg.exe| PID: 1616/TID: 1636
2011-10-10 17:04:01 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1612
2011-10-10 17:04:01 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1608
2011-10-10 17:04:01 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 1604 End: 2011-10-10 17:04:01 UTC+0000
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1504
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1500
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1484
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1480
2011-10-10 17:03:58 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 656
2011-10-10 17:03:58 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 768
2011-10-10 17:03:58 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 772
2011-10-10 17:03:58 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 776
2011-10-10 17:03:56 UTC+0000|[THREAD]| smss.exe| PID: 536/TID: 548
2011-10-10 17:03:59 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 808 End: 2011-10-10 17:05:01 UTC+0000
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 1148/TID: 1152
2011-10-10 17:04:39 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 2000
2011-10-10 17:04:41 UTC+0000|[THREAD]| System| PID: 4/TID: 152
2011-10-10 17:03:58 UTC+0000|[THREAD]| csrss.exe| PID: 608/TID: 648
2011-10-10 17:04:46 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 396
2011-10-10 17:04:38 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 1792
2011-10-10 17:04:39 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1824 End: 2011-10-10 17:05:04 UTC+0000
2011-10-10 17:04:39 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 1828
2011-10-10 17:04:39 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 1980
2011-10-10 17:04:38 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 1732
2011-10-10 17:04:39 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 1868
2011-10-10 17:04:41 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 168
2011-10-10 17:04:39 UTC+0000|[THREAD]| UNKNOWN| PID: 1884/TID: 1968 End: 2011-10-10 17:06:32 UTC+0000
2011-10-10 17:04:40 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 2024
2011-10-10 17:04:40 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 2020
2011-10-10 17:03:58 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 700
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 916/TID: 948
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1224
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1220
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1216
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 896
2011-10-10 17:04:00 UTC+0000|[THREAD]| spoolsv.exe| PID: 1260/TID: 1288 End: 2011-10-10 17:06:32 UTC+0000
2011-10-10 17:04:00 UTC+0000|[THREAD]| spoolsv.exe| PID: 1260/TID: 1284
2011-10-10 17:04:00 UTC+0000|[THREAD]| spoolsv.exe| PID: 1260/TID: 1280
2011-10-10 17:04:00 UTC+0000|[THREAD]| spoolsv.exe| PID: 1260/TID: 1276
2011-10-10 17:03:58 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 764
2011-10-10 17:03:58 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 704
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 916/TID: 940 End: 2011-10-10 17:05:00 UTC+0000
2011-10-10 17:04:30 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1664
2011-10-10 17:04:46 UTC+0000|[THREAD]| wuauclt.exe| PID: 400/TID: 432
2011-10-10 17:06:47 UTC+0000|[THREAD]| UNKNOWN| PID: 580/TID: 576 End: 2011-10-10 17:06:47 UTC+0000
2011-10-10 17:04:46 UTC+0000|[THREAD]| wuauclt.exe| PID: 400/TID: 420
2011-10-10 17:06:32 UTC+0000|[THREAD]| spoolsv.exe| PID: 1260/TID: 468
2011-10-10 17:03:58 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 716
2011-10-10 17:04:41 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 164
2011-10-10 17:03:55 UTC+0000|[THREAD]| System| PID: 4/TID: 328
2011-10-10 17:03:54 UTC+0000|[THREAD]| System| PID: 4/TID: 280
2011-10-10 17:03:55 UTC+0000|[THREAD]| System| PID: 4/TID: 348
2011-10-10 17:03:54 UTC+0000|[THREAD]| System| PID: 4/TID: 176
2011-10-10 17:03:54 UTC+0000|[THREAD]| System| PID: 4/TID: 172
2011-10-10 17:03:58 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 712
2011-10-10 17:03:56 UTC+0000|[THREAD]| System| PID: 4/TID: 532
2011-10-10 17:04:41 UTC+0000|[THREAD]| svchost.exe| PID: 1148/TID: 224
2011-10-10 17:04:01 UTC+0000|[THREAD]| alg.exe| PID: 1616/TID: 1632
2011-10-10 17:04:01 UTC+0000|[THREAD]| alg.exe| PID: 1616/TID: 1628
2011-10-10 17:04:01 UTC+0000|[THREAD]| alg.exe| PID: 1616/TID: 1624
2011-10-10 17:04:01 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1596
2011-10-10 17:04:01 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1592
2011-10-10 17:04:30 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1668
2011-10-10 17:04:01 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1584
2011-10-10 17:04:00 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 1472
2011-10-10 17:04:00 UTC+0000|[THREAD]| VMwareService.e| PID: 1444/TID: 1476
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 916/TID: 1452
2011-10-10 17:03:59 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 788
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 1148/TID: 1156
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1300
2011-10-10 17:04:00 UTC+0000|[THREAD]| spoolsv.exe| PID: 1260/TID: 1292
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1492
2011-10-10 17:04:31 UTC+0000|[THREAD]| VMwareService.e| PID: 1444/TID: 1684
2011-10-10 17:04:41 UTC+0000|[THREAD]| System| PID: 4/TID: 208
2011-10-10 17:04:31 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1676
2011-10-10 17:04:39 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 1992
2011-10-10 17:04:41 UTC+0000|[THREAD]| svchost.exe| PID: 1148/TID: 240
2011-10-10 17:03:58 UTC+0000|[THREAD]| csrss.exe| PID: 608/TID: 640
2011-10-10 17:04:39 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 1872
2011-10-10 17:04:39 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1816
2011-10-10 17:04:38 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1704 End: 2011-10-10 17:06:48 UTC+0000
2011-10-10 17:03:58 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 664
2011-10-10 17:04:39 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1880
2011-10-10 17:04:38 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 1744
2011-10-10 17:04:39 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1820
2011-10-10 17:04:39 UTC+0000|[THREAD]| wscntfy.exe| PID: 1920/TID: 1928
2011-10-10 17:04:39 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 1960
2011-10-10 17:03:58 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 672
2011-10-10 17:04:40 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 2012
2011-10-10 17:03:59 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 804
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 1148/TID: 1348
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 1148/TID: 1344
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 1148/TID: 1340
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1228
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1232
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1272
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1268
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1308
2011-10-10 17:03:59 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 828 End: 2011-10-10 17:04:01 UTC+0000
2011-10-10 17:03:56 UTC+0000|[THREAD]| smss.exe| PID: 536/TID: 540
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 1020/TID: 1024
2011-10-10 17:04:00 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 1112
2011-10-10 17:06:36 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 524
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1376
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1368
2011-10-10 17:03:55 UTC+0000|[THREAD]| System| PID: 4/TID: 356
2011-10-10 17:03:55 UTC+0000|[THREAD]| System| PID: 4/TID: 352
2011-10-10 17:04:46 UTC+0000|[THREAD]| wuauclt.exe| PID: 400/TID: 412
2011-10-10 17:06:33 UTC+0000|[THREAD]| spoolsv.exe| PID: 1260/TID: 492
2011-10-10 17:06:32 UTC+0000|[THREAD]| spoolsv.exe| PID: 1260/TID: 460
2011-10-10 17:04:41 UTC+0000|[THREAD]| System| PID: 4/TID: 212
2011-10-10 17:03:52 UTC+0000|[THREAD]| System| PID: 4/TID: 104
2011-10-10 17:03:54 UTC+0000|[THREAD]| System| PID: 4/TID: 288
2011-10-10 17:03:54 UTC+0000|[THREAD]| System| PID: 4/TID: 284
2011-10-10 17:03:58 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 752
2011-10-10 17:03:58 UTC+0000|[THREAD]| csrss.exe| PID: 608/TID: 644
2011-10-10 17:05:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 444
2011-10-10 17:06:32 UTC+0000|[THREAD]| spoolsv.exe| PID: 1260/TID: 476
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 980
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 976
2011-10-10 17:04:41 UTC+0000|[THREAD]| System| PID: 4/TID: 220
2011-10-10 17:03:54 UTC+0000|[THREAD]| System| PID: 4/TID: 116
2011-10-10 17:03:54 UTC+0000|[THREAD]| System| PID: 4/TID: 140
2011-10-10 17:03:54 UTC+0000|[THREAD]| System| PID: 4/TID: 144
2011-10-10 17:03:54 UTC+0000|[THREAD]| System| PID: 4/TID: 148
2011-10-10 17:03:54 UTC+0000|[THREAD]| System| PID: 4/TID: 136
2011-10-10 17:03:59 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 908
2011-10-10 17:03:55 UTC+0000|[THREAD]| System| PID: 4/TID: 344
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 892
2011-10-10 17:04:01 UTC+0000|[THREAD]| alg.exe| PID: 1616/TID: 1644
2011-10-10 17:04:01 UTC+0000|[THREAD]| alg.exe| PID: 1616/TID: 1620
2011-10-10 17:04:01 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1600
2011-10-10 17:04:01 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1548 End: 2011-10-10 17:04:01 UTC+0000
2011-10-10 17:04:01 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 1544
2011-10-10 17:04:01 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 1540
2011-10-10 17:04:01 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1536
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1496
2011-10-10 17:04:00 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 1460 End: 2011-10-10 17:04:01 UTC+0000
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1456
2011-10-10 17:04:00 UTC+0000|[THREAD]| System| PID: 4/TID: 1408
2011-10-10 17:03:58 UTC+0000|[THREAD]| csrss.exe| PID: 608/TID: 620
2011-10-10 17:03:58 UTC+0000|[THREAD]| csrss.exe| PID: 608/TID: 624
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1048
2011-10-10 17:03:58 UTC+0000|[THREAD]| csrss.exe| PID: 608/TID: 628
2011-10-10 17:03:59 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 812
2011-10-10 17:03:59 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 952
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 916/TID: 936
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 916/TID: 932
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1032
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1028
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1236
2011-10-10 17:04:39 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 2004
2011-10-10 17:04:39 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 2008 End: 2011-10-10 17:04:39 UTC+0000
2011-10-10 17:04:31 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1680
2011-10-10 17:04:41 UTC+0000|[THREAD]| svchost.exe| PID: 1148/TID: 252
2011-10-10 17:04:39 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 1996
2011-10-10 17:04:41 UTC+0000|[THREAD]| svchost.exe| PID: 1148/TID: 236
2011-10-10 17:04:40 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 160
2011-10-10 17:04:38 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 1796
2011-10-10 17:04:38 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 1776
2011-10-10 17:04:39 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1812
2011-10-10 17:04:38 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 1764
2011-10-10 17:04:38 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 1768
2011-10-10 17:06:32 UTC+0000|[THREAD]| svchost.exe| PID: 1020/TID: 480
2011-10-10 17:03:58 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 684
2011-10-10 17:04:40 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 2028
2011-10-10 17:04:40 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 2016
2011-10-10 17:03:58 UTC+0000|[THREAD]| csrss.exe| PID: 608/TID: 696
2011-10-10 17:04:00 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 1400
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 884
2011-10-10 17:04:00 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 1144
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1248
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1244
2011-10-10 17:03:59 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 960
2011-10-10 17:03:59 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 956
2011-10-10 17:06:33 UTC+0000|[THREAD]| spoolsv.exe| PID: 1260/TID: 504
2011-10-10 17:06:42 UTC+0000|[THREAD]| cmd.exe| PID: 544/TID: 556
2011-10-10 17:06:42 UTC+0000|[THREAD]| csrss.exe| PID: 608/TID: 560
2011-10-10 17:04:45 UTC+0000|[THREAD]| UNKNOWN| PID: 324/TID: 376 End: 2011-10-10 17:04:52 UTC+0000
2011-10-10 17:04:42 UTC+0000|[THREAD]| VMwareUser.exe| PID: 192/TID: 264
2011-10-10 17:03:58 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 740
2011-10-10 17:03:58 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 736
2011-10-10 17:04:01 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 1652
2011-10-10 17:04:01 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 1648
2011-10-10 17:04:01 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1660
2011-10-10 17:04:01 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1552 End: 2011-10-10 17:04:01 UTC+0000
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1520
2011-10-10 17:04:01 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1528
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1516
2011-10-10 17:04:00 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 1468
2011-10-10 17:04:00 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 1464
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 916/TID: 1436
2011-10-10 17:04:00 UTC+0000|[THREAD]| VMwareService.e| PID: 1444/TID: 1448
2011-10-10 17:04:00 UTC+0000|[THREAD]| System| PID: 4/TID: 1432
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1420
2011-10-10 17:03:56 UTC+0000|[THREAD]| smss.exe| PID: 536/TID: 552
2011-10-10 17:03:59 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 820
2011-10-10 17:03:59 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 824
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 916/TID: 928
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 916/TID: 920
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 916/TID: 924
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 1148/TID: 1160
2011-10-10 17:04:00 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 1168
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1508
2011-10-10 17:04:41 UTC+0000|[THREAD]| reader_sl.exe| PID: 228/TID: 244
2011-10-10 17:03:58 UTC+0000|[THREAD]| csrss.exe| PID: 608/TID: 616
2011-10-10 17:04:41 UTC+0000|[THREAD]| reader_sl.exe| PID: 228/TID: 232
2011-10-10 17:04:31 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1672
2011-10-10 17:04:41 UTC+0000|[THREAD]| svchost.exe| PID: 1148/TID: 216
2011-10-10 17:06:36 UTC+0000|[THREAD]| VMwareUser.exe| PID: 192/TID: 528
2011-10-10 17:04:40 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 132 End: 2011-10-10 17:06:48 UTC+0000
2011-10-10 17:04:38 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 1808
2011-10-10 17:04:38 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 1800
2011-10-10 17:03:58 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 660
2011-10-10 17:04:41 UTC+0000|[THREAD]| VMwareTray.exe| PID: 184/TID: 188
2011-10-10 17:06:36 UTC+0000|[THREAD]| VMwareUser.exe| PID: 192/TID: 364
2011-10-10 17:04:38 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 1780
2011-10-10 17:04:39 UTC+0000|[THREAD]| csrss.exe| PID: 608/TID: 1836
2011-10-10 17:04:39 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 1832
2011-10-10 17:04:39 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 1964
2011-10-10 17:04:40 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 2032
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 1020/TID: 1076
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 1020/TID: 1072
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 1020/TID: 1068
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 916/TID: 944
2011-10-10 17:04:00 UTC+0000|[THREAD]| System| PID: 4/TID: 1328
2011-10-10 17:04:00 UTC+0000|[THREAD]| System| PID: 4/TID: 1324
2011-10-10 17:04:00 UTC+0000|[THREAD]| System| PID: 4/TID: 1320
2011-10-10 17:04:00 UTC+0000|[THREAD]| System| PID: 4/TID: 1316
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1312
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1252
2011-10-10 17:04:00 UTC+0000|[THREAD]| spoolsv.exe| PID: 1260/TID: 1264
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1256
2011-10-10 17:04:41 UTC+0000|[THREAD]| System| PID: 4/TID: 180
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1360
2011-10-10 17:04:00 UTC+0000|[THREAD]| System| PID: 4/TID: 1352
2011-10-10 17:03:58 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 756
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1212
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1208
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1180
2011-10-10 17:03:59 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 904
2011-10-10 17:06:43 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 568
2011-10-10 17:06:33 UTC+0000|[THREAD]| spoolsv.exe| PID: 1260/TID: 508
2011-10-10 17:04:46 UTC+0000|[THREAD]| wuauclt.exe| PID: 400/TID: 416
2011-10-10 17:04:42 UTC+0000|[THREAD]| VMwareUser.exe| PID: 192/TID: 272
2011-10-10 17:04:42 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 256
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 972
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 968
2011-10-10 17:05:01 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 448
2011-10-10 17:04:42 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 260
2011-10-10 17:04:00 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 1116
2011-10-10 17:03:59 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 780
2011-10-10 17:03:58 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 636
2011-10-10 17:04:41 UTC+0000|[THREAD]| svchost.exe| PID: 1148/TID: 248
2011-10-10 17:04:38 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 1696 End: 2011-10-10 17:04:39 UTC+0000
2011-10-10 17:04:39 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 1876
2011-10-10 17:04:38 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 1784
2011-10-10 17:04:38 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 1788
2011-10-10 17:04:38 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 1752
2011-10-10 17:04:38 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 1772
2011-10-10 17:04:39 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 1864
2011-10-10 17:04:40 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 124 End: 2011-10-10 17:06:47 UTC+0000
2011-10-10 17:04:39 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 1972
2011-10-10 17:06:46 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 268
2011-10-10 17:03:58 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 720
2011-10-10 17:03:58 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 744
2011-10-10 17:03:59 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 1040
2011-10-10 17:03:59 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 1036
2011-10-10 17:04:00 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1380
2011-10-10 17:04:00 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 1392
2011-10-10 17:03:55 UTC+0000|[THREAD]| System| PID: 4/TID: 360
2011-10-10 17:04:46 UTC+0000|[THREAD]| wuauclt.exe| PID: 400/TID: 404
2011-10-10 17:06:33 UTC+0000|[THREAD]| spoolsv.exe| PID: 1260/TID: 488
2011-10-10 17:04:45 UTC+0000|[THREAD]| UNKNOWN| PID: 324/TID: 380 End: 2011-10-10 17:04:52 UTC+0000
2011-10-10 17:04:42 UTC+0000|[THREAD]| VMwareUser.exe| PID: 192/TID: 276
2011-10-10 17:04:45 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 320
2011-10-10 17:03:52 UTC+0000|[THREAD]| System| PID: 4/TID: 108
2011-10-10 17:04:41 UTC+0000|[THREAD]| csrss.exe| PID: 608/TID: 204
2011-10-10 17:06:33 UTC+0000|[THREAD]| spoolsv.exe| PID: 1260/TID: 484
2011-10-10 17:04:00 UTC+0000|[THREAD]| System| PID: 4/TID: 1336
2011-10-10 17:04:59 UTC+0000|[THREAD]| winlogon.exe| PID: 632/TID: 440
2011-10-10 17:04:46 UTC+0000|[THREAD]| wuauclt.exe| PID: 400/TID: 408
2011-10-10 17:04:46 UTC+0000|[THREAD]| wuauclt.exe| PID: 400/TID: 428
2011-10-10 17:04:46 UTC+0000|[THREAD]| wuauclt.exe| PID: 400/TID: 424
2011-10-10 17:04:44 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 292
2011-10-10 17:03:58 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 708
2011-10-10 17:04:40 UTC+0000|[THREAD]| explorer.exe| PID: 1956/TID: 2040
2011-10-10 17:04:41 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 200 End: 2011-10-10 17:04:53 UTC+0000
2011-10-10 17:04:41 UTC+0000|[THREAD]| VMwareUser.exe| PID: 192/TID: 196
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 1012
2011-10-10 17:04:46 UTC+0000|[THREAD]| UNKNOWN| PID: 324/TID: 392 End: 2011-10-10 17:04:52 UTC+0000
2011-10-10 17:03:59 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 860
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 848/TID: 852
2011-10-10 17:03:58 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 748
2011-10-10 17:03:59 UTC+0000|[THREAD]| services.exe| PID: 676/TID: 988
2011-10-10 17:03:59 UTC+0000|[THREAD]| svchost.exe| PID: 964/TID: 984
2011-10-10 17:03:58 UTC+0000|[THREAD]| lsass.exe| PID: 688/TID: 760
2011-10-10 17:03:59 UTC+0000|[THREAD]| vmacthlp.exe| PID: 832/TID: 836
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 100
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 76
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 84
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 80
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 72
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 60
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 68
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 64
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 36
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 56
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 52
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 48
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 44
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 40
1970-01-01 00:00:00 UTC+0000|[THREAD]| System| PID: 4/TID: 12 End: 2011-10-10 17:03:58 UTC+0000
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 32
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 28
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 24
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 20
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 16
1970-01-01 00:00:00 UTC+0000|[THREAD]| System| PID: 4/TID: 8
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 96
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 88
2011-10-10 17:03:49 UTC+0000|[THREAD]| System| PID: 4/TID: 92
2011-10-10 17:03:49 UTC+0000|[SYMLINK]| Global->\GLOBAL??| POffset: 33546640/Ptr: 1/Hnd: 0
2011-10-10 17:03:56 UTC+0000|[SYMLINK]| SystemRoot->\Device\Harddisk0\Partition1\WINDOWS| POffset: 34077680/Ptr: 1/Hnd: 0
2011-10-10 17:03:49 UTC+0000|[SYMLINK]| DosDevices->\??| POffset: 34090944/Ptr: 1/Hnd: 0
2011-10-10 17:03:56 UTC+0000|[SYMLINK]| MAILSLOT->\Device\MailSlot| POffset: 38371560/Ptr: 1/Hnd: 0
2011-10-10 17:03:49 UTC+0000|[SYMLINK]| WMIDataDevice->\Device\WMIDataDevice| POffset: 38430136/Ptr: 1/Hnd: 0
2011-10-10 17:03:56 UTC+0000|[SYMLINK]| PIPE->\Device\NamedPipe| POffset: 38568384/Ptr: 1/Hnd: 0
2011-10-10 17:03:50 UTC+0000|[SYMLINK]| ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}->\Device\0000003a| POffset: 40199656/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| SCSI#Disk&Ven_VMware_&Prod_VMware_Virtual_S&Rev_1.0#4&5fcaafc&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}->\Device\Scsi\vmscsi1Port2Path0Target0Lun0| POffset: 42379544/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}->\Device\00000004| POffset: 42558544/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| Scsi2:->\Device\Scsi\vmscsi1| POffset: 42559312/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| DISPLAY3->\Device\Video2| POffset: 42623192/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| NDIS->\Device\Ndis| POffset: 42623984/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| PhysicalDrive0->\Device\Harddisk0\DR0| POffset: 42625440/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| CompositeBattery->\Device\CompositeBattery| POffset: 42636024/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| Partition0->\Device\Harddisk0\DR0| POffset: 42651696/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| DmLoader->\Device\DmLoader| POffset: 42653184/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| FtControl->\Device\FtControl| POffset: 42664720/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| Partition1->\Device\HarddiskVolume1| POffset: 42665112/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| PCI#VEN_104B&DEV_1040&SUBSYS_1040104B&REV_01#3&61aaa01&0&80#{2accfe60-c130-11d2-b082-00a0c91efb8b}->\Device\NTPNP_PCI0006| POffset: 42665328/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| FltMgr->\FileSystem\Filters\FltMgr| POffset: 42665616/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| ScsiPort1->\Device\Ide\IdePort1| POffset: 42666288/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}->\Device\00000003| POffset: 42666432/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| ScsiPort0->\Device\Ide\IdePort0| POffset: 42667136/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| MountPointManager->\Device\MountPointManager| POffset: 42667216/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| PCI#VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00#3&61aaa01&0&78#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}->\Device\NTPNP_PCI0005| POffset: 42674320/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}->\Device\00000031| POffset: 42674616/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| multi(0)disk(0)fdisk(0)->\Device\Floppy0| POffset: 42674960/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}->\Device\00000031| POffset: 42675136/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| DISPLAY2->\Device\Video1| POffset: 42675408/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| FltMgrMsg->\FileSystem\Filters\FltMgrMsg| POffset: 42717464/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| DmTrace->\Device\DmControl\DmTrace| POffset: 42719416/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| ScsiPort2->\Device\Scsi\vmscsi1| POffset: 42720984/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| DmIoDaemon->\Device\DmControl\DmIoDaemon| POffset: 42721208/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| DISPLAY1->\Device\Video0| POffset: 43042160/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| DmInfo->\Device\DmControl\DmInfo| POffset: 43043552/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| DmConfig->\Device\DmControl\DmConfig| POffset: 43044040/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| multi(0)disk(0)rdisk(0)partition(1)->\Device\Harddisk0\Partition1| POffset: 43671664/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| C:->\Device\HarddiskVolume1| POffset: 43672424/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| PCI#VEN_1274&DEV_1371&SUBSYS_13711274&REV_02#4&47b7341&0&1088#{65e8773e-8f56-11d0-a3b9-00a0c9223196}->\Device\NTPNP_PCI0042| POffset: 43672976/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| STORAGE#Volume#1&30a96598&0&SignatureB645B645Offset7E00Length1FF582800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}->\Device\HarddiskVolume1| POffset: 43674400/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| Scsi1:->\Device\Ide\IdePort1| POffset: 43674840/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| Volume{79b48f9d-e9a5-11df-a056-806d6172696f}->\Device\HarddiskVolume1| POffset: 43674944/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| Scsi0:->\Device\Ide\IdePort0| POffset: 43675256/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| A:->\Device\Floppy0| POffset: 43679368/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Volume{79b48f9a-e9a5-11df-a056-806d6172696f}->\Device\Floppy0| POffset: 43679568/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| multi(0)disk(0)rdisk(0)->\Device\Harddisk0\Partition0| POffset: 43725928/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| IDE#CdRomTSSTcorp_CDDVDW_SH-222AB________________SB00____#3031303030303030303030303030303030303130#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}->\Device\Ide\IdeDeviceP1T0L0-5| POffset: 43726840/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| multi(0)disk(0)rdisk(0)partition(4)->\Device\Harddisk0\Partition4| POffset: 43731816/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| multi(0)disk(0)rdisk(0)partition(3)->\Device\Harddisk0\Partition3| POffset: 43731976/Ptr: 1/Hnd: 0
2011-10-10 17:03:52 UTC+0000|[SYMLINK]| multi(0)disk(0)rdisk(0)partition(2)->\Device\Harddisk0\Partition2| POffset: 43732136/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}->\Device\00000030| POffset: 49452528/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}->\Device\00000031| POffset: 49452632/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}->\Device\00000031| POffset: 49452712/Ptr: 1/Hnd: 0
2011-10-10 17:03:58 UTC+0000|[SYMLINK]| Local->\BaseNamedObjects| POffset: 49498248/Ptr: 1/Hnd: 0
2011-10-10 17:03:58 UTC+0000|[SYMLINK]| Session->\Sessions\BNOLINKS| POffset: 49698936/Ptr: 1/Hnd: 0
2011-10-10 17:03:58 UTC+0000|[SYMLINK]| 0->\BaseNamedObjects| POffset: 49780856/Ptr: 2/Hnd: 1
2011-10-10 17:03:58 UTC+0000|[SYMLINK]| Global->\BaseNamedObjects| POffset: 49781072/Ptr: 1/Hnd: 0
2011-10-10 17:03:57 UTC+0000|[SYMLINK]| HID#Vid_0e0f&Pid_0003&MI_00#8&3460d90f&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}->\Device\0000007d| POffset: 49945120/Ptr: 1/Hnd: 0
2011-10-10 17:03:57 UTC+0000|[SYMLINK]| USB#Vid_0e0f&Pid_0003#6&2edefd9b&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}->\Device\USBPDO-2| POffset: 49957936/Ptr: 1/Hnd: 0
2011-10-10 17:03:57 UTC+0000|[SYMLINK]| HID#Vid_0e0f&Pid_0003&MI_01#8&bf62b46&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}->\Device\0000007e| POffset: 50120808/Ptr: 1/Hnd: 0
2011-10-10 17:03:57 UTC+0000|[SYMLINK]| HID#Vid_0e0f&Pid_0003&MI_00#8&3460d90f&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}->\Device\0000007d| POffset: 50145736/Ptr: 1/Hnd: 0
2011-10-10 17:03:57 UTC+0000|[SYMLINK]| HID#Vid_0e0f&Pid_0003&MI_01#8&bf62b46&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}->\Device\0000007e| POffset: 50609976/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| DISPLAY5->\Device\Video4| POffset: 50837176/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}->\Device\0000002a| POffset: 50928464/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}->\Device\00000028| POffset: 50928544/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}->\Device\00000027| POffset: 50928624/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| {C0BFF90E-573E-4AA2-A8EA-5D3C9633A845}->\Device\{C0BFF90E-573E-4AA2-A8EA-5D3C9633A845}| POffset: 50929088/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| PSched->\Device\PSched| POffset: 50929168/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| NdisWan->\Device\NdisWan| POffset: 50929408/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}->\Device\00000031| POffset: 50937240/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}->\Device\00000031| POffset: 50937440/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}->\Device\0000002f| POffset: 50937520/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| {3BDDF783-7916-49ED-8735-241129C528F1}->\Device\{3BDDF783-7916-49ED-8735-241129C528F1}| POffset: 50938664/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| IPNAT->\Device\IPNAT| POffset: 50946984/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| HGFS->\Device\hgfsInternal| POffset: 50947064/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| WanArp->\Device\WANARP| POffset: 50955448/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| PTILINK3->\Device\ParTechInc2| POffset: 50969664/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| CdRom0->\Device\CdRom0| POffset: 50970672/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| PTILINK1->\Device\ParTechInc0| POffset: 50974072/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| PTILINK2->\Device\ParTechInc1| POffset: 51170496/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}->\Device\00000031| POffset: 51174104/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}->\Device\00000031| POffset: 51174184/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| HCD1->\Device\USBFDO-1| POffset: 51183664/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| ACPI#PNP0F13#4&5289e18&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}->\Device\0000006d| POffset: 51187440/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}->\Device\00000031| POffset: 51187520/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| RdpDrDvMgr->\Device\RdpDrDvMgr| POffset: 51187600/Ptr: 1/Hnd: 0
2011-10-10 17:03:57 UTC+0000|[SYMLINK]| USB#Vid_0e0f&Pid_0002#6&2edefd9b&0&2#{f18a0e88-c30c-11d0-8815-00a0c906bed8}->\Device\USBPDO-3| POffset: 56446944/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| VMCI->\Device\VMCI| POffset: 59831288/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}->\Device\00000031| POffset: 62303176/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}->\Device\0000002d| POffset: 62348336/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| ACPI#PNP0303#4&5289e18&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}->\Device\0000006c| POffset: 70832352/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| D:->\Device\CdRom0| POffset: 70832488/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| IDE#CdRomTSSTcorp_CDDVDW_SH-222AB________________SB00____#3031303030303030303030303030303030303130#{1186654d-47b8-48b9-beb9-7df113ae3c67}->\Device\Ide\IdeDeviceP1T0L0-5| POffset: 70832864/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| USB#ROOT_HUB20#5&2f792170&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}->\Device\USBPDO-0| POffset: 70836584/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Volume{7536a230-f08b-11e0-819a-806d6172696f}->\Device\CdRom0| POffset: 70836680/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| IDE#CdRomTSSTcorp_CDDVDW_SH-222AB________________SB00____#3031303030303030303030303030303030303130#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}->\Device\Ide\IdeDeviceP1T0L0-5| POffset: 70836760/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| {ED268F72-8721-4A2A-AC18-2F6AF67AE1D1}->\Device\{ED268F72-8721-4A2A-AC18-2F6AF67AE1D1}| POffset: 70837160/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| {BEFDC814-3122-4252-85F8-A56CE3E59E31}->\Device\{BEFDC814-3122-4252-85F8-A56CE3E59E31}| POffset: 72304312/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| {29899544-CBDC-4073-89B2-648EE4135062}->\Device\{29899544-CBDC-4073-89B2-648EE4135062}| POffset: 72304728/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}->\Device\00000029| POffset: 72304808/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| PCI#VEN_1274&DEV_1371&SUBSYS_13711274&REV_02#4&47b7341&0&1088#{dda54a40-1e4c-11d1-a050-405705c10000}->\Device\NTPNP_PCI0042| POffset: 72569920/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| {3EC8989D-FE63-4F0D-85E6-997CC1C5B6A2}->\Device\{3EC8989D-FE63-4F0D-85E6-997CC1C5B6A2}| POffset: 72570560/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}->\Device\00000031| POffset: 72571920/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}->\Device\00000031| POffset: 72572000/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}->\Device\00000031| POffset: 72572144/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| PCI#VEN_8086&DEV_7112&SUBSYS_197615AD&REV_00#4&47b7341&0&0088#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}->\Device\NTPNP_PCI0040| POffset: 72822080/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| ACPI#GenuineIntel_-_x86_Family_6_Model_42#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}->\Device\00000038| POffset: 72884568/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| {3B38E23E-0D70-4C2B-AFAF-8183A40BB1B3}->\Device\{3B38E23E-0D70-4C2B-AFAF-8183A40BB1B3}| POffset: 72886984/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| NDISWANIP->\Device\NdisWanIp| POffset: 72887296/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| FDC#GENERIC_FLOPPY_DRIVE#6&1435b2e2&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}->\Device\FloppyPDO0| POffset: 72888920/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| HCD0->\Device\USBFDO-0| POffset: 72889288/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}->\Device\00000031| POffset: 72889368/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}->\Device\0000002c| POffset: 72890320/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| ACPI#PNP0501#2#{4d36e978-e325-11ce-bfc1-08002be10318}->\Device\00000071| POffset: 72890888/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| COM2->\Device\Serial1| POffset: 72892720/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| COM1->\Device\Serial0| POffset: 72892800/Ptr: 1/Hnd: 0
2011-10-10 17:03:54 UTC+0000|[SYMLINK]| PCI#VEN_15AD&DEV_0770&SUBSYS_077015AD&REV_00#4&47b7341&0&1888#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}->\Device\NTPNP_PCI0043| POffset: 72895960/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| LEGACY#JOYSTICK#5&24c8a7aa&0&ENUM&#{cae56030-684a-11d0-d6f6-00a0c90f57da}->\Device\00000078| POffset: 73021560/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}->\Device\0000002b| POffset: 73022320/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| ACPI#PNP0400#5&324d5432&0#{97f76ef0-f883-11d0-af1f-0000f800845c}->\Device\0000006f| POffset: 73022400/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| DISPLAY4->\Device\Video3| POffset: 73022544/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| ACPI#PNP0501#2#{86e0d1e0-8089-11d0-9ce4-08003e301f73}->\Device\00000071| POffset: 73022672/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| PCI#VEN_1274&DEV_1371&SUBSYS_13711274&REV_02#4&47b7341&0&1088#{65e8773d-8f56-11d0-a3b9-00a0c9223196}->\Device\NTPNP_PCI0042| POffset: 73175568/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| Shadow->\Device\LanmanRedirector| POffset: 73310040/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| IPMULTICAST->\Device\IPMULTICAST| POffset: 73394080/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| Tcp->\Device\Tcp| POffset: 73394224/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| fsWrap->\Device\FsWrap| POffset: 73394368/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| LPT1->\Device\Parallel0| POffset: 73452240/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| PCI#VEN_1022&DEV_2000&SUBSYS_20001022&REV_10#4&47b7341&0&0888#{ad498944-762f-11d0-8dcb-00c04fc3358c}->\Device\NTPNP_PCI0041| POffset: 73452896/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| LPTENUM#MicrosoftRawPort#6&16ccfde1&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}->\Device\Parallel0| POffset: 73453416/Ptr: 1/Hnd: 0
2011-10-10 16:42:30 UTC+0000|[SYMLINK]| ->Ӏ| POffset: 73533280/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| IPSECDev->\Device\IPSEC| POffset: 73932000/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| Ip->\Device\Ip| POffset: 73932576/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}->\Device\00000070| POffset: 75239128/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}->\Device\00000070| POffset: 75239208/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| PCI#VEN_1274&DEV_1371&SUBSYS_13711274&REV_02#4&47b7341&0&1088#{6994ad04-93ef-11d0-a3cc-00a0c9223196}->\Device\NTPNP_PCI0042| POffset: 75239312/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| USB#ROOT_HUB#5&1dc927ff&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}->\Device\USBPDO-1| POffset: 75239392/Ptr: 1/Hnd: 0
2011-10-10 17:03:56 UTC+0000|[SYMLINK]| NUL->\Device\Null| POffset: 76388808/Ptr: 1/Hnd: 0
2011-10-10 17:03:55 UTC+0000|[SYMLINK]| KeyboardClassC->\Device\KeyboardClassC| POffset: 76389688/Ptr: 1/Hnd: 0
2011-10-10 17:03:56 UTC+0000|[SYMLINK]| AUX->\DosDevices\COM1| POffset: 95797296/Ptr: 1/Hnd: 0
2011-10-10 17:03:56 UTC+0000|[SYMLINK]| KnownDllPath->C:\WINDOWS\system32| POffset: 95799016/Ptr: 2/Hnd: 1
2011-10-10 17:03:56 UTC+0000|[SYMLINK]| UNC->\Device\Mup| POffset: 95801216/Ptr: 1/Hnd: 0
2011-10-10 17:03:56 UTC+0000|[SYMLINK]| PRN->\DosDevices\LPT1| POffset: 96228048/Ptr: 1/Hnd: 0
2011-10-10 17:04:00 UTC+0000|[SYMLINK]| Global->\Global??| POffset: 111934688/Ptr: 1/Hnd: 0
2011-10-10 17:04:38 UTC+0000|[SYMLINK]| Global->\Global??| POffset: 112396976/Ptr: 1/Hnd: 0
2011-10-10 17:03:59 UTC+0000|[SYMLINK]| Global->\Global??| POffset: 124181288/Ptr: 1/Hnd: 0
2011-10-10 17:03:59 UTC+0000|[SYMLINK]| Ndisuio->\Device\Ndisuio| POffset: 127631328/Ptr: 1/Hnd: 0
2011-10-10 17:04:00 UTC+0000|[SYMLINK]| $VDMLPT1->\Device\ParallelVdm0| POffset: 159658312/Ptr: 1/Hnd: 0
2011-10-10 17:04:00 UTC+0000|[SYMLINK]| vmmemctl->\Device\vmmemctl| POffset: 160307384/Ptr: 1/Hnd: 0
2011-10-10 17:04:39 UTC+0000|[SYMLINK]| sysaudio->\Device\sysaudio| POffset: 197191208/Ptr: 1/Hnd: 0
2011-10-10 17:04:39 UTC+0000|[SYMLINK]| SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}->\Device\KSENUM#00000002| POffset: 197942568/Ptr: 1/Hnd: 0
2011-10-10 17:04:39 UTC+0000|[SYMLINK]| SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}->\Device\KSENUM#00000002| POffset: 198874264/Ptr: 1/Hnd: 0
2011-10-10 17:04:39 UTC+0000|[SYMLINK]| SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}->\Device\KSENUM#00000002| POffset: 200835432/Ptr: 1/Hnd: 0
2011-10-10 17:04:39 UTC+0000|[SYMLINK]| SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}->\Device\KSENUM#00000002| POffset: 200849352/Ptr: 1/Hnd: 0
2004-08-04 05:58:36 UTC+0000|[PE HEADER (module)]| ntoskrnl.exe| Base: 0x804d7000
2004-08-04 05:59:05 UTC+0000|[PE HEADER (module)]| hal.dll| Base: 0x806ce000
2004-08-04 06:00:49 UTC+0000|[PE HEADER (module)]| mrxdav.sys| Base: 0xf0cd9000
2004-08-04 06:00:14 UTC+0000|[PE HEADER (module)]| VolSnap.sys| Base: 0xf99bc000
2004-08-04 06:07:32 UTC+0000|[PE HEADER (module)]| watchdog.sys| Base: 0xf9ce4000
2009-01-20 07:51:18 UTC+0000|[PE HEADER (module)]| vmci.sys| Base: 0xf9a7c000
2001-08-17 20:57:58 UTC+0000|[PE HEADER (module)]| compbatt.sys| Base: 0xf9db0000
2010-04-01 00:20:10 UTC+0000|[PE HEADER (module)]| vmmemctl.sys| Base: 0xf9ec8000
2004-08-04 06:00:09 UTC+0000|[PE HEADER (module)]| HTTP.sys| Base: 0xf07f3000
2004-08-04 05:59:45 UTC+0000|[PE HEADER (module)]| KSecDD.sys| Base: 0xf979f000
2001-07-19 22:28:37 UTC+0000|[PE HEADER (module)]| es1371mp.sys| Base: 0xf9a9c000
2004-08-04 06:15:20 UTC+0000|[PE HEADER (module)]| ks.sys| Base: 0xf9623000
2001-08-17 20:55:30 UTC+0000|[PE HEADER (module)]| NDProxy.SYS| Base: 0xf9b1c000
2004-08-04 06:14:27 UTC+0000|[PE HEADER (module)]| NDIS.sys| Base: 0xf96e5000
2004-08-04 05:59:04 UTC+0000|[PE HEADER (module)]| parport.sys| Base: 0xf9646000
2004-08-04 06:01:10 UTC+0000|[PE HEADER (module)]| rdpdr.sys| Base: 0xf94a7000
2004-08-04 06:14:09 UTC+0000|[PE HEADER (module)]| Cdfs.SYS| Base: 0xf9b9c000
2004-08-04 06:07:06 UTC+0000|[PE HEADER (module)]| vga.sys| Base: 0xf9cb4000
2004-08-04 06:15:20 UTC+0000|[PE HEADER (module)]| Mup.sys| Base: 0xf96ca000
2004-08-04 06:07:40 UTC+0000|[PE HEADER (module)]| agp440.sys| Base: 0xf99ec000
2004-08-04 06:07:47 UTC+0000|[PE HEADER (module)]| TDI.SYS| Base: 0xf9c8c000
2004-08-04 06:07:35 UTC+0000|[PE HEADER (module)]| ACPI.sys| Base: 0xf986d000
2001-08-17 20:55:29 UTC+0000|[PE HEADER (module)]| ndistapi.sys| Base: 0xf9e4c000
2004-08-04 06:14:13 UTC+0000|[PE HEADER (module)]| afd.sys| Base: 0xf114e000
2004-08-04 05:59:34 UTC+0000|[PE HEADER (module)]| redbook.sys| Base: 0xf9a6c000
2001-08-17 20:55:32 UTC+0000|[PE HEADER (module)]| raspti.sys| Base: 0xf9c9c000
2004-08-04 06:14:26 UTC+0000|[PE HEADER (module)]| raspptp.sys| Base: 0xf9aec000
2001-08-17 20:49:53 UTC+0000|[PE HEADER (module)]| ptilink.sys| Base: 0xf9c94000
2004-08-04 06:15:54 UTC+0000|[PE HEADER (module)]| sysaudio.sys| Base: 0xf0ad6000
2001-08-18 01:31:49 UTC+0000|[PE HEADER (module)]| Fips.SYS| Base: 0xf9b6c000
2004-08-04 06:08:34 UTC+0000|[PE HEADER (module)]| usbehci.sys| Base: 0xf9c84000
2004-08-04 06:14:36 UTC+0000|[PE HEADER (module)]| netbt.sys| Base: 0xf1198000
2004-08-04 06:14:27 UTC+0000|[PE HEADER (module)]| ipsec.sys| Base: 0xf1218000
2008-09-24 14:45:25 UTC+0000|[PE HEADER (module)]| winsys32.sys| Base: 0xf9eb4000
2001-08-17 20:52:41 UTC+0000|[PE HEADER (module)]| ftdisk.sys| Base: 0xf983d000
2004-08-04 05:59:40 UTC+0000|[PE HEADER (module)]| PCIIDEX.SYS| Base: 0xf9c1c000
2004-08-04 06:15:51 UTC+0000|[PE HEADER (module)]| serial.sys| Base: 0xf9a3c000
2004-08-04 06:14:44 UTC+0000|[PE HEADER (module)]| srv.sys| Base: 0xf0c5e000
2004-08-04 05:59:25 UTC+0000|[PE HEADER (module)]| fdc.sys| Base: 0xf9c6c000
2001-08-17 20:49:10 UTC+0000|[PE HEADER (module)]| kdcom.dll| Base: 0xf9e9c000
2004-08-04 06:08:15 UTC+0000|[PE HEADER (module)]| HIDPARSE.SYS| Base: 0xf9cdc000
2004-08-04 05:59:19 UTC+0000|[PE HEADER (module)]| intelppm.sys| Base: 0xf9abc000
2001-08-18 01:32:23 UTC+0000|[PE HEADER (module)]| PartMgr.sys| Base: 0xf9c24000
2001-08-17 20:55:58 UTC+0000|[PE HEADER (module)]| ws2ifsl.sys| Base: 0xf9685000
2001-08-17 21:02:58 UTC+0000|[PE HEADER (module)]| USBD.SYS| Base: 0xf9ea8000
2001-08-17 20:55:39 UTC+0000|[PE HEADER (module)]| rasacd.sys| Base: 0xf9689000
2001-08-17 20:47:33 UTC+0000|[PE HEADER (module)]| Beep.SYS| Base: 0xf9eac000
2001-08-17 20:59:40 UTC+0000|[PE HEADER (module)]| audstub.sys| Base: 0xfa0ee000
2004-08-04 06:07:47 UTC+0000|[PE HEADER (module)]| mssmbios.sys| Base: 0xf9e6c000
2001-08-17 20:47:39 UTC+0000|[PE HEADER (module)]| Null.SYS| Base: 0xf9fcf000
2008-10-03 18:39:55 UTC+0000|[PE HEADER (module)]| vmx_svga.sys| Base: 0xf9a8c000
2001-08-17 20:46:56 UTC+0000|[PE HEADER (module)]| RDPCDD.sys| Base: 0xf9eb0000
2004-08-04 06:00:37 UTC+0000|[PE HEADER (module)]| Msfs.SYS| Base: 0xf9cbc000
2008-07-09 09:21:16 UTC+0000|[PE HEADER (module)]| vmxnet.sys| Base: 0xf9c7c000
2008-10-03 18:41:58 UTC+0000|[PE HEADER (module)]| vmx_fb.dll| Base: 0xbf9d3000
2001-08-17 20:49:49 UTC+0000|[PE HEADER (module)]| ParVdm.SYS| Base: 0xf9ec6000
2004-08-04 05:58:52 UTC+0000|[PE HEADER (module)]| termdd.sys| Base: 0xf9b0c000
2001-08-17 20:57:52 UTC+0000|[PE HEADER (module)]| BATTC.SYS| Base: 0xf9db4000
2004-08-04 05:59:40 UTC+0000|[PE HEADER (module)]| intelide.sys| Base: 0xf9ea0000
2004-08-04 05:59:51 UTC+0000|[PE HEADER (module)]| dump_scsiport.sys| Base: 0xf9595000
2004-08-04 06:15:47 UTC+0000|[PE HEADER (module)]| portcls.sys| Base: 0xf95c8000
2004-08-04 06:04:48 UTC+0000|[PE HEADER (module)]| ipnat.sys| Base: 0xf1076000
2007-04-11 17:55:32 UTC+0000|[PE HEADER (module)]| vmscsi.sys| Base: 0xf9db8000
2004-08-04 05:59:24 UTC+0000|[PE HEADER (module)]| flpydisk.sys| Base: 0xf9ca4000
2001-08-17 20:47:57 UTC+0000|[PE HEADER (module)]| mouhid.sys| Base: 0xf9599000
2001-08-17 20:57:28 UTC+0000|[PE HEADER (module)]| mnmdd.SYS| Base: 0xf9eae000
2004-08-04 06:08:40 UTC+0000|[PE HEADER (module)]| usbhub.sys| Base: 0xf9b3c000
2001-08-17 21:02:16 UTC+0000|[PE HEADER (module)]| hidusb.sys| Base: 0xf959d000
2004-08-04 05:59:52 UTC+0000|[PE HEADER (module)]| cdrom.sys| Base: 0xf9a5c000
2004-08-04 06:14:39 UTC+0000|[PE HEADER (module)]| tcpip.sys| Base: 0xf11c0000
2007-04-11 17:55:32 UTC+0000|[PE HEADER (module)]| dump_vmscsi.sys| Base: 0xf9591000
2004-08-04 06:05:06 UTC+0000|[PE HEADER (module)]| raspppoe.sys| Base: 0xf9adc000
2004-08-04 06:00:38 UTC+0000|[PE HEADER (module)]| Npfs.SYS| Base: 0xf9cc4000
2004-08-04 06:01:17 UTC+0000|[PE HEADER (module)]| fltMgr.sys| Base: 0xf97c8000
2004-08-04 06:20:05 UTC+0000|[PE HEADER (module)]| rdbss.sys| Base: 0xf1106000
2004-08-04 05:59:39 UTC+0000|[PE HEADER (module)]| SCSIPORT.SYS| Base: 0xf97e7000
2004-08-04 06:07:39 UTC+0000|[PE HEADER (module)]| CmBatt.sys| Base: 0xf9e48000
2007-04-11 17:54:49 UTC+0000|[PE HEADER (module)]| vmmouse.sys| Base: 0xf9ea4000
2004-08-04 05:58:29 UTC+0000|[PE HEADER (module)]| MountMgr.sys| Base: 0xf99ac000
2001-08-17 20:53:12 UTC+0000|[PE HEADER (module)]| dxgthk.sys| Base: 0xfa00f000
2004-08-04 05:59:53 UTC+0000|[PE HEADER (module)]| disk.sys| Base: 0xf99cc000
2004-08-04 06:14:36 UTC+0000|[PE HEADER (module)]| i8042prt.sys| Base: 0xf9a2c000
2004-08-04 05:58:32 UTC+0000|[PE HEADER (module)]| kbdclass.sys| Base: 0xf9c5c000
2004-08-04 06:03:10 UTC+0000|[PE HEADER (module)]| ndisuio.sys| Base: 0xf0eb2000
2001-08-17 20:53:19 UTC+0000|[PE HEADER (module)]| Dxapi.sys| Base: 0xf946f000
2004-08-04 06:07:54 UTC+0000|[PE HEADER (module)]| drmk.sys| Base: 0xf9aac000
2004-08-04 06:14:30 UTC+0000|[PE HEADER (module)]| ndiswan.sys| Base: 0xf95b1000
2004-08-04 05:59:06 UTC+0000|[PE HEADER (module)]| serenum.sys| Base: 0xf9e40000
2004-08-04 06:15:06 UTC+0000|[PE HEADER (module)]| Ntfs.sys| Base: 0xf9712000
2004-08-04 05:58:32 UTC+0000|[PE HEADER (module)]| update.sys| Base: 0xf9473000
2004-08-04 06:08:45 UTC+0000|[PE HEADER (module)]| usbccgp.sys| Base: 0xf9cd4000
2004-08-04 06:15:03 UTC+0000|[PE HEADER (module)]| wdmaud.sys| Base: 0xf0a41000
2004-08-04 06:04:16 UTC+0000|[PE HEADER (module)]| psched.sys| Base: 0xf94d8000
2004-08-04 06:08:18 UTC+0000|[PE HEADER (module)]| HIDCLASS.SYS| Base: 0xf9bac000
2004-08-04 05:59:41 UTC+0000|[PE HEADER (module)]| atapi.sys| Base: 0xf97ff000
2004-08-04 06:14:26 UTC+0000|[PE HEADER (module)]| CLASSPNP.SYS| Base: 0xf99dc000
2001-08-17 21:07:23 UTC+0000|[PE HEADER (module)]| WMILIB.SYS| Base: 0xf9e9e000
2004-08-04 06:17:30 UTC+0000|[PE HEADER (module)]| win32k.sys| Base: 0xbf800000
2004-08-04 06:00:51 UTC+0000|[PE HEADER (module)]| dxg.sys| Base: 0xbf9c1000
2001-08-17 20:58:15 UTC+0000|[PE HEADER (module)]| dmload.sys| Base: 0xf9ea2000
2004-08-04 06:04:11 UTC+0000|[PE HEADER (module)]| msgpc.sys| Base: 0xf9afc000
2004-08-04 05:58:32 UTC+0000|[PE HEADER (module)]| mouclass.sys| Base: 0xf9c64000
2004-08-04 05:58:41 UTC+0000|[PE HEADER (module)]| swenum.sys| Base: 0xf9ea6000
2004-08-04 06:04:57 UTC+0000|[PE HEADER (module)]| wanarp.sys| Base: 0xf9b7c000
2001-08-17 20:49:09 UTC+0000|[PE HEADER (module)]| BOOTVID.dll| Base: 0xf9dac000
2004-08-04 06:07:46 UTC+0000|[PE HEADER (module)]| kmixer.sys| Base: 0xf09cc000
2001-08-17 20:49:37 UTC+0000|[PE HEADER (module)]| Fs_Rec.SYS| Base: 0xf9eaa000
2004-08-04 06:07:45 UTC+0000|[PE HEADER (module)]| pci.sys| Base: 0xf985c000
2004-08-04 06:08:34 UTC+0000|[PE HEADER (module)]| USBPORT.SYS| Base: 0xf95ec000
2004-08-04 06:00:12 UTC+0000|[PE HEADER (module)]| imapi.sys| Base: 0xf9a4c000
2004-08-04 06:07:04 UTC+0000|[PE HEADER (module)]| VIDEOPRT.SYS| Base: 0xf960f000
2004-08-04 06:14:21 UTC+0000|[PE HEADER (module)]| rasl2tp.sys| Base: 0xf9acc000
2010-04-01 00:17:10 UTC+0000|[PE HEADER (module)]| vmhgfs.sys| Base: 0xf1132000
2004-08-04 06:08:34 UTC+0000|[PE HEADER (module)]| usbuhci.sys| Base: 0xf9c74000
2004-08-04 06:03:19 UTC+0000|[PE HEADER (module)]| netbios.sys| Base: 0xf9b4c000
2004-08-04 06:06:22 UTC+0000|[PE HEADER (module)]| sr.sys| Base: 0xf97b6000
2004-08-04 06:15:14 UTC+0000|[PE HEADER (module)]| mrxsmb.sys| Base: 0xf1097000
2004-08-04 06:07:13 UTC+0000|[PE HEADER (module)]| dmio.sys| Base: 0xf9817000
2004-08-04 06:08:20 UTC+0000|[PE HEADER (module)]| gameenum.sys| Base: 0xf9e94000
2001-08-17 20:58:01 UTC+0000|[PE HEADER (module)]| isapnp.sys| Base: 0xf999c000
1970-01-01 00:00:00 UTC+0000|[USER ASSIST]| UEME_CTLCUACount:ctor| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 1/Count: 2/FocusCount: N/A/TimeFocused: N/A
2011-10-10 16:53:52 UTC+0000|[USER ASSIST]| UEME_UITOOLBAR| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 2/Count: 2/FocusCount: N/A/TimeFocused: N/A
2010-11-11 22:27:52 UTC+0000|[USER ASSIST]| UEME_UITOOLBAR:0x1,120| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 1/Count: 1/FocusCount: N/A/TimeFocused: N/A
2011-10-10 16:53:52 UTC+0000|[USER ASSIST]| UEME_UITOOLBAR:0x1,130| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 2/Count: 1/FocusCount: N/A/TimeFocused: N/A
2010-11-06 18:13:09 UTC+0000|[USER ASSIST]| UEME_RUNPIDL:%csidl2%\MSN.lnk| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 1/Count: 14/FocusCount: N/A/TimeFocused: N/A
2010-11-06 18:13:09 UTC+0000|[USER ASSIST]| UEME_RUNPIDL:%csidl2%\Windows Media Player.lnk| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 1/Count: 13/FocusCount: N/A/TimeFocused: N/A
2010-11-06 18:13:09 UTC+0000|[USER ASSIST]| UEME_RUNPIDL:%csidl2%\Windows Messenger.lnk| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 1/Count: 12/FocusCount: N/A/TimeFocused: N/A
2010-11-06 18:13:09 UTC+0000|[USER ASSIST]| UEME_RUNPIDL:%csidl2%\Accessories\Tour Windows XP.lnk| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 1/Count: 11/FocusCount: N/A/TimeFocused: N/A
2010-11-06 18:13:09 UTC+0000|[USER ASSIST]| UEME_RUNPIDL:%csidl2%\Accessories\System Tools\Files and Settings Transfer Wizard.lnk| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 1/Count: 10/FocusCount: N/A/TimeFocused: N/A
1970-01-01 00:00:00 UTC+0000|[USER ASSIST]| UEME_CTLCUACount:ctor| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 1/Count: 2/FocusCount: N/A/TimeFocused: N/A
2011-10-10 16:39:50 UTC+0000|[USER ASSIST]| UEME_RUNCPL| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 3/Count: 5/FocusCount: N/A/TimeFocused: N/A
2010-11-06 17:25:16 UTC+0000|[USER ASSIST]| UEME_RUNCPL:desk.cpl| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 1/Count: 1/FocusCount: N/A/TimeFocused: N/A
2011-10-04 18:09:53 UTC+0000|[USER ASSIST]| UEME_RUNCPL:"C:\WINDOWS\system32\firewall.cpl",Windows Firewall| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 3/Count: 2/FocusCount: N/A/TimeFocused: N/A
2011-10-10 17:06:42 UTC+0000|[USER ASSIST]| UEME_RUNPATH| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 4/Count: 16/FocusCount: N/A/TimeFocused: N/A
2011-10-10 17:06:42 UTC+0000|[USER ASSIST]| UEME_RUNPATH:C:\WINDOWS\system32\cmd.exe| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 4/Count: 4/FocusCount: N/A/TimeFocused: N/A
2010-11-11 22:29:05 UTC+0000|[USER ASSIST]| UEME_RUNPATH:C:\Program Files\Internet Explorer\iexplore.exe| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 3/Count: 2/FocusCount: N/A/TimeFocused: N/A
2011-10-05 01:08:54 UTC+0000|[USER ASSIST]| UEME_RUNPIDL| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 3/Count: 6/FocusCount: N/A/TimeFocused: N/A
2010-11-11 22:29:05 UTC+0000|[USER ASSIST]| UEME_RUNPIDL:::{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 3/Count: 2/FocusCount: N/A/TimeFocused: N/A
2011-10-05 01:08:54 UTC+0000|[USER ASSIST]| UEME_RUNPIDL:%csidl2%\Accessories\Command Prompt.lnk| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 3/Count: 2/FocusCount: N/A/TimeFocused: N/A
2011-10-04 18:01:13 UTC+0000|[USER ASSIST]| UEME_RUNPATH:C:\WINDOWS\system32\winver.exe| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 3/Count: 2/FocusCount: N/A/TimeFocused: N/A
2011-10-04 18:21:29 UTC+0000|[USER ASSIST]| UEME_UISCUT| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 3/Count: 7/FocusCount: N/A/TimeFocused: N/A
2011-10-04 17:52:40 UTC+0000|[USER ASSIST]| UEME_RUNPATH:Adobe Reader 9.lnk| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 3/Count: 1/FocusCount: N/A/TimeFocused: N/A
2011-10-04 18:21:30 UTC+0000|[USER ASSIST]| UEME_RUNPATH:C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 3/Count: 6/FocusCount: N/A/TimeFocused: N/A
2011-10-04 17:53:29 UTC+0000|[USER ASSIST]| UEME_RUNCPL:"C:\WINDOWS\system32\appwiz.cpl",Add or Remove Programs| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 3/Count: 1/FocusCount: N/A/TimeFocused: N/A
2011-10-04 17:54:01 UTC+0000|[USER ASSIST]| UEME_RUNPATH:C:\Documents and Settings\Administrator\Desktop\AdbeRdr90_en_US.exe| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 3/Count: 1/FocusCount: N/A/TimeFocused: N/A
2011-10-05 01:08:54 UTC+0000|[USER ASSIST]| UEME_RUNPIDL:%csidl2%\Accessories| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 3/Count: 1/FocusCount: N/A/TimeFocused: N/A
2011-10-05 01:08:54 UTC+0000|[USER ASSIST]| UEME_RUNPIDL:%csidl2%| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 3/Count: 1/FocusCount: N/A/TimeFocused: N/A
2011-10-10 16:39:50 UTC+0000|[USER ASSIST]| UEME_RUNCPL:SYSDM.CPL| Registry: \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT /ID: 3/Count: 1/FocusCount: N/A/TimeFocused: N/A
WARNING : volatility.debug    : No ShimCache data found
2011-10-10 17:04:51 UTC+0000|[_HBASE_BLOCK TimeStamp]| \Device\HarddiskVolume1\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat| 
2011-10-10 17:06:52 UTC+0000|[_HBASE_BLOCK TimeStamp]| \Device\HarddiskVolume1\Documents and Settings\Administrator\NTUSER.DAT| 
2011-10-10 17:06:52 UTC+0000|[_HBASE_BLOCK TimeStamp]| \Device\HarddiskVolume1\Documents and Settings\NetworkService\NTUSER.DAT| 
1970-01-01 00:00:00 UTC+0000|[_HBASE_BLOCK TimeStamp]| [no name]| 
2011-10-10 17:06:52 UTC+0000|[_HBASE_BLOCK TimeStamp]| \Device\HarddiskVolume1\Documents and Settings\LocalService\NTUSER.DAT| 
1970-01-01 00:00:00 UTC+0000|[_HBASE_BLOCK TimeStamp]| [no name]| 
2011-10-10 17:06:52 UTC+0000|[_HBASE_BLOCK TimeStamp]| \Device\HarddiskVolume1\WINDOWS\system32\config\default| 
2011-10-10 17:06:52 UTC+0000|[_HBASE_BLOCK TimeStamp]| \Device\HarddiskVolume1\WINDOWS\system32\config\system| 
2011-10-10 17:04:38 UTC+0000|[_HBASE_BLOCK TimeStamp]| \Device\HarddiskVolume1\WINDOWS\system32\config\SAM| 
2011-10-10 17:04:51 UTC+0000|[_HBASE_BLOCK TimeStamp]| \Device\HarddiskVolume1\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat| 
2011-10-10 17:06:52 UTC+0000|[_HBASE_BLOCK TimeStamp]| \Device\HarddiskVolume1\WINDOWS\system32\config\software| 
2011-10-10 17:04:51 UTC+0000|[_HBASE_BLOCK TimeStamp]| \Device\HarddiskVolume1\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat| 
2011-10-10 17:04:51 UTC+0000|[_HBASE_BLOCK TimeStamp]| \Device\HarddiskVolume1\WINDOWS\system32\config\SECURITY| 
2011-10-10 18:05:16 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x80533bf8/Period(ms): 0/Offset: 0x8055a300
1970-01-01 00:00:00 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x80534016/Period(ms): 0/Offset: 0x815cc020
2011-10-10 17:06:56 UTC+0000|[TIMER]| afd.sys| Signaled: Yes/Routine: 0xf114e385/Period(ms): 30000/Offset: 0x813da9b8
2011-10-10 17:07:16 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: Yes/Routine: 0x804f3b72/Period(ms): 60000/Offset: 0x805508d0
2011-10-10 17:07:13 UTC+0000|[TIMER]| ks.sys| Signaled: -/Routine: 0xf962353c/Period(ms): 0/Offset: 0x81894f78
2011-10-10 17:07:05 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x8053a112/Period(ms): 0/Offset: 0x8190ba30
1970-01-01 00:00:00 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x80534016/Period(ms): 0/Offset: 0x816e8cf0
2011-10-10 17:06:57 UTC+0000|[TIMER]| TDI.SYS| Signaled: -/Routine: 0xf9c8c3f0/Period(ms): 0/Offset: 0xf1203bf0
2011-10-10 17:07:01 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x80526bac/Period(ms): 0/Offset: 0x80559160
2011-10-10 17:07:21 UTC+0000|[TIMER]| NDIS.sys| Signaled: Yes/Routine: 0xf96fe72c/Period(ms): 60000/Offset: 0x81886888
1970-01-01 00:00:00 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x80534016/Period(ms): 0/Offset: 0x8136b780
2011-10-10 17:06:57 UTC+0000|[TIMER]| srv.sys| Signaled: -/Routine: 0xf0c5e385/Period(ms): 0/Offset: 0xf0c6d790
2011-10-10 17:06:57 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x80534016/Period(ms): 0/Offset: 0x81630168
2011-10-10 17:07:05 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x80534016/Period(ms): 0/Offset: 0x81630cf0
1970-01-01 00:00:00 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x80534016/Period(ms): 0/Offset: 0x815c3a60
2011-10-10 17:07:02 UTC+0000|[TIMER]| NDIS.sys| Signaled: -/Routine: 0xf96fdfdf/Period(ms): 0/Offset: 0x818941a0
2011-10-10 17:07:22 UTC+0000|[TIMER]| ipsec.sys| Signaled: Yes/Routine: 0xf12184d3/Period(ms): 60000/Offset: 0xf1227fa0
2011-10-10 17:07:22 UTC+0000|[TIMER]| ipsec.sys| Signaled: -/Routine: 0xf1218449/Period(ms): 0/Offset: 0xf1227b08
2011-10-10 18:05:22 UTC+0000|[TIMER]| ipsec.sys| Signaled: -/Routine: 0xf1218449/Period(ms): 0/Offset: 0xf1227b70
2011-10-10 17:07:22 UTC+0000|[TIMER]| ipnat.sys| Signaled: Yes/Routine: 0xf1082f98/Period(ms): 60000/Offset: 0xf108a260
2011-10-10 18:05:22 UTC+0000|[TIMER]| netbt.sys| Signaled: -/Routine: 0xf119848a/Period(ms): 0/Offset: 0x81642858
2011-10-10 17:06:54 UTC+0000|[TIMER]| rdbss.sys| Signaled: -/Routine: 0xf1106385/Period(ms): 0/Offset: 0xf1110320
2011-10-10 17:06:54 UTC+0000|[TIMER]| tcpip.sys| Signaled: Yes/Routine: 0xf11c03dd/Period(ms): 100/Offset: 0xf1208910
2011-10-10 17:06:54 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: Yes/Routine: 0x804f33da/Period(ms): 1000/Offset: 0x80550a00
2011-10-10 17:06:54 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x80534016/Period(ms): 0/Offset: 0x81753260
2011-10-10 17:06:54 UTC+0000|[TIMER]| USBPORT.SYS| Signaled: -/Routine: 0xf95f14ec/Period(ms): 0/Offset: 0x81895730
2011-10-10 17:06:55 UTC+0000|[TIMER]| TDI.SYS| Signaled: -/Routine: 0xf9c8c3f0/Period(ms): 0/Offset: 0x81604210
2011-10-10 17:06:55 UTC+0000|[TIMER]| netbt.sys| Signaled: -/Routine: 0xf119848a/Period(ms): 0/Offset: 0x8189f540
2011-10-10 17:06:55 UTC+0000|[TIMER]| sr.sys| Signaled: -/Routine: 0xf97b692e/Period(ms): 0/Offset: 0x819391e8
2011-10-10 17:06:55 UTC+0000|[TIMER]| TDI.SYS| Signaled: -/Routine: 0xf9c8c3f0/Period(ms): 0/Offset: 0x8177a230
2011-10-10 17:06:55 UTC+0000|[TIMER]| USBPORT.SYS| Signaled: -/Routine: 0xf95f14ec/Period(ms): 0/Offset: 0x81675730
2011-10-10 17:06:55 UTC+0000|[TIMER]| watchdog.sys| Signaled: Yes/Routine: 0xf9ce46c4/Period(ms): 10000/Offset: 0x819e60d8
2011-10-10 17:06:55 UTC+0000|[TIMER]| watchdog.sys| Signaled: Yes/Routine: 0xf9ce46c4/Period(ms): 10000/Offset: 0x817e7e70
1970-01-01 00:00:00 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x80534016/Period(ms): 0/Offset: 0x81798020
2011-10-10 17:06:55 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: Yes/Routine: 0x80523026/Period(ms): 1000/Offset: 0x80558a40
2011-10-10 17:06:55 UTC+0000|[TIMER]| TDI.SYS| Signaled: -/Routine: 0xf9c8c3f0/Period(ms): 0/Offset: 0x813a8ce8
2011-10-10 17:06:55 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x804e5aec/Period(ms): 0/Offset: 0x8054f288
2011-10-12 05:29:51 UTC+0000|[TIMER]| NDIS.sys| Signaled: -/Routine: 0xf96fdfdf/Period(ms): 0/Offset: 0x816741a0
2011-10-12 05:29:51 UTC+0000|[TIMER]| NDIS.sys| Signaled: -/Routine: 0xf96fdfdf/Period(ms): 0/Offset: 0x81886b78
2011-10-10 17:06:55 UTC+0000|[TIMER]| NDIS.sys| Signaled: -/Routine: 0xf96fdfdf/Period(ms): 0/Offset: 0x816731a0
2011-10-10 17:06:55 UTC+0000|[TIMER]| NDIS.sys| Signaled: -/Routine: 0xf96fdfdf/Period(ms): 0/Offset: 0x81673a50
2011-10-11 11:17:35 UTC+0000|[TIMER]| NDIS.sys| Signaled: -/Routine: 0xf96fdfdf/Period(ms): 0/Offset: 0x818e4b40
2011-10-12 05:29:51 UTC+0000|[TIMER]| NDIS.sys| Signaled: -/Routine: 0xf96fdfdf/Period(ms): 0/Offset: 0x814ca8b0
1970-01-01 00:00:00 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x80534016/Period(ms): 0/Offset: 0x815d8d88
2011-10-10 17:10:19 UTC+0000|[TIMER]| Ntfs.sys| Signaled: -/Routine: 0xf971773e/Period(ms): 0/Offset: 0xf9732150
2011-10-30 06:00:00 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x80533b58/Period(ms): 0/Offset: 0x8055a400
2100-01-01 04:00:00 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x80533b7e/Period(ms): 0/Offset: 0x8055a380
1970-01-01 00:00:00 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x80534016/Period(ms): 0/Offset: 0x816cf550
2011-10-10 17:10:20 UTC+0000|[TIMER]| ntoskrnl.exe| Signaled: -/Routine: 0x80509d2a/Period(ms): 0/Offset: 0x805530a0
2011-10-11 11:17:36 UTC+0000|[TIMER]| NDIS.sys| Signaled: -/Routine: 0xf96fdfdf/Period(ms): 0/Offset: 0x8164bb40
2011-10-10 17:07:08 UTC+0000|[TIMER]| HTTP.sys| Signaled: -/Routine: 0xf07f7202/Period(ms): 60000/Offset: 0xf080e808
2011-10-10 17:07:08 UTC+0000|[TIMER]| HTTP.sys| Signaled: Yes/Routine: 0xf07fe490/Period(ms): 30000/Offset: 0xf080ea60
2011-10-10 17:07:08 UTC+0000|[TIMER]| HTTP.sys| Signaled: -/Routine: 0xf0804ae8/Period(ms): 0/Offset: 0xf0811040
2011-10-10 17:08:08 UTC+0000|[TIMER]| HTTP.sys| Signaled: -/Routine: 0xf08028de/Period(ms): 0/Offset: 0xf08110e0
2011-10-10 17:06:56 UTC+0000|[TIMER]| Ntfs.sys| Signaled: -/Routine: 0xf9714233/Period(ms): 0/Offset: 0xf97320f0
                                                                                                        
┌──(kali㉿kali)-[~/Desktop/volatility/volatility_2.5.linux.standalone]
└─$ ==== 
  CompanyName : Microsoft Corporation
  FileDescription : Advanced Windasdas